Re: Solution for: Unwanted Popup Messages Exploiting C:\Windows\system32\svchost.exe
From: Alun Jones [MS MVP] (alun_at_texis.com)
Date: 09/21/03
- Next message: gary: "Notebook XP-Home"
- Previous message: Chris Cowles: "Re: Windows XP home/pro networking question"
- In reply to: Wesley Vogel: "Re: Solution for: Unwanted Popup Messages Exploiting C:\Windows\system32\svchost.exe"
- Next in thread: Bruce Chambers: "Re: Solution for: Unwanted Popup Messages Exploiting C:\Windows\system32\svchost.exe"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 21 Sep 2003 01:34:51 GMT
In article <8IKab.520054$YN5.344698@sccrnsc01>, "Wesley Vogel"
<WVogel955@comcast.net> wrote:
> I went to the link you provided. As a side note, just follow the
>instructions to turn off Messenger. You do not need to buy anything. I
>understand there are outfits that will be more than happy to sell you
>software to turn off Messenger for you.
> You can also do the following: Start/Programs/Administrative
>Tools/Services/scroll down to Messenger/right click Properties/Under startup
>choose "Disabled", then choose Stop/When stopped, click Ok.
<sigh> Once again, rather less than helpful advice on this issue.
As you pointed out in the part you quoted:
>> This
>> >is a security risk, Microsoft implemented this service
>> >in Windows XP, which runs on the same port as the
>> >MSBLASTER worm.
And yet, what is your solution? Should you block the port? No, apparently,
it's sufficient to allow packets on this port to keep flooding your machine,
but just hide the fact from yourself by disabling the service that displays
messages transmitted on that port.
No, I'm going to quit the sarcasm for now - this is dangerous advice you're
offering. Disabling the Messenger Service is _not_ a safe way to solve this
problem. You need to block that port (and a few others - alright, _all_
others, because you aren't running a server that you want outsiders to
access, are you?), so use a firewall. Fortunately, XP has one built in, and
here's an article, replete with pretty pictures, on how to enable it:
http://www.microsoft.com/windowsxp/pro/using/howto/communicate/stopspam.asp
Leave the Messenger Service enabled - that way, you'll know immediately, by
the returned presence of advertising, if your firewall ever gets
accidentally disabled.
Me, I'd suggest enabling this firewall soon - there's a new exploit on that
very same port announced just recently, and it's an easy bet that there'll
be a "Blaster, Next Generation" any day now. Disabling the Messenger
Service won't protect you. Patching will protect you - Windows Update has
the patch - and installing the firewall will protect you, too. Do both.
Alun.
~~~~
[Please don't email posters, if a Usenet response is appropriate.]
-- Texas Imperial Software | Find us at http://www.wftpd.com or email 1602 Harvest Moon Place | alun@texis.com. Cedar Park TX 78613-1419 | WFTPD, WFTPD Pro are Windows FTP servers. Fax/Voice +1(512)258-9858 | Try our NEW client software, WFTPD Explorer.
- Next message: gary: "Notebook XP-Home"
- Previous message: Chris Cowles: "Re: Windows XP home/pro networking question"
- In reply to: Wesley Vogel: "Re: Solution for: Unwanted Popup Messages Exploiting C:\Windows\system32\svchost.exe"
- Next in thread: Bruce Chambers: "Re: Solution for: Unwanted Popup Messages Exploiting C:\Windows\system32\svchost.exe"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
