P
Pete
What is this, It is driving me nuts and I cant stop it.
What do I do. Please help.
What do I do. Please help.
D
dev
Pete said:
Turn on the built-in XP firewall. See HELP & SUPPORT for easy instructions.
Then click START button|ALL|ADMINISTRATIVE|SERVICES. Locate "Messenger",
double-click it and set the Startup type to MANUAL.
Turn on the built-in XP firewall. See HELP & SUPPORT for easy instructions.
Then click START button|ALL|ADMINISTRATIVE|SERVICES. Locate "Messenger",
double-click it and set the Startup type to MANUAL.
J
Jupiter Jones [MVP]
Pete;
These ads are using Messenger Service.
Messenger Service is a valuable tool many use.
Like many tools, it can be exploited.
No need to pay for the fix.
For Messenger Service ads:
You need to install or enable a firewall:
http://support.microsoft.com/?kbid=330904
http://www.microsoft.com/windowsxp/pro/using/howto/communicate/stopspam.asp
Disabling Messenger Service can be a good idea, but it does not solve
the real problem.
The ads are not the real problem, the ads are only a symptom.
The real problem is open ports that allow unwanted traffic into the
computer.
Disabling Messenger does nothing for the open ports.
The firewall controls the traffic.
Internet Connection Firewall will not work if you have AOL.
AOL is not compatible with Windows XP Internet Connection Firewall
(ICF)
If you have AOL, you should contact AOL and/or get a 3rd party
firewall:
http://www.zonelabs.com/store/content/home.jsp
http://www.symantec.com/sabu/nis/npf/
These ads are using Messenger Service.
Messenger Service is a valuable tool many use.
Like many tools, it can be exploited.
No need to pay for the fix.
For Messenger Service ads:
You need to install or enable a firewall:
http://support.microsoft.com/?kbid=330904
http://www.microsoft.com/windowsxp/pro/using/howto/communicate/stopspam.asp
Disabling Messenger Service can be a good idea, but it does not solve
the real problem.
The ads are not the real problem, the ads are only a symptom.
The real problem is open ports that allow unwanted traffic into the
computer.
Disabling Messenger does nothing for the open ports.
The firewall controls the traffic.
Internet Connection Firewall will not work if you have AOL.
AOL is not compatible with Windows XP Internet Connection Firewall
(ICF)
If you have AOL, you should contact AOL and/or get a 3rd party
firewall:
http://www.zonelabs.com/store/content/home.jsp
http://www.symantec.com/sabu/nis/npf/
Q
QuietOne
B
Bruce Chambers
Greetings --
That's not a solution; it's just a "band-aid" (a.k.a. "plaster")
to cover the problem. It fixes nothing.
Bruce Chambers
--
Help us help you:
You can have peace. Or you can have freedom. Don't ever count on
having both at once. -- RAH
That's not a solution; it's just a "band-aid" (a.k.a. "plaster")
to cover the problem. It fixes nothing.
Bruce Chambers
--
Help us help you:
You can have peace. Or you can have freedom. Don't ever count on
having both at once. -- RAH
Q
QuietOne
Hi,
what is your solution for a real fix for the problem.?
Geoff
what is your solution for a real fix for the problem.?
Geoff
S
Shenan T. Stanley
QuietOne said:
It would be to POSSIBLY turn off the Messenger Service, but to DEFINITELY
either use the built in XP firewall or download/install and properly
configure another one.
Turning off the messenger service only stops the messages, the hole they
were slipping through still exists.. The Firewall essentially puts another
wall up between you and the outside world, meaning that they have to dig a
hole through the firewall before they could get to the hole that is already
there on the next wall. heh
B
Bruce Chambers
Greetings --
This type of spam has become quite common over the past year, and
unintentionally serves as a valid security "alert." It demonstrates
that you haven't been taking sufficient precautions while connected to
the Internet. Your data probably hasn't been compromised by these
specific advertisements, but if you're open to this exploit, you may
well be open to other threats, such as the Blaster Worm that recently
swept cross the Internet. Install and use a decent, properly
configured firewall. (Merely disabling the messenger service, as some
people recommend, only hides the symptom, and does almost nothing to
truly secure your machine.) And ignoring or just "putting up with"
the security gap represented by these messages is particularly
foolish.
Messenger Service of Windows
http://support.microsoft.com/default.aspx?scid=KB;en-us;168893
Messenger Service Window That Contains an Internet Advertisement
Appears
http://support.microsoft.com/?id=330904
Stopping Advertisements with Messenger Service Titles
http://www.microsoft.com/windowsxp/pro/using/howto/communicate/stopspam.asp
Blocking Ads, Parasites, and Hijackers with a Hosts File
http://www.mvps.org/winhelp2002/hosts.htm
Oh, and be especially wary of people who advise you to do nothing
more than disable the messenger service. Disabling the messenger
service, by itself, is a "head in the sand" approach to computer
security. The real problem is _not_ the messenger service pop-ups;
they're actually providing a useful, if annoying, service by acting as
a security alert. The true problem is the unsecured computer, and
you've been advised to merely turn off the warnings. How is this
helpful?
Bruce Chambers
--
Help us help you:
You can have peace. Or you can have freedom. Don't ever count on
having both at once. -- RAH
This type of spam has become quite common over the past year, and
unintentionally serves as a valid security "alert." It demonstrates
that you haven't been taking sufficient precautions while connected to
the Internet. Your data probably hasn't been compromised by these
specific advertisements, but if you're open to this exploit, you may
well be open to other threats, such as the Blaster Worm that recently
swept cross the Internet. Install and use a decent, properly
configured firewall. (Merely disabling the messenger service, as some
people recommend, only hides the symptom, and does almost nothing to
truly secure your machine.) And ignoring or just "putting up with"
the security gap represented by these messages is particularly
foolish.
Messenger Service of Windows
http://support.microsoft.com/default.aspx?scid=KB;en-us;168893
Messenger Service Window That Contains an Internet Advertisement
Appears
http://support.microsoft.com/?id=330904
Stopping Advertisements with Messenger Service Titles
http://www.microsoft.com/windowsxp/pro/using/howto/communicate/stopspam.asp
Blocking Ads, Parasites, and Hijackers with a Hosts File
http://www.mvps.org/winhelp2002/hosts.htm
Oh, and be especially wary of people who advise you to do nothing
more than disable the messenger service. Disabling the messenger
service, by itself, is a "head in the sand" approach to computer
security. The real problem is _not_ the messenger service pop-ups;
they're actually providing a useful, if annoying, service by acting as
a security alert. The true problem is the unsecured computer, and
you've been advised to merely turn off the warnings. How is this
helpful?
Bruce Chambers
--
Help us help you:
You can have peace. Or you can have freedom. Don't ever count on
having both at once. -- RAH
J
Jupiter Jones [MVP]
Kevin;
If you notice that article also talks about the firewall.
A properly patched computer is at absolutely no risk with Messenger
Service on or off.
Messenger Service is an annoyance at worst, while the lack of a
firewall leaves the computer vulnerable to many problems.
Disabling Messenger Service should not even be rated as a band aid fix
because it does absolutely nothing to protect you or your computer.
If you notice that article also talks about the firewall.
A properly patched computer is at absolutely no risk with Messenger
Service on or off.
Messenger Service is an annoyance at worst, while the lack of a
firewall leaves the computer vulnerable to many problems.
Disabling Messenger Service should not even be rated as a band aid fix
because it does absolutely nothing to protect you or your computer.
J
John E. Carty
While I agree that a firewall is indeed a neccesity, many also feel
disabling this service is a really good idea
From http://www.pcworld.com/news/article/0,aid,113150,tk,dn102903X,00.asp
Security experts, including Smith, expressed concern about Microsoft's
reluctance to shut down the service, saying that Messenger was not a vital
Windows component and was ripe for exploitation by another Blaster-like
worm.
In recent days, Internet service provider America Online raised the
visibility of the problem by acting unilaterally to disable Windows
Messenger Service on the Windows desktops of 20 million of its users as a
precaution.
disabling this service is a really good idea
From http://www.pcworld.com/news/article/0,aid,113150,tk,dn102903X,00.asp
Security experts, including Smith, expressed concern about Microsoft's
reluctance to shut down the service, saying that Messenger was not a vital
Windows component and was ripe for exploitation by another Blaster-like
worm.
In recent days, Internet service provider America Online raised the
visibility of the problem by acting unilaterally to disable Windows
Messenger Service on the Windows desktops of 20 million of its users as a
precaution.
K
Kevin Davis³
I have always advocated installing and configuring a firewall first.
That is wrong. It does do something to protect your computer. This
service has a known serious vulnerability. Microsoft is also changing
the default installation of XP so that this service is turned OFF.
They would not be doing this for nothing. They would not be doing
this if it "does absolutely nothing to protect your computer".
K
Kevin Davis³
Oh, and don't forget that the Messenger Service would also provide a
useful service to hackers if it is not patched:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms03-043.asp
Setup a firewall first, but if you don't need the Messenger Service,
turn it off. If you need it, patch it. You would also be well
advised to spend $50 and buy a home router.
Be especially wary of people who would insist on having you keep the
Messenger Service on as a "helpful feature" and conveniently
forgetting to inform you that it has a very serious vulnerability that
needs to be patched immediately.
And of particular interest is that Microsoft itself is seriously
reconsidering the role of the Messenger service:
http://www.infoworld.com/article/03/10/28/HNmessengeroff_1.html
S
Shenan T. Stanley
Bruce Chambers said:
Kevin Davis³ said:
Yes. Turning off the Messenger Service does prevent this problem.
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms03-043.asp
However, if you read all of the article, turning off the Messenger Service
is a WORKAROUND - not a fix - to not installing the patch. The first listed
workaround (to not installing the patch) is to install a firewall. Both
have their drawbacks, but only the ones for the "Disabling The Messenger
Service" one are listed:
Impact of Workaround: If the Messenger service is disabled, messages from
the Alerter service (for example notifications from your backup software or
Uninterruptible Power Supply) are not transmitted. If the Messenger service
is disabled, any services that explicitly depend on the Messenger service do
not start, and an error message is logged in the System event log.
So, even Microsoft acknowledges that even for the home user with a UPS or
that uses backup software to copy their data elsewhere may be affected by
this workaround (workaround).
The real FIX is to apply the patch.
The firewall, either way, prevents the messenger service problems. I always
suggest the same thing to users who start seeing popups:
Download, Install, Update and run LavaSoft's AdAware and SpyBot Search and
Destroy.
Install and keep updates an AntiVirus software of your choice.
Keep your Windows machine Patched from http://windowsupdate.microsoft.com/.
Either use the built in firewall or install another one of some sort.
If they do the above diligently, they are less likely than someone
'disabling the messenger service' to have any of the problems we see here on
a daily basis.
All of your arguments are a moot point if you do all of the above - because
you should. I see nothing wrong with disabling the messenger service - but
I see no point in suggesting it as a solution to anything when it is by far
not the BEST solution. There are dozens of services users can turn off..
And if they ask I point them to http://www.blackviper.com and
http://www.reger24.de/prozesse.html. Why would anyone give a partial answer
to a question when they could give a full answer? heh
J
Jupiter Jones [MVP]
Kevin;
Are you sure that Microsoft would not turn it off by default for
absolutely nothing? Why?
It does offer a very limited degree of protection to those computers
lacking recommended protection.
However those same computers are the same computers full of other
security holes left by the user.
Because there is nothing to be gained with a properly protected
computer.
There are defaults for everything.
Many people have complained that it should be off by default to
prevent the Messenger Service ads.
This is largely in response to the customers that do not realize that
a properly patched computer with a properly configured firewall solves
the real issue instead of a bury the head in the sand approach.
The heart of related vulnerabilities is the lack of a firewall which
is always necessary while Messenger Service is a valuable tool for
many and will continue to be.
Are you sure that Microsoft would not turn it off by default for
absolutely nothing? Why?
It does offer a very limited degree of protection to those computers
lacking recommended protection.
However those same computers are the same computers full of other
security holes left by the user.
Because there is nothing to be gained with a properly protected
computer.
There are defaults for everything.
Many people have complained that it should be off by default to
prevent the Messenger Service ads.
This is largely in response to the customers that do not realize that
a properly patched computer with a properly configured firewall solves
the real issue instead of a bury the head in the sand approach.
The heart of related vulnerabilities is the lack of a firewall which
is always necessary while Messenger Service is a valuable tool for
many and will continue to be.
K
Kevin Davis³
I don't think YOU read the first article which is newer than the one
you are commenting on. It says Microsoft is considering disabling the
service by default and more recent information indicates that it is
more than a consideration. It's a done deal. In addition, one of
Microsoft's WORKAROUNDs is setting up a firewall.
Just as I have on multiple posts. If you have been paying attention,
you would know that I don't advocate blindly turning the service off.
That is a real fix ONLY if you need the Messenger Service. Microsoft
has also stated that turning off the Messenger Service is not likely
to affect most users. Microsoft's words, not mine.
You people really don't read my stuff. I don't suggest that disabling
the Messenger Service s a solution to this. I suggest strongly that
AFTER installing and configuring a firewall that one should assess
whether they need the service and if they don't, to turn it off. If
they do, PATCH it because they could be at great risk if they don't.
Relying SOLELY on a software firewall for your protection is not wise.
My big issue at this point is not insisting that everyone should
disable the service. I don't advocate that. My big issue is that
there are several people in the newsgroups who very strongly advise
against disabling the service despite the user's needs and at the same
time refuse to warn the user that this service has a serious
vulnerability that needs patched.
Months ago I warned people to turn off this service if they didn't
need it and I was (and still am) ridiculously accused of having some
ill intent.
K
Kevin Davis³
Because security experts are pressuring them to due to the generally
uselessness (for many people) of the service and it's insecurity. Read
this article:
http://www.infoworld.com/article/03/10/28/HNmessengeroff_1.html
More recent news reports that Microsoft has basically decided to go
ahead and do this.
Offering a very limited protection is not a good tradeoff for running
a service with known serious vulnerability which may have more. No
serious security expert would dream advising to leave on this service
based purely on this.
Having one patch applied to a PC that has 100 vulnerabilities to patch
is more secure than one without any patches. It is, irresponsible,
IMO to offer security advice but to have the attitude of "oh well most
people have tons of unpatched vulnerabilities so we won't tell them to
patch this one". In one sense, this poor attitude more of an argument
to turn off the service. Regardless, people need to be educated to
patch their systems.
You might not realize it but a significant amount of criticism that
Microsoft has been getting from the security community is based on
these defaults which are often a significant cause for an insecure
system. There are other OS's which defaults to having most things off
by default, forcing the user (or applications that require something)
to turn stuff on. Virtually without exception this approach is
strongly preferred by the professional security community. Microsoft
has touted Windows 2003 Server as being very secure. One of the major
changes they made was to have most stuff turned off by default.
You are leaving out something. Turning off unneeded services. It is
not as high priority as a firewall, but the vase majority of security
professionals would agree that this is a needed step in securing your
system. If you read the above link, it states that security experts,
not just dumb users have pressured Microsoft to disable the service by
default.
This implies that I have suggested that disabling the service is only
what I'm advising. I'm advising them to do the same thing you are but
more.
The heart of related vulnerabilities are the vulnerabilities
themselves. Patching those vulnerabilities are just as important as
setting up a firewall. If there were no vulnerabilities and OS
misconfigurations, there would be much less driving need to have a
firewall running.
The Messenger Service is only valuable to someone when they are using
some critical application that requires it. The vast majority of these
applications in the context of home use do not really need to use the
Messenger Service for alerts, that's just the way they choose to do
it. There are other just as easy ways to alert the user via win32
code. The best answer is that these software vendors need to stop
this unneeded use of this service and implement something else.
Hopefully Microsoft's move to disable the service by default will
encourage this. Although these vendors might stupidity decide to
programmatically enable the service when installed.