Re: Windows Messenger Pop-up spam

["Kevin Davis" <kevin.davis () mindless com>]

> On 2004-11-30 Kevin Davis wrote:
> > On 2004-11-30 Steven Trewick wrote:
> > > > Some people may have also gone into "services" and disabled the
> > > > messenger service.
> > >
> > > Which will merely have lulled them into a false sense of security,
> > > since the traffic is still making it to their IP stack. For windows
> > > boxen, this is almost as good as "game over"
> >
> > Not necessarily.  I have disabled the Messenger service.  This has
> > less to do with pop-ups as it does general security.  I have no need
> > for the Messenger service.  It is part of hardening a system to turn
> > off unneeded services.  Any unneeded service running is an unnecessary
> > risk as it may have other vulnerabilities (as we have seen with the
> > Messenger service and the sendmail daemon to name a few).  And yes, I
> > do have a firewall up and am behind a router so I wasn't getting hit
> > by pop-ups anyways.  Any box with XP SP2 installed should block the
> > Messenger traffic by default as well.  So it isn't "game over" for all
> > windows systems.
> >
> > Anyone who has no firewall (doesn't have SP2 installed) and no router
> > and turns off the Messenger service would probably be lulled into a
> > false sense of security.
>
> WTH are you people talking about? A computer that does not provide any
> services does not need a firewall, because there is nothing to be
> exploited remotely. One may argue that the IP stack itself may be
> exploitable, however, how many bugs have shown up in the Windows IP
> stack during the past few years? Now compare that to the bugs that have
> shown up in $PERSONAL_FIREWALL_OF_YOUR_CHOICE. Hell, there have been
> attacks that were possible only *because* there was a Personal Firewall
> installed (W32\Witty.worm). Now you're saying that disabling unneded
> services and keeping the system patched gives a false sense of security
> whereas using Personal Firewalls does not?

I'm not sure what you were reading but it doesn't seem to be the same thing 
we are typing...

No,  what I agreed to is that if someone turned off the *Messenger* service 
(not *all* services), has no router, no firewall, would possible lulled into 
a false security (by the fact that no pop-up messages would be appearing). 
And there was no lengthy discussion about fully patched systems (as far as 
I'm concerned, XP systems that don't have SP2 installed weren't fully 
patched) as you seem to be suggesting.  You are introducing conditions that 
weren't being directly discussed as if they were.

I would contend that if you had X number of systems all installed with 
personal firewalls over the period of the last couple years versus the same 
number of systems with no firewall, there would be a lot more compromises on 
the ones without the firewalls.  Nothing is foolproof.  The patch you apply 
today may become tommorow's vulnerability.  And for the security challenged 
user, it is far better to have them run a personal firewall which will block 
both inbound and outbound problems than to have them flapping out in the 
breeze unknowingly spreading dozens of worms and viruses or being much more 
susceptable to spyware.  You do what you can and what is reasonable for the 
particular user's context.  In a lot of cases, it is not reasonable to turn 
off ALL services that have the potential to listen on the network.