Messenger Pop-Ups - I told you so!

K

Kevin Davis³

See the recent MS security bulletin:

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms03-043.asp

As I have suggested OVER and OVER and OVER again, you need to disable
services that you don't need. Several people asserted that I was
being ridiculous in suggesting that there just might be a
vulnerability in the Messenger service that could expose your system
as vulnerable. Now we know that it has been true. If somebody got
past your firewall, they could own your system simply if you were
running the Messenger service. This is a great example why you should
absolutely turn any services off that you don't need.
 
T

Total Exterminator

Kevin said:
See the recent MS security bulletin:

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms03-043.asp

As I have suggested OVER and OVER and OVER again, you need to disable
services that you don't need. Several people asserted that I was
being ridiculous in suggesting that there just might be a
vulnerability in the Messenger service that could expose your system
as vulnerable. Now we know that it has been true. If somebody got
past your firewall, they could own your system simply if you were
running the Messenger service. This is a great example why you should
absolutely turn any services off that you don't need.
Click to expand...
And who by now has not installed sp1 for xp ..... You are protected if
you installed sp1 .... Total
 
B

Buggs Bunny

And who by now has not installed sp1 for xp ..... You are protected if
you installed sp1 .... Total
Click to expand...

But its enabled by default (and messenger isnt that easy to turn off)
then theres the firewall thats disabled by default.
 
L

Lanwench [MVP - Exchange]

If someone got through your firewall, the messenger service is the least of
your worries.
 
B

Buggs Bunny

The messenger service is very simple to turn off, I think you're mistaking
it for Windows Messenger which is a totally different animal... :)

Lorne
Click to expand...

Yep Windows Messenger ;)
 
?

=?ISO-8859-1?Q?SunnyB=A9?=

And who by now has not installed sp1 for xp ..... You are protected if
you installed sp1 .... Total
Click to expand...

SP1 does not fix the RPC flaw/conspiraacy.
SP1 does not stop the abuse of the Messenger Service.
SP1 does not make XP more resistant to virus or trojan attacks.

There are a lot of people who have not installed SP1. People who started
with XP and have been reluctant to take the chance on installing something
that may ruin their OS or make it unusable.

While SP1 does improve the original XP, the fear of installing a bugfix or
upgrade from MS is quite understandable.


§ß©
 
K

Kevin Davis³

And who by now has not installed sp1 for xp ..... You are protected if
you installed sp1 .... Total
Click to expand...


It is obvious that you guys are still missing the point. Now I
suppose for some reason you are TOTALLY convinced that there is no
chance that there are any more vulnerabilities in the Messenger
Service. Just like since MS has release all these fixes to IE that
there must not be any more vulnerabilities in it either. This is a
very deluded position to adopt.

Bottom line it's just a good basic security practice - if you're not
using the service, disable it. I can't believe people are still
arguing against this.
 
K

Kevin Davis³

If someone got through your firewall, the messenger service is the least of
your worries.
Click to expand...

You're still not getting it. Yes, you have significant concern if
someone gets through your firewall. However, if you have disabled the
Messenger Service (assuming you don't need it), it's one less major
concern you have to deal with.

If you have $10,000 cash in a bag in your house and you have good
locks on your door, are you comfortable in leaving that bag out on
your living room coffee table?
 
C

cato

Not all MVP's are equal. There are helpers immensely patient to repeat good
advices again and again. And there are guys with immense ego, belittling
good advices to display they know more.

Until MS does not document its software especially its operating systems,
the whole thing remains in the hands of gurus. Instead of looking into the
documentation, one shall rely on secondary means like asking questions in
newsgroups. The present newsgroup is especially good. However it can not
replace a good documentation.

Sure it is cheaper than document,
 
L

Lanwench [MVP - Exchange]

True security is multi-layer defense. I do agree with you there. Firewalls
alone are no panacea...I have never implied othewise.
 
A

Alun Jones [MS MVP]

If you have $10,000 cash in a bag in your house and you have good
locks on your door, are you comfortable in leaving that bag out on
your living room coffee table?
Click to expand...

If the curtains are drawn, and I've set the alarm to go off when the door
gets opened, yes.

Alun.
~~~~

[Please don't email posters, if a Usenet response is appropriate.]
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Patching time again - have fun 5
Bogus bulletin? 5
Messenger Service scam? 8
[ATTN] All XP Users (Run Windows Update) - Nov. 15 1
MS03-011 Bulletin 3
MS July Hot-fixes ... please update 0
Messenger Service 3
Microsoft Security Bulletins for April 2008 4

Top