Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

FBI, Pentagon Quiz Microsoft on XP
dailynews.yahoo.com ^

Posted on 12/23/2001 6:55:43 AM PST by TaRaRaBoomDeAyGoreLostToday!

FBI, Pentagon Quiz Microsoft on XP

WASHINGTON (AP) - The FBI (news - web sites)'s top cyber-security unit warned consumers and corporations Friday night to take new steps beyond those recommended by Microsoft Corp. to protect against hackers who might try to attack major flaws discovered in the newest version of Windows software.

The FBI's National Infrastructure Protection Center said that, in addition to installing a free software fix offered by Microsoft on the company's Web site, consumers and corporations using Windows XP (news - web sites) should disable the product's ``universal plug and play'' features affected by the glitches.

The FBI did not provide detailed instructions how to do this. Microsoft considers disabling the ``plug and play'' features unnecessary.

The company acknowledged this week that Windows XP suffers from serious problems that allow hackers to steal or destroy a victim's data files across the Internet or implant rogue computer software. The glitches were unusually serious because they allow hackers to seize control of all Windows XP operating system software without requiring a computer user to do anything except connect to the Internet.

Outside experts cautioned that disabling the affected Windows XP features threatens to render unusable an entire category of high-tech devices about to go on the market, such as a new class of computer printers that are easier to set up. But they also acknowledged that disabling it could afford some protection against similar flaws discovered in the future.

The FBI, in a bulletin released at 8 p.m. at the start of a long holiday weekend, also warned professional computer administrators to actively monitor for specific types of Internet traffic that might indicate an attack was in progress.

A top Microsoft security official, Steve Lipner, sought to reassure consumers and companies that installing the free fix was the best course of action to protect their systems.

Friday's warning from the FBI's cyber-protection unit came after FBI and Defense Department officials and some top industry experts sought reassurance from Microsoft that the free software fix it offered effectively stops hackers from attacking the Windows XP flaws.

The government's rare interest in the problems with Windows XP software, which is expected to be widely adopted by consumers, illustrates U.S. concerns about risks to the Internet. Friday's discussions came during a private conference call organized by the National Infrastructure Protection Center.

During the call, Microsoft's experts acknowledged the threats posed by the Windows XP problems, but they assured federal officials and industry experts that its fix - if installed by consumers - resolves the issues.

Microsoft declined to tell U.S. officials how many consumers downloaded and installed its fix during the first 24 hours it was available. Experts from Internet providers, including AT&T Corp., argued that information was vital to determine the scope of the threat.

Microsoft also indicated it would not send e-mail reminders to Windows XP customers to remind them of the importance of installing the patch.

Microsoft explained that a new feature of Windows XP can automatically download the free fix, which takes several minutes, and prompt consumers to install it.

``The patch is effective,'' said Lipner, Microsoft's director of security assurance, in an interview with The Associated Press.

Officials expressed fears to Microsoft about possible electronic attacks targeting Web sites and federal agencies during next week's Christmas holidays from computers running still-vulnerable versions of Windows, participants said.

Several experts said they had already managed to duplicate within their research labs so-called ``denial of service'' attacks made possible by the Windows XP flaws. Such attacks can overwhelm Web sites and prevent their use by legitimate visitors.

Another risk, that hackers can implant rogue software on vulnerable computers, was considered more remote because of the technical sophistication needed.

The FBI's cyber-security unit has been concerned about the threat and warned again Thursday that the potential of ``denial of service'' attacks is high. The agency said people unhappy with U.S. policy have indicated they plan to target the Defense Department's Web sites, as well as other organizations that support the nation's most important networks.

-

On the Net:

NIPC.gov

Microsoft Security


TOPICS: Front Page News; News/Current Events
KEYWORDS: techindex
Navigation: use the links below to view more comments.
first previous 1-20 ... 181-200201-220221-240241-247 next last
To: tje
In the same way that Clintonistas can't admit the simplest, most obvious lawbreaking by MS.

I mean, the way that Clintonistas can't admit the simplest, most obvious lawbreaking by Bill Clinton!

Sorry, 4th glass of port is getting to me . . .

221 posted on 12/23/2001 6:49:51 PM PST by Dominic Harr
[ Post Reply | Private Reply | To 218 | View Replies]

To: TechJunkYard
The difference is that you decide whether you need/want the update (I uninstalled that RPM last month!) and you initiate the download at your convenience.

Y'know, at work I've got all my servers on Windows OS's. I just bought Mandrake and installed it, and am hoping to migrate to it in a month or three after I'm familiar enough with it to make it fly.

It's a little wierd at first, but I'm starting to get use to it.

I agree completely -- they should *ask* if you want an update.

I don't trust any company to just access my machine without permission.

222 posted on 12/23/2001 6:52:31 PM PST by Dominic Harr
[ Post Reply | Private Reply | To 219 | View Replies]

To: Dominic Harr
Dominic,

I appreciate your thoughtful response. You're correct, I do not know what your motives are. I, too, am a developer and I deal with these issues every day. tje
223 posted on 12/23/2001 7:07:56 PM PST by tje
[ Post Reply | Private Reply | To 220 | View Replies]

To: Balding_Eagle
Im a techie geek who has used Linux and BeOS and I agree with you, Windows is still far better than any of them.

I got my update through the auto update feature when it was released. I am always connected over cable and never had any problems with hackers. I got a hardware firewall and usually move some standard ports to another port for my own personal use. So those stupid port trolling apps those hackers use miss me all together. Flame me if you want but MS puts out some good stuff. ASP is my favorite of their inventions.

224 posted on 12/23/2001 7:14:29 PM PST by smith288
[ Post Reply | Private Reply | To 65 | View Replies]

To: Dominic Harr
--I don't have it saved or anything, but they knew about this at least as far back as august I think, saw it on wired or some site like that.
225 posted on 12/23/2001 7:14:55 PM PST by zog
[ Post Reply | Private Reply | To 186 | View Replies]

To: Dominic Harr
I just bought Mandrake and installed it...

If you need pointers / have questions, ping rdb3 or myself... we'll be glad to help. Mdk is basically re-packaged RedHat.

226 posted on 12/23/2001 7:17:06 PM PST by TechJunkYard
[ Post Reply | Private Reply | To 222 | View Replies]

To: tje
I appreciate your thoughtful response.

I am sorry if/when I sometimes get too into 'baiting' the other side.

I do that to get responses sometimes. And (honesty time) because it's fun. And because I can't say these things when it's my co-workers . . .

227 posted on 12/23/2001 7:17:26 PM PST by Dominic Harr
[ Post Reply | Private Reply | To 223 | View Replies]

To: zog
--I don't have it saved or anything, but they knew about this at least as far back as august I think, saw it on wired or some site like that.

They've known for 5 weeks, according to the press story. A security company found the defect 5 weeks ago, and informed MS.

MS at that point should have informed it's customers to turn the feature off. But they did not, because they didn't want to admit that XP had a defect.

For sales reasons, of course.

228 posted on 12/23/2001 7:19:25 PM PST by Dominic Harr
[ Post Reply | Private Reply | To 225 | View Replies]

To: TechJunkYard
If you need pointers / have questions, ping rdb3 or myself... we'll be glad to help. Mdk is basically re-packaged RedHat.

Thank you, I will.

229 posted on 12/23/2001 7:20:03 PM PST by Dominic Harr
[ Post Reply | Private Reply | To 226 | View Replies]

To: TaRaRaBoomDeAyGoreLostToday!
Thanks for the heads up!
230 posted on 12/23/2001 7:39:13 PM PST by Alamo-Girl
[ Post Reply | Private Reply | To 57 | View Replies]

To: Leper Messiah
so your machine downloaded the patch with out your knowledge, and you were notified after the fact ???

I checked the box requesting that service. It's a choice each consumer makes. As I remember, there were several options given, including one that has no communication at all from MS.

As I pointed out earlier, RealPlayer (as an example) does not give that kind of option when you download from them, they just come in and 'take-over'. Yet I've never heard a single complaint about their tactics.

MS gave me several options, I chose the one that makes my life easier and simpler. I'm doing so without compromising my security.

You probably would choose a different way/time to be notified of updates. Thats your choice.

231 posted on 12/23/2001 7:54:19 PM PST by Balding_Eagle
[ Post Reply | Private Reply | To 212 | View Replies]

Comment #232 Removed by Moderator

To: theprogrammer
If companies only sold software that they knew to be perfect beyond a shadow of a doubt, there wouldn't be any software on the market.

Depends on what the software's publisher claims about it. Microsoft specifically claimed that XP was a secure operating system. They did not in any way retract that claim in the five weeks following their discovery that it was false.

233 posted on 12/23/2001 8:18:36 PM PST by supercat
[ Post Reply | Private Reply | To 232 | View Replies]

To: supercat
Exactly.I miss my Apple. ipods are awesome I hear.
234 posted on 12/23/2001 8:25:02 PM PST by TaRaRaBoomDeAyGoreLostToday!
[ Post Reply | Private Reply | To 233 | View Replies]

To: theprogrammer
All programs the size of operating systems have and will always have bugs or defects in them.

This isn't about XP having bugs.

It's about Microsoft specifically hiding their knowledge of a serious prodcut defect until after the Christmas selling season.

The issue isn't that XP *had* a bug, but that MS *knew* there was a bug and MS *hid* that knowledge from customers on purpose.

One of theses times, people will get hacked under this 'policy'.

That is pure and simple a violation of consumer protection laws. If a company knows about a defect, they must reveal that information to customers.

They *have* to. Legally. And morally, I should say.

235 posted on 12/23/2001 8:36:19 PM PST by Dominic Harr
[ Post Reply | Private Reply | To 232 | View Replies]

Comment #236 Removed by Moderator

To: College Repub
"Unless you like looking a wierd looking odd keyboarded machines"

Make sure you fit in a couple of courses in English before you graduate.

237 posted on 12/24/2001 2:36:58 AM PST by big'ol_freeper
[ Post Reply | Private Reply | To 136 | View Replies]

To: big'ol_freeper
I have. Got an A in each. I'm not a bad speller, just a bad typer. There's no spell check here on FR and I don't take my posts so seriously that I have a dictionary and spend 5 minutes on each.
238 posted on 12/24/2001 3:01:24 AM PST by College Repub
[ Post Reply | Private Reply | To 237 | View Replies]

To: theprogrammer
If you have been conditioned into believing that, I feel for you.

Or perhaps you're just using the wrong operating system.

Why not take a look at an OS which has gone for four years without an exploitable flaw in the default install?

Theo and Company started out by wanting to remove bugs and poor programming techniques. The by-product is a very secure operating system.

As a security engineer, when I brief programmers on proper programming techniques, I tell them this:

Software code should do exactly what it needs to do to function properly, and no more.

It's the second part that most programmers screw up on. Generally it's not intentional. They've just worked really hard to make it do what they want, who wants to go back and make sure it doesn't do anything else?

That's what Theo did. And the result is the most secure PC operating system available today. Four years is a long time for an OS. Even longer when you crank out a new version every 6 months.

Knitebane

239 posted on 12/24/2001 3:32:06 AM PST by Knitebane
[ Post Reply | Private Reply | To 232 | View Replies]

To: College Repub
You got an "A" in each.....let me guess.....you went to public schools.
240 posted on 12/24/2001 5:27:43 AM PST by big'ol_freeper
[ Post Reply | Private Reply | To 238 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-20 ... 181-200201-220221-240241-247 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson