We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

ISP stamps out pop-ups

AOL turning off Windows Messenger

AOL is taking aggressive steps to combat spam and close a security loophole by turning off a Microsoft Windows feature that it says spammers are exploiting to display pop-up messages on users' desktops.

The service provider used an update of its software to disable the Windows feature without the knowledge or consent of AOL subscribers, raising questions about the ethics of the change. The feature in question, known as Windows Messenger Service, enables network administrators or network devices to display messages on users' desktops but has few applications for home users, according to Boston-based independent security expert Richard Smith.

Text commands entered from a command prompt allow users to create a pop-up window containing messages that will appear on other users' desktops if they're connected over a home network, corporate network or the internet, Smith said. Spammers discovered the feature a year ago and immediately began using it to barrage unsuspecting users with pop-up messages containing solicitations, he said.

Using Windows Messenger Service has advantages for spammers over email. The spammer's message appears on top of the desktop, without requiring any user action to display it. Even more important, spammers do not need to know any email addresses to get their message out to Windows users, just the IP (internet protocol) addresses of Windows machines, Smith said.

AOL call centres began receiving a large number of complaints from users about the pop-up message problem last year, soon after spammers discovered it, said AOL spokesman Andrew Weinstein.

"Users were calling us and saying that they didn't know why they were getting them and that there was no way of getting away from them," he said of the messages.

An AOL feature for blocking pop-up website advertisements did not stop the Windows Messenger Service pop-ups either, because the Messenger Service pop-ups relied on a different underlying technology, he said.

The company was also swayed in its decision to block the Windows Messenger Service by a recent critical security bulletin from Microsoft concerning a buffer overrun vulnerability in the Windows Messenger Service that could enable a remote attacker to take control of a vulnerable Windows system, Weinstein said.

AOL began shutting off the feature for customers using Windows NT, 2000 and XP on a rolling basis two weeks ago. The company checks users' machines when they log on to AOL's network to see if Windows Messenger Service is enabled. If the feature is on, AOL disables it, Weinstein said.

So far, 15 million AOL subscribers have had the feature disabled, and AOL is planning to make the change on about five million more AOL subscriber machines in the coming weeks. Weinstein did not have a timetable for the remaining changes.

Related links:
AOL


IDG UK Sites

5 reasons not to wait for the Apple Watch: Why you shouldn't buy the iWatch

IDG UK Sites

Why local multiplayer gaming is rapidly vanishing: we look at the demise of split-screen and LAN...

IDG UK Sites

How Emotional Debt is damaging digital design

IDG UK Sites

How to update your iPhone or iPad to iOS 8: including how to install iOS 8 if you don't have room