Welcome Guest. | Log In| Register | Membership Benefits
  • Email this page E-mail this page
  • |  Print Print this page
  • |   Bookmark and Share
  • icon

Microsoft: Hackers Wouldn't Bother To Spoof SP2's Security Center


Microsoft flatly denied reports that one of Windows XP Service Pack 2's most touted features leaves users open to possible attacks. In effect, hackers have better things to do, Microsoft said.

By Gregg Keizer
TechWeb News
August 26, 2004 03:00 PM

Microsoft on Thursday flatly denied reports that one of Windows XP Service Pack 2's most touted features leaves users open to possible attacks. In effect, hackers have better things to do, Microsoft said.

According to one outside analysis, SP2's Windows Security Center, the dashboard-like console that monitors and reports on the status of various security defenses -- from firewalls to anti-virus software -- can be spoofed by hackers into displaying false information, such as an enabled firewall or a even a totally bogus anti-virus package supposedly protecting the PC.

Security status could be faked, said the researchers, by a number of possible exploit avenues, including the drag-and-drop vulnerability in Internet Explorer that was made public last week. The possible goal by hackers: disable defenses but at the same time remain under the radar.

Many in-the-wild worms intentionally disable long lists of firewalls and anti-virus products. Recent variations of the Bagle worm, for instance, target almost 300 different pieces of protective software for termination. By combining that trait with this spoof, worms could infect a PC and yet remain undetected by the user.

Microsoft denied that Windows Security Center has a vulnerability. "In order for an attacker to spoof the Windows Security Center, he or she would have to have local administrator rights on the computer," Microsoft said in an e-mailed statement.

True, but that may not be much of a defense, since home users in particular often run Windows in Administrator Mode. Enterprises, wary of the total control that mode gives end users, typically sets up PCs to run in Limited Mode.

The Redmond, Wash.-based developer also claimed that even if a system was compromised -- perhaps by other malicious code that gave attackers administrator rights -- any exploit of the console was the least of users' worries.

"Criminal actions the attacker could pursue include many that are far more interesting than spoofing the Windows Security Center," Microsoft said.

This defense -- that the bigger security holes in Windows are the real honeypots for hackers, and thus smaller flaws can be safely ignored -- is a new one from Microsoft.


Subscribe to RSS


Advertisement

CAREER CENTER
Ready to take that job and shove it?



TechCareers

SEARCH
Function:

Keyword(s):

State:
SPONSOR
RECENT JOB POSTINGS
CAREER NEWS
10 Search Engines You Don't Know About
Go beyond Google and get vertical. These specialized search sites will help you find the business information you need -- fast.

Yahoo Profits Fall 23%, Cuts 1,000 Jobs
Ari Balogh was named to the post of chief technology officer as the companys for a "realignment" of employees.

More articles from our career center





Subscription Info
Apply for a free 52-week subscription to InformationWeek (a $199 value)

Last Name:

First Name:

Title:

Company Name:

City:

Business Address:

Zip:

State:

Email Address:

NOTE: Offer valid for U.S., U.S. possessions, & Canada only

            

Join economist Chris Cornell and 3 CIOs in an Exclusive Online Exchange for Senior IT Executives: Using IT to Drive Value in a Turbulent Economy. November 5th only.