SP2: Fatally Flawed…

Yahoo! News – Security Flaws Found in SP2

Security Flaws Found in SP2

Wed Aug 18,12:00 PM ET Add Technology – PC World to My Yahoo!

Paul Roberts, IDG News Service

Security researchers inspecting a new update to Microsoft’s Windows XP (news – web sites) found two software flaws that could allow virus writers and malicious hackers to sidestep new security features in the operating system.

German Internet security portal Heise Security published a security bulletin, dated August 13, describing two holes in the Windows XP Service Pack 2 and warning users about running programs from untrusted Internet sites.

The flaws could allow virus writers to circumvent the security feature and write worms that spread on XP SP2 systems, according to the bulletin. However, the researcher who discovered the holes says he does not consider the flaws to be serious and he still recommends installing SP2.

So let’s understand this…

Microsoft takes months to release SP2.

It’s released and there are enormous compatibility problems with peoples existing applications (including, ironically, some antivirus software; a discovery which could be considered a security hole in some ways)…

Then comes the discovery of security glitches in a package that’s supposed to fix security glitches.

Anyone else wondering what the hell is going on at MS these days?

This entry was posted in Unfiled. Bookmark the permalink.
  • http://stageleft.crow.ws stageleft

    M$ actually came out with an anti-patch patch before they rolled SP2 into the auto-update. After installation SP2 is ignored for 120 days within the update process – you can bet I installed it on every XP box I could find :-)

  • http://www.lobowalk.com Daniel Medley

    I can tell you exactly what’s going on; MS, because it’s user-base dwarfs that of any other OS, is the largest target for hackers and attackers.

    The time and effort it takes to find and exploit OS holes is considerable. You get more bang for your buck, so to speak, by going after the largest OS user-base (MS) then say something whose market share is barely noticable in comparison; something like, say, MAC . . .:)

    Good to see IT’s not going away.

  • http://nonannystate.blogspot.com The Other Mike S

    We still use Win 98SE here at our bank. It’s far and away the most stable of the MS products. It doesn’t give users admin privileges – why the hell would MS make a business product that gives regular users admin power?

    I just provided some material for a tech magazine regarding, “what do you want MS to do in the future?” I said to the effect, “deliver a product that doesn’t make the end user a beta tester every damned time a new product is released.” I doubt they’ll use the quote because MS is a big advertiser….

    And before anyone asks, we haven’t moved to Linux or Macs because all of the software developers for banking apps only write for MS OS’s.

  • http://www.lobowalk.com Daniel Medley

    We still use Win 98SE here at our bank. Itís far and away the most stable of the MS products.

    Damn, I’d have to respectfully disagree with you on that. 98 parts one and two were known as being barely marginally better than 95. I can’t tell you how many times 98 SE made me want to stick an ice pick through my skull.

    I’ve been using Win2K for awhile now and its been very stable. I’m currently building a new system that will have WinXP Pro which every IT person I’ve talked with says is light years ahead of any other M$ OS as far as stability is concerned.

    Just my two cents.

  • http://www.insignificantthoughts.com Vinny

    Two words for stability freaks:

    OS/2 Warp

    End of discussion. :wink:

  • http://nonannystate.blogspot.com The Other Mike S

    Daniel,

    As a server OS, Win2K is great, in fact it’s what we use. But you don’t need that much power on a desktop for non-IT employees. Email, word, banking apps, that’s about it for most employees.

    We ran Win2K on a couple of desktops when it first came out, and it was nothing but trouble. Not worth the grief.

    And yeah, I know, you have the ability to make the admin powers supposedly impotent, but just one fuck up, and you’ve got a desktop user with root access [shudder].

    Bring back the abacuss, ledger sheets and (paper) thank you notes!

  • http://stageleft.crow.ws/ stageleft

    M$ actually came out with an anti-patch patch before they rolled SP2 into the auto-update. After installation SP2 is ignored for 120 days within the update process – you can bet I installed it on every XP box I could find :-)

  • http://www.lobowalk.com/ Daniel Medley

    I can tell you exactly what’s going on; MS, because it’s user-base dwarfs that of any other OS, is the largest target for hackers and attackers.

    The time and effort it takes to find and exploit OS holes is considerable. You get more bang for your buck, so to speak, by going after the largest OS user-base (MS) then say something whose market share is barely noticable in comparison; something like, say, MAC . . .:)

    Good to see IT’s not going away.

  • http://nonannystate.blogspot.com/ The Other Mike S

    We still use Win 98SE here at our bank. It’s far and away the most stable of the MS products. It doesn’t give users admin privileges – why the hell would MS make a business product that gives regular users admin power?

    I just provided some material for a tech magazine regarding, “what do you want MS to do in the future?” I said to the effect, “deliver a product that doesn’t make the end user a beta tester every damned time a new product is released.” I doubt they’ll use the quote because MS is a big advertiser….

    And before anyone asks, we haven’t moved to Linux or Macs because all of the software developers for banking apps only write for MS OS’s.

  • http://www.lobowalk.com/ Daniel Medley

    We still use Win 98SE here at our bank. Itís far and away the most stable of the MS products.

    Damn, I’d have to respectfully disagree with you on that. 98 parts one and two were known as being barely marginally better than 95. I can’t tell you how many times 98 SE made me want to stick an ice pick through my skull.

    I’ve been using Win2K for awhile now and its been very stable. I’m currently building a new system that will have WinXP Pro which every IT person I’ve talked with says is light years ahead of any other M$ OS as far as stability is concerned.

    Just my two cents.

  • http://www.insignificantthoughts.com/ Vinny

    Two words for stability freaks:

    OS/2 Warp

    End of discussion. :wink:

  • http://nonannystate.blogspot.com/ The Other Mike S

    Daniel,

    As a server OS, Win2K is great, in fact it’s what we use. But you don’t need that much power on a desktop for non-IT employees. Email, word, banking apps, that’s about it for most employees.

    We ran Win2K on a couple of desktops when it first came out, and it was nothing but trouble. Not worth the grief.

    And yeah, I know, you have the ability to make the admin powers supposedly impotent, but just one fuck up, and you’ve got a desktop user with root access [shudder].

    Bring back the abacuss, ledger sheets and (paper) thank you notes!