Windows XP Security Problem (major)

[takingchances42]

Someone may have already posted something about this, but if so, I didn't see it. A progammer friend sent it to me with the links.

A WARNING:

Windows XP contains a massive security hole. This bug allows an attacker to delete files contained in any specified directory (including root) on
your system, simply by getting you to click on a malicious URL. That URL can be anywhere: in email, a chat room, a newsgroup article, or of course on a web page. It's even possible for the malicious URL to be accessed automatically if you simply visit a web page.

The Inquirer has specifics (http://www.theinquirer.net/?article=5354),
as do many other on-line news sources. There is a workaround, mentioned in that article, but the real answer unfortuantely is to install SP1 or,
better yet, to upgrade your system from Windows XP to Windows 2000.

-- Robert Bruce Thompson thompson@ttgnet.com http://www.ttgnet.com <
http://
www.ttgnet.com>


also from http://www.theinquirer.net/?article=5354

Another reader tells us he saw a report on TechTV, the background to which they give here where they state that Microsoft has known about the flaw
for some 11 weeks but kept the lid on it because it is so easy to exploit.

Microsoft urges Windows XP users to download the Service Pack and install it as quickly as possible. You can find that here . It's a large file, though, and CD versions are only available on the US and Canada at the moment, according to Microsoft.

 

[HeavyStick]

open internet explorer click on tools select windows update and click to let them scan your computer to see what updates you need first.

download drivers last, update XP first.

 

[sabbathstorm]

On the topic of Windows updates - anyone have any problems with the new service pack?

 

[HeavyStick]

downloading it now.... are you having any problems?

 

[sabbathstorm]

I've been seeing some problems with it at work. In 24 hours I had the exact same error messages with two different customers. I'm watching to see what other issues come up with this one.

 

[fgarvb1]

It does not suprise me that xp has issues.

Yes i downloaded sp1 (my wifes computer) however as she mostly pays card games no trouble has appeared yet.

We do all the bill paying and stuff on my computer (win 98se) and i try to keep on top of everything. (yes including my wife! for all the good it does.

 

[binkley]

The fix is simple: upgrade to Linux or buy an iMac.

 

[Spinaroonie]

See, when I say things it's always "Spin, you're biased". But no, Win XP is STILL VERY VULNERABLE after this patch is put up.

I'm surprised that XP is secure against Win-Nuke.

Btw, As it turns out MS WORD has some security issues too. Unbelieveable.

 

[fgarvb1]

Somthing different.

what do you think?

http://grc.com/xpdite/xpdite.htm

 

[katelync]

Thanks TC for the info...didn't know anything about it.

 

[littlekateyes]

My brother works for Microsoft, and has given me xp. He said this is false. I have not experienced any problems at all. XP had one problem and as soon as you sign on to the internet the patch for the problem is immediately downloaded and taken care of. I believe what you are describing (and the links) are one of the latest hackers ploy, or yet another virus.

 

[riff]

I like this thread,

 

[takingchances42]

My brother works for Microsoft, and has given me xp. He said this is false. I have not experienced any problems at all. XP had one problem and as soon as you sign on to the internet the patch for the problem is immediately downloaded and taken care of. I believe what you are describing (and the links) are one of the latest hackers ploy, or yet another virus.

Four comments:

1. I don't for sure, one way or the other. I was sent the information from a source I considered very credible, and passed it along complete with links, for people to make their own decisions.

2. He is recommending people install a new Microsoft Service Pack, downloaded or ordered on CD from Microsoft -- how could that be a "hackers ploy, or yet another virus"???

3. You would not have any problems unless you came across a malicious URL. One of the assertions in the article was that automatic download patch was not in fact adquate, that you needed to install the whole Service Pack release.

4. Microsoft has a long history of being less than forthright about these things, and I would guess this extends to communications to their employees -- therefore I would not take the word of a Microsoft employee as being the ultimate authority there, particularly if that employee worked in another division than the one dealing with this.

 

[sabbathstorm]

The problem I've seen originates in the download and install process. It has to do with a certain administrative service that should be running for the service pack to download and install. When you check on the services running, it already is running but will not download and install. There's no fix for it yet and I've personally had to deal with two very pissed off customers who expect me to fix it.

 

[RhumbRunner13]

I just downloaded and installed "Service Pack 1"

It is a long, long install process. The SP downloaded in about 1 minute, but starting the installation took so long to "run inventory" that I thought my 'puter had hung and restarted the install.

After a long wait another download started that was over 22,000 Kb and took over 20 minutes on cable! Then installing hundreds of files took a while longer and resetting cabinets and finishing installation took some more time. All in all, I would guess the process took nearly an hour!

Be aware of and ready for the apparent "Hang up".

I did not archive the pack on the second install. On restart my "Outlook Express" icon was gone from my desktop and I had to go find it and put it back!

Rhumb

 

[Mike_F]

Snipping and clipping, but leaving the juicy stuff...

... XP had one problem and as soon as you sign on to the internet the patch for the problem is immediately downloaded and taken care of. I believe what you are describing (and the links) are one of the latest hackers ploy, or yet another virus.

Little Kat Eyes, sorry to pick on you, but here it goes.

The simplest of programs, for example, an Autoexec.bat file with the single command ECHO Hello World may make for a nice started program for learning, but fail to do anything useful, and it still has to be inturpeted, and executed by the computer. Any number of things can go wrong, and this is just a one line, batch file. If the command interputer is corrupted then it may not reconize the command Echo, or if it does, it may not know what to do with the paramitors.

When you create an operating system something is bound to be overlooked. Look at MS/PC-DOS. It has made it to the seventh major revision, and it was desinged to execute only one program at a time. When a bug has servived 2 major revisions it is then labled a feature, and that is how a lot of new, unexplainable features get added. Do to time and cost contrains, it may be now that if it survives a single major revision, or two minor up-dates, it is a feature. Sorry kiddo, but Windows is a lot larger than MS-DOS ever was.

Lets see, Windows, and Windows 2.0 never amounted to anything, so we can't really start counting till Win 3.11. So, there is Win 3.1, 95/NT3.5, 98/NT4.0, ME/2K, XP - up to 5 major revisions, almost time for MS to find a new OS Sorry, but it is just the nature of things. Look at life, as a single cell orgasam life was simple - split or die. Now it is split, marry, divorce, seperate, get together, remain single, hook up with someone, and so much more. With a program so big, and yes, an operating system is a program, there is bound to be at least a bug somewhere.

Don't mean to pick on you, or where your brother works, but there is always a problem somewhere, unless you take years to fix it all, and even then, change one peice of equipment, and you can break it again. Sorry

Mike_F

 

[Mike_F]

Problems

The only problem I have is low disk space, and it took forever to tell me it needed ove half a gigabyte to install. It seems to want to back up, and achrive a lot of files.

SabbathStorm:
I had a problem with a program that was orgininaly desinged for Win 98/NT 3.51. Since XP, even the home edition, acts much like Win NT 4+ (does anyone still call it NT 5.0?), it has certin registery settings that messed around with my install of the program. It wanted me to sing on as an administor, and it automaticly installed the NT version, and other things. I was later able to go back and edit the registry, based on error messages, a knowlegde base article, and some other hoops. My guess is that the person has to either have the machine configured for themselves, or log on as an administor, and do the dirty deed there. I'll let you know what I find out, as I had my WinDOZE XP Home Ed set up for guest and a trusted friend at one point. Just need to get rid of some junk first.

Mike_F

 

[littlekateyes]

Four comments:

1. I don't for sure, one way or the other. I was sent the information from a source I considered very credible, and passed it along complete with links, for people to make their own decisions.

2. He is recommending people install a new Microsoft Service Pack, downloaded or ordered on CD from Microsoft -- how could that be a "hackers ploy, or yet another virus"???

3. You would not have any problems unless you came across a malicious URL. One of the assertions in the article was that automatic download patch was not in fact adquate, that you needed to install the whole Service Pack release.

4. Microsoft has a long history of being less than forthright about these things, and I would guess this extends to communications to their employees -- therefore I would not take the word of a Microsoft employee as being the ultimate authority there, particularly if that employee worked in another division than the one dealing with this.

I understand what you are saying. Actually he does work directly with that department considering he help bring xp to the market, some part in creating it. He also is one of the creator for xbox. The download are downloaded as soon as you sign on, all the patch are also, unless you automatic download feature off.

 

[littlekateyes]

Snipping and clipping, but leaving the juicy stuff...


Little Kat Eyes, sorry to pick on you, but here it goes.

]It is ok I am use to it, nor do I take it that way. I my self am not picking on anyone either. We all have different opinions

The simplest of programs, for example, an Autoexec.bat file with the single command ECHO Hello World may make for a nice started program for learning, but fail to do anything useful, and it still has to be inturpeted, and executed by the computer. Any number of things can go wrong, and this is just a one line, batch file. If the command interputer is corrupted then it may not reconize the command Echo, or if it does, it may not know what to do with the paramitors.

That is why earlier Microsoft sent out a new batch file.


When you create an operating system something is bound to be overlooked. Look at MS/PC-DOS. It has made it to the seventh major revision, and it was desinged to execute only one program at a time. When a bug has servived 2 major revisions it is then labled a feature, and that is how a lot of new, unexplainable features get added. Do to time and cost contrains, it may be now that if it survives a single major revision, or two minor up-dates, it is a feature. Sorry kiddo, but Windows is a lot larger than MS-DOS ever was.

Very true! If you dont understand the componets of MS-Dos then you can be royally screwed.



Lets see, Windows, and Windows 2.0 never amounted to anything, so we can't really start counting till Win 3.11. So, there is Win 3.1, 95/NT3.5, 98/NT4.0, ME/2K, XP - up to 5 major revisions, almost time for MS to find a new OS Sorry, but it is just the nature of things. Look at life, as a single cell orgasam life was simple - split or die. Now it is split, marry, divorce, seperate, get together, remain single, hook up with someone, and so much more. With a program so big, and yes, an operating system is a program, there is bound to be at least a bug somewhere.

 

[Spinaroonie]

I understand what you are saying. Actually he does work directly with that department considering he help bring xp to the market, some part in creating it. He also is one of the creator for xbox. The download are downloaded as soon as you sign on, all the patch are also, unless you automatic download feature off.

Please tell your brother to make a good game for the X-Box besides Halo. Please.

Also, the X-box is evil, a group found that you can put Linux onto it using a simple modchip. Now MS wants to hire them and make the new X-Boxes unmodable.

PS. Enron employees didn't know everything that's going on in the company, the same is true for MS employees (and if they do know, they'll lie)

 

[Spinaroonie]

Also... BEWARE!

I cannot recall if SP1 has a EULA on it, but if it does.. READ IT!

MS recently changed the EULA on their server software... Now if you want to patch a MS server against a HUGE security hole, you have to agree to MS Spyware.

 

[HeavyStick]

Re: Re: Windows XP Security Problem (major)

The fix is simple: upgrade to Linux or buy an iMac.

which flavor of linux?

have you tried lindows? www.lindows.com

 

[Unclebill]

Originally posted by Mike_F
. . . Lets see, Windows, and Windows 2.0 never amounted to anything, so we can't really start counting till Win 3.11. So, there is Win 3.1, 95/NT3.5, 98/NT4.0, ME/2K, XP - up to 5 major revisions, almost time for MS to find a new OS . .

Actually, it's a bit different from what you appear to paint here.

Windows up to and including 3.11 for Workgroups was an application program and GUI shell that ran under DOS and provided some extenstions to DOS to accommodate multi-tasking. Window 95/98/Me were all evolutions of the DOS/Windows marriage in which the DOS/Windows elements were integrated more closely and (sometimes) better.

Windows NT was a new OS from the ground up designed for the professional (as opposed to the home/personal) environment. NT was built from the outset as a multi-tasking environment and the GUI was an integral part of the design. NT was also designed for stability by employing features of the x86 CPU series including memory management, etc.

Windows NT was designed to preclude a poorly written program from crashing the OS. Part of that was a provision that a program running under NT would NEVER access hardware directly; it would always be via an OS call. This is one reason NT was NOT a gamer platform. The necessity to call via the OS to access the hardware slowed things down noticeably.

DOS programs particularly exploited the ability to directly access the hardware and by writing images directly to video memory could produce blazing fast game displays.

A program running under NT that attempts to access any hardware directly or that tries to access memory outside its allocated memory space is intercepted and shut down by the OS.

These are the types of things that can occur under the non-NT versions of Windows that crash the OS.

I'm not quite sure where Xp is in the merging of the NT series and the DOS/Windows series. Windows Xp Pro says it's based on NT technology. That's a good thing for stability but not necessarily for others, like speed. Although Xp is reputed to be faster than Win 95/98/Me or Win 2K.

Originally posted by Mike_F
. . .. Since XP, even the home edition, acts much like Win NT 4+ (does anyone still call it NT 5.0?), . . .

Actually, Windows 2000 Professional shows as Version 5.x on the control panel System display.

 

[Spinaroonie]

MS Exec: Our Products aren't engineered for security.
http://www.infoworld.com/articles/hn/xml/02/09/05/020905hnmssecure.xml

MS mystified b assorted atacks on assorted windows platforms
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q328691