Interesting People mailing list archives

Previous By Date Next
Previous By Thread Next

IP: Fw: today's wp, fbi suggests xp fix beyond that suggested by ms; ms refuses to send email notification to upgrade

From: David Farber <dfarber () earthlink net>
Date: Sat, 22 Dec 2001 12:54:26 -0400

-----Original Message-----
From: Paul Foldes <pfoldes () eidmgt com>
Date: Sat, 22 Dec 2001 11:48:49 
To: dave () farber net
Subject: today's wp, fbi suggests xp fix beyond that suggested by ms;
  ms refuses to send email notification to upgrade

Dave, of interest to IP

Note that MS position is that it is unnecesary to notify XP users by email 
to urge them to upgrade to safety patch;as, according to MS, a new feature 
of XP can automatically dowload the fix, and prompt to install it.

This would be a good opportunity to survey XP users as to:

1)  how many knew XP had this feature,
2) availed themselves of this automatic update feature, and
3) in fact installed the patch

as from an infrastructure safety point of view, it is of no utility if 
software has a feature that is not adequately trusted to be used; and 
notification of users is specifically declined by the manufacturer of such 
software found to have a glaring design fault.

Further to my suggestion in an earlier post this morning.

Paul Foldes



To view the entire article, go to 
http://www.washingtonpost.com/wp-dyn/articles/A15817-2001Dec22.html

FBI Advises Windows XP Users On Measures to Block Hackers

By Ted Bridis

The FBI's top cyber-security unit warned consumers and corporations last 
night to take steps beyond those recommended by Microsoft Corp. to protect 
against hackers who might try to attack major flaws discovered in the 
newest version of Windows software.

The FBI's National Infrastructure Protection Center said that, in addition 
to installing a free software fix offered by Microsoft on its Web site, 
consumers and corporations using Windows XP should disable the product's 
"universal plug and play" features affected by the glitches.

The FBI did not provide detailed instructions for how to do this. 
Microsoft considers disabling the features unnecessary.

The company acknowledged this week that Windows XP suffers from serious 
problems that allow hackers to steal or destroy a victim's data files 
across the Internet or implant rogue computer software. The glitches were 
unusually serious because they allow hackers to seize control of all 
Windows XP operating system software without requiring a computer user to 
do anything except connect to the Internet.

Outside experts cautioned that disabling the affected Windows XP features 
would threaten to render unusable an entire category of high-tech devices 
about to go on the market, such as a new class of computer printers that 
are easier to set up. But they also acknowledged that disabling them could 
afford some protection against any similar flaws that might be discovered 
in the future.

The FBI bulletin also urged professional computer administrators to 
monitor for certain types of Internet traffic that might indicate an 
attack was underway.

A top Microsoft security official, Steve Lipner, maintained that 
installing the free "patch" was the best course of action to protect their 
systems.

The FBI warning came after FBI and Defense Department officials and some 
top industry experts sought reassurance from Microsoft that the software 
fix really stops hackers from attacking the flaws.

 Microsoft declined to tell U.S. officials how many XP owners downloaded 
and installed its fix in the first 24 hours it was available. Experts 
from Internet service providers, including AT&#38;T Corp., said the 
information was vital to determine the scope of the threat.

<<< Microsoft also indicated it would not send e-mails to XP customers to 
alert them to the importance of installing the patch. The company 
explained that a new feature of XP can automatically download the fix and 
prompt consumers to install it.>>> <emphasis added>










-----------------------------------------------------------------------------
Paul Foldes  JD, BE,EE
Business Consultant  &  Adjunct Professor
Business, Management & Info-Science

E-Mail:  <mailto:pfoldes () eidmgt com>
Tel: +1 (703) 370-0008  Direct
As Needed: Fax #  / PGP Encryption / IM Info

Research .. Teaching  .. Consulting
*  Co$t Effective Use of New Technologies
*  User Respectful ePrivacy Practices
    THE Competitive Advantage
    


Sent from Dave's Blackberry.

For archives see:
http://www.interesting-people.org/archives/interesting-people/
Previous By Date Next
Previous By Thread Next

Current thread: