ZDNet UK

• CNET NETWORKS UK BUSINESS SITES:
• atlarge.com
• BNET UK
• silicon.com
• SmartPlanet.com
• ZDNet.co.uk

Windows XP: bugs

Jim Aspinwall ZDNet US and ZDNet.co.uk

Published: 24 May 2002

Microsoft would have us believe that XP is the most secure operating system it has released to date. But the nine security updates the company has released since XP's launch belie that claim.

In fact, one problem -- buffer overrun vulnerabilities in Internet Explorer and Universal Plug and Play (UPnP) -- poses such a severe threat that the FBI got involved. Microsoft says that a hole in the Plug and Play software could conceivably allow a malicious hacker to take complete control of your PC. Worse, the security hole applied to every XP user -- the OS ships with Universal Plug and Play turned on by default. Don't have the patch yet? Get it now at Microsoft's TechNet site. Additional new security patches include a fix for the Microsoft Java Virtual Machine, which, if left unpatched, can let Java applets from Web sites silently reroute all browser traffic to the applet's host without the user's knowledge. Yet another patch fixes an ‘Unchecked buffer in the Multiple UNC Provider’, a problem that allows a hacker to send a malformed data request to a PC to either run programs at will or cause the computer to restart. Click Start > Programs and run Windows Update to access all the available patches.

Windows XP’s built-in firewall is one of its most secure features, although it can interfere with useful services like Windows Update.

So far, the most secure aspect of Windows XP's networking lies in the built-in software firewall. Unfortunately, though, that firewall can prevent some Microsoft online services, particularly Windows Update and even XP Professional's Remote Assistance tool, from working properly. We prefer a third-party product such as ZoneAlarm or Norton Internet Security.

Interestingly, none of XP's security updates have anything to do with the once-feared raw sockets support included in XP's TCP/IP network protocol drivers. Many sceptics believed that XP's raw sockets support posed a security threat because it allows programmers to generate data transmissions from one computer and make them appear to come from a different one -- a technique used in distributed denial-of-service attacks.

• 
• 
• 
• 
• 

Did you find this article useful?
33 out of 53 people found this useful

Post a comment

Full Talkback thread

0 comments

Related Links

• News Homeland Security urges Windows fix
• Reviews USB devices offer an old-school way to steal data
• News Microsoft plugs 'enormous' hole
• News US Army attacked via new Windows flaw
• News Web at risk from new MS flaw

More In Desktop platforms

• Ten key differences between Linux and Windows
• ZPower promises longer-lasting laptop batteries
• HP Officejet J6480

Install Flash Player Plugin

Test Your Desktop Management Systems

How good are your company's desktop management solutions? How do they compare with those of your peers?

Take two minutes to complete our new Desktop Management and Energy Consumption benchmark, and find out what issues your business needs to focus on.