Hot on the Web
Lost in Cyberspace
Online San Diego
Feature Articles
Book Reviews and Reading Diary
Music Reviews
Favorite quotates
Contact Me

More contemptible than spam

Hot on the Web

This column originally ran in ComputorEdge on November 15, 2002
(Issue 2046, Accessing the Internet)

Unrequested, unwanted e-mail clogging up your in box and Internet connection not bad enough for you? It may get worse — It turns out that someone has figured out a way to get direct access to your Windows desktop.

A product called "DirectAdvertiser" allows anyone to use the built-in Messenger service in Windows NT, 2000 and XP to send commercial messages directly to your desktop.

This Messenger isn't the same as the MSN Messenger instant messaging program — instead, Messenger is a utility intended to allow network administrators to communicate directly with users. If you're taking a server off-line, if e-mail will be out for a while, it's a handy tool in the office environment for communicating quickly with a lot of folks in a way you can be sure they'll notice (unlike e-mail, which may not get checked until after the crisis is over).

While a Google search for DirectAdvertiser brought up hits for, with the short quote from the site indicating this was the right place, it is no longer active. It may be that the wrath in the media forced the company to go underground.

A still-present annoyance

But even if company founder Zoltan Kovacs has stopped selling the software (at least from that Web site), there are already a ton of copies out there.

And there's no putting the genie back in the bottle. Should Kovacs abandon DirectAdvertiser completely, you can be sure that pirated copies of it will soon spread all over the 'Net.

Seeing as spammers don't exactly seem the type to worry about the propriety of their behavior, it seems safe to assume that we'll have Windows Messenger spam around for awhile.

From the spammers' point of view, DirectAdvertiser has one huge advantage over e-mail: It doesn't seem to violate laws against e-mail spam. It's not e-mail, so until and unless Congress and the states ban the use of Messenger or craft a law broad enough to prohibit all uninvited commercial messages, DirectAdvertiser is here to stay.

Evaluating the risk

There are things you can do to minimize the risk. For starters, IT managers probably don't have to worry about most of the PCs they're responsible for. If your network is set up behind a firewall using DHCP to generate private IP addresses, it appears DirectAdvertiser can't find that network. Of course, your main servers connecting your system to the Internet may get hit.

Those of us with residential DSL or cable access are the most susceptible — although my XP box has yet to be targeted. Fortunately, there's also a fix for us — you can simply turn Windows Messenger off. While IT managers in a large organization would be understandably hesitant to take such a step — robbing themselves of such a tool — how many of us in a home setting are ever going to need Messenger?

And even though Windows Messenger only allows for the sending of plain text messages — with no graphics or attachments — there remains the worry reported in the original story on this issue in Wired that if spammers can take advantage of this entryway into Windows, so can those with an even more malicious bent — that hackers might be able to exploit Messenger to insert worms or viruses directly onto a PC.

Nor is this going to be the final word on new methods of spamming and hacking.

For ultimately, spam is our own fault: Just as with telephone sales pitches, they wouldn't do them if they didn't work. And so as long as there's money to be made by sending us cheesy advertising, there are going to be folks who will find ways to send it to us.