Windows Messenger again

Discussion in 'other security issues & news' started by meneer, Oct 2, 2003.

Thread Status:
Not open for further replies.
  1. meneer

    meneer Registered Member

    Joined:
    Nov 27, 2002
    Posts:
    1,132
    Location:
    The Netherlands
  2. DolfTraanberg

    DolfTraanberg Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    676
    Location:
    Amsterdam
    The attacker has to have local access so it's rather theoretical.
    Dolf
     
  3. Peaches4U

    Peaches4U Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    5,070
    Location:
    At my computer
    If you have no need for Windows Messenger, it can be turned off. :)
     
  4. meneer

    meneer Registered Member

    Joined:
    Nov 27, 2002
    Posts:
    1,132
    Location:
    The Netherlands
    I have no need for it. But why is it there in the first place :mad:

    And no, I'm not afraid for this vulnerability, my firewall does not contain this vulnerability, it is not even patched, it's a linux box :p
     
  5. Peaches4U

    Peaches4U Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    5,070
    Location:
    At my computer

    Well, from what I have read in other forums, it appears that Windows Messenger is like spyware, it sends messages back to Microsoft. :mad: Many confuse it with MSN Messenger however, they are different & will remove MSN Messenger instead. Cute, eh??


    - Fixed quote tags - LWM
     
  6. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,876
    Location:
    New England
    No, the "messenger service" is not like spyware. It is a very simple (and old) program which allows network connections into itself solely to pop-up network-based notification messages on attached PCs, which merely results in those terribly intrusive spam ads. The service has no real security built into itself, so you need to either disable it or block connections into it with a firewall. But, it has no capability to send anything back to Microsoft.

    The Messenger Service is a lot of things, but it doesn't not spy on your system activity or report anything to Microsoft.

    However, please note that the first post in this thread is regarding a flaw in the Win32 API for the handling of "messages" that are passed between Windows (i.e. interprocess communications), and is not about the Messenger Service. It is talking about a method of gaining higher privileges by using the inter window message passing capability, whereby a less privileged window (program) gets a more privileged window to do something on its behalf. This is not related to messenger spam.
     
  7. Peaches4U

    Peaches4U Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    5,070
    Location:
    At my computer
    Thanks LWM for the clarification. :cool:
     
Loading...
Thread Status:
Not open for further replies.