Should I Disable UPNP

[MartiMcFly]

Is it safe ?

[Stigmata]

if you disable it, it means no webcam or audio over msn & windows messenger..

i know that much :)

[rvbfan]

If you are talking about universal plug and play device host, then yes it is.

You only need this service if you are on a network with shared printers etcetera.

If you are talking the plug and play service? Then no it would be a bad

thing to disable this.

[MartiMcFly]

Does it not allow a programme to open Ports as it sees fit ? I recently installed BT to download from Legaltorrents and its an option. As i remember years ago i used to use unpnp from Gibson Research Corp to disable it when it was a big security risk. Bt had an option to enable it, which although is ticked i dont think will matter while unpnp has disabled upnp.

Anyway anymore info is cool.

[El_Cu_Guy]

Research research research.

Microsoft has since issued a patch for UPnP. Yes it allows ports to be open as needed. You can disable it if you feel it is a security risk. However, in doing so you will need to reolve port issues manually.

[Help]

^ So can you manually open ports for audio and video for MSN Messenger?

[OPaul]

What's not safe about UPnP?

[alpha_omega]

^ So can you manually open ports for audio and video for MSN Messenger?

585991883[/snapback]

http://www.microsoft.com/technet/prodtechn...oy/worki01.mspx

[Crimson Behelit]

^ So can you manually open ports for audio and video for MSN Messenger?

585991883[/snapback]

Yes.

[Steven]

I've never had a security issue with uPnP. It makes Azureus, Limewire, MSN and other programs that I have work better and easier to use with my router.

[Hypoxiaicon]

Its only 'not safe' If you have a virus/trojan is that UPnP'ing and opening ports, then Yes it can be un-safe.

Other then that, its great, Always on (Y)

[Koding]

I've never had any problems leaving UPnP active.

[+BudMan MVC]

What's not safe about UPnP?

585995424[/snapback]

You do not find that fact that a process on your machine can open ports on your router without you knowing it.. Unsafe?

Sure it can be a great tool -- but then again it can be seen as a GAPING HOLE in the security of a network..

You can also have issues where machine1 says forward port x to it, and machine2 says no forward it to it, etc..

I think this sums it up pretty good from upnp.org

"UPnP? technology is all about makinhome networking simpleb> and affordable fousersb>"

Since when could "simple" and "user" be compared with "safe" and "secure";);)

With UPnP, a device can dynamically join a network, obtain an IP address, convey its capabilities, and learn about the presence and capabilities of other devices?all automatically; trenabling zero configuration networks. Devices can subsequently communicate with each other directly; thereby further enabling peer to peer networking.

Sure Great Stuff - but how can you not see that there could be security problems with this kind of stuff?

If you need it / use it sure -- but I have never found a need for it.

[OPaul]

You do not find that fact that a process on your machine can open ports on your router without you knowing it.. Unsafe?

585996080[/snapback]

No. If someone installed a process that was opening up ports without them knowing then the problem isn't UPnP it's them. You don't install something on your machine without knowing what it is first.

[+BudMan MVC]

No. If someone installed a process that was opening up ports without them knowing then the problem isn't UPnP it's them. You don't install something on your machine without knowing what it is first.

585996214[/snapback]

Good point ;) But just take a look at the virus and spyware requests just here on neowin.. Users can and DO install everything under the sun, with out clue one to what it does.. or could do..

Its like the net is a wack-a-mole game or something -- as fast as something shiny and blinking pops up on their screen they have to click it ;)

Just the fact that it can control your border device without you knowing WHAT ports have been open can be an issue with security.. Maybe I don't want my kids machines IM client to be able to open a port for file xfer, but I want mine too.. How do I configure my UPnP device to allow requests from my machine.. but not my kids, etc.. Where is the Auth part of the API?

zero configuration can lead to zero security IMHO ;)

[Evolution]

If you are talking about universal plug and play device host, then yes it is.

You only need this service if you are on a network with shared printers etcetera.

If you are talking the plug and play service? Then no it would be a bad

thing to disable this.

585990420[/snapback]

... you don't need uPNP to share a printer across a network... I have a shared printer on mine, and none of the computers nor the router has uPNP enabled.

[exotoxic]

i uninstalled UPNP and everything seems to work fine...

[joshpo]

There is a uPNP Windows Service which has to do with printers, and then there is uPNP where a program such as BT can open ports in a router automatically. These are different things. If you have uPNP service disabled programs can still open ports and close them as they see fit. This is *much* safer than leaving a port open all the time on your router, since most programs will close the port when they are terminated if you set them to do so.

[Pete Zaria]

I'm not sure anyone has yet truly defined UPnP. Universal Plug and Play simply opens ports on demand. For example, I have UPnP enabled on my main router. When I go to play a round of medal of honor, it automatically opens the correct port, and then closes it when I'm done playing.

The only time this can become a security issue is if you have "bad" programs (viruses, trojans, worms, spyware) that is/are opening ports.

I leave UPnP enabled, and do a total system scan with panda antivirus and adaware every night. With this setup, I don't think its much of a risk at all.

Crap, even if UPnP somehow left a port open, it probably wouldn't expose any real vulnerabilities unless there was a program listening for traffic on that port, and by chance the hacker knew how to manipulate that program in such a way to get r00t.

Conculsion: IMO, you're safe to leave UPnP on as long as you do a virus/spyware scan frequently, and keep an eye on your logs. Especially if you have a software firewall as well as a hardware firewall.

Peace,

Pete Zaria.

[Caledai]

Firstly Define UPnP.

UPnP - As the functionality provided by a router - will be red

UPnP - As part of the operating system will be blue.

Hope that is easy enough to understand.

I will start with the UPnP that is part of your Operating System. You do not need it

I have disabled both the UPnP and SSDP services with no adverse affects. It may be used by some printers, and I have yet to come across one that fails if this service is disabled. Mainly because they can be configured, and should be, to work without it.

I was planing to give you the command to disable it, but its not even on my computer any more. I completely removed it. So you will need to go to services.msc and stop and disable both UPnP and SSDP

And I still have webcam/voice MSN

UPnP on your router is another matter. Its a great tool, and a great risk. If you trust your network, know what you are doing, then by all means, leave it on. I leave it on for MSN, Azureus and a couple of other programs. Simplifies matters greatly. If you do not trust your network, or the users in it, to not downloaded viruses etc, then disable it. Give yourself a static IP, and forward the normal ports to your computer. Install a personall firewall, and let it run as its defaults. That way, anything that you forward to your computer from your router - always on - will get blocked by the personal firewall, unless you have MSN, or Azeureus etc running.

To sum it up UPnP on your OS - Off

UPnP on your router - ON - Only if you trust your network and the users within it.