America Online's gated Internet community may just have gotten a bit more secure.
On Friday, the company said it had turned off Microsoft's flawed Windows Messenger service--a data exchange mechanism for networked computers that shouldn't be confused with the software giant's instant-messaging application--for nearly 15 million of its users over the last two weeks. Spammers have co-opted the service, which is typically only used to manage networks for businesses, to cause advertisements to pop-up in a gray box on home users' desktops. By disabling the service, AOL aims to stop the pop-up boxes and also protect users against a flaw in the service that could let attackers control a Windows user's PC.
"This one was an easy one: It was both a user-experience issue and a security threat to our members," AOL spokesman Andrew Weinstein said. "Turning it off had a negligible impact on our members." The move, however, has raised questions about how far Internet service providers should go to secure their users. AOL uses a program to disable the Windows Messenger service when a user logs on to its network. If users want to turn it back on, they can either do it themselves or go to an AOL site that will use another program to do it for them. "I'm definitely for ISPs doing more to protect their piece of the network," said Pete Lindstrom, research director at consulting company Spire Security. "However, this is a level of intrusiveness that I would be uncomfortable with. It's pretty risky to be changing the settings on a customers' computer without permission." AOL's Weinstein said the company wouldn't often take steps like this one. The case is a rare one, he said, because the benefits greatly outweigh the costs.
News source: C|Net News.com