RE: Items within XP SP2 and Win2003

• Previous message: Langston, Fred: "RE: Serious Security Issue in Windows XP SP2's Firewall"
• Maybe in reply to: James Bowman: "Items within XP SP2 and Win2003"
• Next in thread: kyle: "Re: Items within XP SP2 and Win2003"
• Reply: kyle: "Re: Items within XP SP2 and Win2003"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 27 Sep 2004 08:29:31 -0400
To: kyle@inetconnection.com, focus-ms@securityfocus.com

Perhaps I misread this issue. The drag and drop vulnerability you speak
is not unique to SP2. It also affects computers running SP1.

Denny

> -----Original Message-----
> From: kyle [mailto:kyle@inetconnection.com]
> Sent: Monday, September 27, 2004 8:04 AM
> To: Depp, Dennis M.; focus-ms@securityfocus.com
> Subject: Re: Items within XP SP2 and Win2003
>
> I believe the drag and drop error that works with IE and SP2
> was a new
> problem. I know there were more, but that was the largest
> one. (if you are
> not familiar with it, basically a webmaster can code it so by
> moving the
> mouse on the page, he has the ability to install anything and
> bypass your
> firewall) And I've seen ways people can get around the
> "active x install
> protection/download protection" that microsoft has included
> (a simple string
> tells it you already hit yes)
> I think that if you don't have to upgrade to SP2, don't. Get
> a real firewall
> (ex: zone alarm, shorewall, or make a hardware one like
> smoothwall) and keep
> them up to date. They specialize in security, while m$
> admitted they wont be
> secure until 2010 (see slashdot for more info on that)
>
> On Monday 27 September 2004 06:14 am, you wrote:
> > Interesting comment. The arbitrary code exploits you mentioned, are
> > these unique to SP2 or does SP1 fall prey to them as well. I am not
> > aware of any exploits that are unique to SP2. The firewall is not
> > perfect I will admit, but it is a vast improvement over its
> > predecdessor. The current firewall is great for a home machine.
> > However, when you use the wizard to poke holes in the firewall, they
> > seem to be much larger than needed. I think a better
> analogy for the
> > firewall is a privacy fence, but when you use the wizard to open the
> > firewall, often you are removing several boards when a knot
> hole would
> > have worked just as well.
> >
> > Denny
> >
>

---------------------------------------------------------------------------
---------------------------------------------------------------------------

• Previous message: Langston, Fred: "RE: Serious Security Issue in Windows XP SP2's Firewall"
• Maybe in reply to: James Bowman: "Items within XP SP2 and Win2003"
• Next in thread: kyle: "Re: Items within XP SP2 and Win2003"
• Reply: kyle: "Re: Items within XP SP2 and Win2003"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]