You just don't get it, do you?
I don't think you understand the situation well enough to make that call.
Before this bulletin, you insisted that disabling the messenger
service provided NO or LITTLE additional security.
That is correct. It terminates one service that spends the majority of its
time telling you that your firewall is non-existent or non-functional. That
provides little additional security, and possibly even gives the user a
false sense that simply disabling the Messenger Service has saved him from
all the nastiness that the Internet has to offer.
You were wrong. If one had disabled this service (assuming they
didn't need it very badly) then it would have provided significant
additional security.
Not significant. Note that the demonstrations so far of the problem in
Messenger Service have not shown that this is exploitable to do anything
more than simply kill or slow down the Messenger Service.
Now that MS has provided the patch, everything is great and that
service is bulletproof, right. No way in the world that there are any
additional vulnerabilities in that service, right?
That clearly would be a deluded point of view that points to someone
who refuses to learn from the past.
Actually, the more deluded point of view is to suggest that Messenger
Service is the only software on the machine that has vulnerabilities. And
some of the services on that machine will be required. What to do, what to
do? Run around like Chicken Little screaming "the sky is falling! the sky
is falling!"? Or better simply to invest in an umbrella to protect you
from the small pieces of whatever?
Oh, that's a great analogy. I'm very pleased with that one.
Yes, an umbrella - something between your vulnerable system and those nasty
people out there in the Internet. Something that the malicious packets
can't get through, whether they're targeted for Messenger Service, or RPC,
or any other service that you actually _need_.
Again, this vulnerability drives home the important point - If you
don't need the service, turn it off.
There are various states of "need". I think "tells me within seconds if the
firewall has died" is actually quite a good definition of "need".
By refusing to acknowledge this very basic security tenet, you are
distributing bad security advice and undermining your credibility in
regards to the topic of security.
You are right in one respect - running software that has no purpose is a
dangerous thing to do. It increases your available attack surface. But
removing one service is far less of a protection than is denying external
access to _all_ your systems' services by installing a firewall.
A firewall is by no means the last word in security - there are many other
routes for malicious data to get into your network; have you ever had a
salesman (your own, or a visitor!) that brought his laptop in the front door
and plugged it in to your network? In that case, you've had data travel
from outside your network to inside your network without going through the
firewall.
But a firewall is pretty close to being the _first_ word in security. To
suggest disabling an inconvenient service is preferable to disabling access
to all services, as you have done, is inappropriate.
Alun.
~~~~
[Please don't email posters, if a Usenet response is appropriate.]