Pop up from Messenger Service

[Guest]

How do I stop these pop ups telling me my computer is affected Buffer overrun in Messenger Service could allow cod execution (828035) and to type www.winpatch.ne into my browser and click ok. the message is from MSOFT

Thank You

 

[Lance Joiner]

Try this link..
http://www.grc.com/stm/shootthemessenger.htm

How do I stop these pop ups telling me my computer is affected Buffer

overrun in Messenger Service could allow cod execution (828035) and to type
www.winpatch.ne into my browser and click ok. the message is from MSOFT.

 

[Jupiter Jones [MVP]]

Lance;
BAD fix or actually no fix at all.
You stop the symptom and leave the computer vulnerable without the
real fix which is a firewall.
See my other post this thread.

 

[Jupiter Jones [MVP]]

Deborah;
These messages are NOT from Microsoft.
These ads are using Messenger Service.
Messenger Service is a valuable tool many use.
Like many tools, it can be exploited.

No need to pay for the fix.
For Messenger Service ads:
You need to install or enable a firewall:
http://support.microsoft.com/?kbid=330904
http://www.microsoft.com/windowsxp/pro/using/howto/communicate/stopspam.asp
Disabling Messenger Service can be a good idea, but it does not solve
the real problem.
The ads are not the real problem, the ads are only a symptom.
The real problem is open ports that allow unwanted traffic into the
computer.
Disabling Messenger does nothing for the open ports.
The firewall controls the traffic.

Internet Connection Firewall will not work if you have AOL.
AOL is not compatible with Windows XP Internet Connection Firewall
(ICF)
If you have AOL, you should contact AOL and/or get a 3rd party
firewall:
http://www.zonelabs.com/store/content/home.jsp
http://www.symantec.com/sabu/nis/npf/

Disable Messenger Service:
Start/Control Panel, click Administrative Tools, double click
Services.
Go down to "Messenger".
Right click "Messenger" and select Properties.
Then under Start-up select DISABLE
Click OK and follow prompts

--
Jupiter Jones [MVP]
http://www3.telus.net/dandemar/

How do I stop these pop ups telling me my computer is affected

Buffer overrun in Messenger Service could allow cod execution (828035)
and to type www.winpatch.ne into my browser and click ok. the message
is from MSOFT.

 

[Kevin Davis³]

Deborah;
These messages are NOT from Microsoft.
These ads are using Messenger Service.
Messenger Service is a valuable tool many use.
Like many tools, it can be exploited.

A quote from Microsoft:

"If you have Windows XP at home or in a small office that you manage
yourself, you should disable the Messenger Service."

Source:

http://www.microsoft.com/WindowsXP/pro/using/howto/communicate/stopspam.asp

 

[Bruce Chambers]

Greetings --

These messages are _not_ from Microsoft. Rather, they're from a
very unscrupulous "business." It's a scam, plain and simple. They're
trying to sell you patches that Microsoft provides free-of-charge.
They're also demonstrating that
your PC in very unsecure.

Does the title bar of these pop-ups read "Messenger Service?"

This type of spam has become quite common over the past year or
so, and unintentionally serves as a valid security "alert." It
demonstrates that you haven't been taking sufficient precautions while
connected to the Internet. Your data probably hasn't been compromised
by these specific advertisements, but if you're open to this exploit,
you most definitely open to other threats, such as the Blaster Worm
that still haunts the Internet. Install and use a decent, properly
configured firewall. (Merely disabling the messenger service, as some
people recommend, only hides the symptom, and does little or nothing
to truly secure your machine.) And ignoring or just "putting up with"
the security gap represented by these messages is particularly
foolish.

Messenger Service of Windows
http://support.microsoft.com/default.aspx?scid=KB;en-us;168893

Messenger Service Window That Contains an Internet Advertisement
Appears
http://support.microsoft.com/?id=330904

Stopping Advertisements with Messenger Service Titles
http://www.microsoft.com/windowsxp/pro/using/howto/communicate/stopspam.asp

Blocking Ads, Parasites, and Hijackers with a Hosts File
http://www.mvps.org/winhelp2002/hosts.htm

Whichever firewall you decide upon, be sure to ensure
UDP ports 135, 137, and 138 and TCP ports 135, 139, and 445 are _all_
blocked. You may also disable Inbound NetBIOS (NetBIOS over TCP/IP).
You'll have to follow the instructions from firewall's manufacturer
for the specific steps.

You can test your firewall at:

Symantec Security Check
http://security.symantec.com/ssc/vr_main.asp?langid=ie&venid=sym&plfid=23&pkj=GPVHGBYNCJEIMXQKCDT

Security Scan - Sygate Online Services
http://www.sygatetech.com/

Oh, and be especially wary of people who advise you to do nothing
more than disable the messenger service. Disabling the messenger
service, by itself, is a "head in the sand" approach to computer
security. The real problem is _not_ the messenger service pop-ups;
they're actually providing a useful, if annoying, service by acting as
a security alert. The true problem is the unsecured computer, and
you've been advised to merely turn off the warnings. How is this
helpful?


Bruce Chambers

--
Help us help you:




You can have peace. Or you can have freedom. Don't ever count on
having both at once. -- RAH

 

[Bruce Chambers]

Greetings --

I realize that you're trying to help, and that such an intent is
commendable, but please don't post potentially harmful advice.

Disabling the messenger service, as Gibson's utility does, is a
"head in the sand"
approach to computer security that leaves the PC vulnerable to threats
such as the W32.Blaster.Worm.

The real problem is _not_ the messenger service pop-ups; they're
actually providing a useful service by acting as a security alert. The
true problem is the unsecured computer, and you're only
advice, however well-intended, was to turn off the warnings. How is
this helpful?

Equivalent Scenario: You over-exert your shoulder at work or
play, causing bursitis. After weeks of annoying and sometimes
excruciating pain whenever you try to reach over your head, you go to
a doctor and say, while demonstrating the motion, "Doc, it hurts when
I do this." The doctor, being as helpful as you are, replies, "Well,
don't do that."

The only true way to secure the PC, short of disconnecting it from
the Internet, is to install and *properly* configure a firewall; just
installing one and letting it's default settings handle things is no
good. Unfortunately, this does require one to learn a little bit more
about using a computer than used to be necessary.


Bruce Chambers

--
Help us help you:




You can have peace. Or you can have freedom. Don't ever count on
having both at once. -- RAH

 

[Jupiter Jones [MVP]]

And your point is?
Many home users and small businesses use Messenger Service.
For them it is a valuable tool.
Large businesses use it as well.
In any event, using a properly configured firewall WILL STOP Messenger
Service ads and is the necessary fix.
Furthermore you can disable Messenger Service if it is not needed.
It is a good idea to disable unnecessary services.
However if your computer is properly protected, there is no increased
security by disabling Messenger Service.

Also you completely ignored the part of that article that states:
"First, make sure that your system is protected by an Internet
firewall and that you've followed the steps to Protect Your PC.
Disabling the Messenger Service without using a firewall will prevent
the unwanted spam, but will not protect your computer from intruders."
Take particular note to the second sentence.

Disabling Messenger Service as the fix is really no fix at all.

 

[Kevin Davis³]

Oh, and be especially wary of people who advise you to do nothing
more than disable the messenger service. Disabling the messenger
service, by itself, is a "head in the sand" approach to computer
security. The real problem is _not_ the messenger service pop-ups;
they're actually providing a useful, if annoying, service by acting as
a security alert. The true problem is the unsecured computer, and
you've been advised to merely turn off the warnings. How is this
helpful?

Don't forget that the Messenger Service would also provide a useful
service to hackers if it is not patched:

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms03-043.asp

Setup a firewall first, but if you don't need the Messenger Service,
turn it off. If you need it, patch it. You would also be well
advised to spend $50 and buy a home router.

Be especially wary of people who would insist on having you keep the
Messenger Service on as a "helpful feature" and conveniently
forgetting to inform you that it has a very serious vulnerability that
needs to be patched immediately.

And of particular interest is that Microsoft itself and security
experts are seriously reconsidering the role of the Messenger service:

http://www.infoworld.com/article/03/10/28/HNmessengeroff_1.html

http://www.pcworld.com/news/article/0,aid,113321,tk,dn110703X,00.asp

http://news.com.com/2100-7355_3-5095935.html

http://www.cnn.com/2003/TECH/internet/11/07/microsoft.popup.reut/index.html


Here's a link where Microsoft actually outright advises the user to
turn off the Messenger Service:

http://www.microsoft.com/WindowsXP/pro/using/howto/communicate/stopspam.asp


Those who would advise not to turn off the Messenger Service for the
less than trivial unintended side benefit of being a warning is
dispensing advice which contradicts the advice of many real security
professionals.

The real problem is _not_ the messenger service pop-ups;
they're actually providing a useful, if annoying, service by acting as
a security alert.

If you were protecting your house and you had one door that nobody
ever used and that door was really loud and squeaky, would you:

A: Keep the door unlocked all the time and actually depend on the
loud squeak of the door to be an integral part of your house alarm
system to alert you of an intruder?

or

B. Since no legitimate people would ever use the door, bar the door
shut so that there was no chance no-one could enter through it?

 

[Kevin Davis³]

And your point is?
Many home users and small businesses use Messenger Service.
For them it is a valuable tool.
Large businesses use it as well.

Large businesses yes. Home users don't find it nearly as useful. My
opinion? Yes. Microsoft happens to agree.

In any event, using a properly configured firewall WILL STOP Messenger
Service ads and is the necessary fix.

A firewall is absolutely necessary. I agree. I never stated
otherwise. What is also necessary for good security is not to rely
solely on one thing to provide it for you - like a firewall. Good
security depends on defense in depth. That means you have a NAT
router, a personal firewall, a hardened system , etc ,etc. Part of
hardening your system is turning off unneeded services.

Furthermore you can disable Messenger Service if it is not needed.
It is a good idea to disable unnecessary services.

And that *is* my point.

However if your computer is properly protected, there is no increased
security by disabling Messenger Service.

Yes, there is. It is called defense in depth. Buy any decent
security book and it will advocate this. The vast majority of
security experts will as well. You turn off unneeded services. This
is security 101. Why? Because it eliminates the risk of an unknown
vulnerability or exploit that exists on the basis of that service
running. This has already happened once with the Messenger Service
alone. Before this vulnerability was found, I was advocating this
same thing for the same reason and I was laughed at. I was completely
exonerated by the finding of the vulnerability but people completely
ignored that. It has happened over and over again with other
services\daemons in the past. If you were the least bit concerned
about security, and you told someone to leave the Messenger Service
running, the least you could do was also warn about the serious
vulnerability that exists in it and it needs to be patched
immediately:

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms03-043.asp

Also you completely ignored the part of that article that states:
"First, make sure that your system is protected by an Internet
firewall and that you've followed the steps to Protect Your PC.
Disabling the Messenger Service without using a firewall will prevent
the unwanted spam, but will not protect your computer from intruders."
Take particular note to the second sentence.

I have ALWAYS advocated putting up a firewall. Despite the many times
you, Bruce Chambers and others insist on misrepresenting what I am
advocating. I did not mention it because I agree with it and you that
a firewall needs to be put in place. My comments were concerned only
with the issue of leaving the Messenger Service on or off. Am I
supposed to make explicit comments about everything I agree with you
on as well as disagree?

Disabling Messenger Service as the fix is really no fix at all.

It hardens your system. It removes the possibility of getting bit by
the above vulnerability and any other unknown ones that might be
there.

 

[Kevin Davis³]

Equivalent Scenario: You over-exert your shoulder at work or
play, causing bursitis. After weeks of annoying and sometimes
excruciating pain whenever you try to reach over your head, you go to
a doctor and say, while demonstrating the motion, "Doc, it hurts when
I do this." The doctor, being as helpful as you are, replies, "Well,
don't do that."

Equivalent Scenario:

If you were protecting your house and you had one door that nobody
ever used and that door was really loud and squeaky, would you:

A: Keep the door unlocked all the time and actually depend on the
loud squeak of the door to be an integral part of your house alarm
system to alert you of an intruder?

or

B. Since no legitimate people would ever use the door, bar the door
shut so that there was no chance no-one could enter through it?