Windows XP SP2 Elaborate Please

[Guest]

I have read a lot about SP2. Don't know what the big deal is. I had
installed, but becuase it cause problems later I uninstalled it.

They keep saying vulnerabilities, but to whom. A home PC without any network.
I think if your smart enough not to enter untrusted web sites, and you don't
accept e-mails from people you don't know, isn't that enough. I have
Anti-Spyware and Anti Virus programs. My computer is always clean. I don't
even use the web very often. But as someone who only surfs web sites like
microsoft, yahoo or google what are the risks.

They keep saying remote execution. What is that! English please. Do you mean
someone can put a trojan without me knowing? then again there is antivirus
program. Also these vulnerabilities, do they include just being connected to
the internet without entering any malicious web site?

Anyone car to elaborate. If SP2 shut down services that can be exploited,
can't we just turn them off manually?

Please don't try to advertise, I've heard them all.

Regards,

Mike

 

[Mr. Grey]

I have read a lot about SP2. Don't know what the big deal is. I had
installed, but becuase it cause problems later I uninstalled it.

They keep saying vulnerabilities, but to whom. A home PC without any network.
I think if your smart enough not to enter untrusted web sites, and you don't
accept e-mails from people you don't know, isn't that enough. I have
Anti-Spyware and Anti Virus programs. My computer is always clean. I don't
even use the web very often. But as someone who only surfs web sites like
microsoft, yahoo or google what are the risks.

They keep saying remote execution. What is that! English please. Do you mean
someone can put a trojan without me knowing? then again there is antivirus
program. Also these vulnerabilities, do they include just being connected to
the internet without entering any malicious web site?

Anyone car to elaborate. If SP2 shut down services that can be exploited,
can't we just turn them off manually?

Please don't try to advertise, I've heard them all.

Regards,

Mike

Mike,

In "Engrish" that's exactly what it means: When connected to the
Internet and even not connected to the Internet there are several
vectors of attack that a malicious application / user may take to either
enumerate information, take control, use as a bouncing point and the
list goes on...

A vulnerability simply put is typically a flaw that can be utilized to
do any of the aforementioned, or as a means to get to a point where such
a thing could take place.

Just because you watch where you are going and only visit what you
believe are "known safe sites" on the Internet does not mean that they
are truly secure or clean. The best thing to realize and understand is
that no computer that is connected to the Internet, a network etc...is
100% safe. Even if only a stand alone system, there are rootkits being
discovered in "known safe" software installation packages that come from
large reputable software development companies...granted if not
connected to anything no data can be leaked..but it can certainly be
damaged!

When you are connected to the Internet and browsing, do you think that
your computer just sits there, secretly without being probed, prodded
and tested? I can assure you that this is indeed NOT the case....there
are a HUGE amount of malicious applications that are self-propagating
that look for computers that are not running the latest security fixes,
when they find one they exploit the vulnerability and that newly
exploited computer becomes a new propagation point for said malicious
software / code.

So, the short answer to your question is that yes...even the home PC is
at risk for the same attacks as any other PC....and is, infact connected
to a "network" or the Internet...

Direct definition of remote execution in this context is simple....I
break into your PC and execute the code / app of my choice, maybe it
calls home to my computer and gives me access to your PC to see all of
your data, maybe it formats your hard drive, maybe it tries to infect
other computers on your ISP or random other IP addresses, maybe it sends
email out to all of your friends and family in your address book, maybe
it becomes a Zombie in a DDoS attack...and the list goes on and on and
on....

I'd be happy to delve further into this if you like ;-) Bottom line,
security is a good idea for everyone and every PC!

Cheers,
Mr. Grey
Security, it's what I do...
http://www.redsphereglobal.com

 

[Harry Johnston]

I have read a lot about SP2. Don't know what the big deal is. I had
installed, but becuase it cause problems later I uninstalled it.

They keep saying vulnerabilities, but to whom. A home PC without any network.
I think if your smart enough not to enter untrusted web sites, and you don't
accept e-mails from people you don't know, isn't that enough.

Well, let's look at a concrete example, MS07-008. If you haven't applied the
update (which you can't have done if you don't have SP2) then any web site can
take control of your computer (assuming you use Internet Explorer).

My computer is always clean. I don't
even use the web very often. But as someone who only surfs web sites like
microsoft, yahoo or google what are the risks.

If any of the sites you visit has been hacked, your computer could be taken
over. If any of them include advertisements from malicious third parties, your
computer could be taken over. I recall a case recently in which a widely
trusted web site - I can't recall which one at present - contained malicious
code provided by an advertiser.

Another example: MS06-070. If your computer is vulnerable it can be taken over
at any time that you are connected to the internet; you don't need to visit a
web site or take any action. Windows XP service pack 2 isn't vulnerable in this
way even without the patch but there is no guarantee that this statement is true
without service pack 2. (It might or might not be; Microsoft hasn't checked.)

Even if you aren't vulnerable now, sooner or later you will be. New attacks are
discovered all the time, and there won't be any way to fix them without SP2.

Harry.

 

[Guest]

Thanks for your replies.

Though I understand what you mean, what I don't get is;

If a malicious program attempts to take over, and in fact they do scan hard
drive for private data, sends a virus, formats the hard drive, email out to
all of your friends and family in your address book and the others you've
mentioned, would I not need to have detected at least a virus or spyware of
some sort. I always keep my virus definitions list and anti-spyware updated.
Wouldn't I see some trojan horse or something. What's the point of a trojan
horse if you can do the same without it?

Mu understanding is to have access to the data on a PC, you should have a
trojan horse planted and access to a port. So if you have anti-virus program
and a firewall to block the ports, how can some one have access?

If you have access to a port, but no trojan horse or if you have a trojan
horse but no access to the port, would the malicious person be able to see
you data?

Also if someone is reading your files, copying data or sending a virus,
wouldn't that cause network traffic, visible in network utilization or from
the screens on the taksbar flashing light for no reason (I check the
processes that may require the internet (e.g. automatic updates etc))

Regards,

Mike

 

[Mr. Grey]

Mike,

What if your AV is updated an hour after you are infected? I mean,
after all the reason that AV updates come out it because a new threat
(virus, trojan etc...) has come out and has infected systems allready...
So, you will then possibly be notified, assuming that the threat has not
disabled your countermeasures, but this is after being infected and the
damage done! Some big examples are the CodeRed, Slammer and nimda
events...these infected and infiltrated systems all over the world that
were patched and updated with the most recent updates...however, these
updates did not account for them yet....and as a direct result, by the
time the patches and updates / signatures came out...millions of systems
had been infected, corporations with "robust" security were brought to
their knees...

Now, let's assume that it's an individual with a spot of
knowledge....One does not need to load a Trojan to gain access to your
system...I can put a small ftp daemon (application) onto your system by
executing remote code...I can write my own program that has no known
signature in your countermeasure software to go in and backdoor your
countermeasure....I can use existing Micro$oft software and services
that are built into XP to give myself access....and the list goes on...

If I have access to a port, I think the above answer covers that.... as
to the...if I don't have access to a port, it again comes back to the
fact that there are many more vectors of attack than via a port;
rootkits, hacked websites that you may visit, infected or "affected"
storage devices, email, and the list continues.... There are also holes
in software and hardware firewalls, this is why major vendors release
patches for these also.

So, every time that you are not clicking on something or doing something
that you believe would cause "network traffic" you conduct an analysis
of the traffic on your system? What about the times that you are
browsing or downloading a file and you have consistent network traffic,
how then do you differentiate between good and unwanted traffic?

Bottom line, it's best to cover all of your bases...robust endpoint
security is important and includes endpoint firewall, anti-virus and
good patching / service-packing.

Cheers,
Mr. Grey
..insert sig here../
http://www.redsphereglobal.com