So two weeks ago, AOL began turning the feature off on customers' behalf, using a self-updating mechanism in AOL's software. But the setting changed is on Windows, not AOL's software. Users are not notified of the change, though they may manually turn the feature back on, and AOL won't change it again.
Weinstein said the company has changed settings for 15 million users already and will continue doing so over the next few weeks.
"Almost none of the users will ever need this functionality," he said. "Even in the office environment, it is rarely used."
Furthermore, he said, AOL won't change settings unless the user has administrative privileges on that computer — something employees generally don't have on their work machines.
Weinstein notes that besides blocking pop-up spam, it closes a Windows vulnerability that Microsoft Corp. deems critical and disclosed last week.
Microsoft officials said they were reviewing the AOL changes and had no immediate comment.
Lawrence Baldwin, president of the security Web site myNetWatchman.com, said that while AOL should be lauded for taking responsibility for ensuring computer security, "I certainly wouldn't want my ISP (Internet service provider) messing with my system."
For software to change computer settings on its own isn't unprecedented. Software from other vendors, for instance, can automatically make itself the main application for playing music files or surfing the Web. Any warnings are often hard to find.
Russ Cooper, a security expert with TruSecure Corp., said anyone who needs the Windows messaging function that AOL disabled ought to be smart enough to know how to reactivate it.
"I hope more and more providers do this type of proactive security," he said, "and that we don't condemn them for things we wish everybody would do for themselves."
