Messenger Service (not the instant messenger)

  • Thread starter Thread starter Dr. Indera
  • Start date Start date
D

Dr. Indera

hello,

i know that the rule of thumb is to turn this service off at home, which i
did, but i can't remember why.
is it to prevent receiving pop-ups even if you have pop-up blocker software
installed or is it something else?

thank you.
 
Hi,

To prevent messenger service popups that occur if your firewall is disabled
or the ports it uses are open. Of course, if this is the situation, then you
have bigger problems as your machine is likely being attacked by numerous
other, more nefarious, intruders.

--
Best of Luck,

Rick Rogers, aka "Nutcase" - Microsoft MVP

Associate Expert - WindowsXP Expert Zone

Windows help - www.rickrogers.org
 
Dr. Indera said:
hello,

i know that the rule of thumb is to turn this service off at home, which i
did, but i can't remember why.
Click to expand...


The only applicable "rule of thumb" that might apply to disabling the
messenger service is the general principle of disabling services that
are not used or needed. Or are you referring to those posts where
misinformed individuals erroneously recommend disabling the messenger
service as a security measure?

is it to prevent receiving pop-ups even if you have pop-up blocker software
installed or is it something else?

thank you.
Click to expand...


The only thing turning off the messenger services does, beyond freeing
an insignificantly minuscule amount of system resources, is disable a
crude sort of security warning that your firewall has failed.

There is a type of spam that exploits the messenger service, but this
is also blocked by a properly configured firewall.

Messenger Service of Windows
http://support.microsoft.com/default.aspx?scid=KB;en-us;168893

Messenger Service Window That Contains an Internet Advertisement
Appears
http://support.microsoft.com/?id=330904

Stopping Advertisements with Messenger Service Titles
http://www.microsoft.com/windowsxp/pro/using/howto/communicate/stopspam.asp

Blocking Ads, Parasites, and Hijackers with a Hosts File
http://www.mvps.org/winhelp2002/hosts.htm

Whichever firewall you decide upon, be sure to ensure UP ports 135,
137, and 138 and TCP ports 135, 139, and 445 are all blocked. You
may also disable Inbound NetBIOS over TCP/IP). You'll have
to follow the instructions from firewall's manufacturer for the
specific steps.

You can test your firewall at:

Symantec Security Check
http://security.symantec.com/ssc/vr_main.asp?langid=ie&venid=sym&plfid=23&pkj=GPVHGBYNCJEIMXQKCDT

Security Scan - Sygate Online Services
http://www.sygatetech.com/

The problem is that turning off the Messenger Service does *not*
block the wide open TCP and UDP ports that the spammers used to
deliver the spam to the Messenger Service for display. With the
Messenger Service disabled, those spam deliveries are still
continuing, but they're simply not being displayed. It's like pulling
the battery out of a noisy smoke detector to silence it, rather than
looking for and eliminating the source of the smoke that set it off.

The danger of this "treat the symptoms" approach has been more
than aptly demonstrated by the advent of the W32.Blaster.Worm, the
W32.Welchia.Worm, the W32.Sasser. Worm, and their variants. These
worms attack PCs via some of the very same open ports that the
Messenger Service uses. Need I mention how many hundreds of thousands
of PCs have been infected by these worms since August of 2003? To date,
according to my records, I have personally responded to over 1000
Usenet posts concerning Blaster/Welchia/Sasser infections since last
then, and I can't possibly have seen and replied to every one that
there's been posted in this period.

Now, how many of those infected with Blaster/Welchia had turned
off the Messenger Service to hide spam? I can't say, and I don't
think anyone can. What I can say with absolutely certainty is that if
they'd all had a properly configured firewall in place, they would
have blocked the annoying spam _and_ been safe from a great many other
dangers, particularly Blaster/Welchia/Sasser.

Of course, like the Messenger Service Buffer Overrun threat, there
is also a patch available to fix a PC's vulnerability to
Blaster/Welchia, which was available to the general public a full
month before the first instances of Blaster/Welchia "in the wild." If
people learned to stay aware of computer security issues and updated
their systems as needed, a whole lot of grief could have been avoided.
The problem with relying upon patches, however, is that they're
sometimes not available until _after_ the exploit has become
wide-spread. Antivirus software suffers from this same weakness; it's
simply not always possible to provide protection from threats that
have not yet been developed and/or discovered. Both approaches, while
important, are re-active in nature.

There are several essential components to computer security: a
knowledgeable and pro-active user, a properly configured firewall,
reliable and up-to-date antivirus software, and the prompt repair (via
patches, hotfixes, or service packs) of any known vulnerabilities.
The weak link in this "equation" is, of course, the computer user.
All too many people have bought into the various PC/software
manufacturers marketing claims of easy computing. They believe that
their computer should be no harder to use than a toaster oven; they
have neither the inclination or desire to learn how to safely use
their computer. All to few people keep their antivirus software
current, install patches in a timely manner, or stop to really think
about that cutesy link they're about to click. Therefore, I (and
anyone who's thought about the matter) always recommend the use of a
firewall. Naturally, properly configuring a firewall requires an
investment of time and effort that most people won't give, but even
the default settings of the firewall will offer more automatic
protection than is currently present.

Now, as for the Messenger Service itself, it generally doesn't
hurt any thing to turn it off, although I never recommend doing so.
Granted, the service is of little or no use to most home PC users
(Although I've had uses it on my home LAN.), and turning off
unnecessary services is part of any standard computer security
protocol. However, I feel that the potential benefits of leaving the
Messenger Service enabled out-weigh any as-yet-theoretical risks that
it presents. It will indirectly let the computer user know that
his/her firewall has failed by displaying the Messenger Service spam.
Think of it as the canary that miners used to take down into the
mine shafts with them. There are others, of course, who disagree with
me on this point and advise turning off the service because it isn't
needed; you'll have to make up your own mind here.



--

Bruce Chambers

Help us help you:



You can have peace. Or you can have freedom. Don't ever count on having
both at once. - RAH
 
Hi, I think my computer is being attacked by one right now. Popups occur
every few minutes and it's really p!ssing me off. It started before I managed
to download a firewall ( I JUST got my comp back from the repair guy because
the previous one before the reboot had virus problems where I couldn't open
my antivirus and firewall programs but that's over now), and I logged on to
the internet to update norton virus definitions so I guess my computer was a
bit vulnerable then.

Please help? My comp is running on win xp home edition, dial-up, norton
antivirus, sygate personal firewall, spysubstract with CWshredder, adaware se
and spyware blaster. You'd think with all this anti-spyware programs nasty
bugs wouldn't come through!

About the 'attack': The popups come with the header 'Messenger Service'.
I've included two of the popups(which occurred at separate times):

Popup number 1
---------------------------------------------------------
Message from: System to Alert
STOP! WINDOWS REQUIRES IMMEDIATE ATTENTION!
Windows has found CRITICAL SYSTEM ERRORS.

To fix the errors please do the following:
1. Download Registry Repair from:http://www.winregfix.com
2. Install registry repair
3. Run Registry Repair
4. Reboot your computer
FAILURE TO ACT NOW MAY LEAD TO DATA LOSS AND CORRUPTION!

Popup number 2
-----------------------------------------------------
Message from Security Monitor to Windows User

Important Windows Security Bulletin
Buffer Overrun in Messenger Service Allows Remote Code Execution
Virus Infection and Unexpected Computer Shutdown

Affected Software:

Microsoft Windows NT Workstation
Microsoft Windows NT Server 4.0
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003

Non-affected Software:
Microsoft Windows Millenium Edition

Your system is affected, please download software from the address below!
FIRST TYPE THE ADDRESS BELOW INTO YOUR INTERNET BROWSER, THEN CLICK ‘OK’.
THE ADDRESS WILL DISAPPEAR ONCE YOU CLICK ‘OK’

www.updatepatch.info
--------------------------------------------------------
 
I just finished reading your post so I gather that turning it off is not a
good idea. However, I'm using Sygate Personal Firewall but I don't see why
it's not blocking the popups?
 
LOL rick,

i agree that would be a bigger problem.
i just wanted to make sure that i remembered the reason why i disabled this
service.

--
Indera
* * * * * * * * * *
Don't just live life.
Live life well.


: Hi,
:
: To prevent messenger service popups that occur if your firewall is
disabled
: or the ports it uses are open. Of course, if this is the situation, then
you
: have bigger problems as your machine is likely being attacked by numerous
: other, more nefarious, intruders.
:
: --
: Best of Luck,
:
: Rick Rogers, aka "Nutcase" - Microsoft MVP
:
: Associate Expert - WindowsXP Expert Zone
:
: Windows help - www.rickrogers.org
:
: : > hello,
: >
: > i know that the rule of thumb is to turn this service off at home, which
i
: > did, but i can't remember why.
: > is it to prevent receiving pop-ups even if you have pop-up blocker
: > software
: > installed or is it something else?
: >
: > thank you.
: > --
: > Indera
: > * * * * * * * * * *
: > Don't just live life.
: > Live life well.
: >
: >
: >
:
:
 
hi bruce,

based on your reply - i am referring to the posts where misinformed
individuals erroneously say to disable the messenger service as a security
measure.

thank you for all of the links. i will read them today so that i will not be
misinformed anymore <smile>

--
Indera
* * * * * * * * * *
Don't just live life.
Live life well.


: Dr. Indera wrote:
: > hello,
: >
: > i know that the rule of thumb is to turn this service off at home, which
i
: > did, but i can't remember why.
:
:
: The only applicable "rule of thumb" that might apply to disabling the
: messenger service is the general principle of disabling services that
: are not used or needed. Or are you referring to those posts where
: misinformed individuals erroneously recommend disabling the messenger
: service as a security measure?
:
:
: > is it to prevent receiving pop-ups even if you have pop-up blocker
software
: > installed or is it something else?
: >
: > thank you.
:
:
: The only thing turning off the messenger services does, beyond freeing
: an insignificantly minuscule amount of system resources, is disable a
: crude sort of security warning that your firewall has failed.
:
: There is a type of spam that exploits the messenger service, but this
: is also blocked by a properly configured firewall.
:
: Messenger Service of Windows
: http://support.microsoft.com/default.aspx?scid=KB;en-us;168893
:
: Messenger Service Window That Contains an Internet Advertisement
: Appears
: http://support.microsoft.com/?id=330904
:
: Stopping Advertisements with Messenger Service Titles
:
http://www.microsoft.com/windowsxp/pro/using/howto/communicate/stopspam.asp
:
: Blocking Ads, Parasites, and Hijackers with a Hosts File
: http://www.mvps.org/winhelp2002/hosts.htm
:
: Whichever firewall you decide upon, be sure to ensure UP ports 135,
: 137, and 138 and TCP ports 135, 139, and 445 are all blocked. You
: may also disable Inbound NetBIOS over TCP/IP). You'll have
: to follow the instructions from firewall's manufacturer for the
: specific steps.
:
: You can test your firewall at:
:
: Symantec Security Check
:
http://security.symantec.com/ssc/vr_main.asp?langid=ie&venid=sym&plfid=23&pkj=GPVHGBYNCJEIMXQKCDT
:
: Security Scan - Sygate Online Services
: http://www.sygatetech.com/
:
: The problem is that turning off the Messenger Service does *not*
: block the wide open TCP and UDP ports that the spammers used to
: deliver the spam to the Messenger Service for display. With the
: Messenger Service disabled, those spam deliveries are still
: continuing, but they're simply not being displayed. It's like pulling
: the battery out of a noisy smoke detector to silence it, rather than
: looking for and eliminating the source of the smoke that set it off.
:
: The danger of this "treat the symptoms" approach has been more
: than aptly demonstrated by the advent of the W32.Blaster.Worm, the
: W32.Welchia.Worm, the W32.Sasser. Worm, and their variants. These
: worms attack PCs via some of the very same open ports that the
: Messenger Service uses. Need I mention how many hundreds of thousands
: of PCs have been infected by these worms since August of 2003? To date,
: according to my records, I have personally responded to over 1000
: Usenet posts concerning Blaster/Welchia/Sasser infections since last
: then, and I can't possibly have seen and replied to every one that
: there's been posted in this period.
:
: Now, how many of those infected with Blaster/Welchia had turned
: off the Messenger Service to hide spam? I can't say, and I don't
: think anyone can. What I can say with absolutely certainty is that if
: they'd all had a properly configured firewall in place, they would
: have blocked the annoying spam _and_ been safe from a great many other
: dangers, particularly Blaster/Welchia/Sasser.
:
: Of course, like the Messenger Service Buffer Overrun threat, there
: is also a patch available to fix a PC's vulnerability to
: Blaster/Welchia, which was available to the general public a full
: month before the first instances of Blaster/Welchia "in the wild." If
: people learned to stay aware of computer security issues and updated
: their systems as needed, a whole lot of grief could have been avoided.
: The problem with relying upon patches, however, is that they're
: sometimes not available until _after_ the exploit has become
: wide-spread. Antivirus software suffers from this same weakness; it's
: simply not always possible to provide protection from threats that
: have not yet been developed and/or discovered. Both approaches, while
: important, are re-active in nature.
:
: There are several essential components to computer security: a
: knowledgeable and pro-active user, a properly configured firewall,
: reliable and up-to-date antivirus software, and the prompt repair (via
: patches, hotfixes, or service packs) of any known vulnerabilities.
: The weak link in this "equation" is, of course, the computer user.
: All too many people have bought into the various PC/software
: manufacturers marketing claims of easy computing. They believe that
: their computer should be no harder to use than a toaster oven; they
: have neither the inclination or desire to learn how to safely use
: their computer. All to few people keep their antivirus software
: current, install patches in a timely manner, or stop to really think
: about that cutesy link they're about to click. Therefore, I (and
: anyone who's thought about the matter) always recommend the use of a
: firewall. Naturally, properly configuring a firewall requires an
: investment of time and effort that most people won't give, but even
: the default settings of the firewall will offer more automatic
: protection than is currently present.
:
: Now, as for the Messenger Service itself, it generally doesn't
: hurt any thing to turn it off, although I never recommend doing so.
: Granted, the service is of little or no use to most home PC users
: (Although I've had uses it on my home LAN.), and turning off
: unnecessary services is part of any standard computer security
: protocol. However, I feel that the potential benefits of leaving the
: Messenger Service enabled out-weigh any as-yet-theoretical risks that
: it presents. It will indirectly let the computer user know that
: his/her firewall has failed by displaying the Messenger Service spam.
: Think of it as the canary that miners used to take down into the
: mine shafts with them. There are others, of course, who disagree with
: me on this point and advise turning off the service because it isn't
: needed; you'll have to make up your own mind here.
:
:
:
: --
:
: Bruce Chambers
:
: Help us help you:
:
:
:
: You can have peace. Or you can have freedom. Don't ever count on having
: both at once. - RAH
 
Why is that a rule of thumb? You may not want it starting if you are
bothered by spam popups but if you have tightened down the system then why
turn it off? Why leave it on for that matter? But no it is not a rule of
thumb.
 
With link names like that who in their right mind would visit them? -
amazing.
Just stop Messenger Service from loading at startup and you can stop them
unitl you batten down the hatches. These really pose no threat other than
an irritant.
 
It is a good idea for a quick fix. It's not such a good idea to leave it at
that. Bacsically this is what Microsoft says.
 
Hi,

It means your Sygate firewall is not fully protecting you. Check that it is
fully functional and shutting down traffic initiated outside your system.

--
Best of Luck,

Rick Rogers, aka "Nutcase" - Microsoft MVP

Associate Expert - WindowsXP Expert Zone

Windows help - www.rickrogers.org
 
anneliese said:
I just finished reading your post so I gather that turning it off is not a
good idea.
Click to expand...


It's neither a necessarily good idea, or a necessarily bad idea. Like
most computer configuration questions, this one depends largely upon
each individual's specific computing needs and situation. I said that I
never recommend turning the messenger service off, as a general
principle, but that doesn't mean that there may never be circumstances
under which I would do so.

However, I'm using Sygate Personal Firewall but I don't see why
it's not blocking the popups?
Click to expand...


Properly configured, the Sygate Personal Firewall will prevent
messenger service pop-ups. SPF will not and cannot, however, have any
affect on pop-ups caused by adware or pop-ups that occur during web
browsing.


--

Bruce Chambers

Help us help you:



You can have peace. Or you can have freedom. Don't ever count on having
both at once. - RAH
 
George said:
It is a good idea for a quick fix. It's not such a good idea to leave it at
that. Bacsically this is what Microsoft says.
Click to expand...

It's not a "fix" of any kind, quick or otherwise. In one KB Article,
Microsoft does mention disabling the service as a temporary
"work-around," but never claims it's a solution of any kind.


--

Bruce Chambers

Help us help you:



You can have peace. Or you can have freedom. Don't ever count on having
both at once. - RAH
 
Dr. Indera said:
hi bruce,

based on your reply - i am referring to the posts where misinformed
individuals erroneously say to disable the messenger service as a security
measure.

thank you for all of the links. i will read them today so that i will not be
misinformed anymore <smile>
Click to expand...


You're welcome.


--

Bruce Chambers

Help us help you:



You can have peace. Or you can have freedom. Don't ever count on having
both at once. - RAH
 
anneliese said:
Hi, I think my computer is being attacked by one right now. Popups occur
every few minutes and it's really p!ssing me off. It started before I managed
to download a firewall ( I JUST got my comp back from the repair guy because
the previous one before the reboot had virus problems where I couldn't open
my antivirus and firewall programs but that's over now), and I logged on to
the internet to update norton virus definitions so I guess my computer was a
bit vulnerable then.

Please help? My comp is running on win xp home edition, dial-up, norton
antivirus, sygate personal firewall, spysubstract with CWshredder, adaware se
and spyware blaster. You'd think with all this anti-spyware programs nasty
bugs wouldn't come through!

About the 'attack': The popups come with the header 'Messenger Service'.
I've included two of the popups(which occurred at separate times):
Click to expand...


What specific kind of pop-ups are you seeing? There are at least
three varieties of pop-ups, and the solutions vary accordingly.

1) Does the title bar of these pop-ups read "Messenger Service?"

This type of spam has become quite common over the couple of
years, and unintentionally serves as a valid security "alert." It
demonstrates that you haven't been taking sufficient precautions while
connected to the Internet. Your data probably hasn't been compromised
by these specific advertisements, but if you're open to this exploit,
you may well be open to other threats, such as the Blaster Worm that
swept across the Internet last year and the currently active Sasser
Worm. Install and use a decent, properly configured firewall.
(Merely disabling the messenger service, as some people recommend,
only hides the symptom, and does little or nothing to truly secure
your machine.) And ignoring or just "putting up with" the security
gap represented by these messages is particularly foolish.

Messenger Service of Windows
http://support.microsoft.com/default.aspx?scid=KB;en-us;168893

Messenger Service Window That Contains an Internet Advertisement
Appears
http://support.microsoft.com/?id=330904

Stopping Advertisements with Messenger Service Titles
http://www.microsoft.com/windowsxp/pro/using/howto/communicate/stopspam.asp

Blocking Ads, Parasites, and Hijackers with a Hosts File
http://www.mvps.org/winhelp2002/hosts.htm

Oh, and be especially wary of people who advise you to do nothing
more than disable the messenger service. Disabling the messenger
service, by itself, is a "head in the sand" approach to computer
security. The real problem is not the messenger service pop-ups;
they're actually providing a useful, if annoying, service by acting as
a security alert. The true problem is the unsecured computer, and
you've been advised to merely turn off the warnings. How is this
helpful?

2) For regular Internet pop-ups, you might try the free 12Ghosts
Popup-killer from http://12ghosts.com/ghosts/popup.htm, Pop-Up Stopper
from http://www.panicware.com/, or the Google Toolbar from
http://toolbar.google.com/. Alternatively, you can upgrade your WinXP
to SP2, to install IE's pop-up blocker. Another alternative would be
to use another browser, such as Mozilla or Firefox, which has pop-up
blocking capabilities. (But I'd avoid Netscape; it carries too much
extraneous AOL garbage.)

3) To deal with pop-ups caused by any sort of "adware" and/or
"spyware,"such as Gator, Comet Cursors, Xupiter, Bonzai Buddy, or
KaZaA, and their remnants, that you've deliberately (but without
understanding the consequences) installed, two products that are
quite effective (at finding and removing this type of scumware) are
Ad-Aware from www.lavasoft.de and SpyBot Search & Destroy from
www.safer-networking.org/. Both have free versions. It's even
possible to use SpyBot Search & Destroy to "immunize" your system
against most future intrusions. I use both and generally perform
manual scans every week or so to clean out cookies, etc.

Additionally, manual removal instructions for the most common
varieties of scumware are available here:

PC Hell Spyware and Adware Removal Help
http://www.pchell.com/support/spyware.shtml

More information and assistance is available at these sites:

Blocking Ads, Parasites, and Hijackers with a Hosts File
http://www.mvps.org/winhelp2002/hosts.htm

The Parasite Fight
http://www.aumha.org/a/parasite.htm

Neither adware nor spyware, collectively known as scumware,
magically install themselves on anyone's computer. They are almost
always deliberately installed by the computer's user, as part of some
allegedly "free" service or product.

While there are some unscrupulous malware distributors out there,
who do attempt to install and exploit malware without consent, the
majority of them simply rely upon the intellectual laziness and
gullibility of the average consumer, counting on them to quickly click
past the EULA in his/her haste to get the latest in "free" cutesy
cursors, screensavers, "utilities," and/or wallpapers.

If you were to read the EULAs that accompany, and to which the
computer user must agree before the download/installation of the
"screensaver" continues, most adware and spyware, you'll find that
they _do_ have the consumer's permission to do exactly what they're
doing. In the overwhelming majority of cases, computer users have no
one to blame but themselves.

There are several essential components to computer security: a
knowledgeable and pro-active user, a properly configured firewall,
reliable and up-to-date antivirus software, and the prompt repair (via
patches, hotfixes, or service packs) of any known vulnerabilities.

The weakest link in this "equation" is, of course, the computer
user. No software manufacturer can -- nor should they be expected
to -- protect the computer user from him/herself. All too many people
have bought into the various PC/software manufacturers marketing
claims of easy computing. They believe that their computer should be
no harder to use than a toaster oven; they have neither the
inclination or desire to learn how to safely use their computer. All
too few people keep their antivirus software current, install patches
in a timely manner, or stop to really think about that cutesy link
they're about to click.

Firewalls and anti-virus applications, which should always be used
and should always be running, are important components of "safe hex,"
but they cannot, and should not be expected to, protect the computer
user from him/herself. Ultimately, it is incumbent upon each and
every computer user to learn how to secure his/her own computer.


To learn more about practicing "safe hex," start with these links:

Protect Your PC
http://www.microsoft.com/security/protect/default.asp

Home Computer Security
http://www.cert.org/homeusers/HomeComputerSecurity/

List of Antivirus Software Vendors
http://support.microsoft.com/default.aspx?scid=kb;en-us;49500

Home PC Firewall Guide
http://www.firewallguide.com/

Scumware.com
http://www.scumware.com/


--

Bruce Chambers

Help us help you:



You can have peace. Or you can have freedom. Don't ever count on having
both at once. - RAH
 
In
Dr. Indera said:
i know that the rule of thumb is to turn this service off at
home,
which i did, but i can't remember why.
Click to expand...


I disagree. I don't think it's good to turn it off.


is it to prevent receiving pop-ups even if you have pop-up
blocker
software installed or is it something else?
Click to expand...


Many people recommend turning it off to stop receiving Messenger
Service popups (popup blockers don't stop that particular kind of
popup. But the real solution to stopping Messenger Service popups
is turning on a firewall. The firewall is a much better way of
stopping them, and without a firewall, Messenger Service popups
is the least of the potential problems you have to worry about.
 
Then why give it as an option if it is NOT a "solution of any kind." C'mon
now Bruce let's be realistic. Something that is "not a solution of any
kind" is a solution that really isn't in fact doesn't work. That is
normally how we read the English language.
 
Back
Top