Re: Messenger Popups

From: Alun Jones [MS MVP] (alun_at_texis.com)
Date: 10/24/03 

Date: Fri, 24 Oct 2003 21:40:35 GMT

In article <98rbpv0162es8qm9hu6ofgso2g92km4bgj@4ax.com>, Kevin Davisł <zkevindavisz@cfl.rr.com> wrote:
>Everyone thought I was crazy in the last couple of months in these
>forums when I suggested that it just might be possible that there was
>a vulnerability in this Service and if not needed it should be turned
>off. Who know if there are more? Who do you think will find out
>first? You or the hackers?

Sure - every piece of software in your computer has bugs in it, and some
percentage of those bugs are remotely exploitable. So we should close down
all programs?

By your logic, you should be computing with a brick.

But we all know that's stupid. You run the tools you use, and you block the
attackers by as many paths as you can. You patch, you firewall, and you
scan. <URL:http://www.microsoft.com/protect> You also disable as many
services as you can _without_ affecting the day to day working of your
computer, or reducing your security.

I maintain that Messenger Service (patched, of course) serves a very
valuable purpose - as everyone here knows, if your firewall fails, and
starts letting packets through, you'll get hit with an advert for sexual
enhancement or firewalls within a few seconds. This should serve as warning
that you need to unplug the computer until you've got your firewall back in
place.

With a firewall that operates correctly, all the buffer overflows that you
might care to imagine in Messenger Service (or other services) are
unavailable to attack by remote computers. However, if you're only going to
disable Messenger Service, and _not_ install a firewall, which is what
you've been suggesting, then you've reduced the ability of attackers to hit
you by - what, something like .01%?

Suggesting that you simply disable Messenger Service is a very small act of
protection, and a firewall is much more protective of your system.

Alun.
~~~~

[Please don't email posters, if a Usenet response is appropriate.] 

-- 
Texas Imperial Software   | Find us at http://www.wftpd.com or email
1602 Harvest Moon Place   | alun@texis.com.
Cedar Park TX 78613-1419  | WFTPD, WFTPD Pro are Windows FTP servers.
Fax/Voice +1(512)258-9858 | Try our NEW client software, WFTPD Explorer.

Relevant Pages

  • Re: Annoying Pop Ups
    ... and unasked-for packets on the same ports. ... for a clear guide on how to enable the firewall in your machine. ... It'll allow you to keep Messenger Service ... Cedar Park TX 78613-1419 | WFTPD, WFTPD Pro are Windows FTP servers. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Messenger Popups
    ... You patch, you firewall, and you ... I maintain that the "valuable purpose" that the Messenger Service ... risk and the vast majority of security experts would agree with me. ... >you've been suggesting, then you've reduced the ability of attackers to hit ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Avoiding or removing messenger
    ... There is no mention of a firewall at that point. ... It doesn't mention Messenger Service ... There are far better ways of sharing files over the ... Cedar Park TX 78613-1419 | WFTPD, WFTPD Pro are Windows FTP servers. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: POP UPS
    ... >I stand by my recommendation because disabling Messenger Service is the ... >just as valid a solution for Win 2000) instead of trying to use a firewall ... >firewalls is to be discourage but I am suggesting the solution to the ... >> have Windows 2000. ...
    (microsoft.public.windowsxp.messenger)
  • Re: XP Messenger Service, HELP!
    ... The ads in Messenger Service should serve as an alarm to you that packets ... What you need is a firewall, ... Cedar Park TX 78613-1419 | WFTPD, WFTPD Pro are Windows FTP servers. ...
    (microsoft.public.windowsxp.security_admin)