Windows 'Feature' Draws FTC Fire

dnuggett · Nov 6, 2003

Little FYI on the FTC. Looks like the Government is after them again...

This time for Messenger.

WASHINGTON -- U.S. regulators voiced concerns Wednesday about a feature in Microsoft Windows that could subject users of the operating system to unwanted pop-up ads.

Link to the story

Related story of a company shut down for spamming through Messenger

spyordie007 · Nov 6, 2003

the government is after anyone who has money.

spyordie007 · Nov 6, 2003

besides people should be taking this opportunity to realize how poor of a job they have done to firewall themselves off and learn from their mistake, not blame Microsoft for them leaving a local service available to the outside world.

KF · Nov 6, 2003

"...problems with "widespread exploitation" of Messenger Service. The Windows feature is unrelated to popular instant-messaging software."

EeyoreX · Nov 6, 2003

Perhaps, if the government is bored or has nothing better to do, they can also "shut down" email. I get lot's of spam there, but it doesn't seem to do much about that problem. Like spyordie said, they want to go after someone has money. Instead, they should be going after the people that exploit this very useful service. And it's people's own fault if they don't run a firewall, not Microsoft's (at least in this case. This service is not a bug or flaw, but a legitimate and highly useful service in many settings).

[EDIT]After posting this, I happened to head over to CNN.com for some reading (work is boring and internet is limited). I happened across this article, dated Nov 5. I think the most relevant passage (I just trust CNN more than Wired) is

The FTC is not blaming Microsoft itself for the illegitimate use of a feature in Windows called Windows Messenger Service.Not to be confused with the MSN Messenger or Windows Messenger instant messaging services, Windows Messenger Service appears to users as a pop-up window and is intended to be used by computer network administrators to send messages to users on the network.

(bold by me). The Wired article seems to imply the FTC is going after Microsoft, while the CNN article does not blame Microsoft, but the spammers (though a 3rd party person quoted said he believed Microsoft is "partly responsible"). I feel that the distiinction is a big one. The FTC does not appear to be "going after" Microsoft at all. Two different articles and sources, but as I said, i still tend to trust CNN.[/EDIT]

\Dan

KF · Nov 6, 2003

>And it's people's own fault if they don't run a firewall,...

Why is it people's own fault? People just want to surf the Internet, so why is this coming through?

Pardon if I'm wrong, but this is what I understand:

Packets are sent over the network, in this case the Internet, routed to their intended IP address. These packets have a type and port number, which designates their purpose. If the packet gets to a computer, the computer may respond or not. All a firewall does is decide what to pass, in either direction. But if I don't want spam popups, why is Windows XP putting them on the screen anyway? If I don't want my computer to run some other persons program (a worm?) at their request, why is XP running them anyway? If I don't ever want anyone to use my computer over the Internet, why does XP do it anyway? I don't think doing what I prefer is asking too much of XP. I am astounded this could ever happen. It's as if some one knocked on the door, and I had to let them in, and let them do anything they pleased in my own home.

Nothinman · Nov 6, 2003

Would you blame ford if your car got stolen because you don't think you should have to lock your doors? Microsoft gives you the facilities (limited as they may be sometimes) but it's up to you to learn how to use them properly.

skyking · Nov 7, 2003

I think that the default setting of "enabled" for messenger service was a big mistake. In a corporate environment, most OS's are imaged, and the admins can enable such a feature easily across the net. The average home user will never use it. Why not recognize that it is a potential risk, and ship out the default config as "disabled"?
I am not saying that Microsoft should anticipate the hacker's every possible future action, but look at the feature's risk/benefit, and choose a more conservative path.

Nothinman · Nov 7, 2003

I think that the default setting of "enabled" for messenger service was a big mistake

Microsoft enabled everything by default for the sake of ease of use, and it's almost always a bad idea.

NogginBoink · Nov 7, 2003

Originally posted by: KF
>And it's people's own fault if they don't run a firewall,...

Why is it people's own fault? People just want to surf the Internet, so why is this coming through?

Pardon if I'm wrong, but this is what I understand:

Packets are sent over the network, in this case the Internet, routed to their intended IP address. These packets have a type and port number, which designates their purpose. If the packet gets to a computer, the computer may respond or not. All a firewall does is decide what to pass, in either direction. But if I don't want spam popups, why is Windows XP putting them on the screen anyway? If I don't want my computer to run some other persons program (a worm?) at their request, why is XP running them anyway? If I don't ever want anyone to use my computer over the Internet, why does XP do it anyway? I don't think doing what I prefer is asking too much of XP. I am astounded this could ever happen. It's as if some one knocked on the door, and I had to let them in, and let them do anything they pleased in my own home.

What a totally misguided rant!

XP is displaying messenger popups because you're running a program on your machine that takes those packets, "with a type and a port number," that are addressed to that program (the Messenger service), and the program is doing what it was designed to do. It's displaying the popups because *gasp* things are working the way they're supposed to! You did open the door by having Messenger running. If you want your computer to do what you prefer, shut off the Messenger service, if that's your preference.

I'm not going to rise to the trollbait about worms.

Nothinman · Nov 7, 2003

You did open the door by having Messenger running. If you want your computer to do what you prefer, shut off the Messenger service, if that's your preference.

Microsoft opened that door for you and not many people even knew the door existed until recently.

EeyoreX · Nov 8, 2003

You did open the door by having Messenger running. If you want your computer to do what you prefer, shut off the Messenger service, if that's your preference.

Click to expand...

Microsoft opened that door for you and not many people even knew the door existed until recently.

Yes Microsoft "opened the door". That's because this is a useful service that people do use quite often. Perhaps, instead of a sweeping policy of enable or disable, Microsoft can disable the service in XP Home (targeted for home users) and leave it enabled for XP Pro (targetted at busnesses) (as an aside, Microsoft will be disabling this service in SP2 IIRC. If not the SP, in a future update). Though I think in this case, Microsoft is not to blame. It's too bad people don't cut them any slack. When things don't work right, people b!tch. Now, here is something that does work right, and these same people b!tch. My opnion is that it is the user who is responsible for using the products they purchase and use to learn how to use them correctly. It isn't Chevy's fault if I drive my car into a wall because I don't know how to apply the brakes. It's Chevy's fault if the brakes are defective. The "home user only wants to surf the internet" excuse is weak IMO. They are just as responisble as the "power user" for learning how to properly operate their products. If they refuse to do this, hire or ask someone to do it, or else don't complain when you have an issue like this.

\Dan

Barnaby W. Füi · Nov 8, 2003

Originally posted by: EeyoreX
Yes Microsoft "opened the door". That's because this is a useful service that people do use quite often.

I can't imagine that many XP Home users use the messenger service for legitimate purposes.

Though I think in this case, Microsoft is not to blame. It's too bad people don't cut them any slack. When things don't work right, people b!tch. Now, here is something that does work right, and these same people b!tch. My opnion is that it is the user who is responsible for using the products they purchase and use to learn how to use them correctly. It isn't Chevy's fault if I drive my car into a wall because I don't know how to apply the brakes. It's Chevy's fault if the brakes are defective. The "home user only wants to surf the internet" excuse is weak IMO. They are just as responisble as the "power user" for learning how to properly operate their products. If they refuse to do this, hire or ask someone to do it, or else don't complain when you have an issue like this.

It's not really a black and white issue. You think they should turn on every single service by default? Obviously, in the end, it is the owner's responsibility, but MS also has an obligation to choose reasonable defaults, if from nothing but a revenue/marketing standpoint (i.e. fewer people will buy their stuff if it sucks too bad).

edit: and your idea of "work right" is kinda funny. I don't think that receiving pop up spam from arbitrary people across the internet constitutes working right.

drag · Nov 8, 2003

What MS did wrong was enabling stuff like that in the first place. There is just no need for it.

Sure if you don't use the brakes properly chevy isn't responsible if you crash in the wall.

But what if they built in a remote control for your accelerater pedal to aid a remote starter you had to pay extra for, but most people didn't?

And the reciever was on by default.

Then people figured out how to trigger it remotely using a radio transmitter. Now your driving down the road and somebody made your car accelerate into a wall. You had no idea what was happening, you never had a chance to know the feature existed in the first place.

Is your fault for not turning it off, is it the cracker's fault, or is it chevy's fault then?

EeyoreX · Nov 8, 2003

What MS did wrong was enabling stuff like that in the first place. There is just no need for it.

This is plain wrong. Just because not everyone needs this service, does not mean that there is "no need for it".

But what if they built in a remote control for your accelerater pedal to aid a remote starter you had to pay extra for, but most people didn't?

And the reciever was on by default.

Then people figured out how to trigger it remotely using a radio transmitter. Now your driving down the road and somebody made your car accelerate into a wall. You had no idea what was happening, you never had a chance to know the feature existed in the first place.

Is your fault for not turning it off, is it the cracker's fault, or is it chevy's fault then?

Point one: It is my responsability, as the consumer, to know about the product I purchase. There are dozens of articles discussing which services to disable to speed up or secure Windows. There are dozens or hundreds of websites that discuss Windows security specifically. There are hundreds of thousands of places the information is available. If you didn't look for it, that is no ones fault but your own. Point two: The answer to your question: It is everyone's but Chevy's. in other words, yours and the "crackers" (more the "cracker" for chosing to use the legitmate servicein an illegitimate way). Third parties chose to use a legitamate service for illegitmate reasons, that is not the fault of the creator of the legitimate service.

The FTC is not blaming Microsoft itself for the illegitimate use of a feature in Windows called Windows Messenger Service

Link

Beales said D Squared, not Microsoft, should be blamed for the ads.

Link

drag · Nov 8, 2003

I don't care what the FTC says. When FTC says not blaming = no lawsuit.

I just a bad design that's all. Why is it nessiccary to allow people to pop up windows on your screen?

There is no need for a lot of things. You may want them, you may not. There is no need for FTP server on a desktop, but I use it. Should it be a good idea that everyone who runs a OS should have a FTP server? No that would be a bad idea, a bad design choice. Is MS evil? No. Should they have thought, "well maybe allowing messages to be transmitted to a persons desktop by default and without the consent of the owner won't be a good idea.", probably, but they didn't.

Apparently MS agrees with me, since they themselves said that all future products with have this feature turned off by default.

EeyoreX · Nov 8, 2003

I just a bad design that's all. Why is it nessiccary to allow people to pop up windows on your screen?

It is not bad design. It is ocassionaly necessary for the admins here at my (and many other) companies to send messeges to hundreds or thousdands of computers in different physical locations at the same time. The Messenger Service allows this. It was not designed for "people" to hammer with pop-up spam.

There is no need for a lot of things. You may want them, you may not. There is no need for FTP server on a desktop, but I use it. Should it be a good idea that everyone who runs a OS should have a FTP server? No that would be a bad idea, a bad design choice. Is MS evil? No. Should they have thought, "well maybe allowing messages to be transmitted to a persons desktop by default and without the consent of the owner won't be a good idea.", probably, but they didn't.

Again, the feature was not designed for "people". It was designed for corporate drones.

Seriously though, the feture was designed for a good, useful purpose. It has been used for years (Windows NT has this service IIRC) and it is only recently that unscrupulous individuals and companies are exploiting it.

Apparently MS agrees with me, since they themselves said that all future products with have this feature turned off by default.

I don't think they agree with you. I think that they realize that people like you will blame them for the "problem". When in fact, the "problem" is not really a "problem" at all. Rather than do that, and risk further backlash, they will just turn it off so people who refuse to take responsiblility for their own computer's security will feel better. It's simply good PR.

\Dan

Barnaby W. Füi · Nov 8, 2003

Originally posted by: EeyoreX
It is not bad design. It is ocassionaly necessary for the admins here at my (and many other) companies to send messeges to hundreds or thousdands of computers in different physical locations at the same time. The Messenger Service allows this. It was not designed for "people" to hammer with pop-up spam.

As I said before and you seemed to have ignored - XP HOME users will almost never have a legitimate use for the messenger service. If your company is putting XP Home on workstations, then that's their fault for using the wrong OS.

I don't think they agree with you. I think that they realize that people like you will blame them for the "problem". When in fact, the "problem" is not really a "problem" at all. Rather than do that, and risk further backlash, they will just turn it off so people who refuse to take responsiblility for their own computer's security will feel better. It's simply good PR.

WTF? Hey, here's this service that lets any person across the internet make windows pop up on your computer that contain any message they want. LET'S TURN IT ON BY DEFAULT IN AN OS USED BY AVERAGE, CLUELESS USERS AT HOME!

drag · Nov 8, 2003

Did I say it wasn't usefull? No.

It's just not nessiccary. It should be turned off by default, expecially on Home Editions. It's not like it can't be turned on if you want to use it.

That's one of the major reasons that MS products like win9x,NT and w2k have been so insecure, because they had EVERYTHING turned on. It may had made it easier to use, but it certianly was a mistake to do so. This pop-up stuff is just another example of it.

MS has learned from this mistake and now will ship the new OSes with as much stuff turned off as possible.

EeyoreX · Nov 9, 2003

[iQ]It is not bad design. It is ocassionaly necessary for the admins here at my (and many other) companies to send messeges to hundreds or thousdands of computers in different physical locations at the same time. The Messenger Service allows this. It was not designed for "people" to hammer with pop-up spam.

As I said before and you seemed to have ignored - XP HOME users will almost never have a legitimate use for the messenger service. If your company is putting XP Home on workstations, then that's their fault for using the wrong OS.

I don't think they agree with you. I think that they realize that people like you will blame them for the "problem". When in fact, the "problem" is not really a "problem" at all. Rather than do that, and risk further backlash, they will just turn it off so people who refuse to take responsiblility for their own computer's security will feel better. It's simply good PR.

WTF? Hey, here's this service that lets any person across the internet make windows pop up on your computer that contain any message they want. LET'S TURN IT ON BY DEFAULT IN AN OS USED BY AVERAGE, CLUELESS USERS AT HOME![/quote]Perhaps, instead of SCREAMING, you could do yourself and me the favor of reading all of my posts. Or at least rereading the one, where I say, (I'll do you a favor and quote myself)

Perhaps, instead of a sweeping policy of enable or disable, Microsoft can disable the service in XP Home (targeted for home users) and leave it enabled for XP Pro (targetted at busnesses)

Thank you.

\Dan

Windows 'Feature' Draws FTC Fire

Diamond Member

Diamond Member

Diamond Member

Golden Member

Platinum Member

Golden Member

Elite Member

Lifer

Elite Member

Diamond Member

Elite Member

Platinum Member

Elite Member

Elite Member

Platinum Member

Elite Member

Platinum Member

Elite Member

Elite Member

Platinum Member