Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

FBI, Pentagon Quiz Microsoft on XP
dailynews.yahoo.com ^

Posted on 12/23/2001 6:55:43 AM PST by TaRaRaBoomDeAyGoreLostToday!

FBI, Pentagon Quiz Microsoft on XP

WASHINGTON (AP) - The FBI (news - web sites)'s top cyber-security unit warned consumers and corporations Friday night to take new steps beyond those recommended by Microsoft Corp. to protect against hackers who might try to attack major flaws discovered in the newest version of Windows software.

The FBI's National Infrastructure Protection Center said that, in addition to installing a free software fix offered by Microsoft on the company's Web site, consumers and corporations using Windows XP (news - web sites) should disable the product's ``universal plug and play'' features affected by the glitches.

The FBI did not provide detailed instructions how to do this. Microsoft considers disabling the ``plug and play'' features unnecessary.

The company acknowledged this week that Windows XP suffers from serious problems that allow hackers to steal or destroy a victim's data files across the Internet or implant rogue computer software. The glitches were unusually serious because they allow hackers to seize control of all Windows XP operating system software without requiring a computer user to do anything except connect to the Internet.

Outside experts cautioned that disabling the affected Windows XP features threatens to render unusable an entire category of high-tech devices about to go on the market, such as a new class of computer printers that are easier to set up. But they also acknowledged that disabling it could afford some protection against similar flaws discovered in the future.

The FBI, in a bulletin released at 8 p.m. at the start of a long holiday weekend, also warned professional computer administrators to actively monitor for specific types of Internet traffic that might indicate an attack was in progress.

A top Microsoft security official, Steve Lipner, sought to reassure consumers and companies that installing the free fix was the best course of action to protect their systems.

Friday's warning from the FBI's cyber-protection unit came after FBI and Defense Department officials and some top industry experts sought reassurance from Microsoft that the free software fix it offered effectively stops hackers from attacking the Windows XP flaws.

The government's rare interest in the problems with Windows XP software, which is expected to be widely adopted by consumers, illustrates U.S. concerns about risks to the Internet. Friday's discussions came during a private conference call organized by the National Infrastructure Protection Center.

During the call, Microsoft's experts acknowledged the threats posed by the Windows XP problems, but they assured federal officials and industry experts that its fix - if installed by consumers - resolves the issues.

Microsoft declined to tell U.S. officials how many consumers downloaded and installed its fix during the first 24 hours it was available. Experts from Internet providers, including AT&T Corp., argued that information was vital to determine the scope of the threat.

Microsoft also indicated it would not send e-mail reminders to Windows XP customers to remind them of the importance of installing the patch.

Microsoft explained that a new feature of Windows XP can automatically download the free fix, which takes several minutes, and prompt consumers to install it.

``The patch is effective,'' said Lipner, Microsoft's director of security assurance, in an interview with The Associated Press.

Officials expressed fears to Microsoft about possible electronic attacks targeting Web sites and federal agencies during next week's Christmas holidays from computers running still-vulnerable versions of Windows, participants said.

Several experts said they had already managed to duplicate within their research labs so-called ``denial of service'' attacks made possible by the Windows XP flaws. Such attacks can overwhelm Web sites and prevent their use by legitimate visitors.

Another risk, that hackers can implant rogue software on vulnerable computers, was considered more remote because of the technical sophistication needed.

The FBI's cyber-security unit has been concerned about the threat and warned again Thursday that the potential of ``denial of service'' attacks is high. The agency said people unhappy with U.S. policy have indicated they plan to target the Defense Department's Web sites, as well as other organizations that support the nation's most important networks.

-

On the Net:

NIPC.gov

Microsoft Security


TOPICS: Front Page News; News/Current Events
KEYWORDS: techindex
Navigation: use the links below to view more comments.
first previous 1-2021-4041-6061-80 ... 241-247 next last
To: Dominic Harr
We have to be careful in how we define defective. If I make specific claims that are untrue then yes, that is selling a defective product. If I never mention a defect that any reasonable person would assume to be a fundemental part of the transaction (your car radio example), then that too is wrong. But, to assert that any flaw in MS software is the same as selling a defect is a bit of a jump I think. Now if MS said that their software was 100% unbreakable then yes, any breaks would make that statement false. But to my knowledge they have never said this. So while they sold crummy software, they did not defraud anyone.

When Chrsyler was sued for putting cheaper gas tanks into their minivans that tended to explode more frequently people prattled on how that was a horrible thing for Chrysler to do. We'll if people always valued saftey over money they would all drive Volvos or Mercedes. Clearly people value money over safety more often. Now Chrysler never said anything about their gas tank. Yet they were sued because they made a cost choice the same as the thousand of other cost choices they made when desiging their minivan. All of these led to a cheaper minivan that people choose to purchase based on price. Why should that choice be wrong for Chrysler, but right for the consumer?

This relates to MS because if you want safety you would never use MS. MS is great software for its ease of use by the common person, and its ease of development for programmers. Everything else about their stuff sucks and everyone already knows that. So why would we complain?
41 posted on 12/23/2001 7:58:29 AM PST by verboten
[ Post Reply | Private Reply | To 21 | View Replies]

To: Balding_Eagle
There is no such law, what you are posting is a figment of your imagination.

Link and quote, above.

But you really don't even know about consumer protection laws?

Happens every day.

And when caught, those people get sued/prosecuted. Do you really think that if an auto dealer sells you a car in which the radio doesn't work, you have no legal recourse?

42 posted on 12/23/2001 7:58:47 AM PST by Dominic Harr
[ Post Reply | Private Reply | To 35 | View Replies]

To: Amerigomag
MS has know about the potential for the problem since the design phase of W2k and ME, more than two years ago.

Really?

Interesting . . .

43 posted on 12/23/2001 7:59:49 AM PST by Dominic Harr
[ Post Reply | Private Reply | To 40 | View Replies]

To: verboten
If I never mention a defect that any reasonable person would assume to be a fundemental part of the transaction (your car radio example), then that too is wrong.

And "not allowing anyone from outside to take total control of you machine" is clearly a fundamental part of the 'purchase of an OS' transaction.

This is a serious, significant ommission on the part of MS.

Why do ya'll want MS to be immune to the law?

44 posted on 12/23/2001 8:02:10 AM PST by Dominic Harr
[ Post Reply | Private Reply | To 41 | View Replies]

To: TaRaRaBoomDeAyGoreLostToday!
Perhaps someone can enlighten me as to why anyone would want Universal Plug and Play to be enabled all the time? If its purpose is to detect and install new devices, why not just open a window when a new device is detected and ask whether it should be installed? Or else offer an option that enables UPnP during initial set-up of the machine and then turns it off, so that it is normally disable but can be enabled if the user so chooses?

Lots of people have provided advance warning about the dangers of having raw sockets in Windows XP and making that the default option. What advantages does even Microsoft see for insisting upon this "feature"?

45 posted on 12/23/2001 8:02:48 AM PST by dpwiener
[ Post Reply | Private Reply | To 1 | View Replies]

To: AAABEST
You know...I think I will put XP on my machine today after I back everything up. Maybe this will eliminate my problem with screen freezes that my mouse keeps initiating!
46 posted on 12/23/2001 8:03:53 AM PST by Sungirl
[ Post Reply | Private Reply | To 11 | View Replies]

To: big'ol_freeper
I had three Macs prior to buying a piece of crap PC....I agree I am a Mac fan.Wish I would have...
47 posted on 12/23/2001 8:04:12 AM PST by TaRaRaBoomDeAyGoreLostToday!
[ Post Reply | Private Reply | To 34 | View Replies]

To: TaRaRaBoomDeAyGoreLostToday!
If this doesnt wake up the world and make them all switch to Linux I dont know what will.
48 posted on 12/23/2001 8:04:24 AM PST by Mixer
[ Post Reply | Private Reply | To 1 | View Replies]

To: Balding_Eagle
Let me get this straight -- you believe a company can knowingly sell a defective product legally?
Happens every day.

The key word here is "legally." People sell crack every day, commit prostitution every day, drive while intoxicated every day. Last I heard, these acts were still illegal.

49 posted on 12/23/2001 8:04:24 AM PST by TruthShallSetYouFree
[ Post Reply | Private Reply | To 38 | View Replies]

To: TaRaRaBoomDeAyGoreLostToday!
Laughing.. just how many "monitors" do you need? The new system profiles do not enumerate the bus settings by IRQ and I0 base and DMA address. Soooo.. if I sent a "bogus" eprom to your system for a "Plain Vanilla VGA" monitor windows XP would think that there was a secon monitor attached.

The monitor drivers under all the traditional 32-bit architectures were one area that the code still was done with a 16-bit architecture. WYSIWYG.

This allows for the multiple monitors under Win2k and the ability to "terminal emulate" the monitor.

IN ADDITION!! The Keyboards can be "epromed" into thinking that there are additional items and that allows for a keyboard logger.

While the NSA, CIA, FBI, USPS, and other investigators will not steal your credit cards the "villians" will.

Laughing...

Be careful and have a merry xmas.

50 posted on 12/23/2001 8:05:25 AM PST by taxbreak
[ Post Reply | Private Reply | To 1 | View Replies]

To: dpwiener
What advantages does even Microsoft see for insisting upon this "feature"?

The average computer user is not a techie. They want to plug in a new printer or scanner or webcam and have it work the same way a toaster or a televison or a lamp works, without having to go down to the basememnt and reset a circuit breaker. Microsoft's error is not one of intentions, but of poor implementation. Yet, again.

51 posted on 12/23/2001 8:07:42 AM PST by TruthShallSetYouFree
[ Post Reply | Private Reply | To 45 | View Replies]

To: Glenn
"Can you cite this law, please?"

I have a sneaking suspicion that if he keeps it up, he'll have a golden opportunity to explain himself to everyone -- in a rather public venue.

I can't comprehend the mentality that compels someone to take continuing potshots at an 800 lb behemoth, with little if anything to back up his attacks other then bile, venom, and an open hatred of said behemoth and anyone who defends it -- and, (ahem) a *clear* loyalty to said behemoth's competitor. Especially when said behemoth has demonstrated repeatedly that it is not averse to initiating litigation against its attackers.

This should be entertaining. If my guess is correct, that is.

52 posted on 12/23/2001 8:07:47 AM PST by Don Joe
[ Post Reply | Private Reply | To 13 | View Replies]

To: TruthShallSetYouFree
The key word here is "legally."

Personally, like with Clintonistas, I am fully convinced MS defenders know what they're saying isn't true.

I don't believe anyone here on FR is unaware of basic consumer protection laws . . .

They just use the Clintonista, "Oh, yeah? Prove it!" defense to everything said. We could say that grass is green and they'd ask for a linking proving it.

The goal is to find small details to argue about, thus avoiding discussion of the real topic.

In my opinion, of course.

53 posted on 12/23/2001 8:09:02 AM PST by Dominic Harr
[ Post Reply | Private Reply | To 49 | View Replies]

To: TaRaRaBoomDeAyGoreLostToday!
Do XP users need to download the patch twice and install it once, or should both downloaded copies be installed? Would a third download and installation provide even more protection? :)
54 posted on 12/23/2001 8:10:15 AM PST by Petronski
[ Post Reply | Private Reply | To 8 | View Replies]

To: Don Joe
I have a sneaking suspicion that if he keeps it up, he'll have a golden opportunity to explain himself to everyone -- in a rather public venue.

There ya go . . . threaten your critics with lawsuits you can't bring.

More good MS defense.

55 posted on 12/23/2001 8:10:16 AM PST by Dominic Harr
[ Post Reply | Private Reply | To 52 | View Replies]

To: verboten
But maybe this is much more sinister. Maybe the FBI was using the universal plug and play to install "rogue software" to spy on users. They've been drooling over such things prior to 9-11 but with more eagerness afterwards. Maybe Microsoft was strong armed into delaying the fix.

A year ago, a person could support Microsoft and still be a legitimate conservative/libertarian. Now, in order to continue defending Microsoft, one has to wear a tinfoil hat.

56 posted on 12/23/2001 8:10:51 AM PST by JoeSchem
[ Post Reply | Private Reply | To 4 | View Replies]

To: ALL;World'sGoneInsane;Alamo-Girl;Mercuria;amom;Pray4USA
Sunday December 23 10:40 AM ET

Consumers Urged to Protect Windows XP

By TED BRIDIS, Associated Press Writer

WASHINGTON (AP) - Consumers and corporations using Microsoft Corp.'s new Windows XP (news - web sites) software are being warned by the FBI (news - web sites) to take added steps against hackers who might try to take advantage of major flaws.

The bureau's National Infrastructure Protection Center said Friday that, in addition to installing a free software fix offered by Microsoft on the company's Web site, consumers and corporations using Windows XP should disable the product's ``universal plug and play'' features affected by the glitches.

The FBI did not provide detailed instructions how to do this. Microsoft considers disabling the ``plug and play'' features unnecessary.

The company acknowledged this week that Windows XP suffers from serious problems that allow hackers to steal or destroy a victim's data files across the Internet or implant rogue computer software. The glitches were unusually serious because they allow hackers to seize control of all Windows XP operating system software without requiring a computer user to do anything except connect to the Internet.

Outside experts cautioned that disabling the affected Windows XP features threatens to render unusable an entire category of high-tech devices about to go on the market, such as a new class of computer printers that are easier to set up. But they also acknowledged that disabling it could afford some protection against similar flaws discovered in the future.

The FBI also warned professional computer administrators to actively monitor for specific types of Internet traffic that might indicate an attack was under way.

It acted after bureau and Defense Department officials and some top industry experts sought reassurance from Microsoft that the free software fix it offered effectively stops hackers from attacking the Windows XP flaws.

The government's rare interest in the problems with Windows XP software, which is expected to be widely adopted by consumers, illustrates U.S. concerns about risks to the Internet. Friday's discussions came during a private conference call organized by the National Infrastructure Protection Center.

During the call, Microsoft's experts acknowledged the threats posed by the Windows XP problems, but they assured federal officials and industry experts that its fix - if installed by consumers - resolves the issues.

Microsoft declined to tell U.S. officials how many consumers downloaded and installed its fix during the first 24 hours it was available. Experts from Internet providers, including AT&T Corp., argued that information was vital to determine the scope of the threat.

Microsoft also indicated it would not send e-mail messages to Windows XP customers to remind them of the importance of installing the patch. It said a new feature of Windows XP can automatically download the free fix, which takes several minutes, and prompt consumers to install it.

``The patch is effective,'' Steve Lipner, Microsoft's director of security assurance, told The Associated Press.

Officials expressed fears to Microsoft about electronic attacks launched against Web sites and federal agencies during the Christmas holidays from computers running still-vulnerable versions of Windows, participants said.

Several experts said they had already managed to duplicate within their research labs ``denial of service'' attacks made possible by the Windows XP flaws. Such attacks can overwhelm Web sites and prevent their use by legitimate visitors.

Another risk, that hackers can implant rogue software on vulnerable computers, was considered more remote because of the technical sophistication required.

-

On the Net:

National Infrastructure Protection Center: http://www.nipc.gov

Microsoft: http://www.microsoft.com/security

57 posted on 12/23/2001 8:11:04 AM PST by TaRaRaBoomDeAyGoreLostToday!
[ Post Reply | Private Reply | To 1 | View Replies]

To: Dominic Harr
Here's your link.

why the grass is green

58 posted on 12/23/2001 8:12:06 AM PST by TruthShallSetYouFree
[ Post Reply | Private Reply | To 53 | View Replies]

To: TruthShallSetYouFree
why the grass is green

Hahahahahaha.

Does Santa know you're so bad? You're gonna get coal for Xmas.

59 posted on 12/23/2001 8:13:08 AM PST by Dominic Harr
[ Post Reply | Private Reply | To 58 | View Replies]

To: TaRaRaBoomDeAyGoreLostToday!
Until softwear companies are held financially responsible for their defective products, we will always absorb the significant costs of producers' negligence. Licensing "agreements'" free pass on defective product tort is a sham. This industry has matured and must be subject to statutory liability remedies for their defective products.
60 posted on 12/23/2001 8:14:01 AM PST by SevenDaysInMay
[ Post Reply | Private Reply | To 1 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-2021-4041-6061-80 ... 241-247 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson