Web Informant #353, 12 December 2003:

Pop-up pains




Imagine several scenarios for a moment. Let's say I put my name on a brick and sent it flying through your living room window. You would probably not be too happy about that and would make some efforts to contact me and get me to pay for the broken glass. Now, imagine that I was selling security services and included an advertisement on it. I sent my brick as a warning that your windows weren't the best quality and needed reinforcement or protection, and that I could provide that to you for a fee. You probably would be less than thrilled about that, too. Finally, imagine that I perfected a way to throw lots of bricks through lots of windows, in the name of establishing a new business.


That is precisely what two college kids are doing. Instead of windows and bricks, we have Microsoft Windows and pop-up ad blocker software. The “entrepreneurs” are using a little-known exploit of the Windows Messenger service to distribute advertisements about their software to unsuspecting potential customers. It is an interesting story because they are using technology to promote their product in a way that has insidious implications for the advertising and marketing of new software products.


Before I tell you how it works, a bit of an explanation. The Windows Messenger service isn't the same thing as MSN Messenger software, which is Microsoft's IM client that is used by people to chat with each other, similar to AOL's IM product. The service is just used by computers to talk to each other, and was originally designed so that network administrators could send out system alerts to entire networks easily and quickly. Messages like "printer out of paper" or "file server to come down in 10 minutes for maintenance." Unfortunately, the bad guys have figured out ways to exploit this service for sending out messages about their pop-up ad software product.


When the Messenger service sends out a message, a small pop-up window appears in the corner of the screen with the message. Note that these pop-ups aren't the same technology as pop-up ads that appear in separate browser windows: that is HTML coding that is part of the pages you view on particular sites, and are spawned not by the Windows Messenger service but on behalf of your ever-helpful browser. To be accurate, the browser is actually getting its instructions from the HTML code on the pages carried by the Web server. This code tells the browser (not the operating system, although it is getting harder to tell the two apart) to open a new window and display the pop-up information. Ironically, if you want to see a really obnoxious demonstration of the Web-based pop-ups, just download the 7.1 version of Netscape Navigator browser: the Netscape home page is coded with these beasts, much to my chagrin.


OK, so why is that so important? The two college kids' company, called D-Squared Solutions, had developed some software that would block these Web-based pop-up ads. Well, that is very nice and something that a few of us would probably want to have, given how annoying the pop-ups can be (and how many of them have to do with objectionable content as well). The wrinkle to all of this is that they decided to promote their software by using the Windows-based Messenger service to spread the word. It would be considered slick if it wasn't so sick.


To make matters more complex, Messenger service has a few security loopholes of its own creation, thanks to some sloppy coding by Microsoft. Those loopholes make it easy for some unscrupulous person or program to take control over your machine, and use it to send out infections across the Internet, or spawn spam messages.


The problem with this service was that it was essentially developed back in the days of DOS, predating Windows and the many hacks that have come to plague us recently. Indeed, Microsoft, in one of its many security bulletins, recommends that people turn off this service (in XP, you go to Control Panel/Admin Tools/Services, then double click Messenger and change the startup type to disabled and stop the service). I concur with this recommendation, and suggest you turn off this service at once.


The U.S. Federal Trade Commission has gotten understandably incensed about D-Squared’s tactics. Users continue to be bombarded by the pop-ups, some for as often as every 10 minutes, according to the complaint filed by the commission. By using Messenger service, pop-up ads advertising the pop-up blocker could appear on users' screens even when they weren't browsing the Internet. The FTC has taken the company to court, requesting a temporary restraining order to stop the company from annoying further customers. They claim unfair business practice and interfering with consumer's use of their PCs, with the potential for causing data loss and reduced work productivity.


Of course, this begs the question as to which pop-up blocker would I recommend, if not that of D- Squared. I don't have any that I have tried that really work, and some (including the PanicWare software promoted by Cablevision) can cause more problems than they solve. In the meantime, do turn off your Messenger service now before someone figures out yet another entry point into your computing life.


Entire contents copyright 2003 by David Strom, Inc. 

David Strom, dstrom@cmp.com, +1 (516) 562-7151

Port Washington NY 11050

Web Informant is (r) registered trademark with the

U.S. Patent and Trademark Office. 

ISSN #1524-6353 registered with U.S. Library of Congress


If you'd like to subscribe (issues are sent via email),

please send an email to: