worked!

freddursth8

Weaksauce
Joined
Jan 8, 2004
Messages
116
awesome.... my windows xp has finally stopped those annoying pop ups. thanks guys. but i have heard that xp likes to use the disabled messenger program for other things. will this be a problem?
 
Disabling the service is a bad way to solve the problem. The problem is your network is receiving data (messanger pop-ups)that your don't want. The symptom is the pop-up. You have removed the symptom, but not the problem. To remove the problem you should be blocking the traffic at your firewall. Since your not I'm betting you don't have a firewall, yes?
 
yeah, im getting a norton firewall this weekend though. So that'll work? How about XP's built in firewall?
 
Well I use a hardware firewall/router. That gives you the ability to split off your cable/DSL line to other PCs as well as port blocking. XPs built in firewall will do just fine. If your going to drop cash on something, get a hardware firewall.
 
Anything is better than nothing but a hardware firewall is the best solution.
 
Since when is receiving data a problem? Do you also consider pings to be a problem? What about a traceroute? Those seem harmless enough. If the daemon isn't running and the port isn't open then what is that data going to do? Just hit your computer. Will it erode its way into your system? Maybe it knows the secret handshake to get the port to open itself to let the data in. What is so different between the data hitting a firewall and going nowhere and the data hitting your computer and going nowhere?

I'm not arguing against hardware firewalls. They are great and they make life easier on everyone. However, I have noticed that a lot of people are suffering from paranoia that results largely from firewalls like zonealarm. Just the other day my roommate was locking down his computer with zonealarm and managed to fuck it up so much that he could no longer even get an ip address from the dhcp server.
 
Originally posted by jpmkm
Since when is receiving data a problem? Do you also consider pings to be a problem? What about a traceroute? Those seem harmless enough. If the daemon isn't running and the port isn't open then what is that data going to do? Just hit your computer. Will it erode its way into your system? Maybe it knows the secret handshake to get the port to open itself to let the data in. What is so different between the data hitting a firewall and going nowhere and the data hitting your computer and going nowhere?

I'm not arguing against hardware firewalls. They are great and they make life easier on everyone. However, I have noticed that a lot of people are suffering from paranoia that results largely from firewalls like zonealarm. Just the other day my roommate was locking down his computer with zonealarm and managed to fuck it up so much that he could no longer even get an ip address from the dhcp server.
Well I understand what your saying, if nothing is listening why is the fact that the data is present bad? Well it's not. But you can't always say that about every type of traffic. So as a practice, it's a bad way to approach the problem.

The practice of turning off a service is ignoring the problem. It's just a bad way to deal with problems in general. I liken it to an ostrich dunking their head in the sand. If I don't see the problem it must not be there right? No.

For the messenger service. What happens if you want to use the service? Now, how do you prevent the pop-ups with the service enabled? What if the service/port isn't messenger? What if it's something like the blaster worm? Just disable the RPC service right? No. Block the port, prevent the PCs from every seeing the traffic.

Having a hardware firewall blocks most network worms, lets multiple PCs connect, acts as a DHCP server, so it kills multiple birds with one stone.

Your zone alarm example is another reason I recommend a hardware solution...
 
If turning off the service is ignoring the problem, then what is the problem? Is the problem simply the fact that someone is sending packets to your address? I fail to see the problem in that. Turning off a service isn't like closing a door. It is like having a wall with no door in it. People can try to get in all day but they just can't get through the wall if there is no door there. So now the problem is people trying to walk through your wall? And your solution is to put up another wall a few feet away from the current wall? What happens then? Someone bangs on the firewall. Same situation. Why do the packets not get through the firewall? Because there is no way through. Just like there is no way through to your computer if the port is not open.

There is nothing inherently "bad" about packets travelling over a network. They are only bad when they hit your system and do something you don't want them to do. In which case you should stop them from hurting your system. The necessity for an external device in order to simply be able to operate your computer on the internet is absurd. In the case of segmenting a private network from the internet is perfectly acceptable and advisable, though. The device should not function as a catchall so that you do not have to maintain proper security on the computers themselves. Putting a firewall between your computer and the internet is in fact ignoring the problem, not the other way around. Why lock chains around your car when you can just lock your car doors? The problem still exists on your computer but you are just hiding that fact by introducing another layer into the equation. If you want to argue that the problem does not exist on the computer, then why are you arguing that one needs a firewall to protect himself? If the problem does still exist on the computer, then why does it exist? Any unnecessary ports should be turned off. That is just basic administration.
 
Is the problem simply the fact that someone is sending packets to your address?
Well, yes. But why bother to let me machines see any of the traffic? I have already identified it as bad and unwanted so why let it clog up my network (relative term here, I'm not suggesting that my network is congested with messenger traffic, but it's out there none the less). Why mess with the services on 1, 5, 500 machines when you can fix it in one place?

There is nothing inherently "bad" about packets travelling over a network. They are only bad when they hit your system and do something you don't want them to do.
That isn't true. Broadcast storms and DDOS are both types of traffic that isn't directly 'doing' anything, but both affect performance of the network.

Try setting up a 10Mbps network (A) with 5 differnet protocols. Now setup a machine with just TCP/IP. Then setup a similar network (B) with just TCP/IP. Now compare the performance of one of the machines on A vs. B.

The machine on (A) will not perform as well as (B) because there is other traffic on the network. But, according to your logic, this isn't bad because the machine on (A) only has TCP/IP installed and is only listening to that traffic. Yet it's performing worse, why? Because other traffic is flowing on the network.

The device should not function as a catchall so that you do not have to maintain proper security on the computers themselves.
Granted, but there is no exploit that messenger is using, it's "normal" traffic. So yes, keep the machine up to date, but what patch is out there to fix this issue? None. And you didn't asnwer my question about what if you want to use the service? How do you prevent messenger spam with the service enabled?

Your analogy about a car is bad, many car-computer analogies are... The lock is the firewall. The gas pedal is the service. Why let the thief in so maybe they can start the motor and press the gas? Why not keep them out to begin with?

I fail to see how putting up a firewall is ignoring the problem, it seems to work as a front line for 100% of all secure networks.
 
Yeah I suppose it was a bad analogy, but yours is just wrong. Building off yours, then disabling a service is like taking out the gas pedal and throttle cable. You simply cannot apply the throttle unless you open up the hood and pull the throttle on the engine. Your analogy also really does not apply to this situation. If a port is not open then the traffic cannot get into your computer. It stops at the computer, just like a person is stopped at a locked car door(theoretically). Okay I think we've covered that point enough.

If you need a particular service on your internal network but you don't want it accessible to the internet then certainly block it off at the firewall. That is what it is there for. I am not arguing that. I am arguing your suggestion to use a firewall to fix a problem that does not require a firewall. A home user with a single computer has no use for the windows messenging service. There is no reason for him to have it on. Maybe institutional or corporate networks need the service, but certainly not a single home user.

I was never talking about network traffic or congestion, so I was not taking that into account. Again, for a single home user, this really does not apply since there is not an internal network to be congested. From a network design standpoint, network segmentation is a good thing. If everything on the internet went to every computer then we just wouldn't get anything done at all. However, it is not the end user's job to segment the internet. If a user does have a network large enough to require segmenting, then he is not going to use some shitty little cable modem firewall. End users generally are not concerned with segmenting networks for congestion alleviation purposes.

After all that, I still do recommend users to use a firewall, but not simply to replace computer security. There is a lot of nasty stuff out there. I just installed win2k in a vmware session last friday and while I was installing the updates I got a virus they shut of my network port(in the dorm). And yes, firewalls are a crucial part of any secure network.
 
Originally posted by FrothyByte
to get rid of it for good:

http://www.tweakxp.com/display.aspx?id=260
While that is completely different from what we are talking about, that is a pretty good thing to do. Get that annoying piece of shit off there. If I fucking wanted to run msn messenger I would run it. I don't need a fucking email program to open it for me. When I used to use windows, removing msn messenger was one of the first things I did when I installed windows.
 
I told you car-computer analogies suck. ;)

I am arguing your suggestion to use a firewall to fix a problem that does not require a firewall.
Read my second post, it's not all I'm recommending it for. I said it allows you to split the line for multiple machines, something many people would do, even if it's just to have a couple of friends over. I also said it's for port blocking, not just to get rid of messenger.

Every computer connected to the internet with an always on connection should have a firewall.

Maybe institutional or corporate networks need the service, but certainly not a single home user.
No, because having a firewall is simple security. By recommending you turn off the service your ignoring a larger issue, the machine is not properly protected. It's thinking like that, that allows virii and worms to run rampant. It's that reason why if you connect a PC to some broadband connection you will get a worm within minutes, like you got at school. BTW I would get a firewall for you dorm room, esp. in a college, you people are the worstest at security. :p

Again, for a single home user, this really does not apply since there is not an internal network to be congested.
Well not really, they are on a network segment, and it can get congested. But I will admit, even if all this traffic is flowing on your private segment it's not going to flood or overload it. It's just a matter of practice, again security is a practice not a setting. Why have known bad traffic reach your machine? You don't, you block it.

If a user does have a network large enough to require segmenting, then he is not going to use some shitty little cable modem firewall.
That's a bad assumption, esp at the [H]. You can clog up a 100Mbps (haha, 100Mbps, some people have fibre in their home ;) ) network with just a few machines if you are pushing the right data, but that doesn't mean you require a massive up-link to the Internet... Internal traffic doesn't necessarily relate to external traffic.

After all that, I still do recommend users to use a firewall, but not simply to replace computer security.
So basically we agree. I have a pretty good grasp of security, I'm no guru, but I know you don't slap a firewall on and forget it. :)
 
Back
Top