[IP] MS XP service pack will automatically download *and* install updates
I love the last paragraph. Auto updating has definite dangers from hackers
and from errors in updates and interference with other programs. (This has
happened in the past). Auto updates are dangerous if not protected and I
don't think we know how to do this yet .
Dave
ps it was my Grand Challenge at the CRA Grand Challenge workshop on
Security :-)
Microsoft to Automate Windows Security
By Brian Krebs
washingtonpost.com Staff Writer
Thursday, March 4, 2004; 6:41 AM
Microsoft Corp. plans to release a new version of its popular Windows XP
software that automatically downloads and installs software patches onto
personal computers, one of the company's most aggressive moves to promote
Internet safety.
Starting in mid-2004, Windows XP customers will be able to download a new
"service pack" that includes the automatic installation function. The
software also will include a stronger Internet firewall, new protections
against computer viruses and software that blocks Internet pop-up advertising.
The upgrade is meant to make it easier for the millions of home computer
users who surf the Internet but are not computer security experts.
Security is not something most computer users think about unless there is a
computer worm or other high-profile threat going around, said Neil Charney,
Microsoft's director of Windows product management. With the upgrade,
customers give their consent once and Microsoft will download and install
patches for them, he added.
The software is one of the first fruits of the "secure computing" project
that Microsoft Chairman Bill Gates launched in January 2002 in response to
charges that the software maker was sacrificing security in favor of
user-friendly features that hackers could easily exploit.
It is also designed to get security patches installed on Microsoft
computers before hackers can figure out how to take advantage of software
holes. Microsoft regularly releases software fixes for security flaws but
those same fixes can provide hackers with a blueprint for attack. Hackers
usually figure out how to take advantage of a security hole within weeks
after the patch is released -- and that time period is shrinking.
"The majority of users don't want to have to worry about changing a lot of
settings and taking the enormous amount of time it takes to secure their
systems," said Neel Mehta, a security researcher at Atlanta-based Internet
Security Systems. "This is a far better approach than leaving it up to the
end users to secure the operating system."
Thor Larholm, senior security researcher at PivX Solutions in Newport
Beach, Calif., said the changes were long overdue. "I think people would
have seen Microsoft in a much better light if they had done some of these
things years ago."
Microsoft's latest attempt to promote heightened Internet security among
individual Internet users -- most of them not computer experts or even
computer-literate -- illustrates a perpetual dilemma with no easy answers.
Even the strongest security feature cannot prevent curious computer users
from opening virus-laden e-mail attachments disguised as free games, naked
supermodel photos or even security updates. Nearly all of the past year's
most destructive viruses and worms -- including the "Sobig.F" and recent
"Mydoom" worms -- succeeded because so many people clicked on the
attachment and inadvertently spread the infection to friends, family,
co-workers and business contacts.
As a result, new versions of Windows XP will prevent people who use
Microsoft's Outlook and Outlook Express e-mail software from opening
suspicious attachments. Instead, they will have to save the attachments to
their computer hard drives before opening them.
"We don't want to put customers in a situation where they have to make a
decision of trust when they don't have all the information they need to
make that choice, so [with e-mail attachments] we're just not letting it
happen," said Mike Nash, corporate vice president of Microsoft's security
business unit.
Microsoft also will configure its Internet Explorer Web browser to block
"pop-up" ads and messages. Nash said pop-up ads present a heightened
security threat as fraudsters use them to install harmful programs and
"spyware," software that lets hackers monitor computer keystrokes and look
at whatever the legitimate computer user is viewing.
The Windows XP upgrade will contain a new version of its firewall designed
to block spyware and other programs from transmitting information out of
the user's computer without permission. Unlike in previous versions of
Windows, the new firewall will be turned on automatically.
Most worms spread from one vulnerable computer to the next without any
action by the user. Having the firewall on by default means even users who
have not downloaded the latest security patches should be insulated from
Internet worms. E-mail worms would still be able to infect unprotected
users if they click on a virus-laden attachment, but in most cases a
firewall will prevent the infected PC from spreading the virus to other
computers.
Nash said Microsoft is examining ways to prevent hackers from interfering
with the automatic update system. The second variant of the "Mydoom" worm,
for example, blocked infected computers from downloading patches and
communicating with Microsoft's automatic update Web site.
http://www.washingtonpost.com/wp-dyn/articles/A29328-2004Mar4.html
-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
http://v2.listbox.com/member/?listname=ip
Archives at: http://www.interesting-people.org/archives/interesting-people/