Microsoft shoots the Messenger for bringing security fears

Spam attacks and security vulnerabilities have prompted Microsoft to plan to turn off its troublesome Windows Messenger service in the next Windows XP update.

The Messenger service is a data exchange mechanism for networked computers that shouldn't be confused with Microsoft's instant-messaging software. Spammers have taken advantage of the service, which is typically only used to manage networks in businesses, to send advertisements that pop up in grey boxes on people's desktops. Microsoft also announced earlier in October that the technology has a flaw that could be used by attackers to bypass a computer's security.

Switching Messenger off "is the current plan of record", said Neil Charney, director of product management in Microsoft's Windows client group. The company made the announcement at its Professional Developers Conference in Los Angeles. "What we are doing at this point is running through the plan with developers," Charney said.

The next update, Windows XP Service Pack 2, is due in the first half of 2004. Microsoft also plans in Service Pack 2 to turn on the Internet Connection Firewall, a basic form of protection that's built into Windows but is currently off by default.

The decision comes as other companies have attacked Microsoft for including a feature that home PC owners largely don't use and that has been the source of security problems. Network administrators worry that the vulnerability in Messenger could be exploited by an online vandal to create a fast-spreading worm similar to MSBlast or Slammer.

Last week, AOL revealed that it automatically turned off the feature for nearly 15 million of its customers. The drastic step was the latest move to quash the effects of the flaw for AOL, which first started filtering out Messenger data nearly a year ago.

The plan to modify the default setting of Windows XP is part of Microsoft's search for ways to better secure its besieged operating system. At the beginning of October, the software giant said it would educate customers and improve its default configurations and its system for patching software.

In many ways, turning off the Messenger feature is an easy decision, because most consumers never used it, Charney said, and companies have the expertise to turn it back on.

"From a consumer, end user point of view, I think it is something that will be left off," he said.

Robert Lemos writes for News.com