Disable Windows Messenger pop-ups?, Part 2

Dennis Faas's picture

Yesterday, I wrote about a new spam problem associated with Windows Messenger.

Recall:

Messenger pop-ups are a new form of spam that exploit a feature of the Microsoft Windows operating system intended for use by network administrators. These pop-ups can appear even if you aren't surfing the web (ie: a web browser), and are not related to MSN Messenger.

The remedy:

Yesterday I detailed instructions I used when searched Google for a solution. Unfortunately, the instructions for Windows XP were not complete and I received a few emails from folks who were not able to complete the "fix".

After sifting through a few more sites, I decided that the instructions found on the MyNetWatchman web site were very helpful (which also happens to be a a link I provided in the last newsletter). The instructions provided below are essentially verbatim from the MyNetWatchman web site with the exception of a few changes I've made to the document.

http://www.mynetwatchman.com/kb/security/articles/popupspam/index.htm

From the site:

Solution #1: install a personal [software] firewall

First let me say that there are several companies selling tools which claim to block WinPOPup ads. Please don't waste your money on these tools: all they do is disable the Messenger service which is NOT the best way to address the issue. Anyone can disable Messenger for free, anyhow.

If you received one of these messages that means your system is likely connected the Internet with no firewall protection. Many use anti-virus products and believe that all the protection they need. Please understand that anti-virus tools primarily protect you against infection from email and provide little to no protection against attacks launched through other services: e.g. Messenger, Microsoft Networking, etc.

There are several companies that offer FREE basic personal firewalls ... [such as] Zone Alarm; [you can read about Zone Alarm by downloading a free report online infopackets.com: complete with link to the said software]:

http://www.infopackets.com/hacking+hackers+hack.htm

Solution #2: install a hardware firewall

If you have several computers that you want to share a single Internet connections (e.g. cable/DSL), then consider purchasing a router that include the firewall capabilities. Linksys is one of the more popular ones which are often available for less then $50 USD.

Solution #3: Disable Microsoft Messenger Service

If you choose to install a firewall, it will prevent remote users from sending you WinPopUPs. However, if you decide NOT to install a firewall and want to prevent WinPopUPs, [it is recommended that you] disable the Messenger service.

Please note that without a firewall installed, a system is vulnerable to outside threats (IE: hackers and trojans). Therefore, simply disabling the Messenger service without the aid of a firewall is not recommended.

And don't forget: disabling Messenger will also eliminate legitimate alerts.

If you are on an office LAN and use such applications as: Anti-virus, SQL Job Scheduler, or a UPS system -- which may use Messenger to alert you of critical system events -- then Messenger should not be disabled. Instead, use a firewall/router to block the PopUPs.

Here are the procedures for disabling the Messenger service on Windows 2000 and XP systems: For Windows 2000

  • Click: Start/Settings/Control Panel
  • Open: Administrative Tools
  • Open: Services
  • Open: 'Messenger' Service
  • Click: Stop button
  • Change 'Startup Type' to DISABLE
  • Click OK to close everything

For Windows XP

  • Right-click: 'My Computer' icon and select 'Manager'
  • Open: Services and Applications
  • Open: Services
  • Open: 'Messenger' Service
  • Click: Stop button
  • Change 'Startup Type' to DISABLE
  • Click OK to close everything

Side note: I tried the above instructions on my XP machine and they are correct.

Other issues:

Here is an excellent article which describes how to disable many unneeded Microsoft services (Minimization of network services on Windows systems). See 'RPC services' section for a discussion of disabling Windows Messenger:

http://www.hsc.fr/ressources/breves/min_srv_res_win.en.html

Rate this article: 
No votes yet