S
Swingman
I read a review of the new features that SP2 RC2 brings to Windows XP. I wonder, though, what advantages there are if you're already using anti-spyware, popup blocking, and firewall software? What do you think?
N
Nathan McNulty
There have been performance improvements throughout, it updates and
patches all known exploits/bugs, add's quite a bit of functionality
(espeically setting up networks (wireless too)), and it adds the
Security Center as you have said. The nice thing about the Security
Center is that the common user who does not have a firewall, who has an
AV but doesn't really take care of it, and who doesn't keep their
computer up to date, will all be taken care of automatically. This
leads to better patched and maintained machines throughout the entire
internet. The less problems like the recent MSBlast worm the better
(and that was caused because people don't keep their machine updated).
Besides those mentioned above, I wanted to focus on the performance
increase. Service Pack 1 and prior releases were compiled with an older
version of Visual Studio (6), but this release will be compiled by
Visual Studio 2005. This generates more optimized code and more
efficient software
Nathan McNulty
patches all known exploits/bugs, add's quite a bit of functionality
(espeically setting up networks (wireless too)), and it adds the
Security Center as you have said. The nice thing about the Security
Center is that the common user who does not have a firewall, who has an
AV but doesn't really take care of it, and who doesn't keep their
computer up to date, will all be taken care of automatically. This
leads to better patched and maintained machines throughout the entire
internet. The less problems like the recent MSBlast worm the better
(and that was caused because people don't keep their machine updated).
Besides those mentioned above, I wanted to focus on the performance
increase. Service Pack 1 and prior releases were compiled with an older
version of Visual Studio (6), but this release will be compiled by
Visual Studio 2005. This generates more optimized code and more
efficient software
Nathan McNulty
C
cquirke (MVP Win9x)
On Fri, 09 Jul 2004 10:57:55 -0700, Nathan McNulty
Er, no. MSBlast took the opportunity offered by an OS that:
- waves services to the Internet for whatever to poke at
- had broken code that allows raw code attack
- provides no way to amputate this ?unwanted functionality
Those defects were present in NT since NT 4.0 through multiple service
packs, through the Win2000 re-write and service packs, right up to XP
and XP Service Pack 1. We are told this defect was not exploited
until after MS documented and patched it in July 2003; MSBlast
followed one month later, and the month after that, MS re-did the July
patch as new holes had been found in it.
Consider: If various slick operators such as corporations, governments
and other spooks had been exploiting that defect all those years
without giving themselves away, how would you know?
But according to the party line, this problem wasn't because of a
barnacle of bad code on a volcano of bad design. It was because users
didn't scrape off that barnacle when told to do so by Microsoft.
That's cool
I think that defence in depth means the basic clue that:
- no safety measure is 100% effective
- therefore every safety measure is useful...
- ...unless outweighed by negative side-effects
Anti-virus and anti-commercial-malware tools are orientated towards
particular malware, largely based on the ability to recognise these
specifically. Think of a doorman with a set of mugshots for all known
criminals. Not caught yet? Walk straight through. So these measures
can catch only a proportion of what can arrive, but will do so
irrespective of how they get in i.e. what holes (if any) they exploit.
Patches fix particular holes, and block every malware that relies on
those holes to enter the system. See the synergy with av?
You can also go further than patching barnacles of bad code, and
risk-manage the underlying bad design. Like patching, that will wall
out every malware that relies on that weakness to get in, and once
again there's excellent synergy with antivirus etc.
ashtrays in the lounge, when I don't even have a car?"
Er, no. MSBlast took the opportunity offered by an OS that:
- waves services to the Internet for whatever to poke at
- had broken code that allows raw code attack
- provides no way to amputate this ?unwanted functionality
Those defects were present in NT since NT 4.0 through multiple service
packs, through the Win2000 re-write and service packs, right up to XP
and XP Service Pack 1. We are told this defect was not exploited
until after MS documented and patched it in July 2003; MSBlast
followed one month later, and the month after that, MS re-did the July
patch as new holes had been found in it.
Consider: If various slick operators such as corporations, governments
and other spooks had been exploiting that defect all those years
without giving themselves away, how would you know?
But according to the party line, this problem wasn't because of a
barnacle of bad code on a volcano of bad design. It was because users
didn't scrape off that barnacle when told to do so by Microsoft.
Besides those mentioned above, I wanted to focus on the performance
increase. Service Pack 1 and prior releases were compiled with an older
version of Visual Studio (6), but this release will be compiled by
Visual Studio 2005. This generates more optimized code and more
efficient software
That's cool
I think that defence in depth means the basic clue that:
- no safety measure is 100% effective
- therefore every safety measure is useful...
- ...unless outweighed by negative side-effects
Anti-virus and anti-commercial-malware tools are orientated towards
particular malware, largely based on the ability to recognise these
specifically. Think of a doorman with a set of mugshots for all known
criminals. Not caught yet? Walk straight through. So these measures
can catch only a proportion of what can arrive, but will do so
irrespective of how they get in i.e. what holes (if any) they exploit.
Patches fix particular holes, and block every malware that relies on
those holes to enter the system. See the synergy with av?
You can also go further than patching barnacles of bad code, and
risk-manage the underlying bad design. Like patching, that will wall
out every malware that relies on that weakness to get in, and once
again there's excellent synergy with antivirus etc.
"Why do I keep open buckets of petrol next to all the
ashtrays in the lounge, when I don't even have a car?"