PsYcHoLoGiCaL

Heres a good article about Microsofts SP2, which they will be releasing at some pont. Hopefully it will be a big improvement, but I guess we will have to wait to see if it lives up to Microsofts hype, it sounds like it could be interesting though.

http://www.cryptonomicon.net/modules...rticle&sid=687
-------------------------------------------------

With Windows XP service pack 2 (SP2) preparing for release, Microsoft chief software architect Bill Gates introduced new Windows security features to a crowd of security experts at the RSA Data Security Conference yesterday. New features include "Active Protection" and "Windows Security Center."


Microsoft's new Windows Security Center, gives users a single control panel like location to view all windows security-related configuration settings. The main window of the WSC contains large displays announcing the status of the Windows Firewall, Anti-Virus Activity, and Patch Management Status. Smaller, clickable links take the user to security configuration settings for applications.

Microsoft product manager Zachary Gutt demonstrated SP2's new "Active Protection" feature. Active Protection uses meta-data about known windows vulnerabilities to block users from performing risky tasks unless the proper security patches have been applied. The demonstration showed the system blocking Internet Explorer from displaying ActiveX components that might lead to a system compromise. The new "Gold Bar" in IE alerts users to patch management problems and directs them to Windows Update to fix vulnerabilities before downloading potentially virulent content.

Also mentioned was the Windows Firewall. The new feature should be a major benefit for users of Microsoft Windows, especially wireless and home users. Few details were given other than to say that many previously accessible ports are now blocked by default. The feature appeared to be on par with personal firewalls produced by third-party vendors and firewall features already included in Apple MacOS X and various Linux versions.

Mr. Gates also mentioned several other "under the hood" features that would soon be integrated into the Windows product. Of particular interest to system users is the so-called 'W^X" (read "Write Exclusive Or Execute.") W^X prevents portions of memory that are writable by user processes from being executable. The extension should reduce the threat caused by buffer overrun exploits. (Buffer overrun attacks typically place malicious executable code on the program stack and fool the attacked application into executing it.)

Though the new features were generally welcomed, a small amount of skepticism was present after the demonstration. After viewing the Active Protection demonstration, one CIO commented, "If MSIE knows which patches I should have on my machine, why doesn't it just install them for me?"

Another Microsoft Windows user commented that he hoped the meta-data stream used by the Active Protection components was not susceptible to attack, commenting, "What a great avenue for a Denial of Service attack. All I need do is publish a bogus report that fools Windows into believing it needs an update and I can 'Gold Bar' the whole network," referring to the MSIE alert interface. As of yet, it's not entirely clear that the Active Protection meta data is at particular risk, but clearly it increases the "surface area" requiring protection.

Users of older operating systems groused that "it's about time" Microsoft catch up with the rest of the OS community. Referring to stack protection features, one OpenBSD user commented, "These are things that OpenBSD has been doing for a while." A user of the antiquated RX11 operating system from Digital Equipment Corporation commented that such features were common in embedded process control equipment in the 1980's.

On the whole, however, most conference attendees agreed that the new features should benefit end users if they are properly implemented. Expressing a common sentiment, one audience member commented, "It's great to see Microsoft giving more attention to security, but they're always going to have a hard job selling into a room of seasoned security professionals."

__________________
"Many of life's failures are people who did not realize how close they were to success when they gave up." -- Thomas A. Edison