scooter
08-16-2004, 12:01 PM
Hackers Seek XP SP2 Weaknesses
16.08.2004 08:39:10
Hackers and I.T. security professionals are picking apart Microsoft's new update to Windows XP Service Pack 2 in search of vulnerabilities they can exploit.
Over the next few weeks, loopholes will emerge in SP2 as both worm writers and security consultants search for weaknesses in the software, Thor Larholm, a security researcher at PivX Solutions, warned. This will lead to new types of worms being released over the next month or so, he said.
Don't Panic
However, other security consultants are much less concerned. "I would be very surprised if any worms emerged in the near term as a result of SP2 being installed on computers," Russ Cooper, a senior scientist at Herndon, Virginia-based TruSecure, told NewsFactor.
"A 'worm,' according to my definition, is something that comes to a computer without authentication and propagates itself. So MS Blaster would qualify as a worm as it went around the Net looking for unprotected computers to attach itself to," Cooper explained.
Firewall Essential
"What MS Blaster does is to look for computers that are in 'listening service' mode -- in other words, they are listening for any computer connected to the Internet that wants to link up to them," Cooper said. "If you are running a personal firewall, then the listening service feature is automatically disabled, unless you choose to enable it, and your computer is not vulnerable to worms seeking Internet-connected PCs," he pointed out.
"It is absolutely essential for every computer user to run a firewall," Cooper emphasized. "In fact, my company, TruSecure, recently held a Personal Firewall Awareness Day to educate people about the need for firewalls."
But people who download SP2 do not need to acquire a firewall product, as the Microsoft update includes firewall technology. "SP2 will disable any firewall that the user may already be running and then install its own firewall," Cooper said. "But there is no overlap during this process when the user's computer is without a firewall -- the existing firewall will carry on running until the SP2 firewall takes over." Don't Delay
PC users should not be deterred from installing SP2 because of press reports that Symantec antivirus products do not work with the new security update, Cooper said. "The issue is that a number of antivirus programs, while working perfectly well on a computer running SP2, will not report into the SP2 Security Center -- the place where users can see reports on how up-to-date their antivirus protection is," Cooper told NewsFactor.
"All the antivirus software vendors affected by this, including Symantec, are working on making their products interface with the SP2 Security Center."
Kazaa Risk
The only computers that will be vulnerable to worm attacks after installing SP2 are machines whose users modify their firewall settings so they can use peer-to-peer services, such as Kazaa , Cooper warned. "When you go onto Kazaa, you need to be in listening service mode so you can make contact with other users of the system," Cooper said.
"So I think we might see worms that attack communities, such as Kazaa, where users have to modify their firewalls so they can be in listening service mode."
"SP2 includes a number of badly needed fixes to the Internet Explorer browser that is built into Windows, including enhancements to help prevent pop-up advertisements and 'phishing' attacks," Gartner I.T. security analysts Michael A. Silver and John Pescatore say in a research note issued August 12th. "Microsoft has also updated the simple firewall that was built into XP, which is now turned on by default, and is adding technology known as "data execution prevention" (DEP) to prevent worms from spreading through buffer overruns when run on PCs with no-execute (NX) capable processors."
In their research note, the Gartner analysts make a series of recommendations to both corporate and personal computer users. "Many consumers and some small businesses will find the Windows firewall included in SP2 sufficient," the note says. "Large enterprises will still need third-party personal firewalls for all laptops."
Companies that tested SP2 during the beta timeframe can consider deploying the upgrade in four to six weeks, the Gartner analysts suggest, if their applications have proved compatible and no major problems are reported. "Companies should also consider host-based intrusion prevention products --- such as Cisco Security Agent, Network Associates Entercept, Sana Security, Determina, Platform Logic and Immunix," they recommend.
Test before Deployment
"Mainstream enterprises should plan to wait at least two months after SP2 ships before beginning deployment, and should favor testing on PCs with NX-enabled processors that support the DEP function -- which are available now from Advanced Micro Devices and in 4Q 04 from Intel," say Silver and Pescatore.
"Testing on NX-enabled machines will ensure that running in physical address extension (PAE) memory mode does not break any applications or drivers. Companies that test on non-NX PCs will have to repeat testing on NX PCs," they note.
http://www.newsfactor.com/
16.08.2004 08:39:10
Hackers and I.T. security professionals are picking apart Microsoft's new update to Windows XP Service Pack 2 in search of vulnerabilities they can exploit.
Over the next few weeks, loopholes will emerge in SP2 as both worm writers and security consultants search for weaknesses in the software, Thor Larholm, a security researcher at PivX Solutions, warned. This will lead to new types of worms being released over the next month or so, he said.
Don't Panic
However, other security consultants are much less concerned. "I would be very surprised if any worms emerged in the near term as a result of SP2 being installed on computers," Russ Cooper, a senior scientist at Herndon, Virginia-based TruSecure, told NewsFactor.
"A 'worm,' according to my definition, is something that comes to a computer without authentication and propagates itself. So MS Blaster would qualify as a worm as it went around the Net looking for unprotected computers to attach itself to," Cooper explained.
Firewall Essential
"What MS Blaster does is to look for computers that are in 'listening service' mode -- in other words, they are listening for any computer connected to the Internet that wants to link up to them," Cooper said. "If you are running a personal firewall, then the listening service feature is automatically disabled, unless you choose to enable it, and your computer is not vulnerable to worms seeking Internet-connected PCs," he pointed out.
"It is absolutely essential for every computer user to run a firewall," Cooper emphasized. "In fact, my company, TruSecure, recently held a Personal Firewall Awareness Day to educate people about the need for firewalls."
But people who download SP2 do not need to acquire a firewall product, as the Microsoft update includes firewall technology. "SP2 will disable any firewall that the user may already be running and then install its own firewall," Cooper said. "But there is no overlap during this process when the user's computer is without a firewall -- the existing firewall will carry on running until the SP2 firewall takes over." Don't Delay
PC users should not be deterred from installing SP2 because of press reports that Symantec antivirus products do not work with the new security update, Cooper said. "The issue is that a number of antivirus programs, while working perfectly well on a computer running SP2, will not report into the SP2 Security Center -- the place where users can see reports on how up-to-date their antivirus protection is," Cooper told NewsFactor.
"All the antivirus software vendors affected by this, including Symantec, are working on making their products interface with the SP2 Security Center."
Kazaa Risk
The only computers that will be vulnerable to worm attacks after installing SP2 are machines whose users modify their firewall settings so they can use peer-to-peer services, such as Kazaa , Cooper warned. "When you go onto Kazaa, you need to be in listening service mode so you can make contact with other users of the system," Cooper said.
"So I think we might see worms that attack communities, such as Kazaa, where users have to modify their firewalls so they can be in listening service mode."
"SP2 includes a number of badly needed fixes to the Internet Explorer browser that is built into Windows, including enhancements to help prevent pop-up advertisements and 'phishing' attacks," Gartner I.T. security analysts Michael A. Silver and John Pescatore say in a research note issued August 12th. "Microsoft has also updated the simple firewall that was built into XP, which is now turned on by default, and is adding technology known as "data execution prevention" (DEP) to prevent worms from spreading through buffer overruns when run on PCs with no-execute (NX) capable processors."
In their research note, the Gartner analysts make a series of recommendations to both corporate and personal computer users. "Many consumers and some small businesses will find the Windows firewall included in SP2 sufficient," the note says. "Large enterprises will still need third-party personal firewalls for all laptops."
Companies that tested SP2 during the beta timeframe can consider deploying the upgrade in four to six weeks, the Gartner analysts suggest, if their applications have proved compatible and no major problems are reported. "Companies should also consider host-based intrusion prevention products --- such as Cisco Security Agent, Network Associates Entercept, Sana Security, Determina, Platform Logic and Immunix," they recommend.
Test before Deployment
"Mainstream enterprises should plan to wait at least two months after SP2 ships before beginning deployment, and should favor testing on PCs with NX-enabled processors that support the DEP function -- which are available now from Advanced Micro Devices and in 4Q 04 from Intel," say Silver and Pescatore.
"Testing on NX-enabled machines will ensure that running in physical address extension (PAE) memory mode does not break any applications or drivers. Companies that test on non-NX PCs will have to repeat testing on NX PCs," they note.
http://www.newsfactor.com/