Windows Messenger - File Transfer Security

The File Transfer feature of Windows Messenger allows users to transfer files between desktops. Wait, bear with me, there's more...

To help ensure that the file being transferred is safe for use, Windows Messenger 5.1 performs a check each time a file is transferred from one client to another. This check is conducted even before the recipient accepts the file transfer, thereby helping to eliminate any chance of downloading a potentially unsafe file. If the file is determined to be of an unsafe file type, the file transfer is not performed.

What happens during the check actually depends on the version of the Windows operating system being used:

 

For Windows XP Service Pack 2:

The “Attachment Execution Services”, part of the operating system, are called to verify the safety of the file. You'll find developer info on this subject here and here.
 
The security policy Microsoft Management Console (MMC) snap-in (Secpol.msc) is used to control which extensions are considered executable file types.

To view or modify the extensions that are considered executable file types
• Run Secpol.msc.
• Expand Software Restriction Policies, and then double-click Designated File Types.

Note: To view the Designated File Types property page, the Software Restriction Policies node may need to be created. To create the Software Restriction Policies node, follow the instructions that appear when ‘Software Restriction Policies’ is expanded.

 

For Windows XP Service Pack 1 and Windows Server 2003:

The AssocIsDangerous function is called to verify the safety of the file.

 

For Windows XP RTM and Windows 2000 Server Service Pack 4:

The file extension is checked against a static list of known unsafe file extensions:

"ade", "adp", "app", "asp", "bas", "bat", "cer", "chm",
"cmd", "com", "cpl", "crt", "csh", "exe", "fxp", "hlp",
“hta", "inf", "ins", "isp", "its", "js", "jse", "ksh",
"lnk", "mad", "maf", "mag", "mam", "maq", "mar", "mas",
"mat", "mau", "mav", "maw", "mda", "mdb", "mde", "mdt",
“mdw", "mdz", "msc", "msi", "msp", "mst", "ops", "pcd",
"pif", "prf", "prg", "pst", "reg", "scf", "scr", "sct",
“shb", "shs", "tmp", "url", "vb", "vbe", "vbs", "vsd",
"vsmacros", "vss", "vst", "vsw", "ws", "wsc", "wsf", "wsh"

In all cases, if the file is not determined to be of an unsafe file type, the file is transferred directly to the recipient (peer-to-peer) using a TCP connection over a fixed range of ports. The file does not pass through the Live Communications Server. The file is transferred across the network in plaintext (without encryption) and with only minimal authentication.

 

Recommendations for deploying a secure system:

• Use Windows Messenger 5.1 and Live Communications Server 2005
• Use Windows XP Service Pack 2
• Use TLS for client-server connections
• Enable the 'Require SIP high security mode' Group Policy setting for the user’s GPO
• An Anti-Virus software solution should be deployed to client desktops to add further protection against unsafe files. 3rd party server-based Anti-Virus solutions which integrate with Live Communications Server 2005 are also available to perform anti-virus scans of the files during file transfer between users. For more information about partner solutions, see the Microsoft Partner site.

Note also that the file transfer feature can be disabled on a per-user basis via the "Prevent file transfer" option in Group Policy.

- Thanks to Chris Araman for assistance with these details

Comments

  • Anonymous
    February 16, 2005
    Great, now how do we disable this feature? Or at least get Messenger to prompt us instead of just denying the file transfer?
  • Anonymous
    April 07, 2005
    Easy - rename the file, and tell the guy/gal at the other end to rename it.
  • Anonymous
    April 10, 2005
    Files are blocked or allowed based on their file extensions - if the file extension matches an entry on the 'block list', the file transfer is not allowed. There are no options in the client that will allow the user to 'force' the transfer to occur. The idea is that a company can apply this policy to all their employees to help prevent the spread of unsafe files - allowing the user to easily circumvent the policy via the IM client itself would be counter-productive.

    One way for the user to "work around" the file transfer protection is to follow Michael's suggestion above and rename the file so that it no longer has a blocked file extension. The contents of the file are not examined by LCS (just the file extension), so unless you have deployed a 3rd party IM scanning solution to work with LCS, this should work. The recipient would then need to rename the file back to the original file extension. Note that renaming the file is not performed via the Windows Messenger client itself :-).

    A company can use the group policy to configure the list of blocked file extensions to match their needs.