Re: Messenger Service (not the instant messenger)
- From: anneliese <anneliese@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Sun, 19 Jun 2005 11:54:54 -0700
I just finished reading your post so I gather that turning it off is not a
good idea. However, I'm using Sygate Personal Firewall but I don't see why
it's not blocking the popups?
"Bruce Chambers" wrote:
> Dr. Indera wrote:
> > hello,
> >
> > i know that the rule of thumb is to turn this service off at home, which i
> > did, but i can't remember why.
>
>
> The only applicable "rule of thumb" that might apply to disabling the
> messenger service is the general principle of disabling services that
> are not used or needed. Or are you referring to those posts where
> misinformed individuals erroneously recommend disabling the messenger
> service as a security measure?
>
>
> > is it to prevent receiving pop-ups even if you have pop-up blocker software
> > installed or is it something else?
> >
> > thank you.
>
>
> The only thing turning off the messenger services does, beyond freeing
> an insignificantly minuscule amount of system resources, is disable a
> crude sort of security warning that your firewall has failed.
>
> There is a type of spam that exploits the messenger service, but this
> is also blocked by a properly configured firewall.
>
> Messenger Service of Windows
> http://support.microsoft.com/default.aspx?scid=KB;en-us;168893
>
> Messenger Service Window That Contains an Internet Advertisement
> Appears
> http://support.microsoft.com/?id=330904
>
> Stopping Advertisements with Messenger Service Titles
> http://www.microsoft.com/windowsxp/pro/using/howto/communicate/stopspam.asp
>
> Blocking Ads, Parasites, and Hijackers with a Hosts File
> http://www.mvps.org/winhelp2002/hosts.htm
>
> Whichever firewall you decide upon, be sure to ensure UP ports 135,
> 137, and 138 and TCP ports 135, 139, and 445 are all blocked. You
> may also disable Inbound NetBIOS over TCP/IP). You'll have
> to follow the instructions from firewall's manufacturer for the
> specific steps.
>
> You can test your firewall at:
>
> Symantec Security Check
> http://security.symantec.com/ssc/vr_main.asp?langid=ie&venid=sym&plfid=23&pkj=GPVHGBYNCJEIMXQKCDT
>
> Security Scan - Sygate Online Services
> http://www.sygatetech.com/
>
> The problem is that turning off the Messenger Service does *not*
> block the wide open TCP and UDP ports that the spammers used to
> deliver the spam to the Messenger Service for display. With the
> Messenger Service disabled, those spam deliveries are still
> continuing, but they're simply not being displayed. It's like pulling
> the battery out of a noisy smoke detector to silence it, rather than
> looking for and eliminating the source of the smoke that set it off.
>
> The danger of this "treat the symptoms" approach has been more
> than aptly demonstrated by the advent of the W32.Blaster.Worm, the
> W32.Welchia.Worm, the W32.Sasser. Worm, and their variants. These
> worms attack PCs via some of the very same open ports that the
> Messenger Service uses. Need I mention how many hundreds of thousands
> of PCs have been infected by these worms since August of 2003? To date,
> according to my records, I have personally responded to over 1000
> Usenet posts concerning Blaster/Welchia/Sasser infections since last
> then, and I can't possibly have seen and replied to every one that
> there's been posted in this period.
>
> Now, how many of those infected with Blaster/Welchia had turned
> off the Messenger Service to hide spam? I can't say, and I don't
> think anyone can. What I can say with absolutely certainty is that if
> they'd all had a properly configured firewall in place, they would
> have blocked the annoying spam _and_ been safe from a great many other
> dangers, particularly Blaster/Welchia/Sasser.
>
> Of course, like the Messenger Service Buffer Overrun threat, there
> is also a patch available to fix a PC's vulnerability to
> Blaster/Welchia, which was available to the general public a full
> month before the first instances of Blaster/Welchia "in the wild." If
> people learned to stay aware of computer security issues and updated
> their systems as needed, a whole lot of grief could have been avoided.
> The problem with relying upon patches, however, is that they're
> sometimes not available until _after_ the exploit has become
> wide-spread. Antivirus software suffers from this same weakness; it's
> simply not always possible to provide protection from threats that
> have not yet been developed and/or discovered. Both approaches, while
> important, are re-active in nature.
>
> There are several essential components to computer security: a
> knowledgeable and pro-active user, a properly configured firewall,
> reliable and up-to-date antivirus software, and the prompt repair (via
> patches, hotfixes, or service packs) of any known vulnerabilities.
> The weak link in this "equation" is, of course, the computer user.
> All too many people have bought into the various PC/software
> manufacturers marketing claims of easy computing. They believe that
> their computer should be no harder to use than a toaster oven; they
> have neither the inclination or desire to learn how to safely use
> their computer. All to few people keep their antivirus software
> current, install patches in a timely manner, or stop to really think
> about that cutesy link they're about to click. Therefore, I (and
> anyone who's thought about the matter) always recommend the use of a
> firewall. Naturally, properly configuring a firewall requires an
> investment of time and effort that most people won't give, but even
> the default settings of the firewall will offer more automatic
> protection than is currently present.
>
> Now, as for the Messenger Service itself, it generally doesn't
> hurt any thing to turn it off, although I never recommend doing so.
> Granted, the service is of little or no use to most home PC users
> (Although I've had uses it on my home LAN.), and turning off
> unnecessary services is part of any standard computer security
> protocol. However, I feel that the potential benefits of leaving the
> Messenger Service enabled out-weigh any as-yet-theoretical risks that
> it presents. It will indirectly let the computer user know that
> his/her firewall has failed by displaying the Messenger Service spam.
> Think of it as the canary that miners used to take down into the
> mine shafts with them. There are others, of course, who disagree with
> me on this point and advise turning off the service because it isn't
> needed; you'll have to make up your own mind here.
>
>
>
> --
>
> Bruce Chambers
>
> Help us help you:
> http://dts-l.org/goodpost.htm
> http://www.catb.org/~esr/faqs/smart-questions.html
>
> You can have peace. Or you can have freedom. Don't ever count on having
> both at once. - RAH
>
.
- Follow-Ups:
- Re: Messenger Service (not the instant messenger)
- From: Bruce Chambers
- Re: Messenger Service (not the instant messenger)
- From: George Hester
- Re: Messenger Service (not the instant messenger)
- References:
- Messenger Service (not the instant messenger)
- From: Dr. Indera
- Re: Messenger Service (not the instant messenger)
- From: Bruce Chambers
- Messenger Service (not the instant messenger)
- Prev by Date: Re: Admin tools
- Next by Date: Re: Event Viewer Entries - LoadPerf
- Previous by thread: Re: Messenger Service (not the instant messenger)
- Next by thread: Re: Messenger Service (not the instant messenger)
- Index(es):
Relevant Pages
|
