Understanding the future security of Windows SP2

[pooh sun tzu]

I don't see how that is any different than what someone can do on Linux patches, sorry Check bugTraq and you see people reverse engineer patches and fix releases all of the time for nix based distros.

[MrLinus]

Oh.. don't get me wrong. I believe that does happen through any OS that releases patches (some more than others). I don't think, however, that it is a correct statement to say that exploits only come out because of reverse engineering and that no Windows system has been taken down by a known exploit (except one). I think that creates a big sense of false security as well as I question how true that statement really is.

[pooh sun tzu]

Then I fail to see the point of talking about it, unless it's just to "HAHA look AT M$ be dumb!". PR situations can go badly at times, and Microsoft is not exempt. If we brought up bad PR events, we would be here all day in regards to Linus' older days.

Making fun of Microsoft. Making fun of Linux. Neither is needed, and only helps fuel the fire between the haters of both OSes. Companies say dumb things, and sometimes do dumb things (Windows ME, Redhat 6).

As my father said, which applies to OS bashing, and something I try hard to follow:


"If you can not help someone, do not choose to hurt them instead"

[MrLinus]

But what if those bad PR events lead to poor security? Education of users is a key factor in ensuring good security. Most users do not visit sites like AO or other security sites but rather get their security from local media. And a lot of the general media aren't too "security" savvy either. Misinformation isn't a good thing to produce either. I'll agree that perhaps the "laughing at an OS" may not be the best but I don't think it's corporately responsible for an organization with as large as a user base to put out information that could potentially lead to security laxness and misinformation.

[tabich]

Mr. pooh, or whatever your name is.

You are correct, I did not read the whitepaper. I do not need to read the whitepaper to know that turning something off which is on by default means more work for me.

I am a network admin, and my network works just fine thank you very much. No issues here with ANY worm or virus or hacks in 5 years. My not liking the idea of a builtin windows firewall means nothing about my abilities as a network admin. I can easily understand the added controll this MAY enable, forgive me for being skeptical, not bothering to read a microsoft whitepaper telling me how wonderfull microsofts latest feature is. I am not a fanboi. I will wait to see how it really performs before making a judgement, I was merely asking some questions of others here who had more information, such as yourself, you HAVE used it you say? Attacking someone(i.e. calling into question their abilities) for asking legitimate questions(i.e. calling into question their abilities), which I did, and backing them up with examples, which I did, well .... how much is MS paying you?

Intelligent network design, policy and user education have served us very well for years now, without any HELP from a builtin microsoft firewall.

All the builtin firewall will do for us(except possibly laptops) is break things which work well and securely now. It took lots of tweaking to get everything locked down yet still working adding this new complexity will certainly cause problems.

I have seen your, all losers should upgrade to the absolute latest blahblahblah post, you need to keep in mind that many organizations have to meet requirements for certain aspects of their operation. Those requirements often have certain requirements for what system they run on, this prevents accross the board upgrades whenever Microsoft decides their bank accounts are too low and they decide to release their latest early beta test quality application or OS as a finished product.

[pooh sun tzu]

MsMittens

And what if they lead to poor security? Whether it will or not, or whether their default security can make up for it in the future... is not for us to decide.

Microsoft will handle their own affairs. And if someone is out of line in the PR with that statement, Microsoft will certainly step in. They did it when ME was released early. They did it when a similar statement was said about 98 SE. Microsoft has a good understanding of PR, I feel, but there are just a few idiots they have hired that never seem to catch on. Errored in life to repeat the mistakes of the people they replaced in the corporation, these people will continue to give Microsoft PR a bad name.

So yes I agree, it was a dumb thing to say. But what about it? What can we do about it, or worry about? Let Microsoft handle it, which will result I'm sure in someone going home with a pink slip

tabich

You are correct, I did not read the whitepaper. I do not need to read the whitepaper to know that turning something off which is on by default means more work for me.

Then don't moan and complain when someone says RTFM to your questions.

I am a network admin, and my network works just fine thank you very much. No issues here with ANY worm or virus or hacks in 5 years. My not liking the idea of a builtin windows firewall means nothing about my abilities as a network admin. I can easily understand the added controll this MAY enable, forgive me for being skeptical, not bothering to read a microsoft whitepaper telling me how wonderfull microsofts latest feature is. I am not a fanboi. I will wait to see how it really performs before making a judgement, I was merely asking some questions of others here who had more information, such as yourself, you HAVE used it you say? Attacking someone(i.e. calling into question their abilities) for asking legitimate questions(i.e. calling into question their abilities), which I did, and backing them up with examples, which I did, well .... how much is MS paying you?

If your network is perfect, then why come and complain about SP2? Since you said yourself your network is perfect, you shouldn't need to even worry thinking about SP2.

Intelligent network design, policy and user education have served us very well for years now, without any HELP from a builtin microsoft firewall.

So because everything is perfect, you won't accept a secondary layer of protection? That doesn't make any sense. Well it does, but you never read the whitepaper.

All the builtin firewall will do for us(except possibly laptops) is break things which work well and securely now. It took lots of tweaking to get everything locked down yet still working adding this new complexity will certainly cause problems.

So turn it off. Or read the white paper.

I have seen your, all losers should upgrade to the absolute latest blahblahblah post, you need to keep in mind that many organizations have to meet requirements for certain aspects of their operation. Those requirements often have certain requirements for what system they run on, this prevents accross the board upgrades whene...

You say the same things over and over. If you don't want SP2. Don't get SP2. IF you want the enhacements of SP2 (RTFM) then use SP2. It's that simple. No one is forcing SP2 down your throat, and I don't think you are grasping how important that white paper is

You either need to read the whitepaper to see what the fuss is about, or continue to make uninformed descisions.

[tabich]

I was asking you questions about it in my initial post. You have proclaimed yourself the expert, I asked a few simple questions of a "expert". I never made uninformed decisions. I didnt make a decision one way or the other about it. As I said several times, I was merely asking questions of someone who claims to have knowledge.

You jumped down my throat.

I never said someone was forcing SP2 on me, I asked specific questions about it's functionality, in return I got RTFM, and then answers to several of the questions in one word.

If you are posting here to help out you are certainly doing a poor job of it.

You come and rave about something new and good, I ask a few specific questions and you act like an @ss.

Nice guy.

[pooh sun tzu]

I was asking you questions about it in my initial post. You have proclaimed yourself the expert, I asked a few simple questions of a "expert". I never made uninformed decisions. I didnt make a decision one way or the other about it. As I said several times, I was merely asking questions of someone who claims to have knowledge.

And I answered all of your questions. Did you see that list of no's? No claiming needed, as I did write the parent post after all.

You jumped down my throat.

Correct. Because you did not come in here with a "hmmm wonder how it works". You can in here with a "Prove to me that I should even care. Oh, and what is this ****** here! That makes my life harder."

I never said someone was forcing SP2 on me, I asked specific questions about it's functionality, in return I got RTFM, and then answers to several of the questions in one word.

Because I will not quote a 100k whitepaper to you. I answered your questions simply, and anything that requires pages of explaination I told you to use the white paper. Stop whining, read the white paper, and get your answers in more complete thoughts.

If you are posting here to help out you are certainly doing a poor job of it.

I created this parent post. What on earth are you talking about?

You come and rave about something new and good, I ask a few specific questions and you act like an @ss.

You came in here screaming about how it was going to ruin your precious network, how it was a waste, and never with the intent on learning. The questions you asked were rhetorical. I answered them anyways. The questions you asked were snobby-"prove it to me!", not questions of actual curiosity.

You have come to the wrong forums to play games. You either ask questions and get answers, or demand proof and give opinions on something before reading a white paper... and get scolded for it.

Nice guy.

I can be, and when you choose to read the white paper and my origonal parent post before makine uninformed descisions on a patch you never read about, I will be again.

RTFW

[MrLinus]

RTFW? Read The Fine Wall????

[tabich]

OK Mr Pooh,

I went back and reread your first post, I am still looking for a link to a whitepaper though, you did post a link to itright, come to think of it, I didnt even see a mention of a whitepaper in your first post? or was your post the whitepaper? I suppose I should just go "google" for windows xp service pack 2 whitepaper right?

It was a very nice post. The screen captures of various new features was interesting, and the description of the new features available in the next service pack for XP was very usefull.

however, I still have a few questions for an expert.

There is a problem with the current version of ICF, in that when enabled, it causes issues with Outlook and Exchange. The bottom line is, unless outlook initiates a conversation with exchange, the traffic from exchange is denied, therefore users get no notification that they have new mail, nor does any new mail appear in their inbox, unless the user takes some action which causes Outlook to make a request to exchange, such as, changing folders.

I notice in the your post that there are a few screenshots of the firewall, one of those screenshots allows me to select an application from a list and set it to be allowed to send or recieve traffic, so, theoretically I could go there, and enable outlook and everything would be fine.

Problem is, from past experience, there are many times when Exchange initiates communication to the client, for example, when a user recieves new mail, also, from my current experience, the ports used by exchange to do communicate with outlook is a dynamic range, it is not always the same one, like for example, everyone knows that port 25 is smtp, with the communication between exchange and an outlook client there is no one port(although a number of your standard windows type ports are used for "controll" or initiation perposes) there are lots of different ports that could be used.

So, I guess after all that, my question is the same as it was before I went back to re-read your post.

Does the new version of ICF work properly with Outlook and Exchange? Does it recognize seemingly unrelated traffic(from a tcp/ip standpoint) as being legitimate traffic going from exchange to the outlook client?

If it does not recognize that traffic, that means I have to create additional rules to specificaly allow that traffic, not a problem, been there before, but, I do not seem to see a of allowing a specific IP address to access the machine which has the firewall. I see, allow access to a port, from either everywhere, or local subnet. I do not want to allow all, to the machine, nor do I want to allow local subnet too the machine, I want to allow exchangeserver.example.com to the machine, or more properly 172.X.X.X. Allowing local subnet kind of defeats the purpose of this firewall in the first place(except maybe for laptops, as I said previously) because they are already protected quite well from the outside world, the point of using this firewall would be to prevent a worm or other internal danger from accessing this users machine, assuming that someone has managed to succesfully plug an infected laptop into our internal network.

Since I have now made an effort to educate myself and make "informed decisions", can you please please please answer the question.