You can find instructions to disable "universal plug & play"
HERE

1 posted on 12/22/2001 6:09:21 AM PST by webster

Windows '95......works for me. Foolproof.

2 posted on 12/22/2001 6:15:05 AM PST by Victor

Or, buy a Mac...

Bwah hahaha!

4 posted on 12/22/2001 6:20:52 AM PST by IncPen

Are they recommending Linux or especially OpenBSD as alternatives? Works for me.

5 posted on 12/22/2001 6:23:36 AM PST by ikka

The fox is afraid someone else is going to get in the hen-house.

6 posted on 12/22/2001 6:24:10 AM PST by meenie

...top industry experts sought reassurance from Microsoft that the free software fix it offered effectively stops hackers from attacking the Windows XP flaws.

Flaws? Plural?

I thought XP was the greatest thing since sliced bread; the most secure OS ever devised by man.

It's begining to look like the best way to keep XP safe from outside attacks is, unplug it from any network. If you need to talk to the net; use something else.

7 posted on 12/22/2001 6:26:12 AM PST by AFreeBird

Windows '95......works for me. Foolproof.

While I wouldn't go so far as to call it "foolproof," I'm sticking with '95.

8 posted on 12/22/2001 6:26:55 AM PST by Rudder

Yes...it appears Steve Gibson (Creator of Zone Alarm) was correct about XP's problems. Read more here

9 posted on 12/22/2001 6:29:42 AM PST by webster

10 posted on 12/22/2001 6:35:03 AM PST by webster

You know, I can recall Gibson talking about this months before XP was released. And he was, it turns out, a voice crying in the wilderness.

What's galling now -- and it must be Really Galling for Gibson -- is the news reports concerning this "unexpected" security hole credit people other than Gibson for discovering it.

Sheesh.

11 posted on 12/22/2001 6:36:51 AM PST by Brandybux

12 posted on 12/22/2001 6:39:19 AM PST by webster

A buffer overflow big enough to drive a Mack truck thru.

This is an unbelievable technical "oversight" by Microsoft.

This startling screwup is the best argument I've seen to keep the O/S market competative.

14 posted on 12/22/2001 6:47:39 AM PST by Amerigomag

I don't understand why folks don't secure their 'puter boxes (of any OS flavor) with a hardware firewall. It is easy and inexpensive while requiring no attention for monitoring software.

Oh well, the internet has been public for only 10 years .......

15 posted on 12/22/2001 6:52:16 AM PST by Buckeroo

The fix was posted on the Microsoft Windows Update site yesterday. Just go there to install it painlessly.

For those who are especially paranoid, I don't see why you can't turn off univeral P&P and then turn it back on just before installing a new piece of hardware. Then turn it off again. But that seems like too much trouble to me. I don't think the FBI are the best place to go for computer advice.

16 posted on 12/22/2001 6:52:43 AM PST by Cicero

To: Chairman_December_19th_Society.

Here ya go again boss!!!! ROTFLMAO.

17 posted on 12/22/2001 6:56:07 AM PST by Neets

Yes, agreed...I run both a hardware and software firewall.

18 posted on 12/22/2001 7:00:58 AM PST by webster

The vulnerability appears to affect only clients, not servers. Clients affected include Windows XP, Windows ME client running Universal PnP (which may have been turned on by default during manufacturer's installs), and Windows 98 and Windows 98 SE clients which are running UPnP downloaded from Windows XP clients.

Microsoft bulletin

CERT Advisory

The news media is doing the public a disservice by emphasizing that this vulnerability is associated with Windows XP and not with UPnP. Windows ME users, in particular, should be certain to either confirm that UPnP is turned off or to download and apply the fix.

Buffer overruns are an old and well known type of vulnerability. It is amazing that Microsoft wouldn't have tested for it.

On the other hand, this is an obscure message in an obscure service, and it would be a wonderful place for a 3-letter agency to hide its backdoor for installing its keyboard snooping program. At any rate, this should pretty much ensure that foreign governments adopt Linux instead of Windows.

19 posted on 12/22/2001 7:24:08 AM PST by Lessismore

Former federal agent calls XP a threat to national security

Update: Microsoft patch blocks holes in XP

Congress fails to approve NextWave spectrum deal

Shoho worm adds, deletes files

Analysis: Large wins in the metro area

All of today's news

By John Fontana
Network World, 10/15/01

A computer forensics expert and retired federal agent is trying to convince the U.S. government that Windows XP is a threat to national security and its distribution should be postponed.

Michael Anderson, president of New Technologies, says data "scrubbing" features in Windows XP Professional will make it impossible for federal agents and law enforcement to find and reconstruct digital evidence buried on computers, particularly those seized from terrorists.

While Anderson concedes that XP's data "scrubbing" and encrypted file system features are desired by law enforcement and others for keeping data secure, he says the timing of XP is bad.

Your reaction
Join the discussion on this article.

"This is an intelligence issue," says Anderson, who provides computer forensics training, software and consulting to military and law enforcement agencies. "The government and Microsoft need to think this thing through."

Some security experts are unconvinced, however.

"This may be going a little too far," says Charles Kolodgy, an analyst with market research firm IDC. "Do you ban shredding, burning of paper?" Kolodgy also says the argument is ironic given that Microsoft is often criticized for leaving so many security features disabled by default. Others say privacy is also an issue.

But Anderson, who retired in 1996 from the U.S. Treasury, where he was a special agent, says the government should force Microsoft to postpone the release of the Professional version of XP in light of the Sept. 11 terrorist attacks. Windows XP launches Oct. 25, ironically, at an event in New York City.

Anderson, whose business is based in Oregon, has detailed his concerns in letters to his state's congressional representatives in Washington, D.C.

A spokesman for Sen. Ron Wyden (D-Ore.), a member of the Select Committee on Intelligence, says the senator was forwarding Anderson's letter to Attorney General John Ashcroft. "We are asking the Justice Department to take a look. We think it is their issue," the spokesman says.

Chuck Guzis, president of Sydex, which develops data conversion and emulation software, also has written to Congress.

"We just need to delay this software," he says. "We don't have the [forensics] tools or methodology in place to combat XP."

Anderson's concerns stem from the fact that even when data is deleted from a computer it still resides on the hard drive for a period of time. This is known as ambient data. Experts can reconstruct ambient data to recover files and e-mails. Such work was done to produce evidence in the trial of Iran-Contra figure Gen. Oliver North and in the Monica Lewinsky scandal.

Windows XP Professional has a feature called data recovery. By default, that mechanism is turned off, meaning that ambient data is "scrubbed" from the hard drive. Anderson says that means terrorists could use it to hide their digital tracks.

"XP will slam the door on all that forensics work," Anderson says. But Microsoft says security in XP as in other Microsoft products isn't created in a vacuum.

"We work with others in the industry and government agencies to develop security policies that take into account law enforcement concerns," says Jim Desler, the corporate spokesman for Microsoft.

He acknowledges that savvy terrorists can use third-party tools, such as Evidence Eraser by Mad Hornet, to stifle forensics work but says Windows XP makes it available by default to anyone buying XP Professional

20 posted on 12/22/2001 7:34:24 AM PST by webster

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794