Skip to main content

Notice

Please note that most of the software linked on this forum is likely to be safe to use. If you are unsure, feel free to ask in the relevant topics, or send a private message to an administrator or moderator. To help curb the problems of false positives, or in the event that you do find actual malware, you can contribute through the article linked here.
Topic: Windows XP Service Pack 2 officially released (Read 41049 times) previous topic - next topic
0 Members and 1 Guest are viewing this topic.

Windows XP Service Pack 2 officially released

Reply #76
what a laughable review! This guy actually suggests that services like the DNS client and DHCP client are security holes that should be closed by default.

HOW THE HELL are people supposed to get on the internet without DNS? Maybe he thought it was a server or something. Either way, he should maybe think before blindly trashing on MS for what I think is an excellent update. My guess is I am more qualified to make that conclusion than he is.

EDIT:
He suggests that the web client service be disabled too! HAhAHhahaha

EDIT #2:
Oh MAN! He thinks they should have disabled copy/paste from IE! Maybe we should just all shut down, then smash our computers. That would be secure.

Windows XP Service Pack 2 officially released

Reply #77
Quote
EDIT:
He suggests that the web client service be disabled too! HAhAHhahaha
[a href="index.php?act=findpost&pid=239007"][{POST_SNAPBACK}][/a]


Hey, don't laugh too soon  It has nothing to do with basic internet functionality and can be safely turned off. I turned it off myself, because finding other PCs in my workgroup is slowed down tremendously otherwise.

Windows XP Service Pack 2 officially released

Reply #78
The WebClient service provides WebDAV functionality integrated into the explorer shell. If you don't use WebDAV, then you don't need this service.

WebDAV isn't particularly common. I do know that SpyMac supports WebDAV access, but that's about all I know about it. Do a google on WebDAV for more information.

But Jebus is mostly correct, that register article is a joke. Home users (non-advanced home users, anyway) likely need the DHCP client service running more than most people, especially if they have a broadband router doing DHCP or are connecting directly (where their ISP is giving them addresses via DHCP).

The DNS client service is kind of a misnomer. It's actually the DNS Cache. Disabling it means DNS still works, but it doesn't cache DNS resolves locally anymore, and every DNS request goes to the upstream provider. It's not really a security risk, as such, because it doesn't do a lot and provides only a minor speed increase.

Other stuff:
- All the griping about DCOM is unnecessary. What the author doesn't seem to comprehend is that COM is a subset of DCOM. It's like DCOM bound to the local machine only. Without DCOM running, very little would work. In any case, the DCOM default is to not allow any distributed connections to work, and it takes quite a lot of effort to override that and actually get the D in DCOM to function. I've had to do it a few times for various systems. Yes, it has had holes, which Blaster took advantage of, but mainly that was mainly an RPC hack, not a DCOM hack.

- His complaining about something being manual vs. something being disabled is fairly stupid. If somebody needs something to run, manual will let them do it without going in and changing the services and potentially rebooting. The only danger here is that a program can start a service set to manual, which it can't do to a disabled service, but that's stupid because if you have malicious code running on the PC, you're *already* compromised.

- Secondary Logon set to automatic: Well, yes. This is absolutely necessary, as for many games and other software that needs hardware level access, you have to be administrator to get that kind of access. While it can be dangerous, so can setuid on unix-like systems. It's a necessary evil.

- Universal Plug and Play Device Host: The whole *POINT* of UPnP is for home users. It makes absolutely no sense for corporate users and so forth. Home users is the PRIMARY MARKET for UPnP and suggesting that home users don't need it shows a deep lack of understanding of WTF UPnP is in the first place. Yes, there was a compromise in an early version of UPnP. It's been fixed and no more have been found. Get over it. He even later says that UPnP is blocked by the firewall, which shows his total ignorance of what UPnP does (mainly, it pokes holes in a firewall or NAT, on request).

- He complains about RPC a lot, for no good reason other than a few holes have been found there. Look, any program that access the internet can have flaws in it. Blaming a protocol for holes in past implementations of that protocol is fairly stupid.

- He complains about MetaRefresh being enabled, and wants to disable it by default. He neglects to mention that this action breaks the vast majority of web based applications used in corporate environments. He also fails to explain his reasoning, considering that a MetaRefresh is no more dangerous than an actual HTTP Header Refresh.

- He obviously doesn't understand the concept of trusted sites, suggesting settings for the trusted sites zone that show clear distrust of the sites in that zone. Hey moron, trusted sites is generally for corporate environments, so their systems *work*.

- He goes on to suggest disabling JavaScript (breaking 95% of the websites out there), cookies, and half a dozen other important and useful features which have had no real attacks that were based on them at all. No reasoning given for them.

He has some good points, but they are overshadowed by the complete ignorance of what a system configured like he suggests would do. Namely, very little. If you don't use the machine, then by all means, take that advice to heart. I find it doubtful that he has his desktop configured like this.

Windows XP Service Pack 2 officially released

Reply #79
I agree, that's really strange to advise to disable JavaScript since so many websites use that.
But what the author of the article is right about is that MS could do more to strengthen windows security than they actually did. the new components they introduce do almost nothing to protect the system, I mean what's the use in that security center - another set of annoying reminders? If I dont' switch the reminders off, for example, when virus definitions are out of date I get 3(!) notifications: from the sec. center, norton antivirus and zonalarm:) I don't care about IE enhancements, because it's been months since I launched IE last time. and every sane internet surfer already has a third party firewall instaled and won't be satisfied with the bundled windows firewall.

I just hope there are many not-so-obvious useful fixes in SP2:)

Windows XP Service Pack 2 officially released

Reply #80
I found out something else the Security Center does last night. Windows Update released a couple of service packs for the .NET framework stuff. Since I use a couple of .NET apps, I installed the updates. They wanted a reboot, but I was busy, so I hit Reboot Later. Security Center noticed that, appearantly, and started popping up a "You need to Reboot" message about once every 15 minutes. Hit the "Reboot Later" and it goes away, only to come up again 15 minutes later. Annoying as hell, that is. I may disable the Security Center entirely because of it.

Yes, I see the reasoning, however getting in the users face like that does not make them comply, it makes them figure out how to disable the warning messages. Not a good approach to take if you want true security. If they'd instead figured out a way to install updates so I didn't have to reboot, then I'd say they did something worthwhile.

Windows XP Service Pack 2 officially released

Reply #81
I disagree. It surely won't guarantee compliance from everyone, but will make users think about it and I believe most average users would reboot instead of finding ways to disable the warnings.

To me disabling the warnings does not seem like a wise decision, even for the experienced user. I think that the extra-work caused by a reboot is worthy when compared to a possible hack or worm infection.

No offense, it's just my personal opinion.