security updating

[Jamie]

I'm new to XP embedded and would like to know if anyone knows how to keep it
up to date?

We just received it from our Printer manufacturer as a already installed on
the hard drive component. I would like to now make sure it is up to date.

 

[KM]

Jamie,

Are you the XPe image developer? I mean if it were you who developed the image?
If so, use this link to download the latest QFEs:
http://www.microsoft.com/downloads/...&freetext=&DisplayLang=en&DisplayEnglishAlso=.
(watch for wraps)

If not, you will have to contact your device/image manufacturer. They may provide you with the information on what the ways they
have implemented in the image to keep it up to date (DUA, SMS, SUS, etc.).

 

[Jamie]

I'm not the developer. I'm the System Administrator who will administer
this device for my users. Here is the situation.

We have a Kip Plotter from and it came with NT4 PC inside that is used as
the print server. I found out they created an XP image and decided I was
interested since we are all XP now and on a domain. The problem was they
would only sell this by buying a Hard Drive with everything preloaded. So I
went ahead purchased and installed today. The problem is I thought I was
getting XP pro (a destop os as I had NT4 workstation). Now I need to keep
this up to date.

Jamie

Jamie,

Are you the XPe image developer? I mean if it were you who developed the image?
If so, use this link to download the latest QFEs:
http://www.microsoft.com/downloads/...&freetext=&DisplayLang=en&DisplayEnglishAlso=.
(watch for wraps)

If not, you will have to contact your device/image manufacturer. They may

provide you with the information on what the ways they

 

[KM]

Jamie,

I don't see any relation between the Plotter and XPe.
If they support XPe, they should support XP Pro. So why did you choose XPe?

Anyway, read here about what XPe is: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/xpehelp/html/startpage.asp

If you don't have the original image project, you won't be able to easy install new software on it.
Whoever created that image should (may) explain you what was included.

Or, you can go ahead and reverse engineer the image and create your own one. Then you will have to make sure you understand XPe well
enough to do so and, also, there should be a way to re-image the device.

 

[Jamie]

I called the vendor and yes they have a place where I need to go to get
updates. I think this is a huge mistake by Microsoft. Maybe it is
something they have to do but we now have to count on a third party company
to provide updates. I don't think this is very good security practices by
Microsoft. Just my two cents.

I also can't change a password for an account when I log in properly. Ctrl,
alt, delete just brings up task manager and I can't find any other way of
changing it properly. I guess I will have to hope there are not any
encrypted files on the system.

Also is this OS vulnerable to Viruses like XP? Should a AV product be on
the system? I take it I can't just install Mcafee.

Jamie

Jamie,

I don't see any relation between the Plotter and XPe.
If they support XPe, they should support XP Pro. So why did you choose XPe?

Anyway, read here about what XPe is: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/xpehelp/html/startpage.asp

If you don't have the original image project, you won't be able to easy install new software on it.
Whoever created that image should (may) explain you what was included.

Or, you can go ahead and reverse engineer the image and create your own

one. Then you will have to make sure you understand XPe well

 

[Jamie]

Also is there a MBSA for embedded or does the MBSA 2.1 work for embedded?

In other words how do I tell what is needed to be updated? Is the embedded
able to get viruses like Blaster?

Jamie

Jamie,

I don't see any relation between the Plotter and XPe.
If they support XPe, they should support XP Pro. So why did you choose XPe?

Anyway, read here about what XPe is: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/xpehelp/html/startpage.asp

If you don't have the original image project, you won't be able to easy install new software on it.
Whoever created that image should (may) explain you what was included.

Or, you can go ahead and reverse engineer the image and create your own

one. Then you will have to make sure you understand XPe well

 

[Slobodan Brcin \(eMVP\)]

Hi Jamie,

XPe is what third party "we developers" make it to be. It is composed from same parts as XPP is with few additional features.
XPe size can be from 5MB up to size of full XPP. What is contained in your image no-one other than your vendor can tell you that.

Microsoft is trying to make update process easier and even that some updates can be installed from MS directly, but for XPe these
additional options are still under control of developers and it is their choice how updates will be made.

Yes it is vulnerable to viruses same security issues as XP Professional. But unlike XPP you might not have outlook or explorer in
your image so all security patches related to them are of no concern to these XPe images.

You should consult with your vendor about installing AV programs.

Regards,
Slobodan

 

[KM]

Jamie,

I called the vendor and yes they have a place where I need to go to get
updates. I think this is a huge mistake by Microsoft. Maybe it is
something they have to do but we now have to count on a third party company
to provide updates. I don't think this is very good security practices by
Microsoft. Just my two cents.

Yes and No.
Yes, because security is important enough to be always aware of. MS has introduced some good things about it in SP2.
No, because nobody except the OEM who makes the image knows what's included there.

You seem to confuse XPe with XPPro. XPPro is the Desktop OS supported by MS.
XPe is just a Devkit provided by MS for building new OSes. Only binaries will be the same as from XPPro. But the list of components
and etc could be (and will likely be) different.

I also can't change a password for an account when I log in properly. Ctrl,
alt, delete just brings up task manager and I can't find any other way of
changing it properly. I guess I will have to hope there are not any encrypted files on the system.

There are some explanation to why you can't get to the Gina screen. But it is going to be useless to you since you don't have a way
to change the image.

Also is this OS vulnerable to Viruses like XP? Should a AV product be on
the system? I take it I can't just install Mcafee.

I guess you may want to do a bit reading first:
http://groups.google.com/groups?hl=...a=group=microsoft.public.windowsxp.embedded.*

Depending on the components included in the original image you may or may not be able to install 3rd party products including AV.

 

[KM]

Jamie,

This has been discussed in this NG:
http://groups.google.com/groups?hl=...a=group=microsoft.public.windowsxp.embedded.*

 

[Jamie]

Again I do want to say thank you for all the help and I may have a few other
questions. I'm completly new to XPe. I do understand that it isn't XPpro
but I do have the concern that it could be attacked just like XPpro. There
is no ICF as I can see in the image but maybe it is just hidden from changes
(I don't know). Also no AV. I'm beginning to feel uncomfortable about the
install because I have no knowledge or control about what is now on my
network.

Jamie

Jamie,


Yes and No.
Yes, because security is important enough to be always aware of. MS has

introduced some good things about it in SP2.

No, because nobody except the OEM who makes the image knows what's included there.

You seem to confuse XPe with XPPro. XPPro is the Desktop OS supported by MS.
XPe is just a Devkit provided by MS for building new OSes. Only binaries

will be the same as from XPPro. But the list of components

and etc could be (and will likely be) different.
encrypted files on the system.

There are some explanation to why you can't get to the Gina screen. But it

is going to be useless to you since you don't have a way

to change the image.


I guess you may want to do a bit reading first:
http://groups.google.com/groups?hl=...a=group=microsoft.public.windowsxp.embedded.*

Depending on the components included in the original image you may or may

not be able to install 3rd party products including AV.

 

[KM]

Jamie,

Your concerns are well understood and make sense. However, there is no XPe OS in general. Each XPe image is a different OS (only
binaries are XPPro compatible) from the list of components point of view.
To help youself to add some additional components you will have to create (or get from manufacturer) the XPe project first.

 

[Slobodan Brcin \(eMVP\)]

Your concerns are well understood and make sense. However, there is no XPe OS in general.

How about upcoming XPe SP2 POS?
http://www.microsoft.com/presspass/press/2004/oct04/10-04newretailplatformpr.asp

Regards,
Slobodan

 

[KM]

MS target OS based on XPe.
Not much to do there for XPe dev :-(

 

[Slobodan Brcin \(eMVP\)]

Your concern is shared my friend.

Regards,
Slobodan

 

[fef]

Out of the box, most developers in the XPe world are automatically
creating a more secure implementation, as they are not running as many
services and applications as the full XP Pro load. Kind of like having
fewer doors and windows on your house, there are fewer places for a
burgler to get in.

However, depending upon the security issue, your vendor's
implementation of XPe may be vulnerable. You should contact the vendor,
as the responsible ones will have policies surrounding communication on
which Microsoft patches apply (and how to apply them), plus the vendor
should have a security policy in place which addresses your specific
device and how it can be made more secure.

If the vendor can't answer these questions, kindly invite them to seek
opportunities elsewhere.