Jump to content
GreaseSpot Cafe

UnPlug n' Pray

igotout

By igotout,
in Computer Questions

 Share

Recommended Posts

igotout Newbie

igotout

Posted
Posted

Until Zixar and Flay mentioned getting rid of the Service called UPnP in another thread, I was I was not aware that it was such a potential security threat. So I began investigating and found this site. Among other things it states

The FBI has Strongly Recommended that All Users Immediately Disable Windows

Universal Plug n' Play Support

Check it out:Artiicle from grc.com

Grc.com is a site where you can learn about all manner of internet security and how to protect yourself from vulnerabilities. I particulary like their section where they will test your system remotely for vulnerabilities. Go to their Shields Up section:

Shields Up

WHat did I do? Downloaded their cool little utility which instantly and safely disables UPnP. Download it here:

http://grc.com/files/UnPnP.exe

What does it do? Apparently it stops two services and puts them in the disabled state as Flay suggested.

Universal Plug and Play

SSDP Discovery Service

According to the extensive article above, these two things are not needed.

Always somethng new to learn. Comments appreciated.

John R.

PS - Short version for those of you who are bored to death with the details.

1. Download that neat little utility mentioned above

2. Click on it after you download it.

[This message was edited by igotout on September 06, 2003 at 0:02.]

Link to comment
Share on other sites
Flay Minion Newbie

Flay Minion

Posted
Posted

Oops. I responded on the other thread with the link to Gibson's site. Should have read this first. He and you explain it better than I could. I'm amazed that no one has really taken advantage of this flaw yet to cause problems. I think SP1 changes the default on this to "disabled" but this could be faulty memory.

I see Gibson also has added a utility to disable the Messenger service and explains why it's not the same thing as MSN messenger and is good to disable. This takes the place of that command line utility I posted on the other thread.

The guy may come across as a little paranoid at times but he's good at what he does and the paranoia is based on reality. I like to have people go to his site and run the security test. They usually freak out when they find that their security looks like Swiss cheese but are pleased to find how easy it is to fix.

Thanks, John. More people need to know about this stuff before the next MSBlaster stupidity comes up.

If at first you don't succeed, try again. Then quit. No use being a damn fool about it

[This message was edited by Flay Minion on September 06, 2003 at 10:35.]

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...