Microsoft's SP2: Not Everyone's Cheering, But That's Not Bad

By Michael Hall | Aug 13, 2004 | Print this Page
http://www.enterprisenetworkingplanet.com/netsysm/article.php/3394861/Microsofts-SP2-Not-Everyones-Cheering-But-Thats-Not-Bad.htm

Main     Elsewhere     The Week in CrossNodes     The Week in Network News

Several months ago we argued in favor of Microsoft releasing its long-awaited Windows XP Service Pack 2 (SP2) to everyone, not just paying Windows customers:

Give it away. Bundle it up in AOL-like CD tins and mail everybody a copy. Put a few in the Sunday Times for good measure. Rent some extra bandwidth, buy a few spam lists, and make it the world's largest, most obnoxious attachment. But get it out there.

Our rationale was straightforward: Microsoft insecurities have a way of making everyone suffer in the form of spam relays, zombie DDoS nodes, and more.

Well, SP2 is here now, and reports are beginning to trickle in that, as expected, the update is a mixed bag of welcome new functionality and severe brekage, depending on the user.

There's also some curious logic coming out of the security software vendors, who complain that Windows' firewall service can be turned off in the event a machine is compromised by a malicious user. Right. Burglars also sometimes leave through the back door after coming in through a window, but that's not an argument against locking the back door when you go to bed for the night.

Microsoft might have put a dent in security software sales by making its flagship product more secure out of the box, and we can understand why the software companies are looking for something to say to keep users from relaxing enough to stim sales in a lucrative after-market. In the best of all possible worlds, though, we're inclined to note that an operating system with less fear-based incentives to buy security shrinkwrap is a better one. Microsoft doesn't owe the firewall and antivirus vendors a living, and it does owe its users a more secure computing experience. Especially if it's going to continue to dominate the market the way it does.

Elsewhere:

» While we're on "Microsoft" and "security," Exchange users will want to note an Exchange server bug that "could put users at risk of cross-site scripting and spoofing attacks."

» Apple also plugged a few holes in an update that fixes bugs with libpng, improves support for network-based home directories, and closes off a potential phishing vulnerability in the Safari browser.

» Cisco said the network equipment market is rebounding as it reported a strong Q4 that includes a 40 percent jump in sales in Russia, China, and India.

» More evidence that spam is more of a domestic problem than we typically believe:

"Based on analysis of the spam it blocked for its 1,000-plus clients during May, June, and July, message filtering firm CipherTrust said that 86% of all spam originated in the United States."

» Unpleasant factoid of the week: "...a recent report by the University of Arizona found that the typical office desk harbours around 400-times more disease-causing bacteria than a toilet seat."

The Week in CrossNodes

» Scripting Clinic: Your Pre-Fab Text Processing Toolkit

Scripting he-men are fond of 'writing a few lines of Perl' whenever a file needs munging. Too bad they're ignoring the overflowing toolbox of Unix and Linux text-processing utilities.

» Distribute This Denial of Service Checklist

No one wants to deal with a DDoS attack, but that's no excuse to slack off when it comes to preparing for one. Here are four things you should consider when it comes time to harden your network against attack.

Network News Break is CrossNodes' weekly summary of networking news and opinion. Please send your comments and suggestions to the editor.