Re: messenger service
From: Bruce Chambers (bchambers_at_nospamcableone.net)
Date: 03/03/04
- Next message: Bruce Chambers: "Re: messenger service"
- Previous message: !Frank!: "Windows XP and Hard Disc Partitions"
- In reply to: Grinder: "Re: messenger service"
- Next in thread: Spinner: "Re: messenger service"
- Reply: Spinner: "Re: messenger service"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 2 Mar 2004 20:57:43 -0700
Greetings --
The better solution, as I've said, is to install and use a
firewall. If the OP is on-line long enough to receive messenger
service spams, then he's been connected more than long enough to have
contracted Blaster, Welchia, or any worms that exploit the same ports
messenger service uses. It doesn't matter whether he has a dial-up
connection or broadband; it only takes a few milliseconds of exposure.
Merely advising turning off the Messenger Service to eliminate
Messenger Service spam, which is annoying but harmless, in and of
itself, is the sort of advice that I find dangerous. The problem is
that turning off the Messenger Service does _not_ block the wide open
TCP and UDP ports that the spammers used to deliver the spam to the
Messenger Service for display. With the Messenger Service disabled,
those spam deliveries are still continuing, but they're simply not
being displayed. It really is exactly like pulling the battery out of
a noisy smoke detector to silence it, rather than looking for and
eliminating the source of the smoke that set it off.
The danger of this "treat the symptoms" approach has been more
than aptly demonstrated by the advent of the W32.Blaster.Worm, the
W32.Welchia.Worm, and their variants. These worms attack PCs via some
of the very same open ports that the Messenger Service uses. Need I
mention how many hundreds of thousands of PCs have been infected by
these worms since last August? To date, according to my records, I
have personally responded to over 800 Usenet posts concerning
Blaster/Welchia infections since last August, and I can't possibly
have seen and replied to every one that there's been posted in this
period.
Now, how many of those infected with Blaster/Welchia had turned
off the Messenger Service to hide spam? I can't say, and I don't
think anyone can. What I can say with absolutely certainty is that if
they'd all had a properly configured firewall in place, they would
have blocked the annoying spam _and_ been safe from a great many other
dangers, particularly Blaster/Welchia.
There are several essential components to computer security: a
knowledgeable and pro-active user, a properly configured firewall,
reliable and up-to-date antivirus software, and the prompt repair (via
patches, hotfixes, or service packs) of any known vulnerabilities.
The weak link in this "equation" is, of course, the computer user.
All too many people have bought into the various PC/software
manufacturers marketing claims of easy computing. They believe that
their computer should be no harder to use than a toaster oven; they
have neither the inclination or desire to learn how to safely use
their computer. All too few people keep their antivirus software
current, install patches in a timely manner, or stop to really think
about that cutesy link they're about to click. Therefore, I (and
anyone who's thought about the matter) always recommend the use of a
firewall. Naturally, properly configuring a firewall requires an
investment of time and effort that most people won't give, but even
the default settings of the firewall will offer more automatic
protection than is currently present.
Now, as for the Messenger Service itself, it generally doesn't
hurt any thing to turn it off, although I never recommend doing so.
Granted, the service is of little or no use to most home PC users
(Although I've had uses for it on my home LAN.), and turning off
unnecessary services is part of any standard computer security
protocol. However, I feel that the potential benefits of leaving the
Messenger Service enabled out-weigh any as-yet-theoretical risks that
it presents. It will indirectly let the computer user know that
his/her firewall has failed by displaying the Messenger Service spam.
Think of it as the canary that miners used to take down into the
mineshafts with them. There are others, of course, who disagree with
me on this point and advise turning off the service because it isn't
needed; you'll have to make up your own mind here.
Bruce Chambers
-- Help us help you: http://dts-l.org/goodpost.htm http://www.catb.org/~esr/faqs/smart-questions.html You can have peace. Or you can have freedom. Don't ever count on having both at once. -- RAH "Grinder" <grinder@no.spam.maam.net> wrote in message news:e9QXhoMAEHA.3940@TK2MSFTNGP11.phx.gbl... > > > I here what you saying, but your analogy is hyperbolic. The > messenger > service for most users is non-essential. Given that Chris remarked > that he > gets these messages when he "is on the net," I made the calculated > guess > that he was a dial-up user, unattached to a system administrator > that would > need to send him messages. > > I felt that disabling this feature would not increase his risk of > being > burned alive, and would be more adequate than barking "secure your > system" > at him. Please feel free to offer Chris a more competent solution. > > >
- Next message: Bruce Chambers: "Re: messenger service"
- Previous message: !Frank!: "Windows XP and Hard Disc Partitions"
- In reply to: Grinder: "Re: messenger service"
- Next in thread: Spinner: "Re: messenger service"
- Reply: Spinner: "Re: messenger service"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
