Fighting Back Against Messenger Popup SPAM 87
An anonymous reader asks: "I recently re-installed XP (out of boredom and not necessity) and forgot to turn off the Windows Messaging service. Things were going fine, until today. I started getting those annoying popups again. I realize that I can turn off this service and I'll no longer get the messages, but, I want a way to 'take back the internet' and not have to worry about others getting these messages either.
Normally, these messages are the typical University Degree spam, but the last one I got was for a piece of software that turns off the messaging service. And as everyone knows, there are some people on the net who'll pay for this. So, how can the people of the net fight back to ensure that these messages stop, and more importantly, these people stop preying on the less-technically inclined?"
Dirty trick... (Score:2)
(Hasn't really worked as of yet).
Re:Dirty trick... (Score:1)
Re:Dirty trick... (Score:2, Informative)
Re:Dirty trick... (Score:1)
My bad and apologies for the offtopic post.
Re:Dirty trick... (Score:1)
Re:Dirty trick... (Score:1)
Is there a newer version of GAIM I can install from source (prefered)?
Re:Dirty trick... (Score:1)
Re:Dirty trick... (Score:1)
Fight back! (Score:3, Interesting)
Just don't make it read like typical spam, or people will ignore it too.
Re:Fight back! (Score:2)
There isn't even a third party program needed in Windows...you just type NET SEND * Message to send to all nodes or NET SEND NodeName Message for a specific node. In Linux you can do the same with "smbclient" or "sambaclient" (I can't remember which and I can't check right now).
Re:Fight back! (Score:2)
Re:Fight back! (Score:2)
Re:Fight back! (Score:2)
Re:Fight back! (Score:2)
Re:LAN (Score:2)
My dad's gotten these messages through the 'net, though, so I doubt all this "broadcast" stuff is real. Probably cycling IPs just like WinNuke ("I didnt know it was wrong!")
Re:Fight back! (Score:1)
Re:Fight back! (Score:1)
I'm on RedHat 7.2 and use samba to connect to my parents XP box, although I haven't used the client to send any messages. Don't feel like annoying them, yet.
Re:Complete idiot? (Score:2)
Well, a firewall puts sticking plaster on the problem, but in fact the issue is that there is a vulnerability on the base system. As soon as the firewall goes down (equipment failure, software glitch, enemy action), the computer is open - to pop up messages and who knows what else.
Much better to remove the service or vulnerability that exposes you to the problem than put a firewall over it.
Re:Complete idiot? (Score:2)
Mind you, if your firewall is a) setup to allow open access on hardware failure or b) likely to fall to "enemy action", you've got bigger problems than popup spam messages.
Re:Complete idiot? (Score:1)
Ecks
You want a black hole (Score:2)
New Meaning (Score:3, Funny)
You have given new meaning to the term "boredom". Time to go update the entry on everything2...
it's called a firewall... (Score:1, Flamebait)
Do you lock your car when you leave it at night? No? Let's find a way to take back your driveway!! I wonder what we could do?
Do you keep cookies in a jar where the kids can get to it? No? Let's find away to take back the Oreos and Chips Ahoys!!! I wonder if the slashdot community can help you?
Stop worrying about "taking back the internet" when you, personally, never had it in the first place. Last I checked, it's not illegal to send packets or emails or whetever to random people on whetever port you want to.
These kinds of things will happen if you're stupid about how you connect your computer to a hostile environment. Get you rear out of your arse and plug the hole instead of rising up on some majestic soapbox as a wannabe internet vigilante.
Re:Not illegal (Score:1)
What's that? It IS illegal to hack into someone's computer no matter what the purpose? Woops!
Re:Not illegal (Score:2)
Re:Not illegal (Score:1)
2) as for your first point, though it's been covered in the first part of my message as well, I just thought I'd mention [slashdot.org]
Re:Not illegal (Score:2)
2) Someone brought a suit. So? You can sue for anything. If it's ever judged (not settled) in favor of the plaintiff, then it would have some relevance.
Re:Not illegal (Score:2)
I consider a system intended for the administrator of a network to send messages, being able to be used by someone who is not the administrator of the network, a bug.
I consider any exploitation of any bug which allows you to access, modify, or present information which you were not intended to be able to access, modify, or present to be hacking.
Re:Not illegal (Score:2)
Spoken like a true geek. However, you are extending an abstraction into higher levels than is necessarily appropriate. From my grandma's perspective, the TCP/IP level mechanism is irrelevant. She wants to know where the hell these weird messages are coming from.
Just because XP automatically installs a service that listens on port 139 doesn't or shouldn't necessarily mean that I as a naive user am going to be expecting packets at that port. Taping a "KICK ME" sign to someone's butt doesn't mean they want to be kicked either. Not everyone views these things strictly at the level of the socket API.
Re:Not illegal (Score:1)
Re:Not illegal (Score:2)
Or the technical ability to even realize such markings are there! "KICK ME" can be written in languages that you just don't know! OR it can be written in invisible ink that is only visible with special goggles. My grandma isn't going to run a portscanner on her machine as soon as she unwraps it on Christmas. I mean, give me a break. It's beyond reasonable to suggest that she as an end user should even have to. Stuff happening at the TCP/IP layer on a default XP install is the responsibility of Microsoft. Period.
Re:Not illegal (Score:2)
The Internet isn't pretty, it isn't clean and it isn't proper. Just because Granny can't keep up with the times and learn how to operate machinery properly doesn't mean that Microsoft's gotta bow down and de-evolve their OS even further towards the lowest common denominator.
Re:Not illegal (Score:2)
No, but they can at least refrain from running servers by default on a simple install of XP Home. You have to consider who your users are when adding features and deciding which ones are turned on right out of the box.
Re:Not illegal (Score:2)
Connecting to a random IP address and having the machine do something that you know has a 99.9% chance of annoying the user that runs it is generally considered hacking. The hacker is doing something that annoys the owner of the computer, to the financial benefit of the hacker.
Leaving your car unlocked does not make my stealing your radio (or your car) illegal. Locking it is only meant to slow down / discourage the illegality. It also signifies to an erronious but law-abiding citizen that they have the wrong car (key doesn't fit).
If you are causing another person's computer to do something that they do not want it to do, and that you know that they probably do not to want it to do that, then you are hacking. End of story.
Re:Not illegal (Score:2)
Yah, well if you park your car on the street then someone is allowed to leave a note on the windsheild with information on how to get free university diplomas. No one is 'stealing your car/computer' here. Mabey if someone sent a net send of death that changed your admin pass, that would be hacking. Displaying a message isn't. If someone goes up and down the ICQ UID's and messages each with an ad, are they hacking your computer too?
Re:Not illegal (Score:2)
That's a good question. Given that no implicit permission has been given to access the computer, I'd say that the answer is, in all probablility, yes. When someone puts a message on your winshield, they are using their own resources to do so. If someone paints the message on the side of your car, then that is vandalism. Forcing pop-up messages onto unwanting screens is in a bit of a no-mans land between the two. You are using someone else's machine to do this. You know that this is, most probably, unwanted and uninvited.
The sentiment is strong enough against spammers, that I think it might be quite possible to convince a judge that this fits the definition of 'hacking'. All of the necessary elements are there. I don't know what elements are missing. Given that you've got the hots to be doing this, you tell me what elements of hacking a computer are missing in this scenario.
The internet is not a free-fire zone. You are only allowed to access those ports and machines that you've been given permission to access (either implicit or explicit). Implicit access would be things like accessing an advertized web site, or an MX for the domain of someone who wants you to send them email.
When you access a port that many people aren't fully aware is open to produce a message that 99.99% of people are going to be annoyed by that seems to me like unauthorized access.
Re:it's called a firewall... (Score:2)
Re:it's called a firewall... (Score:2)
If he has netbios open to the internet...pretty dumb.
As for keeping other people from being scammed; I think education is the only sure-fire way. Well written "best practices" guides could help tremendously. In this example, "common-sense things to do after setting up your windows XP OS but before connecting it to the internet" perhaps.
Of course, this requires people to read up before just installing an OS in a wild fit of boredom for the "education" tactic to work...
Re:How is this done? (Score:4, Informative)
Select "Services"
In there, look for "Messanger", double click it, stop it from there, then set it to "Manual" (it's best not to set stuff to "Disabled")
All done.
short answer (Score:5, Insightful)
You can't. What they're doing isn't illegal, and arguably it shouldn't be. And even if it were, they'd just move their operations off-shore.
This isn't really a free speech issue-- commercial speech isn't covered by the same rules that govern other forms of expression-- but what you're basically saying is, "Some people are saying something that I don't like. I know that I can just stop listening to them, but I want to do more. How can I fight back to ensure that they have to stop saying what they're saying?
Sorry. Can't, or at least shouldn't, be done.
Now, if you wanted to take a different tactic, you could approach Microsoft through the appropriate channels to request that the Messenger service be off by default, or to have them remove it altogether. That might or might not work, but you could try.
Re:short answer (Score:2)
but what you're basically saying is, "Some people are saying something that I don't like. I know that I can just stop listening to them, but I want to do more. How can I fight back to ensure that they have to stop saying what they're saying?
I disagree with your interpretation. He's asking: "how can I help others who don't want to have their computers disabled with this crap popping up all the time?", not "how can I stop their speech?"
People don't have the right to go up to the windows on your house and tape an advertisement to it. They do, however, within proper zoning laws, have a right to put up an advertisement on their own property, even if it's across the street from you and you see it every day. Additionally, the cost and time to vandalize millions of windows is essentially nil, whereas a pamphlet costs some fraction of a dollar and minute to post.
Basically, if we hold that people don't have the right to shoot at the dogs on my front porch, they also shouldn't have the right to shoot their packets at any defenseless computer on my property, essentially destroying the usefulness of said property/dog.
So, I maintain that 1. it can and should be done, and 2. Microsoft shouldn't have allowed the Messenger service to be compromised in this manner in the first place. Its default should be to only accept messages from the local network and machines that it has a file share, printer queue, or other authenticated relationship with.
BTW: I think an automated messenger script that directs people to a web site with free instructions on both how to turn off the Messenger service and the possible ramifications of (miss out on broadcasted UPS shutdown warnings, etc.) is an excellent idea.
Re:short answer (Score:2)
I dare say they do. The Thai restaurant down the block puts a menu on my doorknob every couple of weeks, sometimes more often. The Herbalife guys love to lurk in the grocery store parking lot and stick reply cards under windshield wipers.
Basically, if we hold that people don't have the right to shoot at the dogs on my front porch, they also shouldn't have the right to shoot their packets at any defenseless computer on my property
That sets a dangerous precedent. The purpose of a networked computer-- well, one of the primary purposes, anyway-- is to receive messages. Trying to draw an arbitrary line and say that these messages are okay while these aren't is tricky at best.
I think an automated messenger script that directs people to a web site with free instructions on both how to turn off the Messenger service and the possible ramifications of (miss out on broadcasted UPS shutdown warnings, etc.) is an excellent idea.
So it's not the method of messaging you have a problem with, but the content of the messages? That's a problem. Regulating message content has always been a dicey proposition.
Re:short answer (Score:3, Interesting)
Re:short answer (Score:1, Interesting)
The purpose of a networked computer-- well, one of the primary purposes, anyway-- is to receive messages. Trying to draw an arbitrary line and say that these messages are okay while these aren't is tricky at best.
Following that logic, answering each and every message is the right thing to do. Answer it by contacting their webserver, with a very slow machine. One which needs to keep the socket open for minutes to get a simple html-file. One which therefore gets timeouts and needs to retry a few (dozen) times. Their computer is a networked computer too and its purpose is to listen for your messages and deliver their content, right? If all network connects are equal, is there no line between "normal" use and even deliberate DoS-attacks either?
Re:short answer (Score:2)
If the spammer advertises a web site, that could be a useful countermeasure. If all the spammer does is leave a phone number, every pissed off person could call them and ask about their product as if they were interested and then just hang up.
This would be essentially creating a cost per spam. The idea has been discussed in other venues such as requiring systems sending mail to compute a small token in order to connect, or doing micro-payments that get refunded on the user's acceptance of the message as legitimate.
Re:short answer (Score:2)
I dare say they do. The Thai restaurant down the block puts a menu on my doorknob every couple of weeks, sometimes more often. The Herbalife guys love to lurk in the grocery store parking lot and stick reply cards under windshield wipers.
They also do so at considerable expense in comparison to spam. They also have some reason to believe that you might be interested in their product, i.e. you eat and they have a convenient location to you, and the expense of advertising will return in patronage. If people were really honked off, you could also go down to their building and return the menu/flyer/whatever. Whereas a spammer doesn't give a flying turd if most people don't want their product, and go to pains to insure that people can't find them.
In short, there are huge differences in both content and delivery here. If a local store was duct taping penis-enlargement ads to neighborhood windows, they probably wouldn't be in business very long.
That sets a dangerous precedent. The purpose of a networked computer-- well, one of the primary purposes, anyway-- is to receive messages. Trying to draw an arbitrary line and say that these messages are okay while these aren't is tricky at best.
It's not an arbitrary line. If you have a window popping up regularly requiring dismissal, that depreciates the value of your property, the computer. This is a very specific abuse, and many would argue destruction, of a sometimes useful service.
So it's not the method of messaging you have a problem with, but the content of the messages? That's a problem. Regulating message content has always been a dicey proposition.
Yes and no. The method is a problem because Microsoft's MO is to allow any networked system to send data to several services on their systems, no questions asked. The method needs to be fixed. The message is a problem if the computer user cannot opt out. Most users cannot opt out because they don't know how (if they knew enough to know how, M$ probably wouldn't be so "popular"). And together, the message and the method are problems because the method was designed to enhance the utility of the computer, and such utility has essentially been destroyed by spammers.
Re:short answer (Score:2)
This is like some people are coming into my home uninvited, and hanging advertising posters on the walls. I'm tired of taking down these posters, so how do I prevent these strangers from coming into my home?
And the answer is to put a lock on the door. i.e. a firewall.
It's Not Speech; It's Theft (Score:2)
The fact that some (not all) spam is "commercial speech" is irrelevant. What is relevant is that spam violates the property rights of the recipients and the transmitting ISPs.
what you're basically saying is, "Some people are saying something that I don't like. I know that I can just stop listening to them, but I want to do more. How can I fight back to ensure that they have to stop saying what they're saying?
No, what we're basically saying is, "Some people are stealing my bandwidth. How can I fight back to ensure that they go to jail just like people who get caught stealing anything else?"
Re:It's Not Speech; It's Theft (Score:2)
How? Let's say you and I meet at a football game and I tell you about my Superbowl party. Two weeks later the game rolls around and you find yourself without plans, so you give me a call. I didn't give you my phone number; you had to look it up. I also didn't give you express permission to call me. Do I jump up and down screaming about property rights when my phone rings?
Of course not. Let us not lose sight of the point here: what you object to is not the method of communication, or the nature of the communication. You object to the content of the communication, and filtering inbound communication based on the content has always been a tricky proposition.
No, what we're basically saying is, "Some people are stealing my bandwidth. How can I fight back to ensure that they go to jail just like people who get caught stealing anything else?"
You've been on this kick for some time. It doesn't hold water, Steve. The argument that spam, including this kind of spam, is stealing your bandwidth only makes sense if your ability to use your Internet connection is materially harmed by it. Bandwidth isn't something you own; it's capability and capacity. If spam, in any form, prevented you from being able to use your Internet connection-- say, somebody emailed you a multi-terabyte file or something-- then you would have a case to say that this is denial of service. (Not "theft of service," of course. Denial of service, which is a crime under several computer crime laws.)
But this type of spam specifically, and I dare say spam in general, does not prevent you from being able to use your Internet connection. It does not even materially infringe on your ability to use your Internet connection. You have, therefore, not been harmed by it, so you have no grounds to claim that it's a denial of service.
Think of it in these terms: let's say you but a big, fancy mailbox in front of your house. The next day, the mailman delivers a piece of junk mail to your mailbox. You get all up in arms, and accuse the organization that sent the junk mail of stealing your mailbox capacity from you. See, your mailbox should be able to hold 40 regular-sized letter envelopes. When they sent you that piece of junk mail, your mailbox capacity was reduced to 39 envelopes. They stole some of your capacity!
Doesn't make a whole lot of sense, does it? Your argument is the same. I'm sorry to have to tell you this-- I find spam as annoying as the next guy-- but this line of reasoning just doesn't get the job done.
Re:It's Not Speech; It's Theft (Score:2)
It's rather too late for you to not lose sight of the point, which is that "spam" is defined in terms of its method (the flooding of large numbers of e-mail connections without permission) and nature (the theft of other people's bandwidth).
You object to the content of the communication
I see that you have some reading comprehension issues. My original post specifically rejected the notion that content was at all relevant.
The argument that spam, including this kind of spam, is stealing your bandwidth only makes sense if your ability to use your Internet connection is materially harmed by it.
So, you're of the school of moral philosophy that holds that it's perfectly OK to steal a penny from just about anybody, ten dollars from a typical middle-class American, or a thousand dollars from Bill Gates (as none of these examples will cause any material harm to the victim). Most of us grownups don't agree with you.
Bandwidth isn't something you own
I guess my ISP is going to have to come up with some other rationale for charging me money to use it.
If spam, in any form, prevented you from being able to use your Internet connection
Irrelevant. Not even spammers (who routinely lose in court [slashdot.org]) have dared try the absurd argument that they should be held harmless so long as they stop short of the utter destruction the victim's internet connection.
Think of it in these terms
Nope -- the terms in which people familiar with the issue [slashdot.org] think of it are quite good enough for me.
Re:It's Not Speech; It's Theft (Score:2)
I see that you have an attitude problem. I think we're done here.
Re:short answer (Score:2)
Sorry, you lost me there. If this "isn't really a free speech issue", then why are you defending this activity on free speech terms? I don't understand your thinking here. In what ways relevant to this context (broadly, spam) is commercial speech governed differently from non-commercial speech, such that your argument can be consistent with itself? I'm curious because, not knowing the fine points of the law, it looks to me like you're contradicting yourself here, and in the end I can't parse what conclusion you're trying to tease out.
Re:short answer (Score:2)
Fair question. First of all, what I actually said was, "This isn't a free speech issue, but what you are saying is (cite argument in favor of suppressing speech)." Subtle difference. I was trying to point out that I wasn't going to argue on the grounds of the 1st Amendment.
The grounds on which I'm defending (as much as I hate to admit it) this activity is simply the fact that it's not prohibited by law, and that figuring out how to write a law that prohibits it without opening up at least one other can of worms is going to be very, very difficult.
-1 Troll (Score:3)
Um, buy a Mac? If you don't like the tool you use, consider the alternatives...
Its can be more than anoying (Score:2)
Give them a reason to patch it up! (Score:1)
MS did provide an easy way to turn this off (Score:3, Informative)
Re:MS did provide an easy way to turn this off (Score:2)
Enable XP's Firewall (Score:4, Informative)
May be a special case, but... (Score:2)
Re:May be a special case, but... (Score:2)
Re:May be a special case, but... (Score:2)
And, yeah, I have gotten a couple of these before I re-disabled the messanger service.
Shoot The Spammers (Score:1)
The problem (Score:1)
See, there's your problem right there. The messages are coming in through a method that *your* computer is setup to allow. You have specifically installed a piece of software to allow people to send you popup messages.
If you don't want to receive messages from people you don't know, stop installing software that receives them!
(and this really isn't meant to be a Windows flame. It's just that if you don't want your computer to behave a certain way, maybe you shouldn't install software that makes it behave that way.)
- Muggins the Mad
Dont do that (Score:1)
ISPs could block it, but... (Score:1)
Of course, that's in many ways a good thing, and anybody who
Um... (Score:1)
You guys are thinking MSN Messenger - it is not. (Score:4, Informative)
A home user should not need to have this enabled (unless you are playing with a small home network and are looking at legit messages) - follow the directions other posters on disabling this service.
Conscientious admins should have this blocked at their demarkation line or should disable it in their network altogether if they do not use it.
Re:You guys are thinking MSN Messenger - it is not (Score:1)
ALERT: The system is on fire!
Yup, definitely a needed Windows service! *tee hee*
Stopping the pop-up spam (Score:4, Insightful)
What is needed (as ever) is customer education, and if the customer doesn't see the problem then that's not going to happen, is it? The ISP where I work sells the option of having a basic stateful firewall on the CPE router that stomps on this kind of thing as a managed / one-off service. It's not intended as a dedicated firewall replacement, it's intended as a first pass at cleaning up incoming and outgoing traffic for SMEs. Essentially, we determine with the customer what traffic they may need to pass and simply drop the rest, hopefully giving some customers a better idea of security in the process. It's good for us, because it's dropping the number of customer network compromises we have to deal with and it's turning into quite a respectable revenue stream. It's good for the customer, because it's protecting them from some hostile traffic on the Internet and they feel safer for it. The most important thing is to make sure that the customer doesn't get the "I've got a firewall, so I'm safe" mentality (back to user education again).
We all know that the Internet has become a very hostile place to be since its rise to being a mass market commodity product, but ultimately ISPs are not, and should not, be held responsible for that (unless it's their servers that are stuffed). To use a tried and trusted analogy premise, that's like blaming car dealers for the increase in risk caused by the growing number of cars on the roads. A car dealer should show you the location of the controls in your new car, maybe even make sure you have a license and valid insurance, but not give you a driving test. Once you own your new car, it's up to you to make sure you drive and park safely, keep it locked, don't leave valuables on the back seat and keep it serviced. If you can't or don't do any of those things, and don't take advantage of the people who will help or do those things for you then, ultimately, who is to blame when things inevitably go horribly wrong?
Re:Counter Attack (Score:1)
Stop. Think. Post.
Uhh... (Score:2)
Start blocking those ports.
the horror (Score:1)