Microsoft: SP2 shimmy's not a flaw

TalkBack 18 of 61:

Next »

« Previous

• Thread View
• Flat View

Sounds like MS spin to me

Your argument appears to be based on "I haven't had any trouble so neither has anyone else". In fact XP, and in particular SP2 has been hugely problematic to hundreds of thousands of Windows users. Every time you automatically download your regular as clockwork Windows security exploit patches, you do so completely unaware of the thousands of Windows users who have already been affected by the latest Windows exploit before a patch was available. It's just been discovered that SP2's much vaunted security patches are easily circumvented, leaving YOU exposed to the same old Windows vulnerabilities ... while Linux remains immune.

With XP/IE6, your precious PC can be compromised just by your visiting a malicious web page - this is not possible on a Linux box. As a Windows user, you can download and auto-install viruses, trojans, diallers and such like without any human intervention at all. Again, impossible on Linux. Your calm assertions that you don't have to do much to keep your XP box secure translate as, "there is nothing you can do to keep your XP box secure".

You are vulnerable to the 23 unpatched vulnerabilities in IE which affect you whether or not you load Firefox, because IE is a component of the WIndows OS and cannot be removed. No such problem with Linux. Your asserions that you do as little as I to secure your PC are futile - no matter what YOU do, your XP box is still inherently vulnerable to a host of unpatched flaws and whatever the newest exploit is, before a patch is released.

"I asked Fred Felmen, vice president of marketing for Zone Labs, what impact Windows XP SP2 might have on third-party firewalls such as his Zone Labs ZoneAlarm. He said the Microsoft firewall protects only against inbound threats, not outbound threats, such as keystroke-logging Trojans that report your passwords and credit card info to others. Also, the lack of outbound protection means your infected PC could still participate in distributed denial-of-service attacks. In short, I recommend keeping your third-party firewall enabled alongside Microsoft's. Two firewalls are better than one".
http://reviews-zdnet.com.com/AnchorDesk/4520-7297_16-5324897.html

"Your infected PC"? Even with SP2? And, 2 firewalls? Gosh, XP must be real safe.

"Highly Critical or No Conflict?
http://linuxinsider.com/story/35997.html
The SP2 update, which enables a default firewall and antivirus protection for the bombarded Windows XP operating system, has forced Microsoft to walk a tightrope between security enhancement and impact on other features and applications.

In its security advisory, Heise described the SP2 security holes as "highly critical," but when the company reported the issues to Microsoft last week, the software giant reportedly indicated it did not view the vulnerabilities as very significant.

"We are always seeking improvements to our security protections and this discussion will certainly provide additional input into future security features and improvements, but at this time we do not see these as issues that we would develop patches or workarounds to address," the Microsoft Security Response Center reportedly said in response to the weaknesses reported by Heise.

Old Microsoft, Old Ways
Heise Security's Jurgen Schmidt said in an online response that while there were indications Microsoft has been on the right track with SP2 and security, its response to the reported SP2 bugs shows the company is clinging to its old ways.

"Here it is again: the old Microsoft which backs off to a position like 'This is not a bug, it's a feature,'" Schmidt said. "Their intention is clear. If Microsoft admitted that there is a bug in one of the new security functions, this would result in a lot of bad publicity. So Microsoft prefers that some security experts raise their eyebrows, hopes that nothing serious will happen and that the discussion stays limited to small insider groups."

In response to the Secunia issues, which involve the highly integrated and highly functional Explorer browser and do require some user interaction, Microsoft reportedly said it is not considered a significant risk22.

Your response is a pure attempt to play down and deny the facts - XP is still horrifically more insecure than Linux, and without the regular 100mb patches, would quickly become unuseable.

Posted by: whisperycat   Posted on: 02/03/05 You are currently: a Guest | Members login | Terms of Use

Alert moderator to an offensive message

Subscribe to this discussion via Email or RSS

SponsoredWhite Papers, Webcasts, and Downloads

• Five Steps to Determine When to Virtualize YourServers VMware Server virtualization isn't just for big companies. Entry-level ... Download Now
• Building the Virtualized Enterprise with VMware Iinfrastructure VMware VMware virtualization software has been adopted by over 120,000 enterprise ... Download Now
• Finally, an easier way for Small and Mid-Sized Companies to Run Their Business Applications: IBM Smart Business IBM From the PC to the Internet to every piece of hardware and software in ... Download Now