• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Can anything "bad" or "harmful" be sent via the messenger in XP?

A

Aenygma

Platinum Member
While installing a critical update, I received one of those grey msg boxes that seemed to want me to buy something... I clicked on the x in the corner and closed it pretty fast, but I think it was asking... would you like to stop getting unwanted msgs... etc.

I have since disabled that service, but was wondering... can something harmful be sent using that??

(worried user)


Thanx
 
The only thing the Messenger service does is provide a way to display dialog boxes with a message or text to the user. It cannot interact with your system in any other way.
 
I do not believe there are any known exploits that use the messenger service.

That's not to say that none exist. Nimda and SQL Slammer both illustrate that vulnerabilities can be discovered.
 
Not that I'm saying it isnt possible, but IIS and MDAC/SQL are far more complex than the messenger service.
Click to expand...

Which would make sense that Microsoft would spend more time making sure they were secure.
 
Originally posted by: NogginBoink
I do not believe there are any known exploits that use the messenger service.
That's not to say that none exist. Nimda and SQL Slammer both illustrate that vulnerabilities can be discovered.
Click to expand...

Neither Nimda nor Slammer exploited an unknown vulnerability.
Bill


 
install a firewall of some type, if you can receive messenger messages then they can access other services too...
 
Originally posted by: bsobel
Originally posted by: NogginBoink I do not believe there are any known exploits that use the messenger service. That's not to say that none exist. Nimda and SQL Slammer both illustrate that vulnerabilities can be discovered.
Click to expand...
Neither Nimda nor Slammer exploited an unknown vulnerability. Bill
Click to expand...

Exactly, most people do not realize this. When Nimba and SQL Slammer were released, they were essentially giving a reminder to patch your systems. Microsoft released a patch before SQL Slammer was released that fix the vulnerability that it exploited. When SQL Slammer was release it showed the world how many admins do not bother patching their systems.
 
Exactly, most people do not realize this. When Nimba and SQL Slammer were released, they were essentially giving a reminder to patch your systems. Microsoft released a patch before SQL Slammer was released that fix the vulnerability that it exploited. When SQL Slammer was release it showed the world how many admins do not bother patching their systems.
Click to expand...

While I do agree it is up to the admin to patch the systems sometimes the patches come out so fast (especially for IIS last year)you don't have time to test them before an exploit is out. Where I work we run about 50 servers and some 500 workstations. I'll be damned if I'm gonna put a patch on a mission-critical system and hope it doesn't break something. That patch will be thouroughly tested on our development environment before going to production. Sometimes this can take weeks, depending on the patch.

This doesn't just apply to Microsoft. This has to do with all vendors we use at my workplace(Novell, Sun, Oracle, Siebel, etc). I don't expect companies to be able to test every single configuration. That's what development environments are for.
 
Originally posted by: mikecel79
Exactly, most people do not realize this. When Nimba and SQL Slammer were released, they were essentially giving a reminder to patch your systems. Microsoft released a patch before SQL Slammer was released that fix the vulnerability that it exploited. When SQL Slammer was release it showed the world how many admins do not bother patching their systems.
Click to expand...

While I do agree it is up to the admin to patch the systems sometimes the patches come out so fast (especially for IIS last year)you don't have time to test them before an exploit is out. Where I work we run about 50 servers and some 500 workstations. I'll be damned if I'm gonna put a patch on a mission-critical system and hope it doesn't break something. That patch will be thouroughly tested on our development environment before going to production. Sometimes this can take weeks, depending on the patch.

This doesn't just apply to Microsoft. This has to do with all vendors we use at my workplace(Novell, Sun, Oracle, Siebel, etc). I don't expect companies to be able to test every single configuration. That's what development environments are for.
Click to expand...

No one is asking you to, that NIMDA and Slammer patches where months old at the time of the exploit.
Bill
 
damned if I'm gonna put a patch on a mission-critical system and hope it doesn't break something.
Click to expand...
You know that my provider was just taken down by a attack that should have been patched several month ago. I talked to one of the honchos there and there attitude was the same as yours, which in my opinion is not good. By the way my ISP is charter which should know better.

Bleep
 
Originally posted by: Bleep
damned if I'm gonna put a patch on a mission-critical system and hope it doesn't break something.
Click to expand...
You know that my provider was just taken down by a attack that should have been patched several month ago. I talked to one of the honchos there and there attitude was the same as yours, which in my opinion is not good. By the way my ISP is charter which should know better.
Click to expand...

Did you not read the rest of my message? Cause you only quoted part of it. The patch will be applied just not on the day it comes out. To blindly put a patch on a mission-critical system with NO testing is foolish, in my opinion.

I do agree that taking months to install a patch is to long. Sometimes you can't always blame the admin but upper management instead. For example where I work we don't have the best upper management in IT. As a matter of fact they don't have any previous IT experience, most were accountants before taking jobs in IT management. At my worplace there is me and one other guy that do PC tech (helpdesk stuff), LAN administration, WAN administration, E-mail, and application deployments. So we're spread pretty thin and upper management puts pretty low priority on testing patches because they don't see the consequences of not installing them. As much as I would like to test and install patches right away my boss doesn't always let, putting more priority on other tasks. Luckily we were not hit with Nimda or SQL Slammer but we could always be hit with a future one.
 
To return to the topic of the thread... Simply disable the Messenger service by going to Control Panel -> Administratic Tools -> Services. Stop the current instance, and disable it. A firewall will also help, as someone else suggested. Also, for more information on this you can use the search tool.

\Dan
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top