Greetings --
Merely advising turning off the Messenger Service to eliminate
Messenger Service spam, which is annoying but harmless, in and of
itself, is the sort of advice that I find dangerous. The problem is
that turning off the Messenger Service does _not_ block or close the
wide open TCP and UDP ports that the spammers used to deliver the spam
to the Messenger Service for display. With the Messenger Service
disabled, those spam deliveries are still continuing, but they're
simply not being displayed. It really is exactly like pulling the
battery out of a noisy smoke detector to silence it, rather than
looking for and
eliminating the source of the smoke that set it off.
The danger of this "treat the symptoms" approach has been more
than aptly demonstrated by the advent of the W32.Blaster.Worm, the
W32.Welchia.Worm, the W32.Sasser.Worm, and their variants. These
worms attack PCs via some of the very same open ports that the
Messenger Service uses. Need I mention how many hundreds of thousands
of PCs have been infected by these worms since last August? To date,
according to my records, I have personally responded to well over 110
Usenet posts concerning Blaster/Welchia and Sasser infections since
last August, and I can't possibly have seen and replied to every one
that there's been posted in this period.
Now, how many of those infected with Blaster/Welchia had turned
off the Messenger Service to hide spam? I can't say, and I don't
think anyone can. What I can say with absolutely certainty is that if
they'd all had a properly configured firewall in place, they would
have blocked the annoying spam _and_ been safe from a great many other
dangers, particularly Blaster/Welchia/Sasser.
There are several essential components to computer security: a
knowledgeable and pro-active user, a properly configured firewall,
reliable and up-to-date antivirus software, and the prompt repair (via
patches, hotfixes, or service packs) of any known vulnerabilities.
The weak link in this "equation" is, of course, the computer user.
All too many people have bought into the various PC/software
manufacturers marketing claims of easy computing. They believe that
their computer should be no harder to use than a toaster oven; they
have neither the inclination or desire to learn how to safely use
their computer. All too few people keep their antivirus software
current, install patches in a timely manner, or stop to really think
about that cutesy link they're about to click. Therefore, I (and
anyone who's thought about the matter) always recommend the use of a
firewall. Naturally, properly configuring a firewall requires an
investment of time and effort that most people won't give, but even
the default settings of the firewall will offer more automatic
protection than is currently present.
Now, as for the Messenger Service itself, it generally doesn't
hurt any thing to turn it off, although I never recommend doing so.
Granted, the service is of little or no use to most home PC users
(Although I've had uses for it on my home LAN.), and turning off
unnecessary services is part of any standard computer security
protocol. However, I feel that the potential benefits of leaving the
Messenger Service enabled out-weigh any as-yet-theoretical risks that
it presents. It will indirectly let the computer user know that
his/her firewall has failed by displaying the Messenger Service spam.
Think of it as the canary that miners used to take down into the
mineshafts with them to detect poison gases. There are others, of
course, who disagree with me on this point and advise turning off the
service because it isn't needed; you'll have to make up your own mind
here.
Bruce Chambers
--
Help us help you:
You can have peace. Or you can have freedom. Don't ever count on
having both at once. -- RAH
