PDC: Microsoft will turn off Messenger and turn on firewall

Microsoft is to disable the Windows Messenger Service and activate the Internet Connection Firewall (ICF) by default on Windows...

Microsoft is to disable the Windows Messenger Service and activate the Internet Connection Firewall (ICF) by default on Windows XP machines in an effort to protect computers from malicious attacks.


The changes will be described at an informal lunchtime presentation during Microsoft's Professional Developers Conference (PDC) in Los Angeles by Jason Garms, an architect in Microsoft's Security Business Unit (SBU), and are targeted for release in Windows XP Service Pack 2, according to Amy Carroll, director of product management in SBU.


The announcement follows weeks of statements from Microsoft chief executive officer Steve Ballmer and other company executives that the company was looking at ways to increase the ability of Windows to "shield" itself against threats from computer viruses, worms and hackers, rather than relying on other companies' products to do so.


Among other things, Microsoft will announce a new API (application programming interface) for remote procedure calls (RPC) that limits access to resources on the local machine, Carroll said.


The API will give developers more tools to control the flow of data to and from Windows applications and apply more specific security policies that cover actions taken by client and server applications, according to Pete Lindstrom, an analyst at The Spire Group.


Security vulnerabilities in RPC and the distributed component object model (DCOM) that Microsoft disclosed in July led to the creation of the W32.Blaster worm, which hit corporate networks and home computers worldwide in August.


To address concerns about web and network-borne attacks which exploit vulnerabilities in its products, Microsoft will describe its plans to strengthen the default configuration of the Internet Explorer Web browser's Local Machine and Local Intranet security zones, Carroll said.


The configuration of those zones controls what actions are and are not permissible when connecting to resources on a user's local network. Microsoft is interested in developers' feedback about whether the changes are the right approach for security issues, Carroll said.


The company will also talk about its plan to recompile Windows using technology designed to sniff out security vulnerabilities in the code, Carroll said.


Buffer overruns are a common avenue for attacks against Windows systems, allowing hackers to send long streams of data that cause Windows machines to crash or to execute code written by the attacker.


While Microsoft executives hinted at many of these changes in recent weeks, the decision to disable the Windows Messenger Service is new.


The service has been a standard part of Windows operating systems since the introduction of 32-bit operating systems in the mid- 1990s, according to Russ Cooper, moderator of the NTBugtraq security newsgroup.


Using text commands entered from a command prompt, users can create a pop-up window containing messages on other users' desktops connected over a home network, corporate network or the internet, according to Richard Smith, an independent security consultant in Boston.


Within the past year, spammers discovered the feature and began using it to barrage unsuspecting users with pop-up messages containing solicitations, he said.


Paul Roberts writes for IDG News Service

Read more on IT risk management