See your link here

Receive the latest technology news and information.

	Computerworld Daily News (First Look and Wrap-Up)
	Computerworld Blogs Newsletter
	The Weekly Top 10
	Cloud Computing

View all newsletters

E-mail Address:

Industry:

Job Title:

Company Size:

Country:

State:

I would like to receive offers via e-mail from Computerworld partners.

Windows XP: Is it safe?

The newest release of Windows offers substantial security enhancements. But some IT managers still have concerns.

By Deborah Radcliff

October 22, 2001 12:00 PM ET

Computerworld - "When Windows XP is released, soon all hell will follow. New zombies and nanobots are waiting to exploit vulnerabilities. Be warned . . . " When an Australian hacker identified only as "Z" sent this e-mail message to Computerworld on Aug. 7, he was referring to a controversial paper claiming that hackers will exploit weaknesses in Microsoft Corp.'s new Windows XP operating system to turn PCs into an unwitting army of denial-of-service (DOS) attack zombies.

But closer inspection suggests otherwise, according to users and analysts. So far, those zombie bots in Z's rant are nowhere to be found.

Despite several potential vulnerabilities raised in the past few months by security analysts and privacy advocates, beta testers have been unable to find any serious security threats in Windows XP. To the contrary, "with Windows XP, Microsoft has at least fixed the sins of their past, which is more than I can say for other operating systems," says John Pescatore, senior security analyst at Gartner Inc. in Stamford, Conn.

Not only do analysts and beta testers generally praise Microsoft for repairing past security mistakes that riddled Windows 9x and NT machines, but they also feel that XP's new embedded security features, particularly the ability to set privileges and an embedded firewall, will go far in protecting novice users from themselves and one another. And, in the case of XP Professional, these same security features can be centrally configured to follow corporate security policies by groups and locations.

However, some IT professionals aren't convinced that Microsoft has committed to a more secure operating system. They cite possible vulnerabilities with raw sockets and the Remote Assistance feature, and privacy concerns over built-in support for the Passport personal information management service.

The Raw Deal

Last summer, Steve Gibson, president of Gibson Research Corp., a security and privacy software and Web publisher in Laguna Hills, Calif., published a paper accusing Microsoft of opening a new "back door" into Windows by building raw sockets support into XP.

Windows XP Security: Related Links

The Keys to XP Security

Windows XP: Is it Safe?

"Raw sockets means raw access to the Internet. And the problem of malicious agents getting into people's computers and launching DOS attacks with spoofed packets goes up dramatically with use of raw sockets," he says.

Because they skirt traditional TCP/IP protocols, hackers can use raw sockets to generate TCP packets, and it's impossible for receiving networks to determine if those packets are legitimate. There's no way to block them, Gibson explains, because that would mean blocking all TCP packets. That would effectively drop all inbound traffic.

1

2

3

Next »

Recommend Digg Twitter ShareThis

Email Print Send Feedback Reprints

Jump to comments

Operating Systems

Additional Resources

Xerox

Win a color printer!

By using solid ink technology only from Xerox, you could save up to 65% by printing color for the cost of black and white. Enter for a chance to WIN a PhaserTM 8860 network color printer!

Microsoft

Upgrade to Internet Explorer 8 today.

Save time and mitigate security risk. Deploy it now.

Sybase

NEXT-GENERATION MOBILITY PLATFORMS

In this white paper, IDC analyzes the role of next-generation mobile enterprise platforms as organizations seek a more strategic deployment of mobile solutions.

Learn the important issues you must consider before starting your next mobility initiative. Get your mobility white paper from IDC now, compliments of Sybase.

White Papers & Webcasts

Informatica 9 Launch: Transform your Business. Transform your world.

LIVE Nov 10, 2009 12:00 PM ET

Architecting Business Intelligence Applications for Change: The Open Solution

LIVE Nov 12, 2009 02:00 PM ET

Forrester Consulting - Optimizing Users and Applications in a Mobile World
Learn how to successfully deploy a WAN optimization solution that is specifically tuned for a mobile environment!

IDC Webcast: Linux Adoption in a Global Recession
Access this webcast, compliments of Novell and HP, for a limited time only!

Faster, Cheaper and Easier to Maintain
Can you afford not to upgrade your servers to today's advanced, energy-efficient technologies?

Bringing Order and Security to your Mobile Workforce: Corporate Mobility Policy and Device Management
Download this webcast, free, compliments of Nokia.

The State of PCI DSS Compliance at Organizations Today
Download this resource today!

Top to Bottom Performance Management Excellence at the City of Chicago
View now.

IDC Research Report: The Business Value of Consolidating on Energy-Efficient Servers
Download this Resource Now!

Effectively Implementing Datacenter Automation
Effectively select and deploy the best datacenter automation solution today!

HP Technology Guide for Scalable Business Solutions
Download This Resource Now!

Aligning IT to Business: The Rising Importance of Application Delivery Networks
Application Delivery Networking (ADN) will play a vital role in helping enterprises incorporate strategic technologies to achieve business initiatives.

All White Papers | All Webcasts

Computerworld Reports

An Apple for Your Enterprise?

8 Questions To Ask About Your Intrusion-Security Solution

Computerworld Technology Briefings IT Service Management

All Computerworld Reports

Sign up to receive updates on the latest Operating Systems resources

White Papers

Forrester Consulting - Optimizing Users and Applications in a Mobile World

The State of PCI DSS Compliance at Organizations Today

HP Technology Guide for Scalable Business Solutions

Technology Brief: Technologies in HP ProLiant G6 c-Class server blades with Intel Xeon processors

How to Secure and Accelerate Your Oracle Applications

Enterprise Application Delivery: No User Left Behind

Infonetics: WAN Optimization Appliance Market Highlights 1 Q09

WAN Application Delivery for Executives

Right-Sizing Your Power Infrastructure

Why Email Must Operate 24/7 and How to Make This Happen

Faster, Cheaper and Easier to Maintain

IDC Research Report: The Business Value of Consolidating on Energy-Efficient Servers

Clipper Group Report: HP Provides Enhanced Options for Data Center

Introducing the HP ProLiant G6 servers

Optimize Performance of Datacenter to Datacenter Traffic

Practical Strategies to Accelerate Business Applications Across the WAN

Accelerate SSL Encrypted Applications

Top 5 WAN Optimization Myths

Can Heuristic Technology Help Your Company Fight Viruses?

Eradicate Spam & Gain 100% Asurance of Clean Mailboxes

Sponsored Links

Play NetApp's New Data Defense Game.

How Do You Rank as an Innovation Leader? Download Recent Study.

Play NetApp's New Data Defense Game.

Extraordinary times demand Brocade Extraordinary Networks.

No Payments for Up to 6 Months on Orders over $500.

NetScaler VPX : Harness the Power of Virtualized Web App Delivery

64-page prescriptive guide to security, compliance, and IT operations.

Streamline IT Costs. Boost Performance with WAN Optimization

Enterprise Network & Server Monitoring Software. Cross over to Traverse...

Keep your IT expertise up to date. Join the Intel Premier IT Professionals.

Crystal Reports Server: More options. Not more money.

Parallelism is not just for HPC. Create rich apps from desktop to device. Get the eval.

Tolly Performance Report "Citrix NetScaler with nCore Outperforms F5 BIG-IP"

Save up to 61% plus Free Cheesecake

Find IT jobs in the Healthcare industry on Dice.com

With the NEW KODAK i700 Series Scanners get full speed at 300dpi!

Not All QSAs Are Created Equal: What You Should Know Before You Buy

The arrival of Serial Attached SCSI (SAS) marks a new era in storage scalability

The AMD Virtual Experience Virtual Trade Show

New DW Options and Price Points. View Teradata Platform Family Data Sheet.

See how AT&T can help protect your network.

3 Innovations. 3 Free Downloads. Free trials of Windows 7, Windows Server 2008 R2 and Exchange Server 2010.

Take the Netezza TwinFin TestDrive!

Citrix NetScaler with nCore Outperforms F5 BIG-IP - Learn More

New Analytical Platform Options. Download Data Sheet and More.

Get more enterprise mobility value for up to 25% less.

Unified Communications: Thoughts, Strategies and Predictions. Join the discussion.

NYUs M.S. in Management and Systems. Offered Online and On-site.

Increase UPS efficiency without sacrificing protection

Crystal Reports Server: Single server access to reports & dashboards

Create new opportunities. See business making progress now

ESET NOD32 with ThreatSense(R) - Get your free trial now!

Looking to add Unix/Linux functionality to Windows?

Join the conversation about the hottest IT trends with Computerworld on Twitter.

ITwhitepapers.com - Access thousands of white papers on 300+ technical topics.

Leverage Your Cisco infrastructure for Superior Application Performance

Learn about the AMD Virtual Experience

Introducing: Project Icebreaker

About Us Advertise Contacts Editorial Calendar Help Desk Jobs at IDG Privacy Policy Reprints Site Map

CIO

CSO

DEMO

IDC

IDG

IDG Knowledge Hub

IDG TechNetwork

IDG Ventures

IDG.net

InfoWorld

ITworld

Macworld

The Industry Standard

Copyright © 1994 - 2009 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of
Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.