Q. Some Internet bug stopped by diabling the Messenger Service

[George]

Hi,

I was getting a few pop-ups, while surfing the web. These weren't your
normal Internet pop-ups. They were more like system-looking pop-ups,
that were grey, with black text, that would make one think was being
generated from the Windows environment.

They ARE NOT. They are spam, like most everything else on the web.
BUT, these were a real paint to get rid of. They would pop up about
every 15 minutes or so.

I don't wish to say which sites they were spamming for, as I realized
part of their ploy was to promote the site, first by invading the
machines, and 2nd by people filling the newsgroups with complaints
about them, enabling more traffic to their site.

So, I stopped my Windows 2000 messenger service, and so far, the
messages stopped.

I would just like to know if anything bad can happen as a result of my
having completely 'disabled' the service, or if I should expect
something to not work.
Thanks, George

 

[Bruce Chambers]

Hi,

I was getting a few pop-ups, while surfing the web. These weren't your
normal Internet pop-ups. They were more like system-looking pop-ups,
that were grey, with black text, that would make one think was being
generated from the Windows environment.

They ARE NOT. They are spam, like most everything else on the web.
BUT, these were a real paint to get rid of. They would pop up about
every 15 minutes or so.

I don't wish to say which sites they were spamming for, as I realized
part of their ploy was to promote the site, first by invading the
machines, and 2nd by people filling the newsgroups with complaints
about them, enabling more traffic to their site.

So, I stopped my Windows 2000 messenger service, and so far, the
messages stopped.

I would just like to know if anything bad can happen as a result of my
having completely 'disabled' the service, or if I should expect
something to not work.
Thanks, George

This type of spam has become quite common over the last couple of
years, and unintentionally serves as a valid security "alert." It
demonstrates that you haven't been taking sufficient precautions while
connected to the Internet. Your data probably hasn't been compromised
by these specific advertisements, but if you're open to this exploit,
you may well be open to other threats, such as the Blaster and Welchia
Worms that swept across the Internet last year and the currently active
Sasser Worm. Install and use a decent, properly configured firewall.
(Merely disabling the messenger service, as some people recommend, only
hides the symptom, and does little or nothing to truly secure your
machine.) And ignoring or just "putting up with" the security gap
represented by these messages is particularly foolish.

Messenger Service of Windows
http://support.microsoft.com/default.aspx?scid=KB;en-us;168893

Messenger Service Window That Contains an Internet Advertisement
Appears
http://support.microsoft.com/?id=330904

Stopping Advertisements with Messenger Service Titles
http://www.microsoft.com/windowsxp/pro/using/howto/communicate/stopspam.asp

Blocking Ads, Parasites, and Hijackers with a Hosts File
http://www.mvps.org/winhelp2002/hosts.htm

Oh, and be especially wary of people who advise you to do nothing
more than disable the messenger service. Disabling the messenger
service, by itself, is a "head in the sand" approach to computer
security. The real problem is not the messenger service pop-ups;
they're actually providing a useful, if annoying, service by acting as a
security alert. The true problem is the unsecured computer, and you've
been advised to merely turn off the warnings. How is this helpful?

Now, as for the Messenger Service itself, it generally doesn't
hurt any thing to turn it off, although I never recommend doing so.
Granted, the service is of little or no use to most home PC users
(Although I've had uses it on my home LAN.), and turning off
unnecessary services is part of any standard computer security
protocol. However, I feel that the potential benefits of leaving the
Messenger Service enabled out-weigh any as-yet-theoretical risks that
it presents. It will indirectly let the computer user know that
his/her firewall has failed by displaying the Messenger Service spam.
Think of it as the canary that miners used to take down into the
mineshafts with them. There are others, of course, who disagree with
me on this point and advise turning off the service because it isn't
needed; you'll have to make up your own mind here.


--

Bruce Chambers

Help us help you:



You can have peace. Or you can have freedom. Don't ever count on having
both at once. - RAH

 

[George]

This type of spam has become quite common over the last couple of
years, and unintentionally serves as a valid security "alert." It
demonstrates that you haven't been taking sufficient precautions while
connected to the Internet. Your data probably hasn't been compromised
by these specific advertisements, but if you're open to this exploit,
you may well be open to other threats, such as the Blaster and Welchia
Worms that swept across the Internet last year and the currently active
Sasser Worm. Install and use a decent, properly configured firewall.
(Merely disabling the messenger service, as some people recommend, only
hides the symptom, and does little or nothing to truly secure your
machine.) And ignoring or just "putting up with" the security gap
represented by these messages is particularly foolish.

Messenger Service of Windows
http://support.microsoft.com/default.aspx?scid=KB;en-us;168893

Messenger Service Window That Contains an Internet Advertisement
Appears
http://support.microsoft.com/?id=330904

Stopping Advertisements with Messenger Service Titles
http://www.microsoft.com/windowsxp/pro/using/howto/communicate/stopspam.asp

Blocking Ads, Parasites, and Hijackers with a Hosts File
http://www.mvps.org/winhelp2002/hosts.htm

Oh, and be especially wary of people who advise you to do nothing
more than disable the messenger service. Disabling the messenger
service, by itself, is a "head in the sand" approach to computer
security. The real problem is not the messenger service pop-ups;
they're actually providing a useful, if annoying, service by acting as a
security alert. The true problem is the unsecured computer, and you've
been advised to merely turn off the warnings. How is this helpful?

Now, as for the Messenger Service itself, it generally doesn't
hurt any thing to turn it off, although I never recommend doing so.
Granted, the service is of little or no use to most home PC users
(Although I've had uses it on my home LAN.), and turning off
unnecessary services is part of any standard computer security
protocol. However, I feel that the potential benefits of leaving the
Messenger Service enabled out-weigh any as-yet-theoretical risks that
it presents. It will indirectly let the computer user know that
his/her firewall has failed by displaying the Messenger Service spam.
Think of it as the canary that miners used to take down into the
mineshafts with them. There are others, of course, who disagree with
me on this point and advise turning off the service because it isn't
needed; you'll have to make up your own mind here.


--

Bruce Chambers

Help us help you:



You can have peace. Or you can have freedom. Don't ever count on having
both at once. - RAH

Bruce,

Thank you for your prompt response. You have provided good detail, and
some sites I've not yet checked out, as well as a couple questions I'd
like to address.

First, the previous installation of Win2k was about a year old, with
absolutely no protection other than the patches from Microsoft (and
SP4). Second: These system pop ups are only a couple days old.

I had recently decided to wipe the system as my C: drive was nearly
full. I've taken care of that with the new install.

OK, you asked "How is that helpful?" (regarding turrning the messenger
service off).

Quite frankly, if that service wasn't on there, in the first place,
there wouldn't be an avenue for these foreign garbage to get in there.

Like spam email, for which my email l service allows me a myriad of
filtering options, these 'foolish' services are what I plan to filter
out, in the same way, to fix the pop up problem.

System invasion is not going away. It provides intellectual
satisfaction for certain people, as well as an industry spawned by
such activity.

I'm not going to be a Joe Blow doesn't know, and go out, or order
every protection under the sun, and continually read sites and white
papers the rest of my life, just to ward off a few nuisances. I have
much better things to do, and find that my way of dealing with it, by
turniong off he service allows me to return to my productivity much
sooner.

Again, thanks for the info, and I hope I've provided as good an answer
for your qeustion, as you have mine.

George

..