WinXP SP2 = security placebo?

Discussion in 'other security issues & news' started by ronjor, Sep 2, 2004.

Thread Status:
Not open for further replies.
  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,722
    Location:
    Texas
    Reg Review We evaluated the security features of Windows XP SP2 on a test machine, following a clean install of XP Pro with no configuration changes and no third-party software or drivers installed. We installed XP with the NTFS file system, choosing all of the factory defaults, then patched it with each recommended security update including SP-1 (required), before installing SP2.

    While we found that there are indeed a few minor improvements worthy of acknowledgment, in particular, some rather low-level improvements that don't show to the admin or user, overall, SP2 did little to improve our system's practical security, leaving too many services and networking components enabled, bungling permissions, leaving IE and OE vulnerable to malicious scripts, and installing a packet filter that lacks a capacity for egress filtering.



    http://www.theregister.com/2004/09/02/winxpsp2_security_review/
     
  2. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Great info in there. Thanks Ronjor.
     
  3. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,722
    Location:
    Texas
    It really is the pits having to deal with all these issues. That's the way it is though. :D
     
  4. luv2bsecure

    luv2bsecure Infrequent Poster

    Joined:
    Feb 9, 2002
    Posts:
    713
    Hey guys,

    I think SP2 is a huge improvement for the security of the average Windows user. The Register has always been alarmist and I think this article is no exception. Thomas Greene is wanting Microsoft to harden the OS to where the average user would be completely lost - creating an end-user nightmare.

    Just take one of his points: He laments the fact that SP2 does not have outbound protection in the new Windows Firewall. True, many predicted it would. However, I am sure that Microsoft ultimately decided that the end-user would be totally lost and it would create such a confusion as to render the trade off useless. We don't give it a second thought when using our firewalls because we all have a common interest in computer security - at the geek level - okay? :) Imagine Joe and Mary Blow sitting at their computer and seeing "Do you want _____(fill in the blank) to access the Internet?" From the printer spool to the svchost to all the update engines - Joe and Mary would be crying at their complete inability to know the difference from something "good" to something "bad" wanting access to the Internet. As much as I hate to say it - for people like the Blow family - Microsoft did the right thing by not creating the chaotic confusion that would have reigned had they enabled egress filtering.

    Likewise, many of the other things mentioned in Greene's article sound good in theory, but if applied in default with Windows, would create as many problems as it attempted to solve.

    Just a different spin on SP2, which I think makes some real strides in the right direction in defaulting Windows - for the average user - to a more secure system.

    John
    Luv2BSecure
     
  5. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,024
    Location:
    The Netherlands
    Interesting article, but can someone please explain to me how to disable all that stuff on Win98 SE? Isn't there software like Safe XP for example that takes care of that?
     
  6. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,722
    Location:
    Texas

    Win98 does not have all these "services". A good firewall should be the best course of action, along with a good antivirus program.

    You can still have programs (trojans or others) that could "call out" so you need a firewall most of all.

    I'm sure others will add to this.
     
  7. MikeBCda

    MikeBCda Registered Member

    Joined:
    Jan 5, 2004
    Posts:
    1,627
    Location:
    southern Ont. Canada
    I think there's growing agreement that while SP2 does include a very few new exploit-fixes (I think), it's primarily aimed at the unfortunately fairly large number of users who haven't a clue where to start with even basic protection. And for them, a little security is better than none.
     
  8. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Hi Rasheed,

    I would go to GRC.com and check out the Network Bondage article.
    It lists important networking configuration instructions for 98.
     
  9. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,748
    Location:
    The Netherlands
    Why can we build hightech cars that can be driven by everyone?
     
  10. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,024
    Location:
    The Netherlands
    Well, I know that as soon as I connect to the net ports 137, 138 and 139 all become active, that are the NetBIOS ports. I want to shut them down, I had already disabled DCOM with Safe XP.

    I'm not worried about the firewall and IE's configuration stuff since I I use ZA Pro and I have configured IE in the most secure way, with a lot disabled (except javascript, only sometimes) but that's one of the biggest problems of course. :(
     
  11. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Last edited: Sep 2, 2004
  12. Infinity

    Infinity Registered Member

    Joined:
    May 31, 2004
    Posts:
    2,651
    I disabled netbios the way grc described and still not experiencing any issues yet.

    I believe in this sp2 to be honest. a lot less hits by my antispyware utilities that is for sure... :D
     
  13. mr burns

    mr burns Guest

    is it just me, or since installing sp2 has the whole startup and shutdown process taken a significantly longer time??
     
  14. Infinity

    Infinity Registered Member

    Joined:
    May 31, 2004
    Posts:
    2,651
    I believe it is just you ;)


    browsing is a lot faster. but no slowdowns on startup noticeable here...

    (glad for that)
     
  15. zcv

    zcv Registered Member

    Joined:
    Dec 11, 2002
    Posts:
    355
    Hello mr burns,

    2nd INFINITY's experience, my system just runs better overall and no slowdowns on startups/shutdowns.

    Aside from the "usual suspects" on slow boot, a possible SP2 reason may be Automatic Updates. From what I've read - can't find the reference at the moment - AU wants to connect to MS servers right off the bat and if they are busy, may slow the system down - don't know what the time out factor would be. Don't use AU myself, so can't make any judgements.

    Regards - Charles
     
  16. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,024
    Location:
    The Netherlands
    Thanks for the links Devinco, I will check them out. ;)
     
Loading...
Thread Status:
Not open for further replies.