I currently run Zonealarm, and can't connect an MSN audio conversation
unless I shut down the firewall. A known issue because of the way that MSN
messenger needs access to a wide range of ports & UPnP, which are correctly
viewed by most respectable firewalls as security risks. This problem does
not affect Yahoo messenger, which does not demand such wide access to the
machine it's connecting to.

XP Service pack 2 (SP2) will provide a much improved firewall within XP
itself (great news!). I understand it's default setup will not allow UPnP
and block incoming port probes much as Zonealarm already does. So far so
good.

However, will users suddenly find that they can't use audio conversations
anymore on MSN messenger unless they disable some or all of the new firewall
that MS is keen to implement for security?

I think there is a big problem coming, which I guess is highlighting the
rather "odd" approach MSN messenger has taken in relation to security.

Any news or views?

Andy

Greetings Andy,

MSN Messenger 6.2 automatically integrates with the SP2 Windows Firewall and works without a
problem -- it's been well tested (not only by yours truly but by many others as well).
Basically it works "out of the box" (and the firewall is *on* by default).
____________________________________________
Jonathan Kay
Microsoft MVP - Windows Messenger/MSN Messenger
Associate Expert
http://www.microsoft.com/windowsxp/expertzone/
Messenger Resources - http://messenger.jonathankay.com
All posts unless otherwise specified are (c) 2004 Jonathan Kay.
You *must* contact me for redistribution rights.

"Andy Weller" > wrote in message ...
>I currently run Zonealarm, and can't connect an MSN audio conversation
> unless I shut down the firewall. A known issue because of the way that MSN
> messenger needs access to a wide range of ports & UPnP, which are correctly
> viewed by most respectable firewalls as security risks. This problem does
> not affect Yahoo messenger, which does not demand such wide access to the
> machine it's connecting to.
>
> XP Service pack 2 (SP2) will provide a much improved firewall within XP
> itself (great news!). I understand it's default setup will not allow UPnP
> and block incoming port probes much as Zonealarm already does. So far so
> good.
>
> However, will users suddenly find that they can't use audio conversations
> anymore on MSN messenger unless they disable some or all of the new firewall
> that MS is keen to implement for security?
>
> I think there is a big problem coming, which I guess is highlighting the
> rather "odd" approach MSN messenger has taken in relation to security.
>
> Any news or views?
>
> Andy
>
>

Jonathan

Great news! I was hoping to use the new XP SP2 firewall, and that it would
allow me to connect both Audio & webcam via MSN messenger to keep in touch
with my daughter at university.

Does this news mean that MS have somehow overcome the audio issue in
http://messenger.msn.com/Help/Issues.aspx (April 2004) which says:

"To ensure we deliver the best audio technology for computer-to-computer or
computer-to-phone communications from MSN Messenger, we have made technical
enhancements. This means you will only be able to use Messenger version 4.5
or higher for these features if:
a.. You are not behind a firewall or
b.. You are behind a Universal Plug and Play (UPnP) firewall or
c.. You are using a UPnP-enabled Network Address Translation (NAT) device"

Maybe an obvious question, but I'd expected the XP firewall would have
stopped MSN messenger audio connections - how does it allow MSN messenger
audio through without compromising security?

Cheers

Andy
-----------------------------------------
"Jonathan Kay [MVP]" > wrote in message
...
> Greetings Andy,
>
> MSN Messenger 6.2 automatically integrates with the SP2 Windows Firewall
and works without a
> problem -- it's been well tested (not only by yours truly but by many
others as well).
> Basically it works "out of the box" (and the firewall is *on* by default).
> ____________________________________________
> Jonathan Kay
> Microsoft MVP - Windows Messenger/MSN Messenger
> Associate Expert
> http://www.microsoft.com/windowsxp/expertzone/
> Messenger Resources - http://messenger.jonathankay.com
> All posts unless otherwise specified are (c) 2004 Jonathan Kay.
> You *must* contact me for redistribution rights.
>
> "Andy Weller" > wrote in message
...
> >I currently run Zonealarm, and can't connect an MSN audio conversation
> > unless I shut down the firewall. A known issue because of the way that
MSN
> > messenger needs access to a wide range of ports & UPnP, which are
correctly
> > viewed by most respectable firewalls as security risks. This problem
does
> > not affect Yahoo messenger, which does not demand such wide access to
the
> > machine it's connecting to.
> >
> > XP Service pack 2 (SP2) will provide a much improved firewall within XP
> > itself (great news!). I understand it's default setup will not allow
UPnP
> > and block incoming port probes much as Zonealarm already does. So far
so
> > good.
> >
> > However, will users suddenly find that they can't use audio
conversations
> > anymore on MSN messenger unless they disable some or all of the new
firewall
> > that MS is keen to implement for security?
> >
> > I think there is a big problem coming, which I guess is highlighting the
> > rather "odd" approach MSN messenger has taken in relation to security.
> >
> > Any news or views?
> >
> > Andy
> >
> >
>
>

Hi Andy,

Actually the current Windows XP Firewall supports Universal Plug and Play (UPnP) and will
automatically open the necessary ports for Messenger. The SP2 firewall also supports UPnP,
but in SP2, this is even expanded further by allowing you to be specific about which
applications can use the Internet connection (in this case MSN Messenger 6.2).

Just for fun, I took a screenshot of what it looks like (and for reference purposes, it put
"MSN Messenger 6.2" there by itself; another new feature of SP2 and MSN Messenger 6.2):
http://messenger.jonathankay.com/screens/sp2firewall.png
____________________________________________
Jonathan Kay
Microsoft MVP - Windows Messenger/MSN Messenger
Associate Expert
http://www.microsoft.com/windowsxp/expertzone/
Messenger Resources - http://messenger.jonathankay.com
All posts unless otherwise specified are (c) 2004 Jonathan Kay.
You *must* contact me for redistribution rights.

"Andy Weller" > wrote in message ...
> Jonathan
>
> Great news! I was hoping to use the new XP SP2 firewall, and that it would
> allow me to connect both Audio & webcam via MSN messenger to keep in touch
> with my daughter at university.
>
> Does this news mean that MS have somehow overcome the audio issue in
> http://messenger.msn.com/Help/Issues.aspx (April 2004) which says:
>
> "To ensure we deliver the best audio technology for computer-to-computer or
> computer-to-phone communications from MSN Messenger, we have made technical
> enhancements. This means you will only be able to use Messenger version 4.5
> or higher for these features if:
> a.. You are not behind a firewall or
> b.. You are behind a Universal Plug and Play (UPnP) firewall or
> c.. You are using a UPnP-enabled Network Address Translation (NAT) device"
>
> Maybe an obvious question, but I'd expected the XP firewall would have
> stopped MSN messenger audio connections - how does it allow MSN messenger
> audio through without compromising security?
>
> Cheers
>
> Andy
> -----------------------------------------
> "Jonathan Kay [MVP]" > wrote in message
> ...
>> Greetings Andy,
>>
>> MSN Messenger 6.2 automatically integrates with the SP2 Windows Firewall
> and works without a
>> problem -- it's been well tested (not only by yours truly but by many
> others as well).
>> Basically it works "out of the box" (and the firewall is *on* by default).
>> ____________________________________________
>> Jonathan Kay
>> Microsoft MVP - Windows Messenger/MSN Messenger
>> Associate Expert
>> http://www.microsoft.com/windowsxp/expertzone/
>> Messenger Resources - http://messenger.jonathankay.com
>> All posts unless otherwise specified are (c) 2004 Jonathan Kay.
>> You *must* contact me for redistribution rights.
>>
>> "Andy Weller" > wrote in message
> ...
>> >I currently run Zonealarm, and can't connect an MSN audio conversation
>> > unless I shut down the firewall. A known issue because of the way that
> MSN
>> > messenger needs access to a wide range of ports & UPnP, which are
> correctly
>> > viewed by most respectable firewalls as security risks. This problem
> does
>> > not affect Yahoo messenger, which does not demand such wide access to
> the
>> > machine it's connecting to.
>> >
>> > XP Service pack 2 (SP2) will provide a much improved firewall within XP
>> > itself (great news!). I understand it's default setup will not allow
> UPnP
>> > and block incoming port probes much as Zonealarm already does. So far
> so
>> > good.
>> >
>> > However, will users suddenly find that they can't use audio
> conversations
>> > anymore on MSN messenger unless they disable some or all of the new
> firewall
>> > that MS is keen to implement for security?
>> >
>> > I think there is a big problem coming, which I guess is highlighting the
>> > rather "odd" approach MSN messenger has taken in relation to security.
>> >
>> > Any news or views?
>> >
>> > Andy
>> >
>> >
>>
>>
>
>

Hi Jonathan
Thanks for the screenshot - is this how firewall is configured to permit
OUTBOUND connections from your PC by specified programs? (ie similar to
Zonealarm "trusting" specified programs). Or is this screen somehow
related to the program INBOUND access attempts that the firewall will let
through?

My puzzle is still that for inbound protection, the new XP firewall will
surely be working in "stealth" mode - ie the PC and ports are not visible to
any inbound intruder or other traffic. If so, then I'm still puzzled how
another MSN messenger audio session will ever "see" the target PC to connect
to - unless the firewall lets all intruders "see" the ports and the PC.

Sorry if I'm not very good at explaining this security stuff, but I am still
unsure how it can work!

Cheers

Andy
----------------------------------------------------------------------------
-------

If so, I the issue i was trying to explore is the way that the firewall
blocks INBOUND access attempts - which is where MSN messenger

"Jonathan Kay [MVP]" > wrote in message
...
> Hi Andy,
>
> Actually the current Windows XP Firewall supports Universal Plug and Play
(UPnP) and will
> automatically open the necessary ports for Messenger. The SP2 firewall
also supports UPnP,
> but in SP2, this is even expanded further by allowing you to be specific
about which
> applications can use the Internet connection (in this case MSN Messenger
6.2).
>
> Just for fun, I took a screenshot of what it looks like (and for reference
purposes, it put
> "MSN Messenger 6.2" there by itself; another new feature of SP2 and MSN
Messenger 6.2):
> http://messenger.jonathankay.com/screens/sp2firewall.png
> ____________________________________________
> Jonathan Kay
> Microsoft MVP - Windows Messenger/MSN Messenger
> Associate Expert
> http://www.microsoft.com/windowsxp/expertzone/
> Messenger Resources - http://messenger.jonathankay.com
> All posts unless otherwise specified are (c) 2004 Jonathan Kay.
> You *must* contact me for redistribution rights.
>
> "Andy Weller" > wrote in message
...
> > Jonathan
> >
> > Great news! I was hoping to use the new XP SP2 firewall, and that it
would
> > allow me to connect both Audio & webcam via MSN messenger to keep in
touch
> > with my daughter at university.
> >
> > Does this news mean that MS have somehow overcome the audio issue in
> > http://messenger.msn.com/Help/Issues.aspx (April 2004) which says:
> >
> > "To ensure we deliver the best audio technology for computer-to-computer
or
> > computer-to-phone communications from MSN Messenger, we have made
technical
> > enhancements. This means you will only be able to use Messenger version
4.5
> > or higher for these features if:
> > a.. You are not behind a firewall or
> > b.. You are behind a Universal Plug and Play (UPnP) firewall or
> > c.. You are using a UPnP-enabled Network Address Translation (NAT)
device"
> >
> > Maybe an obvious question, but I'd expected the XP firewall would have
> > stopped MSN messenger audio connections - how does it allow MSN
messenger
> > audio through without compromising security?
> >
> > Cheers
> >
> > Andy
> >

Look. There is no getting around it in it's current state. I guess
there is hope for the future.

Current state: MSN Messenger 6.2 or 6.xx is a badly written or badly
conceived program and it is a shame. MS is blowing it on this.

I see posts here and there, over and over, "voice problems...". Well
I have had voice problems, on & off & on & off & one way & not the
other & off, since the 1st day me and a friend tried it. That was 10
months ago. Voice didn't work for almost two weeks back then, we
tried it every day for a week, gave up, then at 2 week we tried it and
it worked. My friend was behind a hub at the time. Nowadays it
hasn't worked for a few months (one way for a while).

We are both behind Netgear firewalls now.. But I have voice problems
with others too. But that is beside the point! I can transfer files
no problem, do webcams no problem, and of course type at each other no
problem. What is the BIG deal with voice??!!

Look, I defected to Yahoo Messenger a long time ago because of this
issue. Microsoft lost me. I joined a Yahoo Messenger chatroom group.
Everyone I know uses Yahoo Messenger.

Now that I am newly behind a hardware firewall nothing has changed -
Yahoo Messenger still works fine. No settings have been changed. So
what is the catastrophe with MSN Messenger? Us Yahoo users basically
agree - keep MSN Messenger around to transfer files between Yahoo
Messenger friends. That is the one aspect MSN has been & still is
superior to Yahoo (Yahoo has a limit on file sizes for one thing).

In this day and age of competition for user attention, you'd think MS
would have fixed MSN Messenger by now.

Firewall shmirewall, it still should work, no messing around with
settings.

....D.

----------------
On Sun, 27 Jun 2004 15:05:51 +0100, "Andy Weller"
> wrote:

>I currently run Zonealarm, and can't connect an MSN audio conversation
>unless I shut down the firewall. A known issue because of the way that MSN
>messenger needs access to a wide range of ports & UPnP, which are correctly
>viewed by most respectable firewalls as security risks. This problem does
>not affect Yahoo messenger, which does not demand such wide access to the
>machine it's connecting to.
>
>XP Service pack 2 (SP2) will provide a much improved firewall within XP
>itself (great news!). I understand it's default setup will not allow UPnP
>and block incoming port probes much as Zonealarm already does. So far so
>good.
>
>However, will users suddenly find that they can't use audio conversations
>anymore on MSN messenger unless they disable some or all of the new firewall
>that MS is keen to implement for security?
>
>I think there is a big problem coming, which I guess is highlighting the
>rather "odd" approach MSN messenger has taken in relation to security.
>
>Any news or views?
>
>Andy
>

Hi Andy,

The Windows XP firewall (current and SP2) handle inbound connections only -- outgoing
connections are not blocked.

I'm not 100% sure what you mean here, so I'll simply explain how the current firewall does it
and then how the SP2 firewall can.

Current Firewall:
1. Either side of a conversation initiates an Audio conversation and accepts it
2. Messenger sends API call to firewall to open necessary port for audio conversation
3. Messenger sends information on current IP and audio port to connect to the other contact
4. Incoming connection from contact to the specified port
5. After conversation is complete, API call to remove the open port

and we're done. Also keep in mind that Windows Messenger will also open some ports when it
starts (MSN Messenger does not).

The SP2 firewall is basically the same, with the exception that the SP2 firewall will allow
you to unblock all inbound to Messenger, therefore not requiring the individual ports to be
opened.
____________________________________________
Jonathan Kay
Microsoft MVP - Windows Messenger/MSN Messenger
Associate Expert
http://www.microsoft.com/windowsxp/expertzone/
Messenger Resources - http://messenger.jonathankay.com
All posts unless otherwise specified are (c) 2004 Jonathan Kay.
You *must* contact me for redistribution rights.

"Andy Weller" > wrote in message ...
> Hi Jonathan
> Thanks for the screenshot - is this how firewall is configured to permit
> OUTBOUND connections from your PC by specified programs? (ie similar to
> Zonealarm "trusting" specified programs). Or is this screen somehow
> related to the program INBOUND access attempts that the firewall will let
> through?
>
> My puzzle is still that for inbound protection, the new XP firewall will
> surely be working in "stealth" mode - ie the PC and ports are not visible to
> any inbound intruder or other traffic. If so, then I'm still puzzled how
> another MSN messenger audio session will ever "see" the target PC to connect
> to - unless the firewall lets all intruders "see" the ports and the PC.
>
> Sorry if I'm not very good at explaining this security stuff, but I am still
> unsure how it can work!
>
> Cheers
>
> Andy
> ----------------------------------------------------------------------------
> -------
>
> If so, I the issue i was trying to explore is the way that the firewall
> blocks INBOUND access attempts - which is where MSN messenger
>
> "Jonathan Kay [MVP]" > wrote in message
> ...
>> Hi Andy,
>>
>> Actually the current Windows XP Firewall supports Universal Plug and Play
> (UPnP) and will
>> automatically open the necessary ports for Messenger. The SP2 firewall
> also supports UPnP,
>> but in SP2, this is even expanded further by allowing you to be specific
> about which
>> applications can use the Internet connection (in this case MSN Messenger
> 6.2).
>>
>> Just for fun, I took a screenshot of what it looks like (and for reference
> purposes, it put
>> "MSN Messenger 6.2" there by itself; another new feature of SP2 and MSN
> Messenger 6.2):
>> http://messenger.jonathankay.com/screens/sp2firewall.png
>> ____________________________________________
>> Jonathan Kay
>> Microsoft MVP - Windows Messenger/MSN Messenger
>> Associate Expert
>> http://www.microsoft.com/windowsxp/expertzone/
>> Messenger Resources - http://messenger.jonathankay.com
>> All posts unless otherwise specified are (c) 2004 Jonathan Kay.
>> You *must* contact me for redistribution rights.
>>
>> "Andy Weller" > wrote in message
> ...
>> > Jonathan
>> >
>> > Great news! I was hoping to use the new XP SP2 firewall, and that it
> would
>> > allow me to connect both Audio & webcam via MSN messenger to keep in
> touch
>> > with my daughter at university.
>> >
>> > Does this news mean that MS have somehow overcome the audio issue in
>> > http://messenger.msn.com/Help/Issues.aspx (April 2004) which says:
>> >
>> > "To ensure we deliver the best audio technology for computer-to-computer
> or
>> > computer-to-phone communications from MSN Messenger, we have made
> technical
>> > enhancements. This means you will only be able to use Messenger version
> 4.5
>> > or higher for these features if:
>> > a.. You are not behind a firewall or
>> > b.. You are behind a Universal Plug and Play (UPnP) firewall or
>> > c.. You are using a UPnP-enabled Network Address Translation (NAT)
> device"
>> >
>> > Maybe an obvious question, but I'd expected the XP firewall would have
>> > stopped MSN messenger audio connections - how does it allow MSN
> messenger
>> > audio through without compromising security?
>> >
>> > Cheers
>> >
>> > Andy
>> >
>
>

Hi Jonathan

Appreciate the time you're taking to help clarify this one.

I suppose the bottom line is to confirm that two XP SP2 PCs each running MSN
messenger 6.2 behind the new XP firewalls can set up an audio conversation
without needing the firewall security to be lowered or UPnP enabled. Did
you say this had been done?

Then, will the XP firewall pass the scanning tests at
https://grc.com/x/ne.dll?bh0bkyd2?

(The thing I can't get my head around is that if MSN messenger can't
currently accept a voice connection from behind a firewall (confirmed by MS
at http://messenger.msn.com/Help/Issues.aspx) - how can it work with the XP
firewall - without lowering security and opening up a lot more ports?!)

If all this works, I'd be more than delighted, and will be able to use MSN
messenger for voice when SP2 is launched.

Regards

Andy

-----------------------------------------------------------

"Jonathan Kay [MVP]" > wrote in message
...
> Hi Andy,
>
> The Windows XP firewall (current and SP2) handle inbound connections
only -- outgoing
> connections are not blocked.
>
> I'm not 100% sure what you mean here, so I'll simply explain how the
current firewall does it
> and then how the SP2 firewall can.
>
> Current Firewall:
> 1. Either side of a conversation initiates an Audio conversation and
accepts it
> 2. Messenger sends API call to firewall to open necessary port for audio
conversation
> 3. Messenger sends information on current IP and audio port to connect to
the other contact
> 4. Incoming connection from contact to the specified port
> 5. After conversation is complete, API call to remove the open port
>
> and we're done. Also keep in mind that Windows Messenger will also open
some ports when it
> starts (MSN Messenger does not).
>
> The SP2 firewall is basically the same, with the exception that the SP2
firewall will allow
> you to unblock all inbound to Messenger, therefore not requiring the
individual ports to be
> opened.
> ____________________________________________
> Jonathan Kay
> Microsoft MVP - Windows Messenger/MSN Messenger
> Associate Expert
> http://www.microsoft.com/windowsxp/expertzone/
> Messenger Resources - http://messenger.jonathankay.com
> All posts unless otherwise specified are (c) 2004 Jonathan Kay.
> You *must* contact me for redistribution rights.
>
> "Andy Weller" > wrote in message
...
> > Hi Jonathan
> > Thanks for the screenshot - is this how firewall is configured to permit
> > OUTBOUND connections from your PC by specified programs? (ie similar to
> > Zonealarm "trusting" specified programs). Or is this screen somehow
> > related to the program INBOUND access attempts that the firewall will
let
> > through?
> >
> > My puzzle is still that for inbound protection, the new XP firewall will
> > surely be working in "stealth" mode - ie the PC and ports are not
visible to
> > any inbound intruder or other traffic. If so, then I'm still puzzled how
> > another MSN messenger audio session will ever "see" the target PC to
connect
> > to - unless the firewall lets all intruders "see" the ports and the PC.
> >
> > Sorry if I'm not very good at explaining this security stuff, but I am
still
> > unsure how it can work!
> >
> > Cheers
> >
> > Andy
>
> --------------------------------------------------------------------------
--
> > -------
> >
> > If so, I the issue i was trying to explore is the way that the firewall
> > blocks INBOUND access attempts - which is where MSN messenger
> >
> > "Jonathan Kay [MVP]" > wrote in message
> > ...
> >> Hi Andy,
> >>
> >> Actually the current Windows XP Firewall supports Universal Plug and
Play
> > (UPnP) and will
> >> automatically open the necessary ports for Messenger. The SP2 firewall
> > also supports UPnP,
> >> but in SP2, this is even expanded further by allowing you to be
specific
> > about which
> >> applications can use the Internet connection (in this case MSN
Messenger
> > 6.2).
> >>
> >> Just for fun, I took a screenshot of what it looks like (and for
reference
> > purposes, it put
> >> "MSN Messenger 6.2" there by itself; another new feature of SP2 and MSN
> > Messenger 6.2):
> >> http://messenger.jonathankay.com/screens/sp2firewall.png
> >> ____________________________________________
> >> Jonathan Kay
> >> Microsoft MVP - Windows Messenger/MSN Messenger
> >> Associate Expert
> >> http://www.microsoft.com/windowsxp/expertzone/
> >> Messenger Resources - http://messenger.jonathankay.com
> >> All posts unless otherwise specified are (c) 2004 Jonathan Kay.
> >> You *must* contact me for redistribution rights.
> >>
> >> "Andy Weller" > wrote in message
> > ...
> >> > Jonathan
> >> >
> >> > Great news! I was hoping to use the new XP SP2 firewall, and that it
> > would
> >> > allow me to connect both Audio & webcam via MSN messenger to keep in
> > touch
> >> > with my daughter at university.
> >> >
> >> > Does this news mean that MS have somehow overcome the audio issue in
> >> > http://messenger.msn.com/Help/Issues.aspx (April 2004) which says:
> >> >
> >> > "To ensure we deliver the best audio technology for
computer-to-computer
> > or
> >> > computer-to-phone communications from MSN Messenger, we have made
> > technical
> >> > enhancements. This means you will only be able to use Messenger
version
> > 4.5
> >> > or higher for these features if:
> >> > a.. You are not behind a firewall or
> >> > b.. You are behind a Universal Plug and Play (UPnP) firewall or
> >> > c.. You are using a UPnP-enabled Network Address Translation (NAT)
> > device"
> >> >
> >> > Maybe an obvious question, but I'd expected the XP firewall would
have
> >> > stopped MSN messenger audio connections - how does it allow MSN
> > messenger
> >> > audio through without compromising security?
> >> >
> >> > Cheers
> >> >
> >> > Andy
> >> >
> >
> >
>
>

Hi Jonathan

Appreciate the time you're taking to help clarify this one.

I suppose the bottom line is to confirm that two XP SP2 PCs each running MSN
messenger 6.2 behind the new XP firewalls can set up an audio conversation
without needing the firewall security to be lowered or UPnP enabled. Did
you say this had been done?

Then, will the XP firewall pass the scanning tests at
https://grc.com/x/ne.dll?bh0bkyd2?

(The thing I can't get my head around is that if MSN messenger can't
currently accept a voice connection from behind a firewall (confirmed by MS
at http://messenger.msn.com/Help/Issues.aspx) - how can it work with the XP
firewall - without lowering security and opening up a lot more ports?!)

If all this works, I'd be more than delighted, and will be able to use MSN
messenger for voice when SP2 is launched.

Regards

Andy

-----------------------------------------------------------

"Jonathan Kay [MVP]" > wrote in message
...
> Hi Andy,
>
> The Windows XP firewall (current and SP2) handle inbound connections
only -- outgoing
> connections are not blocked.
>
> I'm not 100% sure what you mean here, so I'll simply explain how the
current firewall does it
> and then how the SP2 firewall can.
>
> Current Firewall:
> 1. Either side of a conversation initiates an Audio conversation and
accepts it
> 2. Messenger sends API call to firewall to open necessary port for audio
conversation
> 3. Messenger sends information on current IP and audio port to connect to
the other contact
> 4. Incoming connection from contact to the specified port
> 5. After conversation is complete, API call to remove the open port
>
> and we're done. Also keep in mind that Windows Messenger will also open
some ports when it
> starts (MSN Messenger does not).
>
> The SP2 firewall is basically the same, with the exception that the SP2
firewall will allow
> you to unblock all inbound to Messenger, therefore not requiring the
individual ports to be
> opened.
> ____________________________________________
> Jonathan Kay
> Microsoft MVP - Windows Messenger/MSN Messenger
> Associate Expert
> http://www.microsoft.com/windowsxp/expertzone/
> Messenger Resources - http://messenger.jonathankay.com
> All posts unless otherwise specified are (c) 2004 Jonathan Kay.
> You *must* contact me for redistribution rights.
>
> "Andy Weller" > wrote in message
...
> > Hi Jonathan
> > Thanks for the screenshot - is this how firewall is configured to permit
> > OUTBOUND connections from your PC by specified programs? (ie similar to
> > Zonealarm "trusting" specified programs). Or is this screen somehow
> > related to the program INBOUND access attempts that the firewall will
let
> > through?
> >
> > My puzzle is still that for inbound protection, the new XP firewall will
> > surely be working in "stealth" mode - ie the PC and ports are not
visible to
> > any inbound intruder or other traffic. If so, then I'm still puzzled how
> > another MSN messenger audio session will ever "see" the target PC to
connect
> > to - unless the firewall lets all intruders "see" the ports and the PC.
> >
> > Sorry if I'm not very good at explaining this security stuff, but I am
still
> > unsure how it can work!
> >
> > Cheers
> >
> > Andy
>
> --------------------------------------------------------------------------
--
> > -------
> >
> > If so, I the issue i was trying to explore is the way that the firewall
> > blocks INBOUND access attempts - which is where MSN messenger
> >
> > "Jonathan Kay [MVP]" > wrote in message
> > ...
> >> Hi Andy,
> >>
> >> Actually the current Windows XP Firewall supports Universal Plug and
Play
> > (UPnP) and will
> >> automatically open the necessary ports for Messenger. The SP2 firewall
> > also supports UPnP,
> >> but in SP2, this is even expanded further by allowing you to be
specific
> > about which
> >> applications can use the Internet connection (in this case MSN
Messenger
> > 6.2).
> >>
> >> Just for fun, I took a screenshot of what it looks like (and for
reference
> > purposes, it put
> >> "MSN Messenger 6.2" there by itself; another new feature of SP2 and MSN
> > Messenger 6.2):
> >> http://messenger.jonathankay.com/screens/sp2firewall.png
> >> ____________________________________________
> >> Jonathan Kay
> >> Microsoft MVP - Windows Messenger/MSN Messenger
> >> Associate Expert
> >> http://www.microsoft.com/windowsxp/expertzone/
> >> Messenger Resources - http://messenger.jonathankay.com
> >> All posts unless otherwise specified are (c) 2004 Jonathan Kay.
> >> You *must* contact me for redistribution rights.
> >>
> >> "Andy Weller" > wrote in message
> > ...
> >> > Jonathan
> >> >
> >> > Great news! I was hoping to use the new XP SP2 firewall, and that it
> > would
> >> > allow me to connect both Audio & webcam via MSN messenger to keep in
> > touch
> >> > with my daughter at university.
> >> >
> >> > Does this news mean that MS have somehow overcome the audio issue in
> >> > http://messenger.msn.com/Help/Issues.aspx (April 2004) which says:
> >> >
> >> > "To ensure we deliver the best audio technology for
computer-to-computer
> > or
> >> > computer-to-phone communications from MSN Messenger, we have made
> > technical
> >> > enhancements. This means you will only be able to use Messenger
version
> > 4.5
> >> > or higher for these features if:
> >> > a.. You are not behind a firewall or
> >> > b.. You are behind a Universal Plug and Play (UPnP) firewall or
> >> > c.. You are using a UPnP-enabled Network Address Translation (NAT)
> > device"
> >> >
> >> > Maybe an obvious question, but I'd expected the XP firewall would
have
> >> > stopped MSN messenger audio connections - how does it allow MSN
> > messenger
> >> > audio through without compromising security?
> >> >
> >> > Cheers
> >> >
> >> > Andy
> >> >
> >
> >
>
>

Hi Jonathan

Appreciate the time you're taking to help clarify this one.

I suppose the bottom line is to confirm that two XP SP2 PCs each running MSN
messenger 6.2 behind the new XP firewalls can set up an audio conversation
without needing the firewall security to be lowered or UPnP enabled. Did
you say this had been done?

Then, will the XP firewall pass the scanning tests at
https://grc.com/x/ne.dll?bh0bkyd2?

(The thing I can't get my head around is that if MSN messenger can't
currently accept a voice connection from behind a firewall (confirmed by MS
at http://messenger.msn.com/Help/Issues.aspx) - how can it work with the XP
firewall - without lowering security and opening up a lot more ports?!)

If all this works, I'd be more than delighted, and will be able to use MSN
messenger for voice when SP2 is launched.

Regards

Andy

-----------------------------------------------------------

"Jonathan Kay [MVP]" > wrote in message
...
> Hi Andy,
>
> The Windows XP firewall (current and SP2) handle inbound connections
only -- outgoing
> connections are not blocked.
>
> I'm not 100% sure what you mean here, so I'll simply explain how the
current firewall does it
> and then how the SP2 firewall can.
>
> Current Firewall:
> 1. Either side of a conversation initiates an Audio conversation and
accepts it
> 2. Messenger sends API call to firewall to open necessary port for audio
conversation
> 3. Messenger sends information on current IP and audio port to connect to
the other contact
> 4. Incoming connection from contact to the specified port
> 5. After conversation is complete, API call to remove the open port
>
> and we're done. Also keep in mind that Windows Messenger will also open
some ports when it
> starts (MSN Messenger does not).
>
> The SP2 firewall is basically the same, with the exception that the SP2
firewall will allow
> you to unblock all inbound to Messenger, therefore not requiring the
individual ports to be
> opened.
> ____________________________________________
> Jonathan Kay
> Microsoft MVP - Windows Messenger/MSN Messenger
> Associate Expert
> http://www.microsoft.com/windowsxp/expertzone/
> Messenger Resources - http://messenger.jonathankay.com
> All posts unless otherwise specified are (c) 2004 Jonathan Kay.
> You *must* contact me for redistribution rights.
>
> "Andy Weller" > wrote in message
...
> > Hi Jonathan
> > Thanks for the screenshot - is this how firewall is configured to permit
> > OUTBOUND connections from your PC by specified programs? (ie similar to
> > Zonealarm "trusting" specified programs). Or is this screen somehow
> > related to the program INBOUND access attempts that the firewall will
let
> > through?
> >
> > My puzzle is still that for inbound protection, the new XP firewall will
> > surely be working in "stealth" mode - ie the PC and ports are not
visible to
> > any inbound intruder or other traffic. If so, then I'm still puzzled how
> > another MSN messenger audio session will ever "see" the target PC to
connect
> > to - unless the firewall lets all intruders "see" the ports and the PC.
> >
> > Sorry if I'm not very good at explaining this security stuff, but I am
still
> > unsure how it can work!
> >
> > Cheers
> >
> > Andy
>
> --------------------------------------------------------------------------
--
> > -------
> >
> > If so, I the issue i was trying to explore is the way that the firewall
> > blocks INBOUND access attempts - which is where MSN messenger
> >
> > "Jonathan Kay [MVP]" > wrote in message
> > ...
> >> Hi Andy,
> >>
> >> Actually the current Windows XP Firewall supports Universal Plug and
Play
> > (UPnP) and will
> >> automatically open the necessary ports for Messenger. The SP2 firewall
> > also supports UPnP,
> >> but in SP2, this is even expanded further by allowing you to be
specific
> > about which
> >> applications can use the Internet connection (in this case MSN
Messenger
> > 6.2).
> >>
> >> Just for fun, I took a screenshot of what it looks like (and for
reference
> > purposes, it put
> >> "MSN Messenger 6.2" there by itself; another new feature of SP2 and MSN
> > Messenger 6.2):
> >> http://messenger.jonathankay.com/screens/sp2firewall.png
> >> ____________________________________________
> >> Jonathan Kay
> >> Microsoft MVP - Windows Messenger/MSN Messenger
> >> Associate Expert
> >> http://www.microsoft.com/windowsxp/expertzone/
> >> Messenger Resources - http://messenger.jonathankay.com
> >> All posts unless otherwise specified are (c) 2004 Jonathan Kay.
> >> You *must* contact me for redistribution rights.
> >>
> >> "Andy Weller" > wrote in message
> > ...
> >> > Jonathan
> >> >
> >> > Great news! I was hoping to use the new XP SP2 firewall, and that it
> > would
> >> > allow me to connect both Audio & webcam via MSN messenger to keep in
> > touch
> >> > with my daughter at university.
> >> >
> >> > Does this news mean that MS have somehow overcome the audio issue in
> >> > http://messenger.msn.com/Help/Issues.aspx (April 2004) which says:
> >> >
> >> > "To ensure we deliver the best audio technology for
computer-to-computer
> > or
> >> > computer-to-phone communications from MSN Messenger, we have made
> > technical
> >> > enhancements. This means you will only be able to use Messenger
version
> > 4.5
> >> > or higher for these features if:
> >> > a.. You are not behind a firewall or
> >> > b.. You are behind a Universal Plug and Play (UPnP) firewall or
> >> > c.. You are using a UPnP-enabled Network Address Translation (NAT)
> > device"
> >> >
> >> > Maybe an obvious question, but I'd expected the XP firewall would
have
> >> > stopped MSN messenger audio connections - how does it allow MSN
> > messenger
> >> > audio through without compromising security?
> >> >
> >> > Cheers
> >> >
> >> > Andy
> >> >
> >
> >
>
>