Slashdot Mirror
Fighting Back Against Messenger Popup SPAM
An anonymous reader asks: "I recently re-installed XP (out of boredom and not necessity) and forgot to turn off the Windows Messaging service. Things were going fine, until today. I started getting those annoying popups again. I realize that I can turn off this service and I'll no longer get the messages, but, I want a way to 'take back the internet' and not have to worry about others getting these messages either.
Normally, these messages are the typical University Degree spam, but the last one I got was for a piece of software that turns off the messaging service. And as everyone knows, there are some people on the net who'll pay for this. So, how can the people of the net fight back to ensure that these messages stop, and more importantly, these people stop preying on the less-technically inclined?"
(Hasn't really worked as of yet).
Get a copy of the program and start sending out announcements on how to disable the Messenger service.
Just don't make it read like typical spam, or people will ignore it too.
You have given new meaning to the term "boredom". Time to go update the entry on everything2...
From the sounds of it, he knows perfectly well how to turn it off. What he's worried about is other people (gasp! altruism! on Christmas!) getting tricked by scammers offering to show how to disable the messages - for the low low fee of $20 or so.
No one's "hacking into" any computers. Do you "hack into" the webserver when you request a page? Your computer has to be listening on port 139 for these messages to have any effect. If you're going to open up port 139 to the world, you have to expect people sending packets to it. It's no different than any other service.
Ok, go to Administrative Tools (should be on the Start Menu, isn't always)
Select "Services"
In there, look for "Messanger", double click it, stop it from there, then set it to "Manual" (it's best not to set stuff to "Disabled")
All done.
"I won't mod you down - I feel the need to call you a twit explicitly, rather than by implication."
So, how can the people of the net fight back to ensure that these messages stop, and more importantly, these people stop preying on the less-technically inclined?
You can't. What they're doing isn't illegal, and arguably it shouldn't be. And even if it were, they'd just move their operations off-shore.
This isn't really a free speech issue-- commercial speech isn't covered by the same rules that govern other forms of expression-- but what you're basically saying is, "Some people are saying something that I don't like. I know that I can just stop listening to them, but I want to do more. How can I fight back to ensure that they have to stop saying what they're saying?
Sorry. Can't, or at least shouldn't, be done.
Now, if you wanted to take a different tactic, you could approach Microsoft through the appropriate channels to request that the Messenger service be off by default, or to have them remove it altogether. That might or might not work, but you could try.
I write in my journal
Um, buy a Mac? If you don't like the tool you use, consider the alternatives...
--
$tar -xvf
Well if this were only effecting LAN you could just walk up and punch the guy, couldnt you? :)
My dad's gotten these messages through the 'net, though, so I doubt all this "broadcast" stuff is real. Probably cycling IPs just like WinNuke ("I didnt know it was wrong!")
-- 'The' Lord and Master Bitman On High, Master Of All
2) Someone brought a suit. So? You can sue for anything. If it's ever judged (not settled) in favor of the plaintiff, then it would have some relevance.
I guess this is just an issue of what each of us considers a bug.
I consider a system intended for the administrator of a network to send messages, being able to be used by someone who is not the administrator of the network, a bug.
I consider any exploitation of any bug which allows you to access, modify, or present information which you were not intended to be able to access, modify, or present to be hacking.
-- 'The' Lord and Master Bitman On High, Master Of All
The show The Screen Savers on Techtv bitchs about this constantly. They have asked Microsoft before to release some sort of patch but they don't feel its necessary. Besides being annoying, it is really easy to create a batch file that does a net send DOS attack. Microsoft needs to provide an easy way off turning off the messenger service.
Hacker Media
No one's "hacking into" any computers. Do you "hack into" the webserver when you request a page? Your computer has to be listening on port 139 for these messages to have any effect.
Spoken like a true geek. However, you are extending an abstraction into higher levels than is necessarily appropriate. From my grandma's perspective, the TCP/IP level mechanism is irrelevant. She wants to know where the hell these weird messages are coming from.
Just because XP automatically installs a service that listens on port 139 doesn't or shouldn't necessarily mean that I as a naive user am going to be expecting packets at that port. Taping a "KICK ME" sign to someone's butt doesn't mean they want to be kicked either. Not everyone views these things strictly at the level of the socket API.
Just enable XP's firewalling or disable the messenging service in Start/Settings/Control Panel/Administrative Tools/Services and disable Messenger.
Can I get an eye poke?
Dog House Forum
The was my school's network is set up, I can only 'see' the computers on my floor. So if I get a netsend message, I have a very limited group of people to choose from. Once I look up the names on the computers I can see, it's not hard to find the message sending one...
Cogito ergo sum in Slashdot.
Actual, stopping the windows messaging service is _not_ the correct way to take care of this. As said a few messages before, blocking traffic to the netbios message port from untrusted networks (such as the internet) is.
If he has netbios open to the internet...pretty dumb.
As for keeping other people from being scammed; I think education is the only sure-fire way. Well written "best practices" guides could help tremendously. In this example, "common-sense things to do after setting up your windows XP OS but before connecting it to the internet" perhaps.
Of course, this requires people to read up before just installing an OS in a wild fit of boredom for the "education" tactic to work...
Well, a firewall puts sticking plaster on the problem, but in fact the issue is that there is a vulnerability on the base system. As soon as the firewall goes down (equipment failure, software glitch, enemy action), the computer is open - to pop up messages and who knows what else.
Much better to remove the service or vulnerability that exposes you to the problem than put a firewall over it.
"Well, put a stake in my heart and drag me into sunlight."
This is the system messenger utility that ostensibly is for legitimate network messages in the workplace such as "the server will be down for on hour starting in five minutes. please close all documents from the server", etc. and alerts to admins when certain events fire on the systems.
A home user should not need to have this enabled (unless you are playing with a small home network and are looking at legit messages) - follow the directions other posters on disabling this service.
Conscientious admins should have this blocked at their demarkation line or should disable it in their network altogether if they do not use it.
I think with the interesting people, their lives can't possibly be wrapped up into a nice little package.
What is needed (as ever) is customer education, and if the customer doesn't see the problem then that's not going to happen, is it? The ISP where I work sells the option of having a basic stateful firewall on the CPE router that stomps on this kind of thing as a managed / one-off service. It's not intended as a dedicated firewall replacement, it's intended as a first pass at cleaning up incoming and outgoing traffic for SMEs. Essentially, we determine with the customer what traffic they may need to pass and simply drop the rest, hopefully giving some customers a better idea of security in the process. It's good for us, because it's dropping the number of customer network compromises we have to deal with and it's turning into quite a respectable revenue stream. It's good for the customer, because it's protecting them from some hostile traffic on the Internet and they feel safer for it. The most important thing is to make sure that the customer doesn't get the "I've got a firewall, so I'm safe" mentality (back to user education again).
We all know that the Internet has become a very hostile place to be since its rise to being a mass market commodity product, but ultimately ISPs are not, and should not, be held responsible for that (unless it's their servers that are stuffed). To use a tried and trusted analogy premise, that's like blaming car dealers for the increase in risk caused by the growing number of cars on the roads. A car dealer should show you the location of the controls in your new car, maybe even make sure you have a license and valid insurance, but not give you a driving test. Once you own your new car, it's up to you to make sure you drive and park safely, keep it locked, don't leave valuables on the back seat and keep it serviced. If you can't or don't do any of those things, and don't take advantage of the people who will help or do those things for you then, ultimately, who is to blame when things inevitably go horribly wrong?
UNIX? They're not even circumcised! Savages!
Well that might be the case if you were talking about firewalling off a vulnerable, totally undesired service, but there are very valid uses for the messenger service in a corporate/workgroup environment. What you propose is the equivalent of stopping something like NFS in a *nix environment. Sure, we know its a big potential vulnerability, but the uses outweigh the negatives, so you firewall it off and run tcp_wrappers. Allow access only to those systems that require it. If you want to stop every possible vulnerable service on a Win2k/XP workstation, you're pretty much going to have to disable remote and local logins, but not before you disable every other service. Some things you just have to live with and protect as best you can.
Mind you, if your firewall is a) setup to allow open access on hardware failure or b) likely to fall to "enemy action", you've got bigger problems than popup spam messages.
"I'm tired of all this 'Aren't humanity great' bullshit. We're a virus with shoes" - Bill Hicks
Connecting to a random IP address and having the machine do something that you know has a 99.9% chance of annoying the user that runs it is generally considered hacking. The hacker is doing something that annoys the owner of the computer, to the financial benefit of the hacker.
Leaving your car unlocked does not make my stealing your radio (or your car) illegal. Locking it is only meant to slow down / discourage the illegality. It also signifies to an erronious but law-abiding citizen that they have the wrong car (key doesn't fit).
If you are causing another person's computer to do something that they do not want it to do, and that you know that they probably do not to want it to do that, then you are hacking. End of story.
OS Software is like love: The best way to make it grow is to give it away.
Click "Start | Programs | Administrative Tools | Services". Find the "Messenger" service on the list, stop it, and set it to "Disabled". Would you be more likely to download some bloated 4MB patch from Windows Update that did the same thing? Would you prefer a desktop icon that turns it off, right next to your "Free AOL and Internet" icon?
Leaving your car unlocked does not make my stealing your radio (or your car) illegal. Locking it is only meant to slow down / discourage the illegality. It also signifies to an erronious but law-abiding citizen that they have the wrong car (key doesn't fit).
Yah, well if you park your car on the street then someone is allowed to leave a note on the windsheild with information on how to get free university diplomas. No one is 'stealing your car/computer' here. Mabey if someone sent a net send of death that changed your admin pass, that would be hacking. Displaying a message isn't. If someone goes up and down the ICQ UID's and messages each with an ad, are they hacking your computer too?
WTF don't you have a firewall? If you are getting popups with the Messenger service you are NOT blocking the RPC ports and these popups may be the least of your trouble.
Start blocking those ports.
No, but whose fault is it if you buy a pair of pants with "KICK ME" emblazoned on the backside, and you complain that people kick you all the time, even though you didn't possess the technical inclination to look on the ass for any signs, markings or invitations to random passerby?
Or the technical ability to even realize such markings are there! "KICK ME" can be written in languages that you just don't know! OR it can be written in invisible ink that is only visible with special goggles. My grandma isn't going to run a portscanner on her machine as soon as she unwraps it on Christmas. I mean, give me a break. It's beyond reasonable to suggest that she as an end user should even have to. Stuff happening at the TCP/IP layer on a default XP install is the responsibility of Microsoft. Period.
You hear that? It's the world's smallest copy of Winamp playing sad, sad pirated MP3's just for your grandma. Incidentally, WinXP comes with a rudimentary, though effective Internet Connection Firewall that takes one click to activate.
The Internet isn't pretty, it isn't clean and it isn't proper. Just because Granny can't keep up with the times and learn how to operate machinery properly doesn't mean that Microsoft's gotta bow down and de-evolve their OS even further towards the lowest common denominator.
Hey Taco! Looks like you're using the "infinite monkeys and typewriters" scheme to generate Ask Slashdots again...
The Internet isn't pretty, it isn't clean and it isn't proper. Just because Granny can't keep up with the times and learn how to operate machinery properly doesn't mean that Microsoft's gotta bow down and de-evolve their OS even further towards the lowest common denominator.
No, but they can at least refrain from running servers by default on a simple install of XP Home. You have to consider who your users are when adding features and deciding which ones are turned on right out of the box.
That's a good question. Given that no implicit permission has been given to access the computer, I'd say that the answer is, in all probablility, yes. When someone puts a message on your winshield, they are using their own resources to do so. If someone paints the message on the side of your car, then that is vandalism. Forcing pop-up messages onto unwanting screens is in a bit of a no-mans land between the two. You are using someone else's machine to do this. You know that this is, most probably, unwanted and uninvited.
The sentiment is strong enough against spammers, that I think it might be quite possible to convince a judge that this fits the definition of 'hacking'. All of the necessary elements are there. I don't know what elements are missing. Given that you've got the hots to be doing this, you tell me what elements of hacking a computer are missing in this scenario.
The internet is not a free-fire zone. You are only allowed to access those ports and machines that you've been given permission to access (either implicit or explicit). Implicit access would be things like accessing an advertized web site, or an MX for the domain of someone who wants you to send them email.
When you access a port that many people aren't fully aware is open to produce a message that 99.99% of people are going to be annoyed by that seems to me like unauthorized access.
OS Software is like love: The best way to make it grow is to give it away.
The fact that some (not all) spam is "commercial speech" is irrelevant. What is relevant is that spam violates the property rights of the recipients and the transmitting ISPs.
what you're basically saying is, "Some people are saying something that I don't like. I know that I can just stop listening to them, but I want to do more. How can I fight back to ensure that they have to stop saying what they're saying?
No, what we're basically saying is, "Some people are stealing my bandwidth. How can I fight back to ensure that they go to jail just like people who get caught stealing anything else?"
/. If the government wants us to respect the law, it should set a better example.
You DONT simply shut off your services, you DO put a firewall in place. The last thing you want your box doing is sending OS-specific RSET packets to an attacker/sniffer.
I want to delete my account but Slashdot doesn't allow it.