Re: windows messenger pop-up at startup

From: Alun Jones [MS MVP] (alun_at_texis.com)
Date: 11/10/03 

Date: Mon, 10 Nov 2003 01:01:42 GMT

In article <ppcrqvg4q7de9r6aqo88pdotdfp2rpi3up@4ax.com>, Kevin Davisł
<zkevindavisz@cfl.rr.com> wrote:
>Oh, and don't forget that the Messenger Service would also provide a
>useful service to hackers if it is not patched:
>
>http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bul
>letin/ms03-043.asp

So patch it.

>Be especially wary of people who would insist on having you keep the
>Messenger Service on as a "helpful feature" and conveniently
>forgetting to inform you that it has a very serious vulnerability that
>needs to be patched immediately.

I don't think that anyone's "insisted on having you keep the Messenger
Service on". I've _suggested_ that people use it as a really simple measure
that lets you know very quickly if there's a hole in your firewall. I stand
by that advice - but I do agree that patching it is a necessity.

Firewalls are necessary. Intrusion Detection Systems are useful. Messenger
Service acts as an IDS, thanks to the flood of adverts that only comes in
when you have no firewall, or your firewall is broken. IDSs have previously
been known to have bugs in them, even exploitable ones. The solution is not
to lose all IDS, but to fix the bugs by installing the patches that become
available.

>And of particular interest is that Microsoft itself and security
>experts are seriously reconsidering the role of the Messenger service:

Sure. If you have a better IDS to use, it's a good idea to disable the
Messenger Service if you have no other use for it. It allows
unauthenticated users of the network to send messages. A bad thing,
definitely, on an open network, but install a firewall, and it's not an open
network any more.

>Here's a link where Microsoft actually outright advises the user to
>turn off the Messenger Service:
>
>http://www.microsoft.com/WindowsXP/pro/using/howto/communicate/stopspam.asp

And last week, the very same link contained notes advising the user to
enable the built-in firewall. I'm hoping it'll say that next week, as well,
because turning off the Messenger Service merely hides the problem that
unauthenticated traffic is allowed into your computer and may trigger
exploits in any service you have installed on your system. Messenger
Service is but one of these, and while it's a good idea to disable it for
any of a number of reasons, especially if you can't patch it to remove the
bugs, there are bugs you don't know about - and that Microsoft doesn't know
about - in services that you haven't - or maybe can't - disable. So,
whether you disable Messenger Service or not, you _still_ need a firewall.

>Those who would advise not to turn off the Messenger Service for the
>less than trivial unintended side benefit of being a warning is
>dispensing advice which contradicts the advice of many real security
>professionals.

Me, I have the Messenger Service still running. Always have. Haven't yet
seen an advert on my computer, nor have I had anyone exploit it. Of course,
I have patched it, but the key here is that my firewall is in place, so I
don't have to hope and pray that MS caught all the bugs in every other
service, as I would if I had merely disabled the Messenger Service and
stayed without a firewall. Now, please go find a "real security
professional" who can disagree with that.

You appear to be in a bit of a snit because several of us disagreed with
your rather sad advice to just disable the Messenger Service, without
mentioning a firewall. Get over it.

And anyone who wants to secure their computer against the Messenger Service
attack, or any of a number of other port-based attacks, I'd suggest starting
at http://www.microsoft.com/protect, or
http://www.microsoft.com/WindowsXP/pro/using/howto/networking/icf.asp for
specific instructions on how to enable the built-in firewall in Windows XP.

Alun.
~~~~

[Please don't email posters, if a Usenet response is appropriate.] 

-- 
Texas Imperial Software   | Find us at http://www.wftpd.com or email
1602 Harvest Moon Place   | alun@texis.com.
Cedar Park TX 78613-1419  | WFTPD, WFTPD Pro are Windows FTP servers.
Fax/Voice +1(512)258-9858 | Try our NEW client software, WFTPD Explorer.

Relevant Pages

  • Re: windows messenger pop-up at startup
    ... >that lets you know very quickly if there's a hole in your firewall. ... >by that advice - but I do agree that patching it is a necessity. ... but the Messenger Service is by no means considered nor should ... use something, particularly in the security arena, that it was never ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Messenger Service (not the instant messenger)
    ... It started before I managed to download a firewall, and I logged on to the internet to update norton virus definitions so I guess my computer was a bit vulnerable then. ... The popups come with the header 'Messenger Service'. ... Alternatively, you can upgrade your WinXP to SP2, to install IE's pop-up blocker. ... No software manufacturer can -- nor should they be expected to -- protect the computer user from him/herself. ...
    (microsoft.public.windowsxp.general)
  • Re: Pop Up Error Messages
    ... Do you know where i can download a free ... > use a decent, properly configured firewall. ... > messenger service, as some people recommend, only hides the symptom, ... > ignoring or just "putting up with" the security gap represented by ...
    (microsoft.public.windowsxp.general)
  • Re: Messenger Service (not the instant messenger)
    ... I'm using Sygate Personal Firewall but I don't see why ... > crude sort of security warning that your firewall has failed. ... > Messenger Service of Windows ... > The problem is that turning off the Messenger Service does *not* ...
    (microsoft.public.windowsxp.general)
  • Re: Firewall
    ... Internet Security 2002, ... Norton AntiVirus, Norton Personal Firewall, parental controls, privacy ... Messenger Service Window That Contains an Internet Advertisement ...
    (microsoft.public.windowsxp.security_admin)