WinPopup Replacements (and Messenger SPAM)

WinPopup Replacements (and Messenger SPAM)
Last Updated: 19 Sep 2003
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

*** PLEASE NOTE: Link(s), If Provided, May Be Wrapped ***


Here are some products which you can use to replace or
supplement the native functionality of WINPOPUP (found in
Win9x/ME) and the MESSENGER service (found in NT/2000/XP).

Here are some of the main gripes with the functionality
offered by the native LAN messenger utilities in Windows:
	- Inability to cycle through multiple message
	- Difficult to build custom groups of recipients
	- No easy way to reply to sent messages (in NT/2000/XP)
	- Can't save messages
	- Won't receive any messages when machine is offline


The following products get around these limitations:

CLIENT-BASED MESSAGING UTILITIES

• HI-BUDDY ............... http://www.greatis.com/hibuddy.htm
• REAL POPUP ............. http://www.realpopup.it/download.html
• REAL POPUP LE .......... http://www.realpopup.it/download.html
• POPCHAT ................ http://www.simtel.net/pub/pd/36757.html
• WinMessenger ........... http://www.winmessenger.com/


SERVER-BASED MESSAGING UTILITIES

• Special Op Suite ....... http://www.specialoperationssuite.com/


MESSENGER SPAM

Recently, there has been a proliferation of SPAM via the
Messenger service.  The best protection against this, of
course, is to have a proper firewall between your machines
and the Internet.

The answer from many is:  DISABLE THE MESSENGER SERVICE

Well, that's like putting a bandaid on a gunshot wound.
If your machine is susceptible to Messenger Popups from
the Internet, then your system is hideously unprotected
and you are open to the very many attacks which make use
of NetBIOS vulnerabilities:

• http://tinyurl.com/flnf
• http://tinyurl.com/f9fn

What you *really* want to do is install a proper firewall
configuration for your system, be it desktop-based or
network-based.  The appropriate ports to focus on are:

	SMB .............. TCP 445
	NetBIOS .......... TCP/UDP 135, 137-139


Disabling the Messenger service, will only cover up the
symptoms of a much larger problem -- one you should look
to correct. Here's more info on Messenger-based spam,
along with some things you can do to prevent it.

• http://support.microsoft.com/?KBID=330904
• http://www.microsoft.com/windowsxp/pro/using/howto/communicate/stopspam.asp
• http://www.re-quest.net/computers/messenger-spam/
• http://www.xpannoyances.com/exec/show/article03-300
• http://www.stopmessengerspam.com/
• http://www.wired.com/news/technology/0,1282,55795,00.html
• http://www.jmu.edu/computing/security/info/winmsg.shtml
• http://www.auburn.edu/oit/security/messengerService.html
• http://www.practical-tech.com/infrastructure/i11042002.htm
• http://www.techtv.com/screensavers/answerstips/story/0,24330,3374542,00.html
• http://www.seifried.org/security/ports/1000/1900.html
• http://www.seifried.org/security/ports/5000/5000.html
• http://ntsecurity.nu/papers/port445/


MESSENGER SERVICE VS MSN MESSENGER

In another episode of crazy Microsoft naming, there are
not one, but TWO Windows components/services responsible
for communication.  Both are generically generically
referred to as the Windows Messenger Service.

People new to Windows 2000 and XP will likely hear this
description and think of the Instant Messenger products
such as Yahoo Messenger, AIM, ICQ and MSN Messenger.

People who have used NT 3.x and Win3.x will be more
acquainted with the old school Messenger service which
facilitates NET SEND messages.

The anti-SPAM information found in the previous section
refers to the native, text-based service (Messenger) and
not the GUI-based Instant Messaging app (MSN Messenger).

To address SPAM with the text-based service, be sure to
lock down your NetBIOS connectivity from the Internet.

To address SPAM with the GUI-based app, don't tie your
account to Hotmail or list your account in the public
Messenger directory.


INSTANT MESSAGING PRODUCTS

To add to the confusion, there are no less than three
versions of Instant Messaging clients available from
Microsoft today:

• Windows Messenger 4.7
• MSN Messenger 5.0
• Instant Messenger for Microsoft Exchange 2000

MSN Messenger is more tightly integrated to Microsoft's
MSN Internet Service, but works almost identically to
Windows Messenger 4.7  (Confused yet?  You should be)

Windows Messenger 4.7 is only available for Windows XP
whereas MSN Messenger 5.0 is available for the following:

	Windows 98/ME
	Windows NT4
	Windows 2000
	Windows XP (Pro & Home)

It is also available for other platforms such as the Mac,
the Pocket PC, and Microsoft TV.

I have no idea why there are so many versions...

• http://messenger.msn.com/download/download.asp?client=0
• http://messenger.msn.com/support/whatsnew.asp?client=1
• http://www.microsoft.com/exchange/downloads/2000/imclient.asp


WHITEPAPERS & TECH DOCUMENTS

• http://support.microsoft.com/?KBID=112198
• http://support.microsoft.com/?KBID=225777
• http://support.microsoft.com/?KBID=137143
• http://support.microsoft.com/?KBID=168893


PERSONAL NOTES

• ReaPopup is my favorite in this category, as it makes
  it easy to intercept multiple messages and get a sense
  of the time they were sent.

• You should be blocking NetBIOS connectivity on your WAN
  or Internet interface or your machine AND network.

• If you are susceptible to this sort of message, then
  turning of the Messenger service is just addressing
  the symptom -- the real problem, being that your system
  is unprotected on the Internet.