Register Log In

Forums Feature Suggestions Disable DDESERVER on default

Print Thread

Disable DDESERVER on default #83984 24/05/04 09:49 AM
Joined: May 2004 Posts: 3 Z ZralleZ OP Self-satisified door
OP ZralleZ Self-satisified door Z Joined: May 2004 Posts: 3	I suggest to disble DDEserver on default when mIRC gets installed, due alot of exploits/vlrsues are using DDE-server to infect/spread(s)

Re: Disable DDESERVER on default #83985 24/05/04 10:19 AM
Joined: Apr 2004 Posts: 871 The Netherlands Sat Hoopy frood
Sat Hoopy frood Joined: Apr 2004 Posts: 871 The Netherlands	Are you aware of the fact that DDE is not the only way of sending commands to an already running mIRC session? If DDE were to be disabled by default, the exploit/virus coders would simply move on to another (trivial) way of sending commands. Besides, disabling DDE is only a matter of treating symptoms, not the real problem. After all, you'd already have a rogue process running on your system. Saturn, QuakeNet staff

Re: Disable DDESERVER on default #83986 24/05/04 11:15 AM
Joined: May 2004 Posts: 3 Z ZralleZ OP Self-satisified door
OP ZralleZ Self-satisified door Z Joined: May 2004 Posts: 3	Your right there. But i will still think it will make it harder for the newbies to make infections, for spreading through DDE.

Re: Disable DDESERVER on default #83987 24/05/04 11:53 AM
Joined: Apr 2004 Posts: 871 The Netherlands Sat Hoopy frood
Sat Hoopy frood Joined: Apr 2004 Posts: 871 The Netherlands	That could be, and from that perspective, turning off the DDE server by default might be a good thing. However, (and I'm not saying this to you specifically!) there appears to be a common misconception that mIRC's DDE server is a "security risk", and that disabling it will somehow make your computer more secure. That is simply not true. Saturn, QuakeNet staff

Re: Disable DDESERVER on default #83988 24/05/04 05:58 PM
Joined: Feb 2003 Posts: 307 Portugal T tontito Fjord artisan
tontito Fjord artisan T Joined: Feb 2003 Posts: 307 Portugal	Well one of the rules of security is that is better to turn off unused services since they may be a gateway. in this case, since most of the users don't use that (i don't) i belive it is better for it to be off by default.

Re: Disable DDESERVER on default #83989 24/05/04 06:31 PM
Joined: Apr 2004 Posts: 871 The Netherlands Sat Hoopy frood
Sat Hoopy frood Joined: Apr 2004 Posts: 871 The Netherlands	Seems like I wasn't clear enough.. The point I was trying to get across in the posts above, is that that rule of security does not apply to mIRC's DDE server, because processes utilizing it already need to be running on the same system as mIRC, in which case they can also use the SendMessage way of sending commands, modify mIRC's configuration files, start their own copy of mIRC, and anything else you can possibly think of (all of these methods are being used by worms already). In other words, mIRC is already a "gateway" anyway (with or without DDE server), and malicious code that is able to use mIRC as a "gateway", can use other methods to do whatever it wants to do (e.g. spread on IRC), without using mIRC, and without any loss of its malicious "functionality." So, if the DDE server were to be disabled by default, it would not be because of that reason. Saturn, QuakeNet staff

Re: Disable DDESERVER on default #83990 25/05/04 09:13 AM
Joined: Dec 2002 Posts: 395 Ireland M MonoSex Fjord artisan
MonoSex Fjord artisan M Joined: Dec 2002 Posts: 395 Ireland	As far as i know, the Chat Links needs DDE enabled to work.

Re: Disable DDESERVER on default #83991 25/05/04 01:58 PM
Joined: Feb 2004 Posts: 201 Melbourne, Australia J Jae Fjord artisan
Jae Fjord artisan J Joined: Feb 2004 Posts: 201 Melbourne, Australia	Maybe even a little facility to "see" which programs are "using" DDE Server or SendMessage.. might make it easier for novice users to know what programs are doing with their mIRC .. Cheers!

Link Copied to Clipboard