Posted on 12/23/2001 6:55:43 AM PST by TaRaRaBoomDeAyGoreLostToday!
The FBI's National Infrastructure Protection Center said that, in addition to installing a free software fix offered by Microsoft on the company's Web site, consumers and corporations using Windows XP (news - web sites) should disable the product's ``universal plug and play'' features affected by the glitches.
The FBI did not provide detailed instructions how to do this. Microsoft considers disabling the ``plug and play'' features unnecessary.
The company acknowledged this week that Windows XP suffers from serious problems that allow hackers to steal or destroy a victim's data files across the Internet or implant rogue computer software. The glitches were unusually serious because they allow hackers to seize control of all Windows XP operating system software without requiring a computer user to do anything except connect to the Internet.
Outside experts cautioned that disabling the affected Windows XP features threatens to render unusable an entire category of high-tech devices about to go on the market, such as a new class of computer printers that are easier to set up. But they also acknowledged that disabling it could afford some protection against similar flaws discovered in the future.
The FBI, in a bulletin released at 8 p.m. at the start of a long holiday weekend, also warned professional computer administrators to actively monitor for specific types of Internet traffic that might indicate an attack was in progress.
A top Microsoft security official, Steve Lipner, sought to reassure consumers and companies that installing the free fix was the best course of action to protect their systems.
Friday's warning from the FBI's cyber-protection unit came after FBI and Defense Department officials and some top industry experts sought reassurance from Microsoft that the free software fix it offered effectively stops hackers from attacking the Windows XP flaws.
The government's rare interest in the problems with Windows XP software, which is expected to be widely adopted by consumers, illustrates U.S. concerns about risks to the Internet. Friday's discussions came during a private conference call organized by the National Infrastructure Protection Center.
During the call, Microsoft's experts acknowledged the threats posed by the Windows XP problems, but they assured federal officials and industry experts that its fix - if installed by consumers - resolves the issues.
Microsoft declined to tell U.S. officials how many consumers downloaded and installed its fix during the first 24 hours it was available. Experts from Internet providers, including AT&T Corp., argued that information was vital to determine the scope of the threat.
Microsoft also indicated it would not send e-mail reminders to Windows XP customers to remind them of the importance of installing the patch.
Microsoft explained that a new feature of Windows XP can automatically download the free fix, which takes several minutes, and prompt consumers to install it.
``The patch is effective,'' said Lipner, Microsoft's director of security assurance, in an interview with The Associated Press.
Officials expressed fears to Microsoft about possible electronic attacks targeting Web sites and federal agencies during next week's Christmas holidays from computers running still-vulnerable versions of Windows, participants said.
Several experts said they had already managed to duplicate within their research labs so-called ``denial of service'' attacks made possible by the Windows XP flaws. Such attacks can overwhelm Web sites and prevent their use by legitimate visitors.
Another risk, that hackers can implant rogue software on vulnerable computers, was considered more remote because of the technical sophistication needed.
The FBI's cyber-security unit has been concerned about the threat and warned again Thursday that the potential of ``denial of service'' attacks is high. The agency said people unhappy with U.S. policy have indicated they plan to target the Defense Department's Web sites, as well as other organizations that support the nation's most important networks.
-
On the Net:
Windows XP is advertized as the most secure operating system
ever, when obviously they knew it was not.
They were informed privately of this serious flaw, a week
later the public was informed, 4 weeks later a patch was
announced.
You one of them M$ zealots? :)
I'm as concerned about the police state that we are in slide towards as much as anyone. And there are things in the works at MS that have me deeply concerned, and which I won't be participating in. XP is hardly that.
Frankly though, if I were involved in something seriously self incriminating I sure wouldn't be using my computer in the fashion that I am. Relax a little, there are things to be concerned about, this isn't one.
Did you read the reports?
MS was told about this defect 5 weeks ago. They continued to sell XP during that time without informing customers of the product defect they knew existed.
They could have informed customers to just turn the feature off. But doing so -- admitting XP had defects -- would have hurt MS's sales.
So to benefit MS's sales, they refused to warn consumers of a known defect in the XP product.
Can we allow a manufacturer to act this way? That's illegal.
Expecting MS to obey the law is 'unreasonable'?
And punishment for a company who *knowingly* hides a product defect?
You wouldn't allow any other company to knowingly sell a defective product . . .
Does the law apply to MS?
MS did this.
Is MS above the law?
Would you say that 'product liability' laws are important?
Should it be legal for a company to hide a known product defect to increase sales of that product?
Forgive me if my aggressiveness puts people off. But the point seems in-arguable.
I have a Sony Vaio Desktop setting right next to my Mac. If you could see a comparison of how MicroSoft's stuff looks on the PC and the Mac, maybe you would catch on. Internet Explorer is much nicer on the Mac, so is Office.I have the PC because M$ continually breaks web pages, so when I run into those, I view it on the PC, don't like it but I use it. By the way about the only thing that crashes on my Mac is OutLook Express, can usually do a force quit with out rebooting, so I live with it.
I still use Classic OS 9 for most of what I do, I have OS X installed, but haven't made the full time plunge yet, mostly because it is very similar to XP. I decided to use XP for a while, since they look a lot alike.
I believe the sentence that talks about "the ability or inability to use the product covers part of this discussion. If a user cannot figure out that he has a responsibility to secure his machine, then why should MS be responsible for that. That said, I just found out that this problem also affects the ME version, which I happen to be running on two of my machines, so I have to patch them up.
Picture a theft of personal items from a motor vehicle. When the theft is reported to the insurance agent, the first question will be "Was the vehicle locked?" and if the answer is no, then the theft will probably not be covered.
Quote from an old girlfriend: become familiar with the store's return policy before making a purchase.
Suppose someone buys a piece of software with the intention of using it on two computers (but with him being the sole individual using it, and with him only actually using one copy at a time). General copyright law has no problem with this, and many companies' license agreements allow for it as well.
If this person spends $400 on this piece of software, takes it home, goes to install it, and discovers that the license forbids such installation, what is he supposed to do?
If the software can be returned in such case with the purchaser receiving full reimbursement for any monetary costs incurred in its purchase and return, the license might be enforceable. But if it cannot, the license is void.
Legally, a 'product defect' is significant if it would affect the decision to buy.
Bottom line -- do you think companies ought to be legally required to tell you of anything that they know would cause you not to buy the product?
Do you think companies can be allowed to hide known defects they know will hurt sales?
Or maybe one 22 inch Apple Digital Display, nothing like it.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.