ZDNet UK

CNET NETWORKS UK BUSINESS SITES:
atlarge.com
BNET UK
silicon.com
SmartPlanet.com
ZDNet.co.uk

ZDNet.co.uk - Winner of Best Business Website 2007

You are here: ZDNet.co.uk > News > Security

Security threats Toolkit

Microsoft prepares to kill Windows Messenger

Published: 29 Oct 2003 08:30 GMT

Spam attacks and security vulnerabilities will prompt Microsoft to turn off its troublesome Windows Messenger service in the next Windows XP update, a company representative said on Tuesday.

The Messenger service is a data-exchange mechanism for networked computers that shouldn't be confused with Microsoft's instant-messaging software. Spammers have taken advantage of the service, which is typically only used to manage networks in businesses, to send advertisements that pop up in grey boxes on people's desktops. Microsoft also announced earlier in October that the technology has a flaw that could be used by attackers to bypass a computer's security.

Switching Messenger off "is the current plan of record," said Neil Charney, director of product management in Microsoft's Windows client group. The company made the announcement at its Professional Developers Conference in Los Angeles. "What we are doing at this point is running through the plan with developers," Charney said.

The next update, Windows XP Service Pack 2, is due in the first half of 2004. Microsoft also plans in Service Pack 2 to turn on the Internet Connection Firewall, which is a basic form of protection built into Windows that is currently off by default.

The decision comes as other companies have attacked Microsoft for including a feature that home PC owners largely don't use and that has been the source of security problems. Network administrators worry that the vulnerability in Messenger could be exploited by an online vandal to create a fast-spreading worm similar to MSBlast or Slammer.

Last week, America Online revealed that it automatically turned off the feature on nearly 15 million of its customers' computer systems. The drastic step was the latest move to quash the effects of the flaw for AOL, which first started filtering out Messenger data nearly a year ago.

The plan to modify the default setting of Windows XP is part of Microsoft's search for ways to better secure its besieged operating system. At the beginning of October, the software giant said it would educate customers and improve its default configurations and its system for patching software.

In many ways, turning off the Messenger feature is an easy decision, because most consumers never used it, Charney said, and companies have the expertise to turn it back on.

"From a consumer end user point of view, I think it is something that will be left off," he said.