Re: Odd Behavior - Windows Messenger Service

["gregh" <chows () ozemail com au>]

> ----- Original Message ----- 
> From: morning_wood 
> To: dos cerveza ; full-disclosure () lists netsys com 
> Sent: Thursday, July 17, 2003 8:17 AM
> Subject: Re: [Full-disclosure] Odd Behavior - Windows Messenger Service


> > The service starts before you login.
> > This is normal behaviour.
> > Please read the previous replies you have recieved.


> > The service starts before you login.

> imho it is iresponsible default behaivor for a workstation OS to allow
> remote resources / services / enumeration
> before any interactive user or administrative login.


Exactly my point from my posting on this issue last week and this is why that payroll machine was open to inspection 
when it should not have been. XP allows you to have a standard system come up to a Welcome page and sit there waiting 
for you to click on an icon and provide a password if that is how you choose to logon to your own machin locally. 
However, as an example, if you are just a user/abuser who works with a machine not on the machine and come in, turn 
your local machine on and then walk away while it is booting to get your morning coffee and come back then click an 
icon and provide a password, if the machine is fast enough, it is sitting at that welcome prompt allowing others on the 
local LAN at the very least, access to whatever programs and files you have on it in a standard XP home or Pro issue. 
Yes, it should be set up better but I think that, by now, we all know of the companies cutting corners who have an 
employee "who knows about computers" who can set up a l!
 an to work but bugger-all else. You reading this may think that isnt your problem as eventually you will be called in 
and paid to fix it BUT the problem is that if just ONE person on that lan is stupid enough to "click on an attachment" 
in the standard infecting style, it is possible the whole lan is open to inspection and whatever else. Then we have the 
"Echo Valley" scenario from there - you know the one where you yell "Hello" and it rebounds off everything you can see 
in the same way as an address book worm sends to all and sundry and catches many with the same tired old thing? At that 
point who will be complaining about the lost packets and stuffed up networks?

This is the issue I reported to Miscrosoft and their reply was that they will fix it in the next SP or full Windows 
whichever comes first, not as a fix but as an option. Eg, you will have a tick box somewhere that basically stops lan 
connection until the username/password are typed at logon or retyped in the case of a screen saver or program taking 
the local machine back to a welcome screen. IMHO this is the way it ALWAYS should have been. 

Greg.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html