Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Not open for further replies.
1 - 1 of 1 Posts

· Registered
1,047 Posts
Discussion Starter · #1 ·
XP SP2 features needed two years ago: list editor

By Sam Varghese
April 6, 2004

A respected figure in US security circles has hailed several of the features which are expected in the second service pack for Windows XP but said that it had taken Microsoft two years to include things which should have been there in the first place.

Russ Cooper, editor of the NTBugTraq mailing list and surgeon-general of TruSecure, the largest private computer security firm in the US, said he was impressed with SP2 as it represented a number of significant shifts in Microsoft's prior thinking, marketing, and practice.

Microsoft, he said, had generally erred on the side of reduced support calls; now they were beginning to realise that they should err on the side of security.

He cited the example of turning on the Internet Connection Firewall which would result in consumers being unable to access services they were able to access prior to the SP, such as game servers. "This will result in support calls as the consumer tries to get back what they had prior to SP installation."

Cooper said he been told that Outlook Express 6 would be the last version of that product but, "to significantly enhance its capabilities, both by enabling it to turn off HTML-based email (or rather convert HTML-email into plain-text) and dramatic attachment restrictions, suggests support of the product beyond this version."

And blocking Server Message Block and NetBIOS by default finally breaks the legacy connection between XP and prior versions of Windows. Making one set of Windows desktop clients disconnect from the legacy environment by default is a significant shift from past versions, which always tried to ensure connectivity between newer desktops and legacy," he said.

But he was sceptical about the recent statements by Microsoft co-founder, chairman and chief software architect, Bill Gates.

"As far as Gates's statements about forward thinking technologies go, they sound wonderful but it remains to be seen whether or not Microsoft can deliver such technologies, and whether or not such techniques will be effective against the threat they intend to thwart," he said.

"Spammers and attackers have shown themselves to be very versatile, to be able to shift with technology changes. For example, while Bayesian anti-spam filters prove reasonably effective today, spammers too are finding ways to make them less effective. Spam messages frequently contain lengthy lists of benign words, or words a filter would normally deem appropriate for passing through, in order to convince Bayesian filters the message is valid."

Cooper said his conclusion was that it had taken Mike Nash (corporate vice president of Microsoft's Security Business Unit) two years to build product ideas to fill the slots in the Unit.

"It’s a shame it has taken so long, as the needs haven't changed that much in that time. What they say they're working on, we needed as much two years ago as we need today. Let's hope it doesn't take another two years to see some of these ideas make their way into viable products we can use,” he said.

1 - 1 of 1 Posts
Not open for further replies.