Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Report: Major Windows Security Update Foiled
ZDNet ^ | 1/28/05 | Robert Lemos

Posted on 01/28/2005 6:24:09 PM PST by 1LongTimeLurker

*

A Russian security company claims it found a way to beat a security measure in Microsoft's Windows XP Service Pack 2, a major update aimed at securing customers' PCs.

The SP2 measure, known as Data Execution Protection, is intended to prevent would-be attackers from inserting rogue code into a PC's memory and tricking Windows into running the program. However, in a paper published Friday, Moscow-based Positive Technologies said two minor mistakes in the implementation of the technology allow a knowledgeable programmer to sidestep the protection.

The company notified Microsoft of the problem Dec. 22, but it apparently decided not to wait for the software giant to patch the flaws.

Neither Microsoft nor Positive Technologies immediately responded to requests for comment Friday.

After several delays, Microsoft began rolling out SP2 in August of last year, at which time company Chairman Bill Gates called the update "a significant step in delivering on our goal to help customers make their PCs better isolated and more resilient in the face of increasingly sophisticated attacks."


TOPICS: News/Current Events
KEYWORDS: computersecurity; insecurity; windows
For those of you out there running Windows machines with SP2 be aware of this. Fixes for Windows security problems can be found here
1 posted on 01/28/2005 6:24:09 PM PST by 1LongTimeLurker
[ Post Reply | Private Reply | View Replies]

To: 1LongTimeLurker

Do you ever get the feeling that Microsoft doesn't know as much about it's own system and code than these hackers do? If they do know as much as the Hackers they have a serious quality control and supervisory problem. If they don't as much they need to hire these people to help them in securing their obviously porous software.


2 posted on 01/28/2005 6:29:11 PM PST by drt1
[ Post Reply | Private Reply | To 1 | View Replies]

To: 1LongTimeLurker

Maybe if Microsoft weren't so interested in having access to your computer themselves they could prevent others from doing the same thing.


3 posted on 01/28/2005 6:30:44 PM PST by FreePaul
[ Post Reply | Private Reply | To 1 | View Replies]

To: drt1

I haven't updated to SP2, i don't know if i will. I use good antivirus and firewall programs on my pc.

I'm waiting for microsoft to prove that they can have a patch that fixes all their problems before i bother installing Sps after Sps.


4 posted on 01/28/2005 6:31:31 PM PST by 1FASTGLOCK45
[ Post Reply | Private Reply | To 2 | View Replies]

To: 1FASTGLOCK45

I updated to the last fix and got all sorts of trouble so I had to uninstall. There is another one waiting for installation and I am reluctant to do it.


5 posted on 01/28/2005 6:34:36 PM PST by Bahbah
[ Post Reply | Private Reply | To 4 | View Replies]

To: 1FASTGLOCK45
If past is prologue methinks you will have a very long wait before you can install SP2. :-)
6 posted on 01/28/2005 6:35:20 PM PST by drt1
[ Post Reply | Private Reply | To 4 | View Replies]

To: 1LongTimeLurker

better call up bush2000 to defend his employer, bill gates.


7 posted on 01/28/2005 6:36:15 PM PST by ken21
[ Post Reply | Private Reply | To 1 | View Replies]

To: 1LongTimeLurker

Just run a program coded in .Net - DEP is not turned on for .Net programs at all.


8 posted on 01/28/2005 6:37:16 PM PST by ikka
[ Post Reply | Private Reply | To 1 | View Replies]

To: drt1

Total size of team programming SP2: SEVEN. Even figure they pay these guys a million a year and it took 2 years, that is a lousy $14 million. Meanwhile MS pulls in BILLIONS a year.


9 posted on 01/28/2005 6:39:08 PM PST by ikka
[ Post Reply | Private Reply | To 2 | View Replies]

To: Bahbah

That must be fustrating to have an installation not go through smoothly. That's the other reason i was hesistant to even try it because i heard there are issues and some programs don't work after SP2 being installed. I don't blame you for not doing it.


10 posted on 01/28/2005 6:39:35 PM PST by 1FASTGLOCK45
[ Post Reply | Private Reply | To 5 | View Replies]

To: drt1

Your right. LOL, i figured as much, computers will be reinvented before microsoft figures out they need to go back to basics. They have the ability to go back to basics and remake windows even better. it doesn't have to be fancy, all we want is good connectivity and program reliablity.


11 posted on 01/28/2005 6:41:03 PM PST by 1FASTGLOCK45
[ Post Reply | Private Reply | To 6 | View Replies]

To: FreePaul

I think you have hit the nail on the head.

Microsoft is like the monkey holding the datenut in the jug. Until the monkey lets go, it will never escape.

Microsoft is trying to keep its back doors open for its future pay every month or your computer will not work system.

Also there are more than enough easter eggs in the microsoft system for those interested in looking. I am sure SOMEBODY here has a few of them.


12 posted on 01/28/2005 6:41:28 PM PST by longtermmemmory (VOTE!)
[ Post Reply | Private Reply | To 3 | View Replies]

To: 1LongTimeLurker

My next machine will be either Linux based or a Mac, I'm tired of all the patches ,updates and BS that comes with a MS product.


13 posted on 01/28/2005 6:43:28 PM PST by blastdad51 (Proud father of an Enduring Freedom vet, and friend of a soldier lost in Afghanistan)
[ Post Reply | Private Reply | To 1 | View Replies]

To: 1FASTGLOCK45
That must be fustrating to have an installation not go through smoothly.

Especially if you are technologically challenged. I will say, however, that everything I have learned about computers I leaned here on FR. I read through all the threads on compter issues, understand maybe 1%, but still pick up tons of information. ;-)

14 posted on 01/28/2005 6:43:54 PM PST by Bahbah
[ Post Reply | Private Reply | To 10 | View Replies]

To: FreePaul
"Maybe if Microsoft weren't so interested in having access to your computer themselves they could prevent others from doing the same thing."

Exactamundo! These "Flaws", presented as inadvertent, unintentional bugs, are really back doors that were purposely engineered into the software for the benefit of MS and other Entities to use in tracking clients usage. IMO they deserve to have their A$$es sued off.

15 posted on 01/28/2005 6:44:03 PM PST by drt1
[ Post Reply | Private Reply | To 3 | View Replies]

To: 1LongTimeLurker

The problem with Bill Gates' "Conquer the World" strategy is that there is always another young protege in the wings preparing to take it from him.

Such are the liabilities and travails of being a Sith Lord.


16 posted on 01/28/2005 6:45:30 PM PST by Imal (Let us trim our hair in accordance with Socialist lifestyle.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: drt1

drt1 wrote:
Exactamundo! These "Flaws", presented as inadvertent, unintentional bugs, are really back doors that were purposely engineered into the software for the benefit of MS and other Entities to use in tracking clients usage. IMO they deserve to have their A$$es sued off.

* Bullseye, i think you hit the nail right on the head.


17 posted on 01/28/2005 6:46:46 PM PST by 1FASTGLOCK45
[ Post Reply | Private Reply | To 15 | View Replies]

To: Phsstpok

ping for later


18 posted on 01/28/2005 6:49:13 PM PST by Phsstpok ("When you don't know where you are, but you don't care, you're not lost, you're exploring.")
[ Post Reply | Private Reply | To 1 | View Replies]

To: 1LongTimeLurker

As usual, there will be an update. I've never had a virus. I just update whenever there is one and use a hub with a firewall. No problem.


19 posted on 01/28/2005 6:51:00 PM PST by Poser (Joining Belly Girl in the Pajamahadeen)
[ Post Reply | Private Reply | To 1 | View Replies]

To: ikka

I have a hard time believing MSFT only had 7 developers working a major upgrade to, by far, their most important product. Do you have a source for this or are you just some disgruntled Mac-geek talking trash? Seven managers maybe.


20 posted on 01/28/2005 6:52:53 PM PST by StockAyatollah
[ Post Reply | Private Reply | To 9 | View Replies]

To: drt1
"Exactamundo! These "Flaws", presented as inadvertent, unintentional bugs, are really back doors that were purposely engineered into the software for the benefit of MS and other Entities to use in tracking clients usage. IMO they deserve to have their A$$es sued off."

Your response is worthy of a DU conspiracy theory. Your fears are fantasies.

21 posted on 01/28/2005 6:58:05 PM PST by Honcho Bongs (See your doctor if surfing experience exceeds four hours)
[ Post Reply | Private Reply | To 15 | View Replies]

To: 1LongTimeLurker

I read a while back that MS will 'push' SP2 updates this spring. Exactly what will 'push' entail? Unrefusable downloads?


22 posted on 01/28/2005 7:02:15 PM PST by polymuser
[ Post Reply | Private Reply | To 1 | View Replies]

To: 1LongTimeLurker

Seems I read a while back that MS will 'push' SP2 updates this spring. True? Exactly what will 'push' entail? Unrefusable downloads?


23 posted on 01/28/2005 7:02:47 PM PST by polymuser
[ Post Reply | Private Reply | To 1 | View Replies]

To: 1FASTGLOCK45

drt1 wrote:
Exactamundo! These "Flaws", presented as inadvertent, unintentional bugs, are really back doors that were purposely engineered into the software for the benefit of MS and other Entities to use in tracking clients usage. IMO they deserve to have their A$$es sued off.

1FASTGLOCK45 wrote:
* Bullseye, i think you hit the nail right on the head.

*Don't look for diabolical conspiracies when simple incompetence will explain quite nicely. Keep in mind that MS is a HUGE bureaucracy and thus has all the same lovely qualities that government bureaucracies have.


24 posted on 01/28/2005 7:03:52 PM PST by ChildOfThe60s (If you can remember the 60's.....you weren't really there.)
[ Post Reply | Private Reply | To 17 | View Replies]

To: Poser
I've never had a virus. I just update whenever there is one

That must be hard given that there are 50,000 or 60,000 of them for Windoze.

25 posted on 01/28/2005 7:07:00 PM PST by Izzy Dunne (Hello, I'm a TAGLINE virus. Please help me spread by copying me into YOUR tag line.)
[ Post Reply | Private Reply | To 19 | View Replies]

To: Honcho Bongs
"Your response is worthy of a DU conspiracy theory. Your fears are fantasies."

Huh??

26 posted on 01/28/2005 7:24:29 PM PST by drt1
[ Post Reply | Private Reply | To 21 | View Replies]

To: blastdad51
My next machine will be either Linux based or a Mac, I'm tired of all the patches ,updates and BS that comes with a MS product.

You, know, I am a happy Linux/Unix user going on 10 years now but the key is not the absence of patches. It is actually the frequency of small, incremental patches that keeps surprises away. No software is published without errors. It is not unusual that two or three small patches will come out every day for a few of the hundreds of components that make up Linux. With thousands of non-bureaucratic people, each with his/her own pride and interest in a free product they put their name on, it isn't surprising that the patches are frequent and the quality is high.

Because I am a former System Administrator I think these are neat and apply them almost every day. "Normal" people might apply them once a month or less frequently. Either way it is no big deal and simply a matter of clicking by the patches you want. I'm not sure I remember the last time I had a problem with one, although I think one did occur a couple of years ago.

Microsoft takes the wrong road, IMO, working for years on a single monolithic patch and then flooding the user community with it. The changes are too great and the real risks of incompatibility are high. It is considerably better to supply the frequent patches and allow the user community the choice when to install them.

27 posted on 01/28/2005 7:40:40 PM PST by steve86
[ Post Reply | Private Reply | To 13 | View Replies]

To: BearWash
I also wanted to mention that I finally installed a (free) virus checking package for Linux. As expected, it didn't find any viruses on the Linux side. But it did find one on the Windows partition that McAfee had missed!
28 posted on 01/28/2005 7:43:17 PM PST by steve86
[ Post Reply | Private Reply | To 27 | View Replies]

To: drt1
Do you ever get the feeling that Microsoft doesn't know as much about it's own system and code than these hackers do? If they do know as much as the Hackers they have a serious quality control and supervisory problem. If they don't as much they need to hire these people to help them in securing their obviously porous software.

Absolutely spot on!!

As someone who has done some serious software QC in the past, I maintain MicroSloth's QC dept is a complete joke. I often time wonder if they have one at all. Mistake after screwup after blunder after foulup after...

If everybody would quit using IE, Outlook and Outlook Express, 95% of these problems would be instantly solved.

29 posted on 01/28/2005 8:21:22 PM PST by upchuck ("If our nation be destroyed, it would be from the judiciary." ~ Thomas Jefferson)
[ Post Reply | Private Reply | To 2 | View Replies]

To: Izzy Dunne

" That must be hard given that there are 50,000 or 60,000 of them for Windoze."

It's easy and automatic. Windows works great. If you are numb enough to to click on a virus you deserve what you get.


30 posted on 01/28/2005 9:09:10 PM PST by Poser (Joining Belly Girl in the Pajamahadeen)
[ Post Reply | Private Reply | To 25 | View Replies]

To: 1LongTimeLurker

bttt


31 posted on 01/29/2005 5:40:47 PM PST by steve86
[ Post Reply | Private Reply | To 1 | View Replies]

To: Poser
If you are numb enough to to click on a virus you deserve what you get.

If it were only that simple, unfortunately viruses like Slammer & MSBlast self-replicated and attacked vulnerable machines directly without requiring a user to do anything themselves.

32 posted on 01/29/2005 5:58:09 PM PST by 1LongTimeLurker
[ Post Reply | Private Reply | To 30 | View Replies]

To: 1LongTimeLurker

"If it were only that simple, unfortunately viruses like Slammer & MSBlast self-replicated and attacked vulnerable machines directly without requiring a user to do anything themselves."

If you are numb enough to not have a firewall, you deserve what you get.


33 posted on 01/29/2005 7:57:33 PM PST by Poser (Joining Belly Girl in the Pajamahadeen)
[ Post Reply | Private Reply | To 32 | View Replies]

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson