Now Disabled on Your PC: Windows Messenger

In keeping with its company-wide Trustworthy Computing pledge to stave off
security problems by minimizing vulnerabilities, Microsoft said this week that it plans to switch off its Windows
Messenger service and activate Internet Connection Firewall (ICF) by default
on XP boxes.

Windows Messenger — not to be confused with the Redmond, Wash. software
vendor’s MSN Messenger instant messaging service — is used to exchange data
between computers. It launches automatically when a user boots up his or her
personal computer.

But the software has posed serious security risks. A program, which some
consultants dubbed the “son of MSBlaster,” was recently circulating that takes
advantage of a flaw in Microsoft’s Messenger Service that causes
Windows-based computers to crash. So concerned are some companies in the
industry that America Online disabled Windows Messenger on the Windows
desktops of 20 million of its users as a precaution last week.

That’s why company executives announced the disarmament at the Microsoft
Professional Developer’s Conference Tuesday. Specifically, Microsoft has
opted to turn off the rarely-used Messenger services with Windows XP Service
Pack 2, which is due in the first half of 2004. ICF, a firewall built into
XP that is normally turned off by default, will be turned on going forward,
the company said. Security experts said ICF could have blocked MSBlaster if
it had been turned on.

Turning on IFC demonstrates a proactive approach to securing the desktop,
said Gartner security analyst John Pescatore.

“Microsoft is definitely doing the right thing, and should do much, much
more of it,” Pescatore told internetnews.com. “One of the fundamental
principles of security is ‘Deny everything except that which is *expressly*
permitted’. That translates to having all dangerous services (like
Messenger) off by default and requiring the user to take explicit actions to
choose to enable those dangerous services.”

Pescatore said Microsoft did a good job of adhering to this in Windows
Server 2003, which he said is relatively secure out of the box. Microsoft,
he noted, is trying to break a life-time habit.

“But in desktop products they have had a corporate blind spot in the past —
Microsoft became the world’s biggest software company by putting all the
control in the hands
of the PC user. They didn’t consider safety a key requirement — making
Messenger and other things (like telnet or FTP services and the like) off by
default is another important step.”

Messenger, a standard part of Windows operating systems since the mid-1990s,
has also been the target of several flaws that yield massive amounts of
pop-up advertisements, with users employing text commands to create pop-up windows for spam. It was also the
subject of a
recent security patch for a buffer overrun flaw that could throw a machine
at the mercy of a malicious user.

The WM disablement comes in the midst of proclamations from company executives that Microsoft was looking at ways to fortify
the security of Windows in the face of computer viruses, worms and crackers.
Microsoft also plans to apply more restrictive default configurations on its
Internet Explorer Web browser Local Machine and Local Intranet security
zones.

Microsoft will also roll out a new application programming interface (API)
for remote procedure calls (RPCs) that limits access to resources on the
local machine. The API will give developers more tools to control the
flow of data to and from Windows applications.

RELATED NEWS AND ANALYSIS

• Ethics and Artificial Intelligence: Driving Greater Equality

  FEATURE |  By James Maguire,
  December 16, 2020

• AI vs. Machine Learning vs. Deep Learning

  FEATURE |  By Cynthia Harvey,
  December 11, 2020

• Huawei’s AI Update: Things Are Moving Faster Than We Think

  FEATURE |  By Rob Enderle,
  December 04, 2020

• Keeping Machine Learning Algorithms Honest in the ‘Ethics-First’ Era

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  November 18, 2020

• Key Trends in Chatbots and RPA

  FEATURE |  By Guest Author,
  November 10, 2020

• Top 10 AIOps Companies

  FEATURE |  By Samuel Greengard,
  November 05, 2020

• What is Text Analysis?

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  November 02, 2020

• How Intel’s Work With Autonomous Cars Could Redefine General Purpose AI

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  October 29, 2020

• Dell Technologies World: Weaving Together Human And Machine Interaction For AI And Robotics

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  October 23, 2020

• The Super Moderator, or How IBM Project Debater Could Save Social Media

  FEATURE |  By Rob Enderle,
  October 16, 2020

• Top 10 Chatbot Platforms

  FEATURE |  By Cynthia Harvey,
  October 07, 2020

• Finding a Career Path in AI

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  October 05, 2020

• CIOs Discuss the Promise of AI and Data Science

  FEATURE |  By Guest Author,
  September 25, 2020

• Microsoft Is Building An AI Product That Could Predict The Future

  FEATURE |  By Rob Enderle,
  September 25, 2020

• Top 10 Machine Learning Companies 2021

  FEATURE |  By Cynthia Harvey,
  September 22, 2020

• NVIDIA and ARM: Massively Changing The AI Landscape

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  September 18, 2020

• Continuous Intelligence: Expert Discussion [Video and Podcast]

  ARTIFICIAL INTELLIGENCE |  By James Maguire,
  September 14, 2020

• Artificial Intelligence: Governance and Ethics [Video]

  ARTIFICIAL INTELLIGENCE |  By James Maguire,
  September 13, 2020

• IBM Watson At The US Open: Showcasing The Power Of A Mature Enterprise-Class AI

  FEATURE |  By Rob Enderle,
  September 11, 2020

• Artificial Intelligence: Perception vs. Reality

  FEATURE |  By James Maguire,
  September 09, 2020