xp question

I ran across some info (rumor?) that xp came w/ spyware/adware?  Sounds like
smart tags to me??  Is anyone aware of other inclusions w/ xp?

Thanks in advance
0
Taylors
4/4/2002 1:29:00 PM
grc.spyware 3226 articles. 0 followers. Follow

6 Replies
449 Views

Similar Articles

[PageSpeed] 6

>>----- Original Message -----
>>From: "Taylors" <starksuggs@charter.net>
>>Newsgroups: grc.spyware
>>Sent: Thursday, April 04, 2002 8:29 AM
>>Subject: xp question


>>I ran across some info (rumor?) that xp came w/ spyware/adware?  Sounds like
>>smart tags to me??  Is anyone aware of other inclusions w/ xp?

I guess it depends on your point of view.  Microsoft probably calls
them features, but they really are information leaks, and it can be really
 hard to turn them all off if you want a secure, information leak-less
environment.

Here's a list from memory, typed on the fly with errors and all.
maybe others could add to it?

1 windows auto update feature.   turn if off
2 windows media player auto update feature turn if off

***
3 search assistant used in explorer

search assistant/explorer attempts to contact
sa.windows.com and automatically update itself,
without telling the user, even when you've gone to
the system control panel and turned off auto updates.
There is already a problem with some users having
their sa files corrupted by accident.  Personally, I
think this is an exploitable security flaw.  Get windows
power toys and turn explorer and internet explorer
back to 'classic' search.  More on this later.

4 search from address bar used in internet explorer

This is different from search assistant.  If you mistype
a url in internet explorer it goes out and attempts
to figure out what you really meant.  Its an
information leak, sending information where you
didn't authorize it to go.  Turn if off in internet
explorer advanced options under search from
address bar.

5 help and support

microsoft help doesn't just use local files, but attempts
to go online.  Turn if off.

6 universal plug and play

Sends out a broadcast message on port 1900 on startup
allowing everyone on the network to see you have a
microsoft system running.  There is a lot of problems mentioned
with upnp on here.  This is another (information leak), as it causes
some users, particularly ones with an isp using lat addressing with
broadband, to broadcast their local address to the world,
or at least their city, on startup.   Turn if off.

7 windows messenger

Sends out a message on port 1900 to your gateway (a non-broacast
message) on startup, attempting to 'reconfigure your upnp firewall for
better connection without telling you.  Seems to attempt to defeat the
whole purpose of having a firewall.  Since microsoft messenger is
configured with outlook, also causes outlook to send out a 1900 packet on
startup.   Turn if off.

8. Outlook/Outlook express

Allows loading of html images from remote.  This allows anyone who
mails you to see if you've looked at their email when it goes out to
retrieve the informations.  In my mind this is a big information leak,
particularly if you are a government or corporation who doesn't want
to see where email sent to them goes.  There doesn't seem to be any
way to disable outlook from fetching images from remote, so block
outlook from using port 80 with a firewall.  FYI Zonealarm by default
allows outlook to access all ports, so a user using zonealarm would not
be aware that outlook was accessing ports other than smtp, pop3, and
nntp.

9.  If you use windows media player to retrieve titles from microsoft,
there may be an issue there.  I don't use this feature.

10.  The 'import play list into excel spreadsheet' provided with the window
media bonus pack uses a macro and appears to try to contact microsoft
for some reason.  I just noticed this the other day, and haven't had time
to fiddle with it.

There is probably more that could be said.  Like telent being turned on
by default,  remote assistance, remote access, remote registry service, not
all user accounts showing up in user accounts control panel (go to
administration tools), the 'recommended' default under folder options is
to use 'simple file sharing'  ie share your folders with the world without
passwords.., lots of ports being turned on that the average user doesn't
need, time services, ipsec, port 445 for file sharing which doesn't appear
to be easily turned off even if you don't want to share files.

Anyone have additional ideas?  My feeling after using XP for awhile is the
average user doesn't have a chance in actually securing XP from its default
values.   And the average user shouldn't have to.

Max Kennedy
0
Max
4/4/2002 11:18:00 PM
Max Kennedy wrote...

<...>
> There doesn't seem to be any way to disable
> outlook from fetching images from remote


Use IE's Image Toggle facility, part of Web Accessories:

http://www.microsoft.com/windows/ie/previous/webaccess/ie5wa.asp
0
reader
4/5/2002 3:10:00 AM
For those of us that aren't are a windows genius there is a great site 
that explains most of the XP Services that are running on your computer 
by default and what they do.

To access the XP services go to the Control Panel, click on 
Administrative Tools, then click Services.  This will list the 
"services" on your computer and their status.


A source of info that I found helpful in determining which services I 
wanted to run and which to disable was...

blkviper.com

Go to the section labeled Windows XP 411 and it will list most of the 
services and tell you what they are used for and then you can decide 
wheather or not you want them to run.

Mark
0
mark
4/5/2002 4:53:00 PM
I read this on a newsgroup, which may be related to the rumour. It's a 
tadge long, and one must admit to not checking it out.......
I'm certain someone will correct me if this is wrong.

Eddie.


---start of looooong text----

This is too cute. You can wipe Windows Messenger from XP with a simple
hack, and yet MS will defy you with a 'Critical Update'. That's how
desperate they are to force this little Trojan on you. 

Following a tip from a Messenger-averse reader whose uninstall got
thwarted, I looked into it, starting with a clean install of Win-XP.
Messenger was, of course, lurking in the background and consuming RAM
though I have no use for it. And of course MS doesn't allow you to
uninstall it. 

But that doesn't make it impossible. NTcompatible.com has a very
simple hack which will allow you to use the Windows add/remove feature
in Control Panel to get rid of the offending progie. 

Use a text editor to open C:\WINDOWS\inf\sysoc.inf, and change 
msmsgs=msgrocm.dll,OcEntry,msmsgs.inf,hide,7 to 
msmsgs=msgrocm.dll,OcEntry,msmsgs.inf,7 

That's it. Messenger will now appear in the add/remove application
under Windows Components where you can uninstall it. 

Enjoy the fact that this irritating memory-resident progie is no
longer consuming RAM and haranguing you to obtain an MS Passport every
time you reboot. 

But that's not the end of it. 

No, there's a 'Critical' item which MS foists on you during Windows
Update. It's called the 'Windows Messenger 4.6 Connectivity Update',
and MS "strongly recommends that you download the update even if you
don't use Windows Messenger." 

It's that last bit, acknowledging the fact that you might not use
Messenger, which makes it seem benign. Surely, this fix has more to do
with some idiosyncrasy in 'Windows connectivity' than Messenger
itself. Right? 

And when we consult the related MS 'knowledge base' article, we're
told that "to improve connectivity and system performance, even if you
do not use Windows Messenger, Microsoft recommends that you install
this update." 

Man, they desperately want you to install this fix. 

And the result? Do you get 'better connectivity and system
performance?' Of course not. The only result is that Messenger is now
back on your machine, consuming RAM even when you have no use for it,
and haranguing you to obtain an MS Passport. 

The only thing this Critical Update does is integrate Messenger into
Outlook Express. And by default it runs on startup, and runs in the
background. So now you have to go to Outlook Express/Tools/Windows
Messenger/Options/Preferences, and turn it off. 

Assuming, of course, that you already uninstalled it according to the
instructions above. Otherwise it will run no matter what you do. � 


---end of long text ----


mark <mark-news@cfl.rr.com> wrote in news:3CADD69A.5070003@cfl.rr.com:

> For those of us that aren't are a windows genius there is a great site 
> that explains most of the XP Services that are running on your computer 
> by default and what they do.
> 
> To access the XP services go to the Control Panel, click on 
> Administrative Tools, then click Services.  This will list the 
> "services" on your computer and their status.
> 
> 
> A source of info that I found helpful in determining which services I 
> wanted to run and which to disable was...
> 
> blkviper.com
> 
> Go to the section labeled Windows XP 411 and it will list most of the 
> services and tell you what they are used for and then you can decide 
> wheather or not you want them to run.
> 
> Mark
> 
> 
0
HippyGoth
4/6/2002 2:51:00 AM
Windows messenger is already integrated into outlook express
before the update.  Its really irritating because windows messenger
sends a 1900 port packet to your internet gateway device everytime
outlook starts up, seeing if the gateway is upnp conpatible, and if it
is, windows messenger attempts to reconfigure it, your firewall, to
make it more windows messenger friendly.  It does this without telling
the user and even if you have upnp services disabled in the services
panel.

If you don't want microsoft 'hacking' your firewall via windows messenger, you
should uninstall it.

FYI I applied all the updates before trying the (unhide) workaround
mentioned below, and it didn't work for me.  Don't know if it would
have worked before.

Here is a different way to uninstall windows messenger that works.
Type this all on one line as is

RunDll32 advpack.dll,LaunchINFSection %windir%\INF\msmsgs.inf,BLC.Remove


------

"HippyGoth" <hippygoth@kc.rr.com> wrote in message
news:Xns91E7D432FC603HippyGothkcrrcom@207.71.92.194...
I read this on a newsgroup, which may be related to the rumour. It's a
tadge long, and one must admit to not checking it out.......
I'm certain someone will correct me if this is wrong.

Eddie.


---start of looooong text----

This is too cute. You can wipe Windows Messenger from XP with a simple
hack, and yet MS will defy you with a 'Critical Update'. That's how
desperate they are to force this little Trojan on you.

Following a tip from a Messenger-averse reader whose uninstall got
thwarted, I looked into it, starting with a clean install of Win-XP.
Messenger was, of course, lurking in the background and consuming RAM
though I have no use for it. And of course MS doesn't allow you to
uninstall it.

But that doesn't make it impossible. NTcompatible.com has a very
simple hack which will allow you to use the Windows add/remove feature
in Control Panel to get rid of the offending progie.

Use a text editor to open C:\WINDOWS\inf\sysoc.inf, and change
msmsgs=msgrocm.dll,OcEntry,msmsgs.inf,hide,7 to
msmsgs=msgrocm.dll,OcEntry,msmsgs.inf,7

That's it. Messenger will now appear in the add/remove application
under Windows Components where you can uninstall it.

Enjoy the fact that this irritating memory-resident progie is no
longer consuming RAM and haranguing you to obtain an MS Passport every
time you reboot.

But that's not the end of it.

No, there's a 'Critical' item which MS foists on you during Windows
Update. It's called the 'Windows Messenger 4.6 Connectivity Update',
and MS "strongly recommends that you download the update even if you
don't use Windows Messenger."

It's that last bit, acknowledging the fact that you might not use
Messenger, which makes it seem benign. Surely, this fix has more to do
with some idiosyncrasy in 'Windows connectivity' than Messenger
itself. Right?

And when we consult the related MS 'knowledge base' article, we're
told that "to improve connectivity and system performance, even if you
do not use Windows Messenger, Microsoft recommends that you install
this update."

Man, they desperately want you to install this fix.

And the result? Do you get 'better connectivity and system
performance?' Of course not. The only result is that Messenger is now
back on your machine, consuming RAM even when you have no use for it,
and haranguing you to obtain an MS Passport.

The only thing this Critical Update does is integrate Messenger into
Outlook Express. And by default it runs on startup, and runs in the
background. So now you have to go to Outlook Express/Tools/Windows
Messenger/Options/Preferences, and turn it off.

Assuming, of course, that you already uninstalled it according to the
instructions above. Otherwise it will run no matter what you do. �


---end of long text ----


mark <mark-news@cfl.rr.com> wrote in news:3CADD69A.5070003@cfl.rr.com:

> For those of us that aren't are a windows genius there is a great site
> that explains most of the XP Services that are running on your computer
> by default and what they do.
>
> To access the XP services go to the Control Panel, click on
> Administrative Tools, then click Services.  This will list the
> "services" on your computer and their status.
>
>
> A source of info that I found helpful in determining which services I
> wanted to run and which to disable was...
>
> blkviper.com
>
> Go to the section labeled Windows XP 411 and it will list most of the
> services and tell you what they are used for and then you can decide
> wheather or not you want them to run.
>
> Mark
>
>
0
Max
4/7/2002 2:37:00 AM
And Microsoft wonder why so many people dislike them.... 8^)

Thanks for the info Max, appreciate it.

Eddie.



"Max Kennedy" <mxkennedy@fuse.net> wrote in
news:a8obc5$20ls$1@news.grc.com: 

> Windows messenger is already integrated into outlook express
> before the update.  Its really irritating because windows messenger
> sends a 1900 port packet to your internet gateway device everytime
> outlook starts up, seeing if the gateway is upnp conpatible, and if it
> is, windows messenger attempts to reconfigure it, your firewall, to
> make it more windows messenger friendly.  It does this without telling
> the user and even if you have upnp services disabled in the services
> panel.
> 
> If you don't want microsoft 'hacking' your firewall via windows
> messenger, you should uninstall it.
> 
> FYI I applied all the updates before trying the (unhide) workaround
> mentioned below, and it didn't work for me.  Don't know if it would
> have worked before.
> 
> Here is a different way to uninstall windows messenger that works.
> Type this all on one line as is
> 
> RunDll32 advpack.dll,LaunchINFSection
> %windir%\INF\msmsgs.inf,BLC.Remove 
> 
> 
> ------ Snippity Snip ------
0
HippyGoth
4/8/2002 11:00:00 AM
Reply:

Similar Artilces:

windows ME questions, questions, questions.......
Hi, my next PC will be running Windows ME. The PC will be supplied via my work, so there's no choice here for me (ME?) (I think I would have preferred 98 SE). The harddisk (40GB matrox) will have ME installed, and both the Windows ME set-up files and an image of the initial Harddisk 'on a hidden partition'. Word has it that this partition is not seen by Format nor FDisk. Is this really possible? No Windows CD will be supplied. Seems a new way of MS to encourage working with licensed software only. Anyone familiar with this way of distributing an OS? Will I be able to ...

spyware question
whats the legal difference between this spyware http://www.big-brother-spy-software.com/big_brother_software_screen_captures ..html and a trojan there doesnt seem to be to much difference dynamodave wrote: > whats the legal difference between this spyware > http://www.big-brother-spy-software.com/big_brother_software_screen_captures > .html and a trojan there doesnt seem to be to much difference Technically none really, other than the method of distribution. Neither is their any real difference between trojans like NetBus, BackOrrifice and Sub7 and legitimate ...

XP question.
Is there a simple way to list all the user profile folders or user account names on an XP PC that can be used in a batch file? Thanks. On Mon, 23 Jul 2007 14:49:10 +0000, John wrote: > Is there a simple way to list all the user profile folders or user account > names on an XP PC that can be used in a batch file? Thanks. um, dir "c:\documents and settings" ? -- Joe "Mostly me, mostly you." I'll research that tonight. -- Time flies like an arrow, fruit flies like a banana. Joseph Marton wrote: > On Mon, 23 Jul 2007 14:49:...

XP Question
Is it normal to get a process accessing the net without giving it access through ZoneAlarm??? It only seems to happen when I give IE6 access to the net. The process is 69? and 712 I have had a Trojen active on my system but have re-installed with XP since and have run a complete check with AVG and nothing has shown up. any ideas??? Kaos <kaos@blueyonder.co.uk> wrote: >Is it normal to get a process accessing the net without giving it access >through ZoneAlarm??? > >It only seems to happen when I give IE6 access to the net. > >The process is 69? an...

XP Question
Anyone know of a utility that will record what files / folders / registry keys an application accesses when it is starting? Do you also know if it is possible to list what permissions it needs to access the files e.g. administrator permissions or user permissions? Thanks. go to ms site - search sysinternals - lotsa gadgets like procmon, psmon, filemon, regmon -- http://brokertech.parallel42.ca/blog sysinternals regmon/filemon -- http://abeNd.org - Novell News for IT Professionals - "Arthur" <Arthur@Novell.com> wrote in message news:6kezj.7230$Ec...

Question about questions
Name: Edward Newill Email: ernewillatyahoodotcom Product: Thunderbird Summary: Question about questions Comments: Is there an email address that I can send a question too? I could not find one in the Service area of your site. I would like to know how I create signatures for my Thunderbird email? Best regards, E. Newill Browser Details: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727) From URL: http://hendrix.mozilla.org/ ...

spyware question
I sent MS & the AV & spyware software co.'s the same question [see Spyware or not]. All replied with different answers. The software co. that found it said to upgrade and I did. On 1st scan it found 13 infections. My question here is how do I know these infections are not 'False Positives' ? Ever hear of: trojan.monder.gen adware.agent.bxj hack.tool.delf.fy trojan.patched.bb They all where in software programs I bought $$$ and downloaded from the net. thanks in advance David Hester wrote: > I sent MS & the AV & spyware software co.'...

XP Question
Not sure which group to post this in. Anyway, does anyone know how to startup windows XP without showing windows screens? I want the pc to start up without showing any microsoft specific stuff. How to do that? Any hints? I know how to bypass the login screen, but before that there is a windows screen with a progress bar.. Thanks, Totte Il Fri, 1 Oct 2010 11:59:12 -0700, totte karlsson <tottek@gmail.com> ha scritto: >Not sure which group to post this in. > >Anyway, does anyone know how to startup windows XP without showing windows >screens? I want the p...

XP question
XP machine has gone "berserk" downloading and installing SP's / updates etc. Has gotten itself to the point where it's almost useless. Any process takes "forever" Thinking of uninstalling all SP's etc and starting over. Any tips, advice etc. A clean "reinstall" is not really an option at this time. Or, should I just uninstall Norton System "Slow works" and go with AVG?? tia -- 95isalive This site is best viewed.................. ...............................with a computer If your machine really has gone "berserk&qu...

spyware questions
I want to install spyware on my system that is running under XP Home. I have downloaded Spybot S&D and Spyhunter. I have been doing some research and the more I read the more confused I become. I think I definitely need protection and probably will not find the perfect solution but, my main concern is about messing up my system.. It is running fine now and I am afraid I will cause problems that I wll not be able to correct. Right now I am leaning towards SpyHunter. Would appreciate some suggestions. <snip> It is running fine now and I am afraid I will > cause problems tha...

XP questions...
I just switched to XP SP1 Professional-slowly getting the hang of it...just wanted to know a few things... 1) I've noticed that it shows zip files along with folders in the tree pane of Explorer-even if u have winzip installed for handling zip files by default. How do u prevent them from coming in the tree pane? 2) Anyone seen a theme for xp that resembles Sun Java's Swing interface? (If you've used Morpheus P2P software-it has a 'java' skin-thats the kind of theme im looking for) 3) How does one turn off msn (or rather windows) messenger?? i haven't told it to...

XP server question
If I have resource allocation in my share library which will be link with ESP, when can I release those resources I have allocated? For instance, I have a share library called examples.so contains xp_echo function which is built by OS function(BTW this is sybase sample), I have created a procedure call xp_echo by isql command "create procedure xp_echo @in varchar(255) as external name "examples.so", so I can call this procedure from isql. Up to now everything goes well, then I expanded this function a little bit to let it do more work, it will connect with another ...

XP privacy question
I have a friend who is considering make the move to XP but he would like to review privacy concerns with XP. I have searched for sites pertaining to this matter but most are from 2001. I would like to provide him with some more recent updated sites for him to read. Would anyone happen to have links to sites of this nature? TIA (That's Thank You In Advance rather than Total Information Awareness! lol) In article <at333m$1vj2$1@news.grc.com>, Dave says... >I have a friend who is considering make the move to XP but he would like to >review privacy concerns with XP. I...

XP Account question
Using XP Pro. Is there a way to setup an account for File Sharing but pevent it from being used at the Console? JC schreef: > Using XP Pro. > > Is there a way to setup an account for File Sharing but pevent it from > being used at the Console? Sure. Open regedit with administrator rights and got to: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList Right click in right pane / create / new / DWORD Give the new value the name of the account you want to hide and set value to 0. Now you don't see it on the wel...

Web resources about - xp question - grc.spyware

West Lothian question - Wikipedia, the free encyclopedia
He illustrated his point by pointing out the absurdity of a Member of Parliament for West Lothian being able to vote on matters affecting the ...

Strikes on Islamic State 'capital' lead to more questions than results
According to those with family on the ground, France is hitting deserted sites in its retaliation for the Paris attacks.

2017 Fiat 124 Spider questions if the answer is always Miata
Filed under: 2015 LA Auto Show , Fiat , Convertible , Budget , Performance There are few ways we can think of to improve the Mazda MX-5 Miata, ...

The Question: Why Did the World Turn on Ronda Rousey? - Bleacher Report
Perhaps it wasn't the biggest upset in mixed martial arts history. Maybe it was. There's one thing we know for certain: Holly Holm's upset of ...

McCain vs. Cruz on the question whether the U.S. should give priority to Christian refugees.
Cruz: "There is no meaningful risk of Christians committing acts of terror... If there were a group of radical Christians pledging to murder ...

Jason Momoa, Harrison Ford & more answer the question ‘Are you a feminist?’
New York Magazine’s The Cut had a fascinating piece this week about “male feminists.” It’s what I’ve been saying for a while – I enjoy the fact ...

Google's mobile app understands more-complex questions now
The search giant says its app has gotten better at breaking down your questions and understanding the intent of what you're asking.

Alabama Football Coach Nick Saban Goes WILD After Getting Asked A Simple Question
Alabama Football Coach Nick Saban Goes WILD After Getting Asked A Simple Question

Ben Carson advisor: Carson is above 'silly' questions about what he'd do as president
Let's give Ben Carson another shovel, because the one thing he and his campaign have proven adept at is digging deeper and deeper holes. Like ...

As Acting Coach Cameron Thor Faces 13 Years In Prison, Questions Arise About His Sex Assault Case & Conviction ...
The District Attorney's office must have known it had a weak case against well-known Hollywood acting coach Cameron Thor from the very beginning. ...

resources last updated: 11/20/2015 7:15:05 PM