To all the people who think Windows Xp is great

Boston

http://www.siliconvalley.com/docs/news/svfront/001901.htm

Posted at 2:48 a.m. PST Saturday, Dec. 22, 2001

FBI urges consumers, companies to take additional steps to safeguard Windows XP

WASHINGTON (AP) -- The FBI's top cyber-security unit warned consumers and corporations Friday night to take new steps beyond those recommended by Microsoft Corp. to protect against hackers who might try to attack major flaws discovered in the newest version of Windows software.

The FBI's National Infrastructure Protection Center said that, in addition to installing a free software fix offered by Microsoft on the company's Web site, consumers and corporations using Windows XP should disable the product's "universal plug and play" features affected by the glitches.

The FBI did not provide detailed instructions how to do this. Microsoft considers disabling the "plug and play" features unnecessary.

The company acknowledged this week that Windows XP suffers from serious problems that allow hackers to steal or destroy a victim's data files across the Internet or implant rogue computer software. The glitches were unusually serious because they allow hackers to seize control of all Windows XP operating system software without requiring a computer user to do anything except connect to the Internet.

Outside experts cautioned that disabling the affected Windows XP features threatens to render unusable an entire category of high-tech devices about to go on the market, such as a new class of computer printers that are easier to set up. But they also acknowledged that disabling it could afford some protection against similar flaws discovered in the future.

The FBI, in a bulletin released at 8 p.m. at the start of a long holiday weekend, also warned professional computer administrators to actively monitor for specific types of Internet traffic that might indicate an attack was in progress.

A top Microsoft security official, Steve Lipner, sought to reassure consumers and companies that installing the free fix was the best course of action to protect their systems.

Friday's warning from the FBI's cyber-protection unit came after FBI and Defense Department officials and some top industry experts sought reassurance from Microsoft that the free software fix it offered effectively stops hackers from attacking the Windows XP flaws.

The government's r a re interest in the problems with Windows XP software, which is expected to be widely adopted by consumers, illustrates U.S. concerns about risks to the Internet. Friday's discussions came during a private conference call organized by the National Infrastructure Protection Center.

During the call, Microsoft's experts acknowledged the threats posed by the Windows XP problems, but they assured federal officials and industry experts that its fix -- if installed by consumers -- resolves the issues.

Microsoft declined to tell U.S. officials how many consumers downloaded and installed its fix during the first 24 hours it was available. Experts from Internet providers, including AT&T Corp., argued that information was vital to determine the scope of the threat.

Microsoft also indicated it would not send e-mail reminders to Windows XP customers to remind them of the importance of installing the patch.

Microsoft explained that a new feature of Windows XP can automatically download the free fix, which takes several minutes, and prompt consumers to install it.

"The patch is effective," said Lipner, Microsoft's director of security assurance, in an interview with The Associated Press.

Officials expressed fears to Microsoft about possible electronic attacks targeting Web sites and federal agencies during next week's Christmas holidays from computers running still-vulnerable versions of Windows, participants said.

Several experts said they had already managed to duplicate within their research labs so-called "denial of service" attacks made possible by the Windows XP flaws. Such attacks can overwhelm Web sites and prevent their use by legitimate visitors.

Another risk, that hackers can implant rogue software on vulnerable computers, was considered more remote because of the technical sophistication needed.

The FBI's cyber-security unit has been concerned about the threat and warned again Thursday that the potential of "denial of service" attacks is high. The agency said people unhappy with U.S. policy have indicated they plan to target the Defense Department's Web sites, as well as other organizations that support the nation's most important networks.

---

Comment:

This FBI alert sounds a lot like Steve Gibson's rant about the fundamental weaknesses of Windows XP. Microsoft of course ignores the FBI too. Do you think Microsoft would ever send out millions of emails telling customers that Windows is flawed and leaves them open to hacking, theft, and enables their computers to be used to hack others? Besides, they'd have to do it every week.

If you want to disable Universal Plug and Play follow these steps

Start/Settings/Control Panel/Administrative Tools/Services (Local)/

Universal Plug and Play Device Host - set to Disabled or Manual

mayhem#

Yada, yada, yada...
Like anyone in their right mind will depend on their OS for protection against so-called "hacking" attempts..

Boston

i dont know, that tiny firewall that windows xp has with it, some people might think they dont need to get a better one.
after all windows Xps big selling point is that it includes loads of apps, and your average punter will just keep the standard stuff.

Keep in mind, nortons firewall(in fact allmost all nortons stuff) has problems on Xp, all this will mean that yes, a large number of people who buy Xp wont use the right protection.

why do you think theres go many zombies on Xp systems

MarcusGarvey

Steve Gibson was right all along. Oh no !!!!!!!

Ronan|Raven

Originally posted by MarcusGarvey
Steve Gibson was right all along. Oh no !!!!!!!

He was indeed he made his feeling about the security issues within winxp known a long time ago, ya can read more about his poinions on xp and all other matters here http://grc.com/

chernobyl

Am i wrong but was gibsons concerns all aimed @ the home edition?

Boston

i think that was all he had access to, but you can be sure that microsoft put the same flaws in the other 2 versions

chernobyl

Originally posted by «Bo§ton»
i think that was all he had access to, but you can be sure that microsoft put the same flaws in the other 2 versions

so what?, he didnt buy the other 2 and evaluate them, i doubt it..

MarcusGarvey

A nice article in the Register about this media circus surrounding the XP BOF.

http://www.theregister.co.uk/content/4/23517.html

Boston

Originally posted by chernobyl



so what?, he didnt buy the other 2 and evaluate them, i doubt it..

at the time he was orginaly voicing hes opionion, Xp wasnt released, hell ti wasnt even called Xp at that time, so no he couldnt but the otehr 2 versions an evaluate them, maybe he has now, but not before microsoft had allready told him were to stick his opinion.

Shinji

Steve Gibson is a lot better at working with the media than he is at working with networks.

Loomer

Wow - This is a revalation. Imagine, 2000/XP giving access to higher level protocol layers that have been available on UNIX all this time. :-0

Shinji

And which, it has to be said, are utterly pointless for every practical application I can think of.

WhiteWashMan

Originally posted by Shinji
And which, it has to be said, are utterly pointless for every practical application I can think of.

no, not true shinji.

you can...er, um.......hmmmmmm?

by no, i do of course mean yes.

who the fúck is steve gibson anyway, and why should i listen to him and not my beloved MS?