strzelec-opolski
28.08.04, 22:11
Introduced in Service Pack 2, along side many other security features, Windows
XP gained the "security center" (screenshot). A nice addition, and a central
place for people to check their system's security status. So we thought.
eWeek and PC Magazine have published reports suggesting that the system can be
spoofed very easily, allowing potentially nasty programs to perform un-wanted
tasks. "Based on an anonymous tip, we looked into the WMI and the Windows
Security Center's use of it, and found that it may not only be a security
hole, but a crater in the wrong hands. Due to the nature of WMI, the WSC could
potentially allow attackers to spoof the state of security on a user's system
while accessing data, infecting the system, or turning the PC into a zombie
for spam or other purposes."
The PC Magazine article explores the problem and how it can be exploited in
good depth. It makes very depressing reading for users who had hoped that
Microsoft had over-come this kind of problem with Service Pack 2. Microsoft
responded to the article suggesting that they didn't think it was a problem at
all; they added that you needed to be running as an administrator for it to be
an issue; true, PC Mag agreed, but they also noted that XP Home runs (by
default) as Admin, and most users of XP Pro make themselves administators to
save hassle when installing and running programs.
Service Pack 2 is a necessary upgrade for all users, and everyone should
install it. However, as the article and Neowin recommend, don't rely to
heavily on these new security features. Ensure you update Firewall / AV /
Windows often, and check the status of your protection often. Microsoft will
never be able to be 100% safe / problem free, but they are trying, and should
be commended for their effort.
