Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

AOL fixes the Windows Messenger Service popup spam problem

From: "Richard M. Smith" <rms () computerbytesman com>
Date: Thu, 23 Oct 2003 15:27:06 -0400
After more than a year of inaction on Microsoft's part, AOL has stepped up
to the plate to fix the problem of pop-up spams from the Windows Messenger
Service for its Internet customers.  The Windows Messenger Service also
became a much bigger problem recently with the discovery of a buffer
overflow error in the service leaving Windows XP users open to their
computers being hijacked from outsiders (http://tinyurl.com/r2j3).  

This move by AOL will surely be controversial.  However, a better question
to be asking is why did Microsoft foist this annoying and buggy feature on
home computer users in the first place with the release of Windows XP.

For non-AOL users, here is a free utility for turning off and on the Windows
Messenger Service:

   http://grc.com/stm/shootthemessenger.htm

Richard M. Smith
http://www.ComputerBytesMan.com

====================================================================

http://tinyurl.com/s3f7
 
AOL Quietly Combats Pop-Up Spam Messages 
By ANICK JESDANUN, AP Internet Writer 

NEW YORK - Even more annoying than junk e-mail are all the spam messages
that "pop up" through a little-used feature in Windows. As part of its
spam-fighting efforts, America Online has been turning off that feature for
its customers without telling them. 

AOL spokesman Andrew Weinstein said the feedback has been all positive, and
he knows of no complaints to AOL call centers about side effects on other
applications that may need that feature. 

Nonetheless, AOL's action worries some security experts who were told about
it by The Associated Press. 

"They are trying to do the right thing ... but you sort of feel dirty after
you hear it," said Bruce Schneier, chief technology officer for Counterpane
Internet Security Inc. "It's a very dangerous precedent in having companies
go into your computer and turn things on and off." 

"From there," he added, "it's easy to turn off competitors' services." 

Pop-up spam differs from pop-up ads in that no Web browser or Web site visit
is required. Instead, these ads take advantage of a messaging function built
into many Windows operating systems. 

The function, generally enabled automatically when computers are shipped,
was designed for computer network technicians to, for instance, warn people
on their systems of a planned shutdown. Some applications also notify users
of such actions as a network printer finishing a task. 

About a year ago, spammers figured out that they, too, could exploit it,
making ads automatically appear on users' screens at any time. 

.....


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: