?
Solved

Is it safe to enable messenger?

Posted on 2006-04-25
7
Medium Priority
?
477 Views
Last Modified: 2012-05-05
I wanted to configure our systems to enable messenger in order to use the command net send. However on the Microsoft site, it indicates the following:
Caution Do not enable the Messenger service if your computer is connected to the Internet.

Anyone know the reasoning behind this?
0
Comment
Question by:mmanaigre
7 Comments
 
LVL 1

Accepted Solution

by:
nickhills earned 500 total points
ID: 16534617
machines that are unprotected and facing the internet will quite happily accept messenger messages sent using net send, from anyone, including unscrupulous spammers on the internet.

i belive MS discovered a buffer overflow attack and then changed the default behaviour to disabled.

as long as your behind a reasonable firewall, and you trust your internal users not to misbehave, you should be ok.

generally speaking we only have it enabled on management workstations, this is probably best practice.

regards,
Nick
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 16534725
Hello there,

I also agree with Nick, althought if you don't want to enable it on the local computers you can use the web based messenger to chat or whatever you need to do.

http://webmessenger.msn.com/

Hope this helps
0
 
LVL 1

Expert Comment

by:nickhills
ID: 16534842
Spec01,

this is not windows messenger or MSN messenger, this is the messenger service, it is unrelated to the microsoft IM client.

it is a system that applications use to send pop-up messages to the screen of administrators or users to notify them of network problems or status.

for example, where i worked previously, we would use messenger to advertise that there would be an outage, and that the system were going down.

it also makes for a good way to apologise when the system falls over when your not planning it :)

google for "net send"

nick
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 4

Expert Comment

by:xcromx
ID: 16534869
Spyware and pop-ups use the cmd net send
Sometimes you are not even connected to the internet you get a pop up..

You should also disable your remote registry service...

Less admin work for you if you leave the messenger off
0
 

Author Comment

by:mmanaigre
ID: 16536359
Any suggestions on a new way to inform users other than net send (due to the chance of getting spam) or email (the user may take a while to get the message)... web based messenger is not an option!
0
 
LVL 1

Expert Comment

by:nickhills
ID: 16536490
the only way to do it that i can think of would be to write a small app that listens on a port, and displays messages sent to it. then you need another app to actually send the message.

such an app would just duplicate the functionality of the messenger service, but to make it secure you should include some authentication so that it can't be exploited - i don't know of any such software currently out there, but i can't see it being too much trouble to 'knock up'

thanks for the points, hope you solve your problem

regards,
Nick
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 16536965
Oh ok,

sorry for the post, didn't know that it what you were talking about.
0

Featured Post

Prep for the ITIL® Foundation Certification Exam

December’s Course of the Month is now available! Enroll to learn ITIL® Foundation best practices for delivering IT services effectively and efficiently.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you’re involved with your company’s wide area network (WAN), you’ve probably heard about SD-WANs. They’re the “boy wonder” of networking, ostensibly allowing companies to replace expensive MPLS lines with low-cost Internet access. But, are they …
This article is a collection of issues that people face from time to time and possible solutions to those issues. I hope you enjoy reading it.
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question