Install Windows XP minus the built-in backdoor

[kenfrost2001]

There's an inherent security vulnerability (or built-in backdoor) in Windows XP. I have discovered how to inactivate that security vulnerability or backdoor when installing a fresh copy of Windows XP SP2.

You need - a dynamic cable/ DSL line, a copy of Windows XP SP2 or Pro SP2, and of course a computer, preferrably a desktop with a LAN line, and a basic router with a firewall.

Disconnect your computer from the internet then backup your files

Do the following before connecting to the internet:

Basically, you want to disable everything on your network adapter except TCP/IP and then in your TCP/IP advanced settings uncheck "enable LMHosts lookup" and disable netbios.

Next, go to regedit and delete all the entries for "msmsgs.exe".

Last, disconnect your router dynamic IP address and reconnect to a new IP address and back to the internet.

Go to http://www.microsoft.com and then downloads and get Internet Explorer 7. Then go to http://www.windowsupdate.com and get all the critical updates.

Ken Frost

PROOF: After doing this procedure I cut my outbound packets to be about 10-30% as few as my inbound packets.
ALSO, I surf on the inTRAnet almost entirely now, rather than the inTERnet.

 

[bendixG15]

And if I do as you say, what are the benefits ??
-------------------------------
Welcome to AT

 

[kamper]

This is a joke right?

 

[kenfrost2001]

Well, it's my firm belief after attempting 30-40 times to reinstall Windows XP and finally developing my methodology that every computer is hacked immediately upon connecting to the internet. I was watching my network traffic on my network adapter and my router, and not until I applied my methodology was i able to cleanly and freely surf the internet, without any monitoring or extra packets being sent.

So if you don't mind having a computer which is being monitored by someone (i don't know who, but i'm sure i could come up with lots of guesses), then i guess that would be the benefit, no more monitoring.

 

[kenfrost2001]

No actually I'm very, very serious. Whether anyone will believe me and try this is a big question. I'll tell you that so far no one in the news business or anyone else has been willing to believe me. But I'm certain of my discovery and of what I have disabled in Windows XP upon reinstall.

 

[Rilex]

Unless you can break out a packet sniffer and show us the offending packets, you have no proof at this time.

 

[imported_LoKe]

PROOF: I made three million dollars selling socks.

Do you believe me? Well, I don't believe you either/

 

[Lord Evermore]

And if you do this you've...uninstalled MSN/Windows Messenger (the instant messenger), which is what msmsgs.exe is.

If you disable NetBIOS, you also disable File and Printer Sharing, because all NetBIOS does is communicate with other machines to tell them what your computer name is and find out what other computers are on your local network. NetBIOS doesn't work past a router. Of course following these instructions, file sharing has already been disabled.

LMHOSTS lookup just tells the system whether to use a file named lmhosts to browse computers on a domain which includes routers and multiple segments, as an alternative to doing lookups with WINS. This is the equivalent of the HOSTS file being used instead of DNS. Disabling lmhosts lookup doesn't actually DO anything unless you're on a domain.

It's amazing. This one guy has discovered an obvious backdoor in XP, beating out the thousands of blackhats who've been hacking the crap out of XP for the last 5+ years.

Yes, your computer sends out packets whether you actively are doing anything on the Internet or not. It's not backdoors, it's not secret monitoring, it's just normal system activity.

 

[Pabster]

Yes, Yes, you've discovered the hidden NSA backdoor. Expect a knock shortly.

/sarcasm

 

[xtknight]

By that definition, any software that accesses the Internet or sends a heartbeat has backdoors in it. Watch out!

 

[dawks]

Originally posted by: kamper
This is a joke right?

Can't be, jokes are funny and this is far from it. This is called bullshit.

 

[n0cmonkey]

My copy of wireshark is quivering in anticipation of a pcap dump!

 

[Lord Evermore]

Originally posted by: kenfrost2001
ALSO, I surf on the inTRAnet almost entirely now, rather than the inTERnet.

Oh god I just noticed that part. Please, if this is not a joke, go look up the definitions of intranet and Internet. While it is possible to "surf the intranet" technically, you're certainly not reaching this site via your intranet.

 

[loup garou]

Originally posted by: dawks

Originally posted by: kamper
This is a joke right?

Can't be, jokes are funny and this is far from it. This is called bullshit.

I don't know, I thought it was pretty funny!

:laugh:

 

[networkman]

I think the OP is funny.. in the head.

 

[Smilin]

Originally posted by: kenfrost2001
There's an inherent security vulnerability (or built-in backdoor) in Windows XP. I have discovered how to inactivate that security vulnerability or backdoor when installing a fresh copy of Windows XP SP2.

You need - a dynamic cable/ DSL line, a copy of Windows XP SP2 or Pro SP2, and of course a computer, preferrably a desktop with a LAN line, and a basic router with a firewall.

Disconnect your computer from the internet then backup your files

Do the following before connecting to the internet:

Basically, you want to disable everything on your network adapter except TCP/IP and then in your TCP/IP advanced settings uncheck "enable LMHosts lookup" and disable netbios.

Next, go to regedit and delete all the entries for "msmsgs.exe".

Last, disconnect your router dynamic IP address and reconnect to a new IP address and back to the internet.

Go to http://www.microsoft.com and then downloads and get Internet Explorer 7. Then go to http://www.windowsupdate.com and get all the critical updates.

Ken Frost

PROOF: After doing this procedure I cut my outbound packets to be about 10-30% as few as my inbound packets.
ALSO, I surf on the inTRAnet almost entirely now, rather than the inTERnet.

I'll take you seriously.

What traffic is it that is being reduced? If you have a capture of it (netmon, ethereal/wireshark etc). I would be happy to take a look. PM me once you have it, I'll give you my email or create an upload workspace for you.

What do you mean you are now surfing the Intranet instead of Internet now? Are you referring to the IE security zone displayed at the bottom of your browser? If so, surfing the "Intranet" like this is a really bad idea. Security settings are lowered and IE can automatically send your local credentials to a server requesting them rather than prompting you.

I'm with the MS Networking team and I'll get this to the security guys immediately if needed. Here is the thing: No BS, no speculation, I have to have proof something is happening in the form of a network trace. Frankly, right now you have proof of nothing so we need to get some.

Since you are investigating a potentially compromised system it may be necessary to get a promiscuous capture from a machine on a hub with the system in question. If you are able to capture this unknown traffic without a promiscuous trace that would be fine too.

PM me when you have the data.

 

[corkyg]

The last time I put on a set of longjohns, I noticed they had a back door also. I think it serves a purpose.

 

[Brazen]

Originally posted by: corkyg
The last time I put on a set of longjohns, I noticed they had a back door also. I think it serves a purpose.

So Windows has to take a cr@p in the internet every now and then? So what happens now that he's plugged the hole?

 

[kamper]

Originally posted by: kenfrost2001
No actually I'm very, very serious. Whether anyone will believe me and try this is a big question. I'll tell you that so far no one in the news business or anyone else has been willing to believe me. But I'm certain of my discovery and of what I have disabled in Windows XP upon reinstall.

I think there's one angle you haven't covered yet. Have you considered the very real possibility that you might not have any idea what you're doing?

 

[kenfrost2001]

actually, i do believe that http://anandtech.com, as well as the hundreds of other sites i surf to without a "WWW" are on an inTRAnet. maybe you should check your definitions.

you have to love how most tech people think they know everything!

 

[n0cmonkey]

Originally posted by: kenfrost2001
actually, i do believe that http://anandtech.com, as well as the hundreds of other sites i surf to without a "WWW" are on an inTRAnet. maybe you should check your definitions.

you have to love how most tech people think they know everything!

Please explain what you mean by "intranet" then. The host definition doesn't really matter in comparison to internal vs. external networks.

 

[kenfrost2001]

surfing behind a corporate firewall, most likely AT&T's (formerly SBC) which is why my web pages show up 80-90% of the time withOUT the "WWW". i have not changed the settings in IE7 from the default AND i am 100% certain my computer is NOT compromised. all my web pages used to show up with the "WWW".

in any case, i guess most people haven't noticed that upon reinstalling windows xp, msmsgs.exe will run in the background, even if you uninstall it and/or disable it. and there is a security vulnerability in msmsgs.exe acknowledged on the microsoft web site.

 

[kamper]

Originally posted by: kenfrost2001
actually, i do believe that http://anandtech.com, as well as the hundreds of other sites i surf to without a "WWW" are on an inTRAnet. maybe you should check your definitions.

you have to love how most tech people think they know everything!

Well, if adding a www subdomain to a domain moves it from the intranet to the internet, then yeah, I fully admit that I didn't know everything! Until now, that is. Thanks

 

[kenfrost2001]

okay my last post on this topic. i promise. when i login to the intra/internet, my computer does the following:

RECEIVE 689 bytes (not packets, but bytes)
SEND 0, yes zip, zero bytes

how many do you send and receive upon login?

 

[n0cmonkey]

Originally posted by: kenfrost2001
surfing behind a corporate firewall, most likely AT&T's (formerly SBC) which is why my web pages show up 80-90% of the time withOUT the "WWW". i have not changed the settings in IE7 from the default AND i am 100% certain my computer is NOT compromised. all my web pages used to show up with the "WWW".

But these sites aren't behind your corporate firewall. The "www" really doesn't mean anything for most of them (go to http://undeadly.org, it isn't an intranet site, but it works without the www). No "www" does not mean they are on the intranet.

in any case, i guess most people haven't noticed that upon reinstalling windows xp, msmsgs.exe will run in the background, even if you uninstall it and/or disable it. and there is a security vulnerability in msmsgs.exe acknowledged on the microsoft web site.

There's security vulnerabilities in a lot of software, what makes msmsgs.exe special?