RE: Security issues, purchasing a new, pre-loaded, Windows XP computer
From: Ji H. Lee (Ji.Lee@nstnet.com)Date: 10/07/02
- Previous message: Mike Arnold: "Re: Can I delete Wscript.exe?"
- Maybe in reply to: De Velopment: "Security issues, purchasing a new, pre-loaded, Windows XP computer"
- Next in thread: Mike Lyman: "Re: Security issues, purchasing a new, pre-loaded, Windows XP computer"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 7 Oct 2002 11:35:41 -0700 From: "Ji H. Lee" <Ji.Lee@nstnet.com> To: "De Velopment" <devel@www2.kparker.org>, "Focus-MS" <focus-ms@securityfocus.com>
Microsoft has a free cd that can be ordered at the following link:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/secur
ity/tools/tools/stkintro.asp
The CD is the Microsoft Security Toolkit. It basically has all the
baseline patches that you need to get you PC secure enough to get on the
Internet.
I don't believe it is fool-proof but it is a start.
Ji Lee
Northstar Technologies
-----Original Message-----
From: De Velopment [mailto:devel@www2.kparker.org]
Sent: Monday, October 07, 2002 9:47 AM
To: Focus-MS
Subject: Security issues, purchasing a new, pre-loaded, Windows XP
computer
Hello,
I asked a casual question on another forum and believe I have
opened a major can of worms.
The casual question came up when a friend of mine told me that she
purchased a new PC (I think Gateway, but manufacturer not important).
The PC comes pre-loaded with Windows XP Home. Simple enough. There
are probably millions of preloaded Windows XP boxes sold every week.
The problem is security. Out of the box, Windows XP has some rather
dangerous vulnerabilities, including Universal Plug-n-Play, a number
of Internet Explorer / Outlook Express holes, including incorrectly
labeling an executable file as an audio (sound) file, and just maybe
a version of IIS that can be hit from outside by Code Red and Nimda.
The question I brought up is what is required to make a PC, just
purchased, with Windows XP, safe on the Internet? One answer I got
was that all downloads, (Service Pack 1, Security Rollup, and
miscellaneous patches) would come up to 105 Megabytes. The problem
is that my friend only has dialup access! How long would it take
to download 105 Megs on a dialup line? How about if the phone line
is dirty? A related question, for those outside the USA, is how much
would it cost to download all of these fixes?
So, my question to this list: Exactly what should I tell my friend?
How dangerous it it to have an unpatched Windows XP Home system on
the Internet? How many steps does it take to secure it? And, does
anybody have an estimate on how long it takes with Dialup? Can this
upgrade be done at night while she is sleeping? (Or does it take
several reboots and answers to questions (i.e. EULA) along the way?)
Finally, has Microsoft been approached with the idea of releasing
a bug-fix version of Windows XP that has the patches pre-applied,
at least for the OEM distributers?
Thanks in advance and best regards,
Ken Parker
- Previous message: Mike Arnold: "Re: Can I delete Wscript.exe?"
- Maybe in reply to: De Velopment: "Security issues, purchasing a new, pre-loaded, Windows XP computer"
- Next in thread: Mike Lyman: "Re: Security issues, purchasing a new, pre-loaded, Windows XP computer"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
