Posted on 12/23/2001 6:55:43 AM PST by TaRaRaBoomDeAyGoreLostToday!
The FBI's National Infrastructure Protection Center said that, in addition to installing a free software fix offered by Microsoft on the company's Web site, consumers and corporations using Windows XP (news - web sites) should disable the product's ``universal plug and play'' features affected by the glitches.
The FBI did not provide detailed instructions how to do this. Microsoft considers disabling the ``plug and play'' features unnecessary.
The company acknowledged this week that Windows XP suffers from serious problems that allow hackers to steal or destroy a victim's data files across the Internet or implant rogue computer software. The glitches were unusually serious because they allow hackers to seize control of all Windows XP operating system software without requiring a computer user to do anything except connect to the Internet.
Outside experts cautioned that disabling the affected Windows XP features threatens to render unusable an entire category of high-tech devices about to go on the market, such as a new class of computer printers that are easier to set up. But they also acknowledged that disabling it could afford some protection against similar flaws discovered in the future.
The FBI, in a bulletin released at 8 p.m. at the start of a long holiday weekend, also warned professional computer administrators to actively monitor for specific types of Internet traffic that might indicate an attack was in progress.
A top Microsoft security official, Steve Lipner, sought to reassure consumers and companies that installing the free fix was the best course of action to protect their systems.
Friday's warning from the FBI's cyber-protection unit came after FBI and Defense Department officials and some top industry experts sought reassurance from Microsoft that the free software fix it offered effectively stops hackers from attacking the Windows XP flaws.
The government's rare interest in the problems with Windows XP software, which is expected to be widely adopted by consumers, illustrates U.S. concerns about risks to the Internet. Friday's discussions came during a private conference call organized by the National Infrastructure Protection Center.
During the call, Microsoft's experts acknowledged the threats posed by the Windows XP problems, but they assured federal officials and industry experts that its fix - if installed by consumers - resolves the issues.
Microsoft declined to tell U.S. officials how many consumers downloaded and installed its fix during the first 24 hours it was available. Experts from Internet providers, including AT&T Corp., argued that information was vital to determine the scope of the threat.
Microsoft also indicated it would not send e-mail reminders to Windows XP customers to remind them of the importance of installing the patch.
Microsoft explained that a new feature of Windows XP can automatically download the free fix, which takes several minutes, and prompt consumers to install it.
``The patch is effective,'' said Lipner, Microsoft's director of security assurance, in an interview with The Associated Press.
Officials expressed fears to Microsoft about possible electronic attacks targeting Web sites and federal agencies during next week's Christmas holidays from computers running still-vulnerable versions of Windows, participants said.
Several experts said they had already managed to duplicate within their research labs so-called ``denial of service'' attacks made possible by the Windows XP flaws. Such attacks can overwhelm Web sites and prevent their use by legitimate visitors.
Another risk, that hackers can implant rogue software on vulnerable computers, was considered more remote because of the technical sophistication needed.
The FBI's cyber-security unit has been concerned about the threat and warned again Thursday that the potential of ``denial of service'' attacks is high. The agency said people unhappy with U.S. policy have indicated they plan to target the Defense Department's Web sites, as well as other organizations that support the nation's most important networks.
-
On the Net:
I agree. I'm having a hard time seeing this as a defective product issue. To me, the test is wheather the product performs as advertised when used as intended. I wouldn't consider a lawnmower defective if it wouldn't run because someone snuck into my garage and filled the gas tank with water.
Go START, HELP AND SUPPORT, and the chose KEEP YOUR COMPUTER UP-TO-DATE. Then follow instructions.
I usually skip these 'Lets Bash MS Some More' threads because it brings out the more emotional(liberal) side of FR posters, leaving the rational thinking side of the brain to rest a bit.
One thing I've noticed was how RealPlayer (for example) can invade my computer memory and screen area and yet no complaining from anyone. Its the devil to get it out, and I haven't really got their infectus software tamed. Yet MS, which has consistantly, over the years, made major improvements to it's OS gets slammed.
The improvements are of such magnitude that I can now run really crappy 3rd party software (I have no choice but to do so) and WIN will just ignore all of the bugs in it. My computer has crashed maybe once or twice in the past 18 months. The crappy 3rd party software has caused about 200-300 crashworthy problems in that time. Task manger has allowed me to pinpoint them and 'cut-off' the offending file, or whatever. Like I said I'm not a wiz, but like everyone else I know when things aren't working.
Flame away, but when something works as good as WIN 2000 and now XP, I'm an avid supporter. It's made my life much easier.
Aw, don't spoil the fun. Let him keep digging himself in deeper and deeper and deeper. It'll be fun to watch the New Dominick go "Mnfph pfmfpfh mnftp!" when people taunt him after his attacks come home to roost and he's... well, why ruin the surprise. :)
What is it about MS-haters that makes them think they are above the law?
Is the basic law that a company can't knowingly sell defective goods a violation of common sense?
I'd say that is a very important, basic one. And MS has just violated it terribly.
With IIS, the buffer over-run vulerabiliy was known to the public. In this case, only MS and the one security company knew.
MS knowingly continued to sell a defective product. All they had to do was inform their customers to *turn the thing off*.
For their profits, they didn't.
I started receiving an lsass error on boot and the system would not boot unit I did a system roll back and unistalled the patch.
Ya'll have been threatening me with lawsuits to shut me up for almost 2 years now.
Do you really think anyone cares?
I'd consider it a badge of honor if MS tried to sue me for informing people of MS's law-breaking.
MS 'business tactic' #324 -- sue people.
Um, perhaps the availabiltity of applications?
My sides, my sides, etc.
PS: don't jive me with any of that "Star Office" crap either, sonny.
Why did they continue to sell this to millions?
You're a sad piece of work, Batchmo.
PS: you're not my "critic". You're merely a pesky nuisance.
You and innocentbystander have explicitly threatened me with a lawsuit in the past.
Innocent has also threatened to beat me up.
Your posts -- several of them -- was *clearly* more of the same.
Here on FR, threatening the other side in a debate with a lawsuit is called 'losing the debate'.
Um, panties in a knot?
Keep talking, Dominic. I can use the sleep.
The MS SOP is: sell the Beta Version with fingers crossed.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.
