Today's Weblog Home  Weblog Index

DRAFT - March 27, 2003

Disable Insecure MS Windows Services

Windows 9x
 

Windows ME (This OS should be replaced with another, if at all possible)

Windows 2000 and XP (and NT, usually)

Messenger Service -- the Messenger Service is designed for use by system administrators in Windows server-client networks. System administrators use the messenger service to send  messages that notify you of conditions on or give status about your network. However, some advertisers have  started using this service to send their information via  the Internet.
 http://support.microsoft.com/default.aspx?scid=kb;en-us;330904
If you have Windows XP with Service Pack 1 installed, turn on Internet Connection Firewall.
http://www.microsoft.com/windowsxp/pro/using/howto/communicate/stopspam.asp

IIS (Internet Information Server)
 http://www.nwfusion.com/news/2003/0325newiise.html
 http://www.nextgenss.com/papers/ms03-007-ntdll.pdf
 

WebDAV
 http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-007.asp

Windows RPC (Remote Procedure Call)
http://searchsecurity.techtarget.com/newsItem/0,289139,sid14_gci890733,00.html
 http://www.infoworld.com/article/03/03/27/HNwinbug_1.html
 http://www.nwfusion.com/news/2003/0327windoflaw.html
 http://www.microsoft.com/technet/security/bulletin/MS03-010.asp
 

Windows Messenger (NOT the same as "Messenger Service" above)
 http://cl.com.com/Click?q=fb-aWqrQkg68GWnXpTy3EpcFKtwf0_C
http://www.techrepublic.com/article.jhtml?id=r00320030326pos01.htm&fromtm=e101-3
 http://support.microsoft.com/?kbid=302089
 http://www.windows-help.net/WindowsXP/tune-05.html
 http://www.experts-exchange.com/Operating_Systems/WinXP/Q_20387654.html
 http://www.druid628.com/techtips/windows/msmsgs/oppress_msn.html
 http://www.druid628.com/techtips/windows/msmsgs/killmsn.htm


We specialize because we can’t know everything. We delegate because we can’t run everything. Today it’s important that we abstract because recent history has forced us to accept that everything is temporary. That’s neither deep nor bleak, just true.    People change jobs, companies change hands, customers change loyalties, partnerships are broken and made, and the vendor you favor today could do something stupid tomorrow.    Except in rare and unpredictable cases, your company’s individual technology choices will not    change how your customers, partners, and suppliers behave.

    If the word “abstraction” sets off your meaningless-buzzword detector, silence the alarm for a few seconds while I explain. Abstraction is the underrated process of managing complexity with a whiteboard eraser. You erase the small boxes inside the bigger boxes and the twigs from the trees until the diagram reflects what you can (or should) control. That doesn’t necessarily alter the architecture. It doesn’t send the message that the details are unimportant.    What it says is what my boss should have said to me five years ago: You keep your job (or, if  you’re a vendor or service provider, get your annual contract renewed) as long as I don’t care about what happens inside this box. If I have to get involved in the details I entrust to you, you will compete with everyone who wants your job (or your contract) to define and implement a solution that takes this off my radar again.

    Let’s make the concept simpler by making it personal. I buy the groceries for my family. My wife doesn’t tell me what kind of paper towels to buy. I’m free to choose the brand I like and switch when there’s a sale. But if I switch to a brand that doesn’t work for her or to old    T-shirts because that’s the latest thing, she’d applaud my willingness to change but tell me to stick with what works. If I didn’t switch after that, I’d soon be buying the brand of towels she tells me to buy.

    If executives are involved in implementation details, they can’t help their companies evolve.    Would I reduce every CTO, CIO, vice president, and project leader to a hands-off paper shuffler? Certainly not. But understand that the closer you are to the top of the IT org chart, the more you have to think about business realities such as doing more with less, eliminating dependencies, and keeping track of what your customers and partners actually need. That last bit might be the toughest to accept. What matters most to people and businesses you serve might have little in common with what you think they should care about. And that is the heart of the concept of abstraction. To use abstraction as a tool to focus your effort, whether you    abstract technology, roles, or business processes, you have to accept that others will use it, too. They’re not going to map out their worlds the way you think they should. If you’re upset with your customers or users because they won’t use the brilliant technology you’ve put in their hands, it’s likely you are looking the wrong way at them and your role in the company.

    When IT execs draw boxes inside boxes and push down decisions for which others are  accountable, the business cannot evolve. In that setting, evolution only happens in a crisis,  when something breaks, or when someone quits. Why abstract? Why keep raising the line that separates what you care about from what you entrust to others? Because you will never finish dealing with those details.

From Tom Yager's article at
http://www.infoworld.com/article/03/03/07/10curve_1.html