SiteMap  |  Search  |  Client Login  |  Forms

Newsletter
News
Archives
Microsoft’s Windows XP Service Pack 2 – To Install or Not to Install
by Nick Vadalabene

Service Pack 2 was designed to close up security holes in the Windows XP operating system, and it has for the most part, but it has also created some other issues with securing the operating system.

Service Pack 2 provides system-tray alert notifications, monitors antivirus software and firewall protection, and monitors Windows operating system patches. SP2 improves XP’s built-in firewall now called Windows Firewall, blocks pop-ups and malicious code within Internet Explorer, and turns off HTML images (such as Spam pornography) within Outlook Express.

This all sounds great BUT there are a few issues with the service pack. One of the biggest being software incompatibility. Microsoft completely rebuilt the operating system shell, which essentially makes up the core of the software, to fix security holes and to strengthen the system. Many software packages will not run on SP2. This includes antivirus, custom software that companies have spent thousands if not millions to develop, as well as Microsoft’s own development suite Visual Studio .Net.

This is just scratching the surface as far as I’m concerned. As more businesses start to deploy SP2, I think you will see more software incompatibility issues as well as some new vulnerabilities. I’m sure there will be some patch to fix the holes, but wasn’t SP2 supposed to be the patch to fix security vulnerabilities and not create new ones? The incompatibility isn’t just limited to software. Some of Intel’s and AMD’s new processors are not compatible. After installing the Service Pack, systems with these processors continually restart. This poses big problems since Intel and AMD processors are in 95% of the world’s computers.

I would hold off on installing the service pack for now. Wait and see what other problems are going to come of Service Pack 2. It’s still new and unproven. If you are thinking about installing SP2, please test it out before you deploy it to your organization’s computers and be sure to backup your computers before you do so. The results could be devastating if the proper precautions have not been taken ahead of ti

Unix vs. Linux – The Battle Continues

Early last year, The SCO Group, owners of Unix System V operating system, brought a one billion dollar lawsuit against IBM claiming IBM stole code from Unix System V to be included in Linux. Linux is an off-shoot of the Unix operating system which is an Open Source operating system of which IBM has contributed code to. Open Source means that contributors to the ongoing development and enhancement of the operating system do so without receiving any royalties. This suit, along with others brought by SCO has Linux vendors and users worried since if SCO wins, Linux vendors and users may be liable for license infringement.

But there are signs that the lawsuit may be nearing an end due to IBM’s responses. IBM, of course denies that it contributed any of SCO’s proprietary code to Linux. IBM is countersuing SCO using SCO’s argument against them. SCO's suit contends that the Linux GPL (General Public License), which basically follows the open source principal, is not valid. IBM’s counterclaim contends that if this is true, then SCO is illegally selling IBM code because in addition to selling its own Unix System V, SCO sells Linux. Also, IBM contends, that since SCO is still offering Linux and knowingly distributing the code in question, it effectively renders the code public domain making SCO’s suit moot.


Companies Working on AntiSpam Technology
Microsoft is working on a technology called “Caller Id for Email". It is similar to caller id for telephone in that it verifies that the sender’s email address is authentic. Many spammers use “spoofing” which uses an email address that appears legitimate but is either not a real email address or is a stolen address. America Online and Yahoo are working on systems that will accomplish the same thing but use different technology. The companies are seeking acceptance by the Internet Engineering Task Force. Even though the companies’ technologies are different, they are working together to eliminate spam.

ISPs Fighting Spammers
Since the Can-Spam act was signed into law in December, the flow of spam has not subsided. One study shows that 77% of all emails is spam. Under the Can-Spam act, four Internet Service Providers in various states are suing hundreds of defendants for sending hundreds of millions of email messages. The ISPs claim the spammers sent emails through third party computers to hide their origin, used non-existent "from" email addresses, and did not contain an unsubscribe option – all violations of the Can-Spam law. Under Can-Spam, only Internet Service Providers can sue.

Beware of Emails Requesting Information

“Phishing” is the act of impersonating an organization that you have a relationship with and using this false relationship to steal information from you. These types of cons come in the form of an email with a link to a web site requesting you to update your account information. The link will bring you to a site which looks exactly like the legitimate organization’s site but in reality is another site set up by the imposters.

If you get an email asking for information from a company you do business with on the web, call the company and ask them if they sent such an email. Most legitimate companies will not request information in this manner. Never go to the web site via the link in the email. Open your Internet browser and type in the proper web address so you are assured that you are on the legitimate site.


Websites can be Source of Infection

Hackers have been infecting popular Web sites. The hackers break into unsecured servers and load malicious code which in turn is downloaded to your PC simply by visiting the infected site. Users of Internet Explorer may inadvertently download a remote-access Trojan horse (RAT) onto their desktop computers. This virus may record keystrokes used to log into secure sites and send that information back to the hackers. This attack affects only Internet Explorer browsers. You can minimize your chance of infection by increasing your browsing and e-mail safety. However, this could cause problems when trying to access other, uninfected sites.