query re unpnp.exe

  • Thread starter Thread starter Jason Wade
  • Start date Start date
J

Jason Wade

A guy named Steve Gibson has created some programs that
help secure winxp systems. One program is unpnp.exe
(disables Universal Plug and Play).

Before I run this program, or any of Steve's programs,
I want to be sure that they are not trojans or malware
of any type.

So, if anyone has used this program, please tell me
what you know about it. I got this program from
http://grc.com/unpnp/unpnp.htm
 
Jason said:
A guy named Steve Gibson has created some programs that
help secure winxp systems. One program is unpnp.exe
(disables Universal Plug and Play).

Before I run this program, or any of Steve's programs,
I want to be sure that they are not trojans or malware
of any type.

So, if anyone has used this program, please tell me
what you know about it. I got this program from
http://grc.com/unpnp/unpnp.htm
Click to expand...

Legit, "good guy"

J
 
A guy named Steve Gibson has created some programs that
help secure winxp systems. One program is unpnp.exe
(disables Universal Plug and Play).

Before I run this program, or any of Steve's programs,
I want to be sure that they are not trojans or malware
of any type.

So, if anyone has used this program, please tell me
what you know about it. I got this program from
http://grc.com/unpnp/unpnp.htm
Click to expand...

Don't worry about it. Unless his site has been hacked recently, his
programs are fine.


Art
http://www.epix.net/~artnpeg
 
Jason said:
A guy named Steve Gibson has created some programs that
help secure winxp systems. One program is unpnp.exe
(disables Universal Plug and Play).

Before I run this program, or any of Steve's programs,
I want to be sure that they are not trojans or malware
of any type.

So, if anyone has used this program, please tell me
what you know about it. I got this program from
http://grc.com/unpnp/unpnp.htm
Click to expand...

There is a known security vulnerability in the Universal Plug and Play
service in Windows 2000/XP. "unpnp.exe" safely disables this service.
 
It might be Legit by Steve Gibson is a fear monger and is not really a good guy. At best
the site is OK.
The info. provided on uPnP at GRC.Com is old and is no longer valid.

Dave




| Jason Wade wrote:
| >
| > A guy named Steve Gibson has created some programs that
| > help secure winxp systems. One program is unpnp.exe
| > (disables Universal Plug and Play).
| >
| > Before I run this program, or any of Steve's programs,
| > I want to be sure that they are not trojans or malware
| > of any type.
| >
| > So, if anyone has used this program, please tell me
| > what you know about it. I got this program from
| > http://grc.com/unpnp/unpnp.htm
|
| Legit, "good guy"
|
| J
| --
| Replies to: Njk04s_130_p(at)Ojuno(dot)Tcom
 
Really ?
Pease show me a recent URL fro the CIAC or other credible source indicating the problems
with uPnP under WinXP.

I make you a bet you can't find *any* information on a security vulnerability for uPnP on
Win2K!

Dave




| Jason Wade wrote:
| > A guy named Steve Gibson has created some programs that
| > help secure winxp systems. One program is unpnp.exe
| > (disables Universal Plug and Play).
| >
| > Before I run this program, or any of Steve's programs,
| > I want to be sure that they are not trojans or malware
| > of any type.
| >
| > So, if anyone has used this program, please tell me
| > what you know about it. I got this program from
| > http://grc.com/unpnp/unpnp.htm
|
| There is a known security vulnerability in the Universal Plug and Play
| service in Windows 2000/XP. "unpnp.exe" safely disables this service.
|
|
 
It might be Legit by Steve Gibson is a fear monger and is not really a good guy.
Click to expand...

Not a "good guy"? Marketing hype oriented and a bit logically
inconsistent, but I've never heard of him accused of being a "bad
guy".
At best
the site is OK.
The info. provided on uPnP at GRC.Com is old and is no longer valid.
Click to expand...

Perhaps, but his unpnp is useful for closing port 5000 on Win ME.
Dave




| Jason Wade wrote:
| >
| > A guy named Steve Gibson has created some programs that
| > help secure winxp systems. One program is unpnp.exe
| > (disables Universal Plug and Play).
| >
| > Before I run this program, or any of Steve's programs,
| > I want to be sure that they are not trojans or malware
| > of any type.
| >
| > So, if anyone has used this program, please tell me
| > what you know about it. I got this program from
| > http://grc.com/unpnp/unpnp.htm
|
| Legit, "good guy"
|
| J
| --
| Replies to: Njk04s_130_p(at)Ojuno(dot)Tcom
Click to expand...

Art
http://www.epix.net/~artnpeg
 
David H. Lipman wrote:
[correcting malformed usenet article]
news:z1whc.61867$aD.25653@edtnps89... [snip]
| There is a known security vulnerability in the Universal Plug and Play
| service in Windows 2000/XP. "unpnp.exe" safely disables this service.
|
Really ?
Pease show me a recent URL fro the CIAC or other credible source indicating the problems
with uPnP under WinXP.
Click to expand...

http://www.ciac.org/ciac/bulletins/m-030.shtml ...

not all that recent, but bugs don't magically disappear over time, not
everyone plays patchwork roulette, and when all is said and done if you
don't really need service X you probably shouldn't be running service X...
 
<> Pease show me a recent URL fro the CIAC or other credible source
indicating the problems with uPnP under WinXP.>

is http://www.microsoft.com/technet/security/bulletin/MS01-059.mspx

credible enough for you?

http://www.securityfocus.com/infocus/1548 is also a useful explanation

and CIAC says..."Microsoft's implementation of the UPNP (Universal Plug and
Play) protocol can result in an attacker gaining remote system level access
to any default installation of Windows XP"

http://www.ciac.org/ciac/bulletins/m-030.shtml

Describing Steve Gibson as a scaremonger is a bit vacant as he was one of
the first to have identified the raw socket issues which many later sources
verified. The key benefit of using the GRC patch over that of the MS patch
is that it can, should the need arise, be switched on and off.

I think your axe grinding got in the way of providing impartial advice

polly
 
It might be Legit by Steve Gibson is a fear monger and is not
really a good guy. At best the site is OK.
The info. provided on uPnP at GRC.Com is old and is no longer
valid.
Click to expand...

What's changed with UPnP?
 
I happen to like TCP port 5000 and uPnP on Win98, WinME and WinXP. But I also use uPnP
complaint Routers.

I won't say Gibson is a "bad guy." Just not a true "good guy." I still think of him as
selling SpinRite for MFM/RLL hard disks when there were free utilities. Somehow he went
from a utility for optimizing the MFM/RLL hard disks to security.

He's a scare monger and I'll stick with the CIAC and the various CERTS.

Dave




| On Wed, 21 Apr 2004 16:40:57 -0400, "David H. Lipman"
|
| >It might be Legit by Steve Gibson is a fear monger and is not really a good guy.
|
| Not a "good guy"? Marketing hype oriented and a bit logically
| inconsistent, but I've never heard of him accused of being a "bad
| guy".
|
| >At best
| >the site is OK.
| >The info. provided on uPnP at GRC.Com is old and is no longer valid.
|
| Perhaps, but his unpnp is useful for closing port 5000 on Win ME.
|
| >Dave
| >
| >
| >
| >
| >| Jason Wade wrote:
| >| >
| >| > A guy named Steve Gibson has created some programs that
| >| > help secure winxp systems. One program is unpnp.exe
| >| > (disables Universal Plug and Play).
| >| >
| >| > Before I run this program, or any of Steve's programs,
| >| > I want to be sure that they are not trojans or malware
| >| > of any type.
| >| >
| >| > So, if anyone has used this program, please tell me
| >| > what you know about it. I got this program from
| >| > http://grc.com/unpnp/unpnp.htm
| >|
| >| Legit, "good guy"
| >|
| >| J
| >| --
| >| Replies to: Njk04s_130_p(at)Ojuno(dot)Tcom
| >
|
| Art
| http://www.epix.net/~artnpeg
 
Only WinME was affected and a patch was released a long time ago. WinXP was release with a
patched version of uPnP. If I'm not mistaken, the uPnP Working Group is getting ready to
ratify a new version, (uPnP v2.0 ?)

Dave




| <|
| > It might be Legit by Steve Gibson is a fear monger and is not
| > really a good guy. At best the site is OK.
| > The info. provided on uPnP at GRC.Com is old and is no longer
| > valid.
|
| What's changed with UPnP?
|
| --
| »Q«
 
I said recent. That's old stuff and was patched. Considering RPC/RPCSS Vulnerabilities and
subsequent exploits, it doesn't compare.

I see you couldn't find *anything* related to Win2K and uPnP and I knew know one would :-)

Now in respect to Lovsan/Blaster and Nachi/Welchia - What Internet worms do you know of
exploit uPnP vulnerabilities?

Dave




| <> Pease show me a recent URL fro the CIAC or other credible source
| indicating the problems with uPnP under WinXP.>
|
| is http://www.microsoft.com/technet/security/bulletin/MS01-059.mspx
|
| credible enough for you?
|
| http://www.securityfocus.com/infocus/1548 is also a useful explanation
|
| and CIAC says..."Microsoft's implementation of the UPNP (Universal Plug and
| Play) protocol can result in an attacker gaining remote system level access
| to any default installation of Windows XP"
|
| http://www.ciac.org/ciac/bulletins/m-030.shtml
|
| Describing Steve Gibson as a scaremonger is a bit vacant as he was one of
| the first to have identified the raw socket issues which many later sources
| verified. The key benefit of using the GRC patch over that of the MS patch
| is that it can, should the need arise, be switched on and off.
|
| I think your axe grinding got in the way of providing impartial advice
|
| polly
|
|
| | > Really ?
| > Pease show me a recent URL fro the CIAC or other credible source
| indicating the problems
| > with uPnP under WinXP.
| >
| > I make you a bet you can't find *any* information on a security
| vulnerability for uPnP on
| > Win2K!
| >
| > Dave
| >
| >
| >
| >
| > | > | Jason Wade wrote:
| > | > A guy named Steve Gibson has created some programs that
| > | > help secure winxp systems. One program is unpnp.exe
| > | > (disables Universal Plug and Play).
| > | >
| > | > Before I run this program, or any of Steve's programs,
| > | > I want to be sure that they are not trojans or malware
| > | > of any type.
| > | >
| > | > So, if anyone has used this program, please tell me
| > | > what you know about it. I got this program from
| > | > http://grc.com/unpnp/unpnp.htm
| > |
| > | There is a known security vulnerability in the Universal Plug and Play
| > | service in Windows 2000/XP. "unpnp.exe" safely disables this service.
| > |
| > |
| >
| >
|
|
 
That was supposed to be...
"I see you couldn't find *anything* related to Win2K and uPnP and I knew no one would :-)"

Dave
 
Back
Top