While users are testing Service Pack 2 (SP2) for Windows XP to prevent compatibility problems, hackers are picking apart the security-focused software update looking for vulnerabilities, security experts said.
"We will see new vulnerabilities discovered in SP2 over the next few weeks. Give it a month or two and we will also see worms that affect SP2," said Thor Larholm, senior security researcher at PivX Solutions, a security services company.
Service Pack 2 represents real progress for Microsoft and underscores its commitment to security, according to industry observers. The update provides protection against most security exploits known today. For example, the improved and automatically enabled Windows Firewall would block attacks such as the Blaster worm that crippled the Internet a year ago.
"A lot of the current attack vectors are blocked by SP2," Larholm said. "Folks are now trying to find new ways to plant code on a system. A lot of these new ways will use e-mail, instant messaging and Web traffic -- any kind of traffic that a PC requests from the outside world -- because that will go through the firewall without restrictions."
Also, it appears Microsoft's new software-based memory protection technology is vulnerable, according to Larholm. The data execution prevention (DEP) is meant to protect users against buffer overruns, but Microsoft appears to have implemented it poorly, providing an easy way for attackers to circumvent the protection, Larholm said.
Although there undoubtedly will be vulnerabilities found in SP2, the bar for Windows security has been raised and the operating system will be tougher to attack, said Russ Cooper, a senior scientist at TruSecure.
"We will always see new attacks, but at least Microsoft has put a stake in the ground and has said, 'Now this is enough.' The existing attacks have been stopped," he said.
Because of the new Windows Firewall, Cooper predicts that future attacks will target applications that require users to change their firewall configurations, essentially opening a door to their systems.
"If you see anything, you will see attacks that are more targeted at communities of users, such as (users of) Quake, Kazaa, BitTorrent, anything that has a listening service and requires a user to create a rule to bypass the firewall. That is where they are opening themselves up to attack," Cooper said.
Microsoft is currently unaware of any vulnerability in SP2, a company spokesman said. If a vulnerability is reported, the software maker will investigate it and determine the appropriate response. This could include providing an update as part of its monthly patch cycle or an out-of-cycle update, the spokesman said.
Read up on the latest ideas and technologies from companies that sell hardware, software and services. Business Intelligence and Enterprise Performance Management: Trends for Emerging Businesses
Data grids and service-oriented architecture
Know thy self: Reduce costs, secure data and ensure compliance with identity management
Taking On Demand CRM Integration to the Next Level
Cutting printer costs
Wireless LANs: Is my enterprise at risk?
Discover the advantages of an open architecture multi-vendor network solution
Mimosa™ NearPoint™ for Microsoft® Exchange Server: Email Archiving 101
Zones provide focussed content from Computerworld and leading technology partners.
Discover how SOA can create smarter outcomes for your business.
Attend and learn:
- How SOA is helping leading companies to become more agile
- Where you should be applying SOA processes in your company
- The top SOA implementation mistakes to avoid
Click here for more information.
- +
Computerworld Live Podcast #97: The Future of Enterprise Networking 25/07/2008 09:45:36
This week CW Live chats with Mark Thompson, global sales and marketing manager for HP ProCurve, on the future of the enterprise networking. Mark discusses the trends we can expect to see in the near future and how the right infrastructure can ensure your enterprise network is secure. - +
Computerworld Live Podcast #96: Security at the Edge 11/06/2008 09:22:22
CW Live speaks with Amol Mitra, HP ProCurve Director of Marketing for Asia Pacific and Japan. Today's topic: how enterprises are starting to shift away from simply controlling security via server logins, firewalls and moving to more adaptive security frameworks. - +
Data Management Edition #10: Multi-Petascale Systems 02/05/2008 09:12:33
This week we look at sustainability and the development of multicore technologies to build multi-petascale systems. - +
IT Security Edition #11: How to poison the Storm botnet 01/05/2008 08:51:55
This week CW Live presents a case study on how to poison the notorious Storm botnet . Plus we take a look at Cisco's plans for Ironport. - +
IT Security Edition #10: Cyber-battles fought and won 24/04/2008 11:09:47
Vendors bow to end user pressure to improve product security, and we take a look at the latest concepts shaping the cyber-battlefield of the future.
Mitel Launches Simpler Unified Communications 2008-11-19 17:40:00+11
Symantec Security Products Shine in In-Depth Protection Reviews 2008-11-19 13:01:00+11
Digital Sense opens first stage of the world’s largest data centre complex in Brisbane 2008-11-19 13:00:00+11
RightNow Technologies Delivers RightNow November ’08 Plus New On Demand Enterprise Contact Centre Package 2008-11-19 12:00:00+11
Valorem uniquely deploys RSA SecurID for remote workforce management 2008-11-19 10:16:00+11
Refresh your AUP: Top tips to ensure your acceptable use policy is fit for purpose
Your organisation may well have devised and implemented an Acceptable Use Policy (AUP) some time ago in order to guard against the risks of inappropriate use of computer systems by your workers, but are you confident that your AUP remains 'fit for purpose'? Read on to discover how you can enhance the effectiveness of your AUP.
Buying Guides
Buying Guides
