Windows XP SP 2 ‘a gimmick that leads to false sense of security’

“We evaluated the security features of Windows XP SP2 on a test machine, following a clean install of XP Pro with no configuration changes and no third-party software or drivers installed. We installed XP with the NTFS file system, choosing all of the factory defaults, then patched it with each recommended security update including SP-1 (required), before installing SP2,” Thomas C Greene reports for The Register.

“While we found that there are indeed a few minor improvements worthy of acknowledgment, in particular, some rather low-level improvements that don’t show to the admin or user, overall, SP2 did little to improve our system’s practical security, leaving too many services and networking components enabled, bungling permissions, leaving IE and OE vulnerable to malicious scripts, and installing a packet filter that lacks a capacity for egress filtering,” Greene reports.

“The new Security Center utility with its frequent Security Alert popups will certainly give users the impression that SP2 is a security-oriented package, as Microsoft’s PR boilerplate promises. However, The Security Center does little beyond warning users that the firewall is disabled, that automatic updating is disabled, or that antivirus software has not been installed. It may look impressive, but the SP2 package fails to provide several of the most important, basic modifications required to run Windows safely on an Internet-connected machine,” Greene reports.

“The Security Center is a good idea, but as it’s been implemented, it’s little more than a gimmick that will lead to a false sense of security. Our test system remained vulnerable to a vast host of online threats, especially those involving user interaction… Unfortunately, Windows remains a quite dangerous system to connect to the Internet, and users are still very much on their own in terms of security solutions,” Greene reports.

Full article here.

MacDailyNews Take: If you’re interested in adding a secure, stable, and fun Mac OS X machine to your computing arsenal, instructions on how to smoothly do so can be found here.

9 Comments

  1. Is this news? Pretty obvious to most people who visit this site that SP2 does nothing for XP’s lousy security problems.

    XP SP2 – the colourful clown suit for DOS.

  2. the only secure Microsoft operating system is one that is not connected to the internet and doesn’t share files with anyone – AKA, DOS. a wonderfully stable environment. hehe…

  3. Bill Gates and the US Government through the NSA, CIA and Military Intelligence have gotten together to ensure that Windows <b>always</a> remains insecure in exchange for Windows being adopted by non-secure government contracts.

    The vast intelligence gained by this agreement from countries, businesses and research labs all over the world, not to mention the common user. Has been more valuable than you can possibly believe.

    You use Windows? We own you.

    Bill C.
    Retired NSA

  4. NSA man: I do not know how much you are joking but it is a known fact – that made the head titles in the press – that Windows encryption had left a back door for intelligence agency so that nothing really was encrypted for them.

    Extrapolating from that, if crackers can spoof you when you enter your account information on the net, I am confident law enforcements agents have the same capabilities.

    If you have a Windows PC you do not own it, you share it with everyone out there. And this SP2 joke seems to go along that way: build a false sense of security when it is still the old rotten crap.

  5. “Best computer for games: The Real Business Computer (aka a Wintel computer)”

    Sorry, consoles are best for games. PCs are best for nothing. ” width=”19″ height=”19″ alt=”wink” style=”border:0;” />

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.