Stefano Demiliani WeBlog

Windows XP SP2 is not starting well...

Windows XP SP2 has just been released to the public via the Automatic Update feature and we're rapidly seeing the discover of security flaws... this is not a good way to start.

Today the last news: eWeek and PC Magazine are reporting that the new Windows Security Center of Windows XP SP2 has dangerous flaws. According to what they write on the articles, seems that a malicious program (including ActiveX controls) could access the Windows Management Instrumentation database, edit its contents and alter the security status on it. Your system could appear really secure at your eyes, but this could not be wrong.

Terrible... it's really so easy to alter the security status of an XP SP2 machine?

Microsoft has an official response that you can read here. What I'm surprise to see on an official MS response is something like this:

• "Most malicious attackers would go for the most direct route, such as directly shutting down the firewall or antivirus, rather than lying in wait, watching for the user to do it". Ok, this could be true, but a real security upgrade I think must be cover all security aspects of a system.
• This is the point that really hurts me... "The user must be in Administrator mode, and the program running on the local machine to get to the WMI. For the enterprise, users may run at more protected levels". I've told about this aspect some times ago on this blog...  one of the first Windows XP improvements I think that must be the feature to create a normal user (with less privileges) during the setup and set it as a default account to work. Now Windows XP is installed in Administrator mode and I think that a great amount of users are normally using an Administrator account to work every day. This is terrible unsecure. This is a things that Windows must learn from Unix systems... use a normal account and switch to Administrator account only for special operations (I love the Linux SU - switch).

I'm terrible disappointed to listen something like this... but where is all the security promised?

Ok, the last: I've not yet installed XP SP2 on my machine, but at work I've a machine where XP SP2 is installed, with Internet Explorer 6.0.2800.

Do you have the same? Try this:

1) Go to http://www.mikx.de/scrollbar/
2) Drag the scrollbar down a bit and let go
3) Check your Start -> Programs -> Startup folder...

A wonderful .EXE file is downloaded on your system. This is an IE Drag and Drop vulnerability (Secunia has a report about it) and works well also with XP SP2 installed.

And now? Waiting before installing the new XP SP2? No, I think I'll install it as soon as possible, but with an aspect in mind: my system in always not so secure, so keep the eyes open!