See your link here

Subscribe to our e-mail newsletters
For more info on a specific newsletter, click the title. Details will be displayed in a new window.

Computerworld 2007

Subscribe to Computerworld
40 years of the most authoritative source of news and information for IT leaders.

Windows XP: Is it safe?

The newest release of Windows offers substantial security enhancements. But some IT managers still have concerns.

By Deborah Radcliff

October 22, 2001 12:00 PM ET

Computerworld - "When Windows XP is released, soon all hell will follow. New zombies and nanobots are waiting to exploit vulnerabilities. Be warned . . . " When an Australian hacker identified only as "Z" sent this e-mail message to Computerworld on Aug. 7, he was referring to a controversial paper claiming that hackers will exploit weaknesses in Microsoft Corp.'s new Windows XP operating system to turn PCs into an unwitting army of denial-of-service (DOS) attack zombies.

But closer inspection suggests otherwise, according to users and analysts. So far, those zombie bots in Z's rant are nowhere to be found.

Despite several potential vulnerabilities raised in the past few months by security analysts and privacy advocates, beta testers have been unable to find any serious security threats in Windows XP. To the contrary, "with Windows XP, Microsoft has at least fixed the sins of their past, which is more than I can say for other operating systems," says John Pescatore, senior security analyst at Gartner Inc. in Stamford, Conn.

Not only do analysts and beta testers generally praise Microsoft for repairing past security mistakes that riddled Windows 9x and NT machines, but they also feel that XP's new embedded security features, particularly the ability to set privileges and an embedded firewall, will go far in protecting novice users from themselves and one another. And, in the case of XP Professional, these same security features can be centrally configured to follow corporate security policies by groups and locations.

However, some IT professionals aren't convinced that Microsoft has committed to a more secure operating system. They cite possible vulnerabilities with raw sockets and the Remote Assistance feature, and privacy concerns over built-in support for the Passport personal information management service.

The Raw Deal

Last summer, Steve Gibson, president of Gibson Research Corp., a security and privacy software and Web publisher in Laguna Hills, Calif., published a paper accusing Microsoft of opening a new "back door" into Windows by building raw sockets support into XP.

Windows XP Security: Related Links

The Keys to XP Security

Windows XP: Is it Safe?

"Raw sockets means raw access to the Internet. And the problem of malicious agents getting into people's computers and launching DOS attacks with spoofed packets goes up dramatically with use of raw sockets," he says.

Because they skirt traditional TCP/IP protocols, hackers can use raw sockets to generate TCP packets, and it's impossible for receiving networks to determine if those packets are legitimate. There's no way to block them, Gibson explains, because that would mean blocking all TCP packets. That would effectively drop all inbound traffic.

1

2

3

Next »

Recommend Digg Twitter ShareThis

Email Print Send Feedback Reprints

Additional Resources

Xerox

Win a color printer!

By using solid ink technology only from Xerox, you could save up to 65% by printing color for the cost of black and white. Enter for a chance to WIN a PhaserTM 8860 network color printer!

Microsoft

Upgrade to Internet Explorer 8 today.

Save time and mitigate security risk. Deploy it now.

Sybase

NEXT-GENERATION MOBILITY PLATFORMS

In this white paper, IDC analyzes the role of next-generation mobile enterprise platforms as organizations seek a more strategic deployment of mobile solutions.

Learn the important issues you must consider before starting your next mobility initiative. Get your mobility white paper from IDC now, compliments of Sybase.

White Papers & Webcasts

Sustaining SOX Compliance: Best Practices to Mitigate Risk, Automate Compliance, and Reduce Costs
Since the adoption of SOX, much has been learned about IT compliance. Discover how to make SOX efforts more effective in "Sustaining Sox...

IDC Webcast: Linux Adoption in a Global Recession
Join Al Gillen from IDC and Michael Applebaum from Novell in this on-demand webcast to see how Linux has emerged as an even...

IDC White Paper: CCM for IT Compliance and Risk Management
Learn from industry analysts how IT organizations are using configuration management to meet compliance requirements and instill best practices. Find out how these...

Bringing Order and Security to your Mobile Workforce: Corporate Mobility Policy and Device Management
(Source: Nokia) In many businesses, mobile devices are managed the way that laptops were managed ten years ago - as a kind of...

Keep it Clean: Maintaining the Integrity of your CMDB through Change Detection
Learn how configuration drift can challenge configuration management database (CMDB) integrity and how a configuration audit tool and an effective change management process...

Usability Is Everything
Learn what sets Workday's HR and Payroll solutions apart from the competition....

The Tripwire HIPAA Solution: Meeting the Security Standards Set Forth in Section 164
HIPAA requires businesses that handle personal health information (PHI) to set up strong controls to ensure the security and integrity of that information....

The Value of Real SaaS at Workday
Cost savings, speed to value, and innovation brought to the enterprise by Workday's software-as-a-service solutions for HR and Payroll....

Configuration Assessment: Choosing the Right Solution
Configuration assessment lets businesses proactively secure their IT infrastructure and achieve compliance with important industry standards and regulations. Learn why configuration assessment is...

SaaS at Flextronics, Inc.
Dave Smoley, CIO of Flextronics, discusses the real value of software-as-a-service and why he chose Workday for his HR solution....

All White Papers | All Webcasts

Computerworld Reports

An Apple for Your Enterprise?

An Interactive eBook: Enterprise Security

The Business Case for Server Virtualization

All Computerworld Reports

Sign up to receive updates on the latest Operating Systems resources

White Papers

Sustaining SOX Compliance: Best Practices to Mitigate Risk, Automate Compliance, and Reduce Costs

Keep it Clean: Maintaining the Integrity of your CMDB through Change Detection

Configuration Assessment: Choosing the Right Solution

Addressing Compliance Initiatives with Tripwire and the Center for Internet Security

Impact of the Dramatic Increase in Devices on the Cost to Support

Airport Insecurity: The Case of Lost Laptops

Shape Your Apps Strategy to Reflect New SaaS Licensing and Pricing Trends

A Truly Global HCM System

Moving Beyond Monolithic - What's Next for Enterprise Application Architectures?

MarketVibe: Communications and Collaboration Needs at Business Organizations

IDC White Paper: CCM for IT Compliance and Risk Management

The Tripwire HIPAA Solution: Meeting the Security Standards Set Forth in Section 164

Beyond PCI Checklists: Securing Cardholder Data with Tripwires Enhanced File Integrity Monitoring

File Integrity Monitoring: Secure Your Virtual and Physical IT Environments

Ponemon Study: The Business Risk of Lost Laptops

ESG Lab Field Audit

Natural User Interface for Enterprise Applications

Craft a Strategy to Lower Your Total Cost of Ownership

The Shortcut Guide to Managing Certificate Lifecycles

Differentiating With Technical Support: JBoss Customer Support Study

Sponsored Links

HP StorageWorks products-control, consolidation and confidence.

64-page prescriptive guide to security, compliance, and IT operations.

Looking to add Unix/Linux functionality to Windows?

FREE guide to saving up to 95% on network hardware costs. Start saving today!

Enhance your career with a Boston University online Master's in CIS

Find IT jobs in the Healthcare industry on Dice.com

Network Tools Made By Engineers for Engineers

Live Webcast: Building a More Productive Organization A User Perspective

With the NEW KODAK i700 Series Scanners get full speed at 300dpi!

ITwhitepapers.com - Access thousands of white papers on 300+ technical topics.

Leverage Your Cisco infrastructure for Superior Application Performance

Learn about the AMD Virtual Experience

Introducing: Project Icebreaker

Introducing the new HP ProLiant G6 server family

Wait for the upturn, or get ready for it with Capgemini's Technovision study. Download it here.

Instantly know your IT service state - anytime, anywhere @ AccelOps.net

Try the best rules engine free! Decisions.FICO.com

Learn How to Create a High Performance Workplace

Thrill Dad this Fathers Day and save up to 66% plus 4 FREE Caramel Apple Tartlets from Omaha Steaks.

ESET NOD32 with ThreatSense(R) - Get your free trial now!

Join the conversation about the hottest IT trends with Computerworld on Twitter.

Create business data you can believe in with data governance

Not All QSAs Are Created Equal: What You Should Know Before You Buy

The arrival of Serial Attached SCSI (SAS) marks a new era in storage scalability

The AMD Virtual Experience Virtual Trade Show

About Us Advertise Contacts Editorial Calendar Help Desk Jobs at IDG Privacy Policy Reprints Site Map

CIO

CSO

DEMO

IDC

IDG

IDG Knowledge Hub

IDG TechNetwork

IDG Ventures

IDG.net

InfoWorld

ITworld

Macworld

The Industry Standard

Copyright © 1994 - 2009 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of
Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.