Windows Messenger - File Transfer Security

The File Transfer feature of Windows Messenger allows users to transfer files between desktops. Wait, bear with me, there's more...

To help ensure that the file being transferred is safe for use, Windows Messenger 5.1 performs a check each time a file is transferred from one client to another. This check is conducted even before the recipient accepts the file transfer, thereby helping to eliminate any chance of downloading a potentially unsafe file. If the file is determined to be of an unsafe file type, the file transfer is not performed.

What happens during the check actually depends on the version of the Windows operating system being used:


For Windows XP Service Pack 2:

The “Attachment Execution Services”, part of the operating system, are called to verify the safety of the file. You'll find developer info on this subject here and here.
The security policy Microsoft Management Console (MMC) snap-in (Secpol.msc) is used to control which extensions are considered executable file types.

To view or modify the extensions that are considered executable file types
• Run Secpol.msc.
• Expand Software Restriction Policies, and then double-click Designated File Types.

Note: To view the Designated File Types property page, the Software Restriction Policies node may need to be created. To create the Software Restriction Policies node, follow the instructions that appear when ‘Software Restriction Policies’ is expanded.


For Windows XP Service Pack 1 and Windows Server 2003:

The AssocIsDangerous function is called to verify the safety of the file.


For Windows XP RTM and Windows 2000 Server Service Pack 4:

The file extension is checked against a static list of known unsafe file extensions:

"ade", "adp", "app", "asp", "bas", "bat", "cer", "chm",
"cmd", "com", "cpl", "crt", "csh", "exe", "fxp", "hlp",
“hta", "inf", "ins", "isp", "its", "js", "jse", "ksh",
"lnk", "mad", "maf", "mag", "mam", "maq", "mar", "mas",
"mat", "mau", "mav", "maw", "mda", "mdb", "mde", "mdt",
“mdw", "mdz", "msc", "msi", "msp", "mst", "ops", "pcd",
"pif", "prf", "prg", "pst", "reg", "scf", "scr", "sct",
“shb", "shs", "tmp", "url", "vb", "vbe", "vbs", "vsd",
"vsmacros", "vss", "vst", "vsw", "ws", "wsc", "wsf", "wsh"

In all cases, if the file is not determined to be of an unsafe file type, the file is transferred directly to the recipient (peer-to-peer) using a TCP connection over a fixed range of ports. The file does not pass through the Live Communications Server. The file is transferred across the network in plaintext (without encryption) and with only minimal authentication.


Recommendations for deploying a secure system:

• Use Windows Messenger 5.1 and Live Communications Server 2005
• Use Windows XP Service Pack 2
• Use TLS for client-server connections
• Enable the 'Require SIP high security mode' Group Policy setting for the user’s GPO
• An Anti-Virus software solution should be deployed to client desktops to add further protection against unsafe files. 3rd party server-based Anti-Virus solutions which integrate with Live Communications Server 2005 are also available to perform anti-virus scans of the files during file transfer between users. For more information about partner solutions, see the Microsoft Partner site.

Note also that the file transfer feature can be disabled on a per-user basis via the "Prevent file transfer" option in Group Policy.

- Thanks to Chris Araman for assistance with these details