Re: Direct Ad Pop-Ups

From: Karl Levinson [x y] MVP (jamescagney90210@excite.com)
Date: 10/28/02 

From: "Karl Levinson [x y] MVP" <jamescagney90210@excite.com>
Date: Sun, 27 Oct 2002 20:23:16 -0500

I guess it's OK to say that I wrote / compiled a pretty long FAQ for these
security newsgroups. It's possibly too big, but it's hard to get me to shut
up. [I asked first before I did it to try to ensure I wasn't stepping on
any toes.] It isn't available on the internet yet but it should be in the
coming weeks. Until then, I've been posting segments of it when that
particular question is asked. BTW thanks for the kind words about the
quality of the info.

"Richard Akerman" <rakerman@bigfoot.com> wrote in message
news:cozu9.66932$mxk1.4305@news04.bloor.is.net.cable.rogers.com...
> Karl Levinson [x y] MVP wrote:
> > "Joshua James" <admin@caddadvntage.com> wrote in message
> > news:24a301c27c3a$e7eafe40$3bef2ecf@TKMSFTNGXA10...
> >
> >>We are starting to get these direct Ads popping up on our
> >>servers with EXTERNAL IPs. They come via the Windows
> >>Messenger Services ( NET SEND "user" 'Msg'). Is there a
> >>way to block these from coming from anywhere but
> >>specificed IPs??
> >>Plese reply to admin@caddadvantage.com I may not make it
> >>back to this newsgroup.
> >
> >
> > This question was answered less than 24 hours ago in this newsgroup.
It's
> > considered polite to search a newsgroup before posting. Use a firewall.
> > There are free ones out there, so there's no good excuse not to.
> >
> > Here is the short answer. To block all the types of pop-ups out there,
> > follow some or all of the following steps:
> >
> > * Use a firewall and antivirus with the latest updates;
> > * Use software that blocks pop-ups and/or ad-ware;
> > * Disable unnecessary programs that start when Windows starts, by using
> > MSCONFIG or Startup Cop;
> > * Disable or unbind NetBIOS over TCP/IP / File and Print Sharing on your
> > network interface;
> > * Disable the Messaging service;
> > * Configure your chat program to not start up automatically with
Windows, to
> > require confirmation before accepting an incoming chat, and/or to only
allow
> > chat requests from people on your buddy/favorites list.
> >
> > Keep reading below for more information.
> >
> > There are several different types of pop-ups:
> >
> > * WEB BROWSER POP-UPS
> > One very common type of pop-up is a new web browser window that pops up
> > while you are surfing the Internet. These pop-ups are often generated
by
> > certain web sites including some porn sites, some shopping web sites,
and
> > some web sites that offer free services like email or news. These
pop-ups
> > often appear when you click to either enter or leave a web page.
> >
> > There are a number of third-party software programs, both free and not
free,
> > which are supposed to help block pop-up windows. Try searching your
> > favorite Internet search engine, Usenet support newsgroup software web
site
> > and/or see the links below. [Try searching for the words "stop OR block
> > pup-ups," for example]:
> >
> > www.google.com/groups?threadm=enZy0PscCHA.1828%40tkmsftngp08 <-- SEE
THIS
> > LINK FIRST
> > [The above link is an excellent list of software to block pop-ups in a
post
> > by Jim Byrd]
> >
> > www.webwasher.com
> > www.adshield.org
> > www.popupstopper.com
> > www.zonealarm.com [the Zone Alarm firewall also blocks pop-ups]
> > www.webattack.com/Freeware/misctools/fwpopblock.shtml
> > www.webattack.com
> > www.download.com
> > www.tucows.com
> > www.google.com/groups?q=stop+OR+block+pop-ups
> > www.google.com/search?q=stop+OR+block+pop-ups
> >
> > If the pop-ups happen when you launch your web browser [e.g. Internet
> > Explorer], then you should check the home page setting in your web
browser
> > [e.g. in Internet Explorer, click on Tools, Internet Options, Home Page,
> > Address]. Make sure the home page is not set to an objectionable site.
[If
> > your home page has been changed and you want to change it back, you set
it
> > to www.msn.com or to your favorite web site.]
> >
> > If the pop-ups seem to pop up at random and not just when you open and
close
> > your web browser or enter and leave a certain web page, you may want to
also
> > use MSCONFIG or Startup Cop to check the programs that are starting up
when
> > Windows starts, in case there is an unwanted program hidden there. For
more
> > information on how to do this, see the section in this FAQ entitled "I
think
> > there may be a suspicious program, Trojan, ad-ware, "porn dialer," etc.
> > starting up on my computer when Windows starts."
> >
> > * MESSENGER SERVICE / WINDOWS MESSAGING / NETBIOS POP-UPS
> > Another type of pop-up is the Windows messaging pop-up. If you are
> > receiving these types of pop-ups, NetBIOS / SMB / Windows Networking /
> > Windows File and Print Sharing on your computer may be visible from the
> > Internet, which is usually considered a serious security risk.
> >
> > To determine whether this security risk applies to you, see the section
in
> > this FAQ entitled "How can I scan my computer or firewall to look for
open
> > ports or confirm that my machine is secure?" In particular, the web
site
> > https://grc.com/x/ne.dll?bh0bkyd2 or any of the tools under the
> > "Vulnerability Assessment" subsection can be used to scan your computer.
> >
> > To block this first type of pop-up and also increase the security of
your
> > computer, use one or more of the techniques below:
> >
> > A) USE A FIREWALL.
> > This is highly recommended. See the section in this FAQ entitled "Which
> > firewall should I choose? Which firewall is the best?" for more
> > information.
> >
> > B) DISABLE OR UNBIND NETBIOS OVER TCP/IP / FILE AND PRINT SHARING ON THE
> > NETWORK INTERFACE.
> > This is slightly complicated and varies depending on what operating
system
> > you are using. If you wish to do this, try searching your favorite
Internet
> > search engine for words such as "how to disable netbios windows" for
your
> > version of Windows such as XP, or follow one or more of the links below.
> > [Using a firewall is still highly recommended even if you follow this
step.]
> >
> > http://www.google.com/search?q=disable+netbios+%2Bhow+windows
> > http://comp.bio.uci.edu/security/netbios.htm
> >
> > C) DISABLE THE MESSENGER SERVICE.
> > This will stop the pop-ups and may be a good idea. However, just
disabling
> > the Messenger service without also taking other actions leaves you
extremely
> > vulnerable to other more serious intrusions from the Internet.
> >
> > To disable the Messenger service on Windows 2000 / XP / .NET, you would
> > click on Start, Settings, Control Panel, Administrative Tools, Services,
> > stop the Messenger service and set the service to Startup Type =
Disabled.
> > Using a firewall and disabling NetBIOS is still strongly recommended.
[If
> > you don't, hackers on the Internet can probably get a list of all login
IDs
> > on your computer and start trying to guess your passwords.]
> >
> > * INSTANT MESSENGER POP-UPS [AOL AIM, MSN MESSENGER, YAHOO MESSENGER,
ICQ,
> > ETC.]
> >
> > Instant messenger pop-ups are different from NetBIOS / Messenger service
> > pop-ups. You can tell IM pop-ups because they appear within your
instant
> > messenger chat program.
> >
> > The instructions for protecting yourself from unwanted chat messages
differ
> > depending on which instant messenger program you are using [e.g. AOL
AIM,
> > MSN Messenger, Yahoo, etc]. The instructions would probably involve
looking
> > at and changing the settings within your IM client software. For
example,
> > some IM software will let you block everyone from contacting you except
for
> > the people on your "buddy" or "favorites" list, or can give you a prompt
> > asking whether you want to accept the chat.
> >
> > Another solution might be to set your instant messenger client so that
it
> > does not start automatically with windows, so that you have to
double-click
> > on your IM icon before anyone can contact you. Again this is in your IM
> > client settings. For more information, check the documentation that
came
> > with your IM software and/or a support web page or Usenet newsgroup
> > specifically for that IM program.
>
> This is really good information.
> Is it from a FAQ that is available on the web or on USENET somewhere?
> It seems to refer to "information elsewhere in the FAQ" that isn't
included.
>
> -- Richard Akerman
> http://www.akerman.ca/port-table.html
> http://www.akerman.ca/trojan-port-table.html
>