Worse than a virus

  • Thread starter Thread starter Richard
  • Start date Start date
Greetings --

Since when does a pseudonymous post to a random forum constitute
an official Microsoft policy? Where does *Microsoft* says this?
You're simply grasping at straws, trying to justify your own
deliberately bad advice. Do you have a vested interest in peoples' PC
remaining unprotected?

Bruce Chambers

--
Help us help you:



You can have peace. Or you can have freedom. Don't ever count on
having both at once. -- RAH
 
Greetings --

Since when does a pseudonymous post to a random forum constitute
an official Microsoft policy? Where does *Microsoft* says this? You're
simply grasping at straws, trying to justify your own deliberately bad
advice. Do you have a vested interest in peoples' PC remaining
unprotected?

Bruce Chambers

Shoulda followed the link. It had another link to here:

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms03-043.asp

Maybe you don't trust them either.
 
St. Alfonso said:
Shoulda followed the link. It had another link to here:

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms03-043.asp

Maybe you don't trust them either.

At first MS official stance was to enable a firewall. The kb still says so:
http://support.microsoft.com/default.aspx?scid=kb;en-us;330904
I think MS has changed their recommendation on this because most average or
below average computer users are too ignorant to know what a firewall is,
let alone how to install, enable, and configure one correctly. So now ms
just says, since you don't understand how valuable a firewall is and how to
use one, just disable the service and be done with it. You'll most likely
get hacked if your not running a firewall, but heck the messenger service
spam will stop, and that's not our concern if you get hacked cause you
didn't listen to us in the first place. The fact still remains that ANYONE
telling someone to ONLY disable the messenger service and not even mention
about enabling a firewall is giving bad advice. I don't care what any
article or the TechNet says. A firewall will stop not only messenger service
ads, but also many virus, exploits, and hacks. Disabling the messenger
service still leaves you open to all kinds of exploits. If you have a
firewall, there is no need to disable the messenger service cause with a
firewall enabled the messenger service can't be hacked, period. Not now, not
in the future, if those ports are blocked, nothing will get thru. If you
must tell someone to disable the service you MUST also tell them to install
a firewall. Installing a firewall should always be included in any response
to messenger service ads. Any responsible good tech would/should do so.
 
At first MS official stance was to enable a firewall. The kb still says
so: http://support.microsoft.com/default.aspx?scid=kb;en-us;330904 I
think MS has changed their recommendation on this because most average
or below average computer users are too ignorant to know what a firewall
is, let alone how to install, enable, and configure one correctly. So
now ms just says, since you don't understand how valuable a firewall is
and how to use one, just disable the service and be done with it. You'll
most likely get hacked if your not running a firewall, but heck the
messenger service spam will stop, and that's not our concern if you get
hacked cause you didn't listen to us in the first place. The fact still
remains that ANYONE telling someone to ONLY disable the messenger
service and not even mention about enabling a firewall is giving bad
advice. I don't care what any article or the TechNet says. A firewall
will stop not only messenger service ads, but also many virus, exploits,
and hacks. Disabling the messenger service still leaves you open to all
kinds of exploits. If you have a firewall, there is no need to disable
the messenger service cause with a firewall enabled the messenger
service can't be hacked, period. Not now, not in the future, if those
ports are blocked, nothing will get thru. If you must tell someone to
disable the service you MUST also tell them to install a firewall.
Installing a firewall should always be included in any response to
messenger service ads. Any responsible good tech would/should do so.

If you don't already have the firewall up and running, the messenger
service is the least of your worries. You seem to make an assumption that
I don't see: that they assume nobody is using a firewall and/or
understands what they are. Can you find such language in their page? I
can't.

I see them telling you how to disable the problem. If you don't have the
firewall before you do it, you're no better, or worse, off by following
the advice.

You make too many other assumptions, too. Name a single /virus/ that a
firewall will stop. Just one.

It may stop some of the other things you mention (may), but there isn't a
firewall in existence that will stop a virus. A virus is acquired by
downloading (a direct action on the part of the user) via a file or email,
or by reading from an infected source (floppy, ZIP disk, tape, CD, etc). A
firewall's main purpose is to prevent unsolicited incoming packets. If you
are downloading something, you requested it. The firewall is /not/
designed to prevent you from getting the things you ask to receive. It is
supposed to keep you from getting things you didn't request.

/SOME/ firewalls are designed to prevent you from being able to request
some things, or anything at all. But that is a different kettle of fish.
This isn't preventing the virus. This is preventing the user from asking
for something that might contain the virus.

If someone is using the MS-supplied firewall, they might still be getting
the messenger popups. In that case, simply turning the service off will
stop the popups. They'll still be vulnerable (the MS-supplied firewall is
a bad joke on the user). But they'll have a firewall of a sort, and
they'll discontinue popups via the messenger port.

I happen to have had their firewall enabled, and I still saw the popups. I
did 2 different, smart things: I disabled the service, and I got a real,
live firewall.

I don't make assumptions based on what isn't on the page. I take the
information at face value. What you're claiming to be their reasoning
isn't something I can locate on the page. Perhaps you can show me where
that text is located?
 
St. Alfonso said:
On Fri, 17 Oct 2003 03:01:56 +0000, purplehaz wrote:
MS-supplied firewall is a bad joke on the user).

And how do you justify that? Yes it's not as good as say ZoneAlarm but it
DOES block the netbios ports which are the main source of infiltration. if
you don't believe this, then activate the XP firewall and test it at some of
the test web sites. You'll be surprised at the results, I can guarantee.....
 
And how do you justify that? Yes it's not as good as say ZoneAlarm but
it DOES block the netbios ports which are the main source of
infiltration. if you don't believe this, then activate the XP firewall
and test it at some of the test web sites. You'll be surprised at the
results, I can guarantee.....

OK, so it blocks one thing. Whoop-dee-doo. Ask me how impressed I am.

A /good/ firewall shouldn't leave anything open by default. A /good/
firewall should make the user open the needed ports as needed. A /good/
firewall should allow the user to have some control over both incoming and
outgoing traffic.

The average user needs no ports opened by default. If they want to play
certain games, run a webserver, use gnutella or napster or anything else
that requires a specific port to be opened, a /good/ firewall will give
them access to those and give them control, but they would be closed
unless specifically told to open them.

The XP firewall follows the normal MS-designed rules of opening it all up
to start with (with some exceptions), then closing things as they become
problems. That's poor design, poor thinking, and demonstrates why viruses
and other matter spread so easily all over the internet.

With all of that said, an XP firewall is better than no firewall. Unless
it inspires a false sense of security. Then it's worse than no firewall at
all.
 
St. Alfonso said:
OK, so it blocks one thing. Whoop-dee-doo. Ask me how impressed I am.

Well you'd probably not be impressed if MS offered a built-in hardware
firewall as far as I can see...

A /good/ firewall shouldn't leave anything open by default. A /good/
firewall should make the user open the needed ports as needed. A
/good/ firewall should allow the user to have some control over both
incoming and outgoing traffic.

I necvr said it was GOOD, but it IS adequate for ordinary Joe Public who
just want to use their PC out of a box and don't WANT to get involved with
technicalities.
The average user needs no ports opened by default. If they want to
play certain games, run a webserver, use gnutella or napster or
anything else that requires a specific port to be opened, a /good/
firewall will give them access to those and give them control, but
they would be closed unless specifically told to open them.

The XP firewall follows the normal MS-designed rules of opening it
all up to start with (with some exceptions), then closing things as
they become problems. That's poor design, poor thinking, and
demonstrates why viruses and other matter spread so easily all over
the internet.

With all of that said, an XP firewall is better than no firewall.
Unless it inspires a false sense of security. Then it's worse than no
firewall at all.

What SHOULD happen is that vendors should advise their customers about these
things - most of them don't - certainly the PC-World type places don't. It
should be made COMPULSORY for new PC owners to be given some basic security
knowledge by hte vendor WHEN they purchase the machine, unless the vendor is
counting on repeat business for formating HDD and re-installing after
viruses wipe everything out ;-)
 
Greetings --

Apparently, you're unfamiliar with the term "workaround."

Bruce Chambers

--
Help us help you:



You can have peace. Or you can have freedom. Don't ever count on
having both at once. -- RAH
 
Greetings --

W32.Blaster.Worm.
W32.Welchia.Worm

Need I go on?

Bruce Chambers

--
Help us help you:



You can have peace. Or you can have freedom. Don't ever count on
having both at once. -- RAH
 
Well you'd probably not be impressed if MS offered a built-in hardware
firewall as far as I can see...

If it was implemented properly, I may be impressed. Hardware would
definitely be a step in the right direction since it's usually harder to
overcome. But without seeing the implementation it isn't possible to say
how I would feel.
I necvr said it was GOOD, but it IS adequate for ordinary Joe Public who
just want to use their PC out of a box and don't WANT to get involved with
technicalities.

Unless, as I said, it fosters a false sense of security. The first
priority should be protecting those who don't know any better, not making
them think they're more protected than they really are.
What SHOULD happen is that vendors should advise their customers about
these things - most of them don't - certainly the PC-World type places
don't. It should be made COMPULSORY for new PC owners to be given some
basic security knowledge by hte vendor WHEN they purchase the machine,
unless the vendor is counting on repeat business for formating HDD and
re-installing after viruses wipe everything out ;-)

Only minor disagreement there. Education in place of obsurity is certainly
better than the current situation.

I don't agree that notice should be mandatory, but it would certainly be
nice to have a rating mechanism or some type of body that publishes things
regularly and points out the shortcomings of software vendors. If more
people know about these things and end up shunning the ones with poor
records, the poorer quality companies would get their acts together or die.

Unfortunately, this isn't likely to be effective beyond the theoretical
stage. People have had tons of information handed to them over the years.
Instead of making informed decisions, they simply learn to believe that
things have to be the way they are.

Some companies count on that being the case.
 
Greetings --

Apparently, you're unfamiliar with the term "workaround."

Let me quote you, as well as the post to which you were responding:

-------------------------------------------------
Greetings --

Since when does a pseudonymous post to a random forum constitute
an official Microsoft policy? Where does *Microsoft* says this? You're
simply grasping at straws, trying to justify your own deliberately bad
advice. Do you have a vested interest in peoples' PC remaining
unprotected?

Bruce Chambers

--
Help us help you:



You can have peace. Or you can have freedom. Don't ever count on having
both at once. -- RAH


SunnyB© said:
Try this quote from Slashdot.
http://slashdot.org/article.pl?sid=03/10/16/125223 At this point
Microsoft has even posted that the Messenger Service should be
disabled.

"Microsoft released yesterday a whole bunch of critical security updates.
Out of these, MS03-043 is a flaw in the Windows Messenger Service (not MSN
Messenger) with the possibility of a remote attacker gaining complete
control of a Windows NT/2000/XP/2003 based PC remotely. If this sounds like
another possible vector for a worm to spread, you'd probably be right.
Microsoft's recommendation is to 'disable the Messenger Service immediately
and evaluate their need to deploy the patch'. Of course a firewall will
offer some protection but shouldn't be relied on. At least administrators
can disable the Messenger Service remotely. Of course this is another
headache for admins still patching for last month's RPC flaw."
-----------------------------------------------------------

Can you please point out how your current claim of it being a workaround
has a whit to do with your previous claim of the source not being
credible? It was the original point that brought things to my attention,
not your current point.

I'm truly curious how you plan on reconciling the two.
 
St. Alfonso said:
If it was implemented properly, I may be impressed. Hardware would
definitely be a step in the right direction since it's usually harder to
overcome. But without seeing the implementation it isn't possible to say
how I would feel.


Unless, as I said, it fosters a false sense of security. The first
priority should be protecting those who don't know any better, not making
them think they're more protected than they really are.


Only minor disagreement there. Education in place of obsurity is certainly
better than the current situation.

I don't agree that notice should be mandatory, but it would certainly be
nice to have a rating mechanism or some type of body that publishes things
regularly and points out the shortcomings of software vendors. If more
people know about these things and end up shunning the ones with poor
records, the poorer quality companies would get their acts together or die.

Unfortunately, this isn't likely to be effective beyond the theoretical
stage. People have had tons of information handed to them over the years.
Instead of making informed decisions, they simply learn to believe that
things have to be the way they are.

Some companies count on that being the case.

Good Lord. Can you just imagine the industry outcry if Microsoft included,
as a standard feature of the operating system, a fully featured firewall?
That would, practically, put most other firewall vendors out of business in
short order. Historically, Microsoft has bent over backwards to ensure that
they include only limited functionality applications (WordPad,
HyperTerminal, backup, sound recording, picture editing, etc.), with their
operating systems, to leave room for others to offer more fully featured
replacement applications. This helps to keep the government off their backs
and leaves the door open for competition. Please, give it a rest (I really
don't expect this to happen, however). They're damned if they do and damned
if they don't.

And just so you know, I'm not what you will call a "Microsoft apologist".
I've got my own issues with them, but this issue always sticks in my craw as
being totally unfounded.

Have a great weekend.

RB
--
 
Good Lord. Can you just imagine the industry outcry if Microsoft
included, as a standard feature of the operating system, a fully
featured firewall? That would, practically, put most other firewall
vendors out of business in short order. Historically, Microsoft has bent
over backwards to ensure that they include only limited functionality
applications (WordPad, HyperTerminal, backup, sound recording, picture
editing, etc.), with their operating systems, to leave room for others
to offer more fully featured replacement applications. This helps to
keep the government off their backs and leaves the door open for
competition. Please, give it a rest (I really don't expect this to
happen, however). They're damned if they do and damned if they don't.

The "limited functionality" has been selective: IE, OE, WMP, for example.

Many firewall companies give their products away. They certainly don't
have a claim to a monetary stake with that being the case.

Before you go into Netscape (if that's a leaning), they sold their browser
and had an economic claim (whether they had a good claim or not is another
matter).
And just so you know, I'm not what you will call a "Microsoft
apologist". I've got my own issues with them, but this issue always
sticks in my craw as being totally unfounded.

I wasn't going to claim you were an apologist. Most people have issues
with them at one level or another.
 
RB said:
Good Lord. Can you just imagine the industry outcry if Microsoft
included, as a standard feature of the operating system, a fully
featured firewall? That would, practically, put most other firewall
vendors out of business in short order. Historically, Microsoft has
bent over backwards to ensure that they include only limited
functionality applications (WordPad, HyperTerminal, backup, sound
recording, picture editing, etc.), with their operating systems, to
leave room for others to offer more fully featured replacement
applications.


Like Netscape perhaps?


This helps to keep the government off their backs and
 
St. Alfonso said:
The "limited functionality" has been selective: IE, OE, WMP, for example.

Many firewall companies give their products away. They certainly don't
have a claim to a monetary stake with that being the case.

Before you go into Netscape (if that's a leaning), they sold their browser
and had an economic claim (whether they had a good claim or not is another
matter).


I wasn't going to claim you were an apologist. Most people have issues
with them at one level or another.

You do realize that MS is a publicly owned company, do you not?

They have a fiduciary mandate to deliver to their owners (the public
shareholders, not Bill Gates) the largest profit possible. Get over it.

RB
 
You do realize that MS is a publicly owned company, do you not?

They have a fiduciary mandate to deliver to their owners (the public
shareholders, not Bill Gates) the largest profit possible. Get over it.

RB

Get over what? Did I say they shouldn't make a profit? Did I say they had
to limit the profit? I have no idea what it is that has you worked up. Can
you show me what I put anywhere up there that leads you to such ranting?

I simply pointed out that some people have some gripes. Some of them are
justified, some not. That they don't include a firewall that is sufficient
wasn't even a gripe of mine. My gripe is they deliver one that doesn't do
the job and clueless users aren't aware of it until they're already
harmed. I could care less if they include no firewall or the best one on
earth. I do have a problem with one that's poorly implemented being
offered with nothing mentioning that it might not be suitable.

It's great that one is included. It gives a user a small opportunity to
get installed and start getting patched before they get hit by script
kiddies or whatever. It would be even better if they also mentioned that
it isn't suitable for long term use and that the user should look into
something more capable (not even recommending a specific one). Or if they
offered a good one in the first place.

Leaving it as it now stands leads people into thinking they're OK when
they, in fact, are not.

I also pointed out that the companies having a claim against Microsoft
might have a little trouble if they are giving away the product
themselves. If they're selling it, and if Microsoft is intentionally
shutting them out (as was claimed under several different scenarios by
other companies), they might have a basis for action. But the free ones
would still have a hard time convincing anyone they're being harmed by the
inclusion of a firewall that competes with their free version.

Finally, I pointed out that the inclusion or no of various software seems
to be selective. When convenient, they don't do it because they got in
trouble for such things. When they have a solid, competing product
themselves, they have no problem at all including it with the OS. Which
term of convenience are we to swallow?

Beyond that, none of this is what brought me into this thread. I saw a
brilliant MVP dis somebody because they used a pseudonym (as though any
name on usenet could be trusted to be real in the first place) and then
claiming the URL provided by the pseudonym couldn't be trusted. In point
of fact, the URL was to a site that link to Microsoft themselves, and in
his bigoted blindness that point completely escaped him.
 
St. Alfonso said:
If you don't already have the firewall up and running, the messenger
service is the least of your worries. You seem to make an assumption that
I don't see: that they assume nobody is using a firewall and/or
understands what they are. Can you find such language in their page? I
can't.

I see them telling you how to disable the problem. If you don't have the
firewall before you do it, you're no better, or worse, off by following
the advice.

You make too many other assumptions, too. Name a single /virus/ that a
firewall will stop. Just one.

It may stop some of the other things you mention (may), but there isn't a
firewall in existence that will stop a virus. A virus is acquired by
downloading (a direct action on the part of the user) via a file or email,
or by reading from an infected source (floppy, ZIP disk, tape, CD, etc). A
firewall's main purpose is to prevent unsolicited incoming packets. If you
are downloading something, you requested it. The firewall is /not/
designed to prevent you from getting the things you ask to receive. It is
supposed to keep you from getting things you didn't request.

/SOME/ firewalls are designed to prevent you from being able to request
some things, or anything at all. But that is a different kettle of fish.
This isn't preventing the virus. This is preventing the user from asking
for something that might contain the virus.

If someone is using the MS-supplied firewall, they might still be getting
the messenger popups. In that case, simply turning the service off will
stop the popups. They'll still be vulnerable (the MS-supplied firewall is
a bad joke on the user). But they'll have a firewall of a sort, and
they'll discontinue popups via the messenger port.

I happen to have had their firewall enabled, and I still saw the popups. I
did 2 different, smart things: I disabled the service, and I got a real,
live firewall.

I don't make assumptions based on what isn't on the page. I take the
information at face value. What you're claiming to be their reasoning
isn't something I can locate on the page. Perhaps you can show me where
that text is located?
The MS Blaster virus, you know the one all over the news for weeks, months,
possibly the worst virus ever. If you had a firewall running it stopped it
dead in its tracks. Even if you didn't have the ms patch installed a
firewall STOPPED the ms blaster virus. The think there was one called code
red that proprogates thru open ports, doesn't need to be in email,
downloaded or anything. If your ports are open, it's in. There are many like
this, they're called trojans. Most get executed on a remote computer then
scan the net for computer with open ports, then they get in, as simple as
that, the user does nothing but get online. I firewall stops these. If you
don't think so or don't know about them you should do some more research on
the subject. Plus my firewall has a email virus scan option, so again the
firewall stops viri in email. I don't know what your talking about but
firewalls do stop virus.
Now I think you missed the whole point here. Obviously I was being sarcastic
about why ms changed there stance on the issue. You do know what sarcasism
is? Of course it doesn't say anything on the ms page like that. My whole
point was that people who posted to only disable the messenger service to
stop messenger service spam are posting the wrong info or at least not the
whole correct complete answer. People tried to jump on Bruce cause he told a
poster they were posting bad advice and they were, they never once mentioned
enabling a firewall to stop messenger service ads. That's the whole point.
ANYONE who says the way to stop messenger service spam is to disable the
service is wrong, period. I don't understand why this is such an issue and
why so many people in here keep fighting the correct answers, like they
don't want to admit that the firewall is the best solution and disabling is
just a extra security measure. This is a non-issue, enable the firewall,
disable the service if you want(but not needed at this point in time) and
your done.
 
The MS Blaster virus, you know the one all over the news for weeks,

http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.html

W32.Blaster.Worm

A /worm/ is different than a /virus/ for the third time.

http://wombat.doc.ic.ac.uk/foldoc/foldoc.cgi?query=worm&action=Search

"A program that propagates itself over a network, reproducing itself as it
goes. Compare virus."

http://wombat.doc.ic.ac.uk/foldoc/foldoc.cgi?virus

"Unlike a worm, a virus cannot infect other computers without assistance.
It is propagated by vectors such as humans trading programs with their
friends..."

Blaster was a /worm/. Worms can possibly be stopped by firewalls and the
like. A virus, requiring human interaction, can only be brought into a
system by human interaction. Human interaction can be had by reading
infected media or /REQUESTING A LINK OR EMAIL/ that is already infected,
or through similar actions. A virus can't do anything without help. Once
it's on a system it's still completely inert until the required action is
performed by a user. Things such as clicking links contained in emails,
trying to open what appear to be graphic attachments, etc.

Microsoft also /helps/ virus spreaders (whether intentionally or
inadvertantly is of no consequence) by not disinguishing between the
actions of "open" and "execute" in their coding.
 
RB said:
They have a fiduciary mandate to deliver to their owners (the public
shareholders, not Bill Gates) the largest profit possible. Get over it.

They do a good job of it too.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Back
Top