I think a lot has been said in this thread without much back being given
to comments. I know of no SP2 specific vulnerabilities are not also
effecting SP1, yet I know very many SP1 specific vuln's that SP2 doesn't
fall prey to. Next, the firewall works as advertised, as far as FPS is
concerned, if you are opening access to this services you are defeating
much of the purpose of the firewall, sure the windows are locked but who
cares because the front door is wide open.
SP2 is a great upgrade from SP1, call this my personal opinion or fact
but there are many strong arguments supporting this. Integrated IE
Pop-Up blocker is enough for me, especially since the web apps I use are
IE only so I'm forced to use it.
Saying XP2 is far from secure is a very very broad statement and needs
to be backed up by fact and examples or code. I will state that XP2
properly configured is far more secure than XP SP1. Backing for this
statement can be found here :
http://www.us-cert.gov/cas/alerts/SA04-243A.html
Eric McCarty
-----Original Message-----
From: Depp, Dennis M. [mailto:deppdm (at) ornl (dot) gov [email concealed]]
Sent: Monday, September 27, 2004 4:15 AM
To: kyle (at) inetconnection (dot) com [email concealed]; focus-ms (at) securityfocus (dot) com [email concealed]
Subject: RE: Items within XP SP2 and Win2003
Interesting comment. The arbitrary code exploits you mentioned, are
these unique to SP2 or does SP1 fall prey to them as well. I am not
aware of any exploits that are unique to SP2. The firewall is not
perfect I will admit, but it is a vast improvement over its
predecdessor. The current firewall is great for a home machine.
However, when you use the wizard to poke holes in the firewall, they
seem to be much larger than needed. I think a better analogy for the
firewall is a privacy fence, but when you use the wizard to open the
firewall, often you are removing several boards when a knot hole would
have worked just as well.
Denny
> -----Original Message-----
> From: kyle [mailto:kyle (at) inetconnection (dot) com [email concealed]]
> Sent: Wednesday, September 22, 2004 9:53 PM
> To: focus-ms (at) securityfocus (dot) com [email concealed]
> Subject: Re: Items within XP SP2 and Win2003
>
> Well, on the grand scheme of things, XP SP2 is far from secure. I know
> of a good many arbitrary code exploits that are easily utilized by a
> common webmaster. And the "firewall" is like a chain link fence for a
> privacy fence.
> IMO you were better off not "upgrading" to SP2 and sticking with SP1
> until
> SP2 was fixed (released, but far from done, and def. not an upgrade)
> I'm sure M$ was better with 2003 considering it was supposed to be a
> SERVER edition, but then again you never know with M$.
>
> On Sunday 19 September 2004 09:11 pm, James Bowman wrote:
> > Is their a set of hotfixes needed for 2003 that make it comprable in
> > features / overall security posture to XP SP2?
> >
> > Although there's probably a bevy of XP SP2 items embedded
> in 2003, I would
> > imagine there's a bunch that's not...
> >
> > Thanks
> >
> >
> --------------------------------------------------------------
> -------------
> >
> --------------------------------------------------------------
> -------------
>
> --------------------------------------------------------------
> -------------
> --------------------------------------------------------------
> -------------
>
>
to comments. I know of no SP2 specific vulnerabilities are not also
effecting SP1, yet I know very many SP1 specific vuln's that SP2 doesn't
fall prey to. Next, the firewall works as advertised, as far as FPS is
concerned, if you are opening access to this services you are defeating
much of the purpose of the firewall, sure the windows are locked but who
cares because the front door is wide open.
SP2 is a great upgrade from SP1, call this my personal opinion or fact
but there are many strong arguments supporting this. Integrated IE
Pop-Up blocker is enough for me, especially since the web apps I use are
IE only so I'm forced to use it.
Saying XP2 is far from secure is a very very broad statement and needs
to be backed up by fact and examples or code. I will state that XP2
properly configured is far more secure than XP SP1. Backing for this
statement can be found here :
http://www.us-cert.gov/cas/alerts/SA04-243A.html
Eric McCarty
-----Original Message-----
From: Depp, Dennis M. [mailto:deppdm (at) ornl (dot) gov [email concealed]]
Sent: Monday, September 27, 2004 4:15 AM
To: kyle (at) inetconnection (dot) com [email concealed]; focus-ms (at) securityfocus (dot) com [email concealed]
Subject: RE: Items within XP SP2 and Win2003
Interesting comment. The arbitrary code exploits you mentioned, are
these unique to SP2 or does SP1 fall prey to them as well. I am not
aware of any exploits that are unique to SP2. The firewall is not
perfect I will admit, but it is a vast improvement over its
predecdessor. The current firewall is great for a home machine.
However, when you use the wizard to poke holes in the firewall, they
seem to be much larger than needed. I think a better analogy for the
firewall is a privacy fence, but when you use the wizard to open the
firewall, often you are removing several boards when a knot hole would
have worked just as well.
Denny
> -----Original Message-----
> From: kyle [mailto:kyle (at) inetconnection (dot) com [email concealed]]
> Sent: Wednesday, September 22, 2004 9:53 PM
> To: focus-ms (at) securityfocus (dot) com [email concealed]
> Subject: Re: Items within XP SP2 and Win2003
>
> Well, on the grand scheme of things, XP SP2 is far from secure. I know
> of a good many arbitrary code exploits that are easily utilized by a
> common webmaster. And the "firewall" is like a chain link fence for a
> privacy fence.
> IMO you were better off not "upgrading" to SP2 and sticking with SP1
> until
> SP2 was fixed (released, but far from done, and def. not an upgrade)
> I'm sure M$ was better with 2003 considering it was supposed to be a
> SERVER edition, but then again you never know with M$.
>
> On Sunday 19 September 2004 09:11 pm, James Bowman wrote:
> > Is their a set of hotfixes needed for 2003 that make it comprable in
> > features / overall security posture to XP SP2?
> >
> > Although there's probably a bevy of XP SP2 items embedded
> in 2003, I would
> > imagine there's a bunch that's not...
> >
> > Thanks
> >
> >
> --------------------------------------------------------------
> -------------
> >
> --------------------------------------------------------------
> -------------
>
> --------------------------------------------------------------
> -------------
> --------------------------------------------------------------
> -------------
>
>
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
[ reply ]