Re: Messenger Service
From: Karl Levinson [x y] mvp (levinson_k_at_despammed.com)
Date: 11/29/03
- Next message: Karl Levinson [x y] mvp: "** READ THIS BEFORE POSTING - answers to frequently asked questions 2003.11.29"
- Previous message: Karl Levinson [x y] mvp: "Re: Which Antivirus to be loaded on windows 2000 Server"
- In reply to: Kevin Davisł: "Re: Messenger Service"
- Next in thread: Kevin Davisł: "Re: Messenger Service"
- Reply: Kevin Davisł: "Re: Messenger Service"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 29 Nov 2003 07:14:26 -0500
"Kevin Davisł" <zkevindavisz@cfl.rr.com> wrote in message
news:rabgsvsd8tgh2el9sd5dfjbefok4thpeqs@4ax.com...
> >Disabling the messenger service alone does not do very much to
> >increase the security of most home computers. There is currently only
> >one known vulnerability in the messenger service, and there is a patch
> >for that vulnerability. I would argue that leaving the messenger
> >service enabled with the patch installed can increase your security
> >compared to disabling the service.
>
> Again, I would disagree. Months ago I argued that the Messenger
> Service was a risk if you didn't need it to run. I suggested that at
> any time a vulnerability could be discovered and exploited in it -
> just like sendmail. I was ridiculed about that notion. Now why in
> the world would we think that this would be the one and only
> vulnerability in this service? Oh, I know, we'll use Internet
> Explorer as and example. Only one vulnerability was ever found in it
> and Microsoft fixed it immediately and there's never been a problem
> with it since, right?
I'm not saying leaving Messenger enabled is always better. I'm just saying
that it's more of a matter of personal opinion where there is room for
arguing either side successfully. Personally it seems sensible to me to
disable the Messenger service in work environments [for better security] and
not bother telling home users here to disable it [for convenience]. You're
right that future Messenger vulnerabilities are possible or even likely, but
for most of the home users you meet here, you only get about 30 minutes of
their attention max before they get bored and wander off to do something
else. So, you tend to go for security instructions that get you the most
benefit with the least effort. For me, that means that *if* I decide to
mention disabling the Messenger service here, I usually state that doing so
is optional. Or, I might not mention it at all, for fear that they might
latch onto that and somehow end up skipping the step where they install a
firewall.
- Next message: Karl Levinson [x y] mvp: "** READ THIS BEFORE POSTING - answers to frequently asked questions 2003.11.29"
- Previous message: Karl Levinson [x y] mvp: "Re: Which Antivirus to be loaded on windows 2000 Server"
- In reply to: Kevin Davisł: "Re: Messenger Service"
- Next in thread: Kevin Davisł: "Re: Messenger Service"
- Reply: Kevin Davisł: "Re: Messenger Service"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
