• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 480
  • Last Modified:

Is it safe to enable messenger?

I wanted to configure our systems to enable messenger in order to use the command net send. However on the Microsoft site, it indicates the following:
Caution Do not enable the Messenger service if your computer is connected to the Internet.

Anyone know the reasoning behind this?
0
mmanaigre
Asked:
mmanaigre
1 Solution
 
nickhillsCommented:
machines that are unprotected and facing the internet will quite happily accept messenger messages sent using net send, from anyone, including unscrupulous spammers on the internet.

i belive MS discovered a buffer overflow attack and then changed the default behaviour to disabled.

as long as your behind a reasonable firewall, and you trust your internal users not to misbehave, you should be ok.

generally speaking we only have it enabled on management workstations, this is probably best practice.

regards,
Nick
0
 
Will SzymkowskiSenior Solution ArchitectCommented:
Hello there,

I also agree with Nick, althought if you don't want to enable it on the local computers you can use the web based messenger to chat or whatever you need to do.

http://webmessenger.msn.com/

Hope this helps
0
 
nickhillsCommented:
Spec01,

this is not windows messenger or MSN messenger, this is the messenger service, it is unrelated to the microsoft IM client.

it is a system that applications use to send pop-up messages to the screen of administrators or users to notify them of network problems or status.

for example, where i worked previously, we would use messenger to advertise that there would be an outage, and that the system were going down.

it also makes for a good way to apologise when the system falls over when your not planning it :)

google for "net send"

nick
0
Network Scalability - Handle Complex Environments

Monitor your entire network from a single platform. Free 30 Day Trial Now!

 
xcromxCommented:
Spyware and pop-ups use the cmd net send
Sometimes you are not even connected to the internet you get a pop up..

You should also disable your remote registry service...

Less admin work for you if you leave the messenger off
0
 
mmanaigreAuthor Commented:
Any suggestions on a new way to inform users other than net send (due to the chance of getting spam) or email (the user may take a while to get the message)... web based messenger is not an option!
0
 
nickhillsCommented:
the only way to do it that i can think of would be to write a small app that listens on a port, and displays messages sent to it. then you need another app to actually send the message.

such an app would just duplicate the functionality of the messenger service, but to make it secure you should include some authentication so that it can't be exploited - i don't know of any such software currently out there, but i can't see it being too much trouble to 'knock up'

thanks for the points, hope you solve your problem

regards,
Nick
0
 
Will SzymkowskiSenior Solution ArchitectCommented:
Oh ok,

sorry for the post, didn't know that it what you were talking about.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now