Re: Fraudulent use of Microsoft name

From: Greg R (webworm12_at_yes.hotmail.com)
Date: 05/28/04 

Date: Fri, 28 May 2004 11:10:42 -0500

Never thought of using Messeger as a port tester for the firewall.
Does the Alerter service have to be on as well?

Greg R

>On Fri, 28 May 2004 06:59:12 -0600, "Bruce Chambers" <bchambers@nospamcableone.net> wrote:

>Greetings --
>
> Merely advising turning off the Messenger Service to eliminate
>Messenger Service spam, which is annoying but harmless, in and of
>itself, is the sort of advice that I find dangerous. The problem is
>that turning off the Messenger Service does _not_ block or close the
>wide open TCP and UDP ports that the spammers used to deliver the spam
>to the Messenger Service for display. With the Messenger Service
>disabled, those spam deliveries are still continuing, but they're
>simply not being displayed. It really is exactly like pulling the
>battery out of a noisy smoke detector to silence it, rather than
>looking for and eliminating the source of the smoke that set it off.
>
> The danger of this "treat the symptoms" approach has been more
>than aptly demonstrated by the advent of the W32.Blaster.Worm, the
>W32.Welchia.Worm, the W32.Sasser.Worm, and their variants. These
>worms attack PCs via some of the very same open ports that the
>Messenger Service uses. Need I mention how many hundreds of thousands
>of PCs have been infected by these worms since last August? To date,
>according to my records, I have personally responded to well over 1100
>Usenet posts concerning Blaster/Welchia and Sasser infections since
>last August, and I can't possibly have seen and replied to every one
>that there's been posted in this period.
>
> Now, how many of those infected with Blaster/Welchia had turned
>off the Messenger Service to hide spam? I can't say, and I don't
>think anyone can. What I can say with absolutely certainty is that if
>they'd all had a properly configured firewall in place, they would
>have blocked the annoying spam _and_ been safe from a great many other
>dangers, particularly Blaster/Welchia/Sasser.
>
> There are several essential components to computer security: a
>knowledgeable and pro-active user, a properly configured firewall,
>reliable and up-to-date antivirus software, and the prompt repair (via
>patches, hotfixes, or service packs) of any known vulnerabilities. The
>weak link in this "equation" is, of course, the computer user. All
>too many people have bought into the various PC/software manufacturers
>marketing claims of easy computing. They believe that their computer
>should be no harder to use than a toaster oven; they have neither the
>inclination or desire to learn how to safely use their computer. All
>too few people keep their antivirus software current, install patches
>in a timely manner, or stop to really think about that cutesy link
>they're about to click. Therefore, I (and anyone who's thought about
>the matter) always recommend the use of a
>firewall. Naturally, properly configuring a firewall requires an
>investment of time and effort that most people won't give, but even
>the default settings of the firewall will offer more automatic
>protection than is currently present.
>
> Now, as for the Messenger Service itself, it generally doesn't
>hurt any thing to turn it off, as long as the antivirus application
>installed doesn't need its dependent Alerter service, although I never
>recommend doing so. Granted, the service is of little or no use to
>most home PC users (Although I've had uses for it on my home LAN.),
>and turning off unnecessary services is part of any standard computer
>security protocol. However, I feel that the potential benefits of
>leaving the Messenger Service enabled out-weigh any as-yet-theoretical
>risks that it presents. It will indirectly let the computer user know
>that his/her firewall has failed by displaying the Messenger Service
>spam. Think of it as the canary that miners used to take down into the
>mineshafts with them to detect poison gases. There are others, of
>course, who disagree with me on this point and advise turning off the
>service because it isn't needed; you'll have to make up your own mind
>here.
>
>
>Bruce Chambers

Relevant Pages

  • Re: Another source other than KRNIC?
    ... If you are talking about windoze messenger spam, ... drop UDP to those ports. ... logging to see what's out there, but the firewall is working, so who cares. ...
    (comp.security.firewalls)
  • Re: Annoying Pop Ups
    ... and unasked-for packets on the same ports. ... for a clear guide on how to enable the firewall in your machine. ... It'll allow you to keep Messenger Service ... Cedar Park TX 78613-1419 | WFTPD, WFTPD Pro are Windows FTP servers. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: messenger service
    ... messenger service uses. ... TCP and UDP ports that the spammers used to deliver the spam to the ... Blaster/Welchia infections since last August, ... they'd all had a properly configured firewall in place, ...
    (microsoft.public.windowsxp.general)
  • Re: Messenger Service Popups
    ... > If they say messenger service in the title bar, ... What you should do is install a good firewall that will ... > block the ports the spammers use and stop the ads. ... > disabling the service will not block the open netbios ports. ...
    (microsoft.public.windowsxp.general)
  • Re: Messenger Service (not the instant messenger)
    ... It started before I managed to download a firewall, and I logged on to the internet to update norton virus definitions so I guess my computer was a bit vulnerable then. ... The popups come with the header 'Messenger Service'. ... Alternatively, you can upgrade your WinXP to SP2, to install IE's pop-up blocker. ... No software manufacturer can -- nor should they be expected to -- protect the computer user from him/herself. ...
    (microsoft.public.windowsxp.general)