Ten SP2 flaws leave XP users open to hackers

Take this remark as one wishes because I am neither a M$ hater or lover....but I'll stand with any Company or an individual that requests nothing more than responsible disclosure.

For me....organazations like Secunia act responsibly.

 

Ten SP2 flaws leave XP users open to hackers...
Now that does not sound good to me...

 

MS denies it publicly but has taken steps to investigate the alleged flaws. I am for responsible disclosure as well, but I think the key operative word here is "responsible". I don't see anything in their actions that can be construed as "irresponsible" except for the expected denial. On the other hand, premature disclosure can be more disastrous. Now every hacker is onto these flaws....

 

Perhaps we are on the same page....but the "irresponsible" party I'm speaking of is Finjan's Malicious Code Research Center

 

Hey Kids:

I'm usually not the betting sort, but I'd put some change down on the fact that a portion of these as yet undisclosed vulnerabilities with SP2, in light of my own hassles since its install, might just explain a bit of the anomalies I've faced recently, and recounted in

http:\\www.wilderssecurity.com/showthread.php?t=5328

I mean I want to believe, still, it's all been config or conflict stuff- but now I'm beginning to wonder again!

 

Ohh.... My apologies then for the misinterpretation... my mistake.

 

Not again please....! i've had enough of Houdini, 666 and Santa Claus for one day...!

galcoolest, your case was definitely different! If you put your money where your keyboard is, you'd lose!

 

gal,

As I advised you in the thread you posted above, it is easier to check for system conflicts by downloading TUT from (http://www.answersthatwork.com/TUT_pages/TUT_information.htm).
I am sorry but this is the only app I use to determine/resolve system conflicts. Perhaps other members have better suggestions. In lieu of TUT, you could also run your Event Viewer and see if your monitor does not light up with warnings & errors as I suspect it will.

 

I'm not exactly sure, but most of these "flaws" sound like the same issues that have been discussed since late September. One issue that I have with the way the majority of writers discuss these problems, is in their almost universal characterization of them as operating system flaws. It may be an overly-nuanced point, but personally I view the IE Zone exploit issue, SP2 downloaded code notification bypass issue, and the like as user mode code exploits and not as operating system exploits. The difference being that none of them truly broach the kernel mode operating system's object security and access rights restrictions. For example, as far as I understand each of these issues, none of them can elevate your privileges beyond that in which you are running IE and/or Windows Explorer. If you are surfing the web in an account with Admin privileges then, yes, these exploits can in turn cause you Admin level troubles... however, if you are surfing the web with IE in a normal, restricted user account then the exploits are also limited to the same normal, restricted user account rights.

@Bubba: Perhaps I'm totally missing your point, but why did you say that Finjan's is acting irresponsible? According to the article: "Finjan's Malicious Code Research Center, which claims to have identified the flaws, has provided Microsoft with full technical details and has been assisting the software giant to patch the holes." Followed by: "Although it warned users about the alleged flaws, the security firm refused to provide specific details." That all sounds reasonable enough to me.

 

I am not answering in behalf of Bubba but read this quote carefully:

IMO, it is not so much the veracity of the allegation (as I'm sure they have a basis for it) but rather the timing that makes it irresponsible. And self-serving....

 

Yeah, just goes to show how much you NEED SurfinGuard, eh? I'm sure they could have brought this up to MS without the fanfare. It would at least have been nice to offer users something about whether setting IEs security settings to "high" would help or not (if not a specific setting.)

 

Microsoft doesnt seem to accept initially that their softwares have flaws and then a few days later come up with a plethora of patches to install and making life miserable for the end user.They need to hire these independent researchers to do the work of finding out vulnerabilities instead of the ones sitting in Redmond.
Its got to a point which is really mind boggling.Windows Xp has been patched so many times in the past loads and loads of patches its so scarred it wont be able to be repaired in the real world if it was alive.Ah well i hope these 10 new vulnerabilities are fixed as soon as possible.

 

IMO I am certain that MS is aware of the potential flaws in their OS prior to their release.... but as the saying goes "The Show must go on...." Release dates have to be met, the competition is banging at the gates, the stockholders have to be kept happy, etc,etc....

MS wants XP to be everything to everybody. This perhaps, is the biggest flaw in XP. For you guys who can't seem to appreciate the wonders of XP, try Win 3.1. The point is, XP has come a long way. It is still at SP2 and all I read about are criticisms on the mind-boggling number of patches. NT 4 Enterprise had at least 6 patches (I stopped counting at SP6a) but I didn't read of too many complaints against this wonderful OS. Why? Simply because
it was not made readily available to ordinary folks like you and me.

Now, along comes XP. Based on that same NT technology, but adapted to the average user's wants, a user who would probably call MS Support the moment a warning message appears on his screen, a user who hasn't learned what the F1 key is for... then we have the perfect recipe to clog up MS's switchboard... 100,000,000 users calling MS about how to install this or install that.

To avoid this, a bright guy sitting in Redmond comes up with the idea of, nevertheless,putting in all the features of an OS that can be "everything to everyone" , but setting the defaults as "ON". (Since mom wants to use dad's printer, they share it. While they're at it, they share files as well...) Nice set up but it provides the very infrastructure needed by a hacker to access everyone's files in their nice cozy home network!

Now, consider the alternative. If MS does not leave every default as "on", what would the average user do? Call support or get a Mac, right?

You got what you wanted! So stop bitching and just turn off all the features you can live without.

 

Awww...! Shucks! Must I really go back to Windows 3.1?