Does anyone know if Microsoft have any plans to plug the
hole that allows anyone with a modem to grab hold of my
pc by using the gaping hole in Microsoft's XP (most
commonly illustrated by huge amounts of spam pop-ups
being sent to your pc through an "open" port with Windows
Messenger even when messenger is closed and you don't
have email etc etc) ?
This is annoying beyond belief, and surely Microsoft are
liable/negligent if they don't fix it as soon as they
hear about it ?

Hi,

These messages are caused by the windows messenger service, (this *can* be
disabled) however, the messenger service is not the problem, the real
problem is the fact that you are not running a firewall, or if you are, you
haven't blocked ports 137-139.

Disabling the messenger service will stop the popups, but if you have file
and print sharing bound to your external TCP/IP connection, then you could
also potentially be sharing your entire hard disk with the world since
netBIOS uses ports 137-139.

A good firewall can be found at www.zonelabs.com

The small "ShootTheMessenger" Messenger service enabler/disabler will turn
off the messenger.

http://grc.com/miscfiles/ShootTheMessenger.exe

Or you can do it manually:

Disabling the Messenger Service
To remove the ability for anyone in the world to pop up messages on your
computer, you can disable the Messenger service. Its easy to reverse at a
later time if you wish to do so.

Windows XP Home
Click Start->Settings ->Control Panel
Click Performance and Maintenance
Click Administrative Tools
Double click Services Scroll
down and highlight "Messenger"
Right-click the highlighted line and choose Properties.
Click the STOP button.
Select Disable or Manual in the Startup Type scroll bar
Click OK

Windows XP Professional
Click Start->Settings ->Control Panel
Click Administrative Tools
Click Services
Double click Services Scroll
down and highlight "Messenger"
Right-click the highlighted line and choose Properties.
Click the STOP button.
Select Disable or Manual in the Startup Type scroll bar
Click OK

HTH

--
Greg Crawford
*****************************
* www.greg-crawford.co.uk *
* Remove MyShoes to email me *
*****************************




<ihatemicrosoft> typed:
:: Does anyone know if Microsoft have any plans to plug the
:: hole that allows anyone with a modem to grab hold of my
:: pc by using the gaping hole in Microsoft's XP (most
:: commonly illustrated by huge amounts of spam pop-ups
:: being sent to your pc through an "open" port with Windows
:: Messenger even when messenger is closed and you don't
:: have email etc etc) ?
:: This is annoying beyond belief, and surely Microsoft are
:: liable/negligent if they don't fix it as soon as they
:: hear about it ?

Surely you are liable/negligent if you don't take the time to learn to
properly use your computer, This is a very simple matter to fix.

Tom

"ihatemicrosoft" > wrote in message
...
> Does anyone know if Microsoft have any plans to plug the
> hole that allows anyone with a modem to grab hold of my
> pc by using the gaping hole in Microsoft's XP (most
> commonly illustrated by huge amounts of spam pop-ups
> being sent to your pc through an "open" port with Windows
> Messenger even when messenger is closed and you don't
> have email etc etc) ?
> This is annoying beyond belief, and surely Microsoft are
> liable/negligent if they don't fix it as soon as they
> hear about it ?


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.476 / Virus Database: 273 - Release Date: 4/24/2003

Hi Tom,
I dont think it is even a fix, it's merely disabling a service. :-)
<Tom Della-Latta> typed:
:: Surely you are liable/negligent if you don't take the time to learn to
:: properly use your computer, This is a very simple matter to fix.
::
:: Tom
::
:: "ihatemicrosoft" > wrote in message
:: ...
::: Does anyone know if Microsoft have any plans to plug the
::: hole that allows anyone with a modem to grab hold of my
::: pc by using the gaping hole in Microsoft's XP (most
::: commonly illustrated by huge amounts of spam pop-ups
::: being sent to your pc through an "open" port with Windows
::: Messenger even when messenger is closed and you don't
::: have email etc etc) ?
::: This is annoying beyond belief, and surely Microsoft are
::: liable/negligent if they don't fix it as soon as they
::: hear about it ?
::
::
:: ---
:: Outgoing mail is certified Virus Free.
:: Checked by AVG anti-virus system (http://www.grisoft.com).
:: Version: 6.0.476 / Virus Database: 273 - Release Date: 4/24/2003

I agree; it's not a fix; if the only way to stop someone
from gaining access to my hard-drive is by disabling a
vital message service on my pc and/or adding a firewall,
then that's not a "feature", it's a bug. Let's be honest
here; Microsoft have simply left a gaping hole in their
security - it shouldn't be up to every individual pc
owner in the world to change their configuration settings
to take account of an XP hole - Microsoft should plug
that hole properly themselves in an update/fix

>-----Original Message-----
>Hi Tom,
>I dont think it is even a fix, it's merely disabling a
service. :-)
> <Tom Della-Latta> typed:
>:: Surely you are liable/negligent if you don't take
the time to learn to
>:: properly use your computer, This is a very simple
matter to fix.
>::
>:: Tom
>::
>:: "ihatemicrosoft" >
wrote in message
>:: ...
>::: Does anyone know if Microsoft have any plans to plug
the
>::: hole that allows anyone with a modem to grab hold of
my
>::: pc by using the gaping hole in Microsoft's XP (most
>::: commonly illustrated by huge amounts of spam pop-ups
>::: being sent to your pc through an "open" port with
Windows
>::: Messenger even when messenger is closed and you don't
>::: have email etc etc) ?
>::: This is annoying beyond belief, and surely Microsoft
are
>::: liable/negligent if they don't fix it as soon as they
>::: hear about it ?
>::
>::
>:: ---
>:: Outgoing mail is certified Virus Free.
>:: Checked by AVG anti-virus system
(http://www.grisoft.com).
>:: Version: 6.0.476 / Virus Database: 273 - Release
Date: 4/24/2003
>
>
>.
>

In article >, "a" > wrote:
>I agree; it's not a fix; if the only way to stop someone
>from gaining access to my hard-drive is by disabling a
>vital message service on my pc and/or adding a firewall,

Where on earth do you get the impression that someone is "gaining access to
my hard drive" through the messenger service? They are, precisely, gaining
a pipe to your messenger service, and the messenger service is displaying
what comes down that pipe.

>then that's not a "feature", it's a bug. Let's be honest
>here; Microsoft have simply left a gaping hole in their
>security - it shouldn't be up to every individual pc
>owner in the world to change their configuration settings
>to take account of an XP hole - Microsoft should plug
>that hole properly themselves in an update/fix

You seem to have taken some comments that are often thrown around here as
arguments for firewalls, and assumed that they mean that there is an active,
unpatched security hole. Firewalls are necessary because there _might_ be
open network processes that you don't authorise to go external, and the best
way to prevent them from doing so is by use of a specific tool that does
exactly that job - a firewall. Nobody that I know has suggested that there
is a way to hack your system through Messenger. Did I perhaps miss a
message amid the vitriol and abuse?

Alun.
~~~~

[Please don't email posters, if a Usenet response is appropriate.]
--
Texas Imperial Software | Find us at http://www.wftpd.com or email
1602 Harvest Moon Place | .
Cedar Park TX 78613-1419 | WFTPD, WFTPD Pro are Windows FTP servers.
Fax/Voice +1(512)258-9858 | Try our NEW client software, WFTPD Explorer.

Greetings --

This a type of spam has become quite common over the past few
months, and unintentionally serves as a valid security "alert." It
demonstrates that you haven't been taking sufficient precautions while
connected to the Internet. Your data probably hasn't been compromised
by these specific advertisements, but if you're open to this exploit,
you may well be open to other threats. Install and use a decent,
properly configured firewall. (Disabling the messenger service, as
some people recommend, only hides the symptom, and does nothing to
secure your machine.) And ignoring or just "putting up with" these
messages and the problem they represent is particularly foolish.

Messenger Service of Windows
http://support.microsoft.com/default.aspx?scid=KB;en-us;168893

Messenger Service Window That Contains an Internet Advertisement
Appears
http://support.microsoft.com/?id=330904

Additionally:

Blocking Ads, Parasites, and Hijackers with a Hosts File
http://www.mvps.org/winhelp2002/hosts.htm


Bruce Chambers

Help us help you:
http://dts-l.org/goodpost.htm
http://www.catb.org/~esr/faqs/smart-questions.html
----
You can have peace. Or you can have freedom. Don't ever count on
having both at once. -- RAH


"ihatemicrosoft" > wrote in message
...
> Does anyone know if Microsoft have any plans to plug the
> hole that allows anyone with a modem to grab hold of my
> pc by using the gaping hole in Microsoft's XP (most
> commonly illustrated by huge amounts of spam pop-ups
> being sent to your pc through an "open" port with Windows
> Messenger even when messenger is closed and you don't
> have email etc etc) ?
> This is annoying beyond belief, and surely Microsoft are
> liable/negligent if they don't fix it as soon as they
> hear about it ?