Topic: I need some comments on this please

[giannib]

Hi all,

Please take time to read this short excerpt from an email I received from an IT consultant who stresses the following:

Since the emergence of Windows XP SP2 from Microsoft, it is our view and the view of most of the industry that the protocol based security and integrity levels that Microsoft have achieved within Windows itself are superior to anything that can be achieved with external appliances (including SME), and the simple nature of a approach makes life much easier.  Another huge advantage of the WinXP based solution relates to the Microsoft automatic updates feature whereby if a new major threat emerges that is identified by Microsoft, the necessary update is delivered and installed onto each XP computer within hours.

This fellow is suggesting to me to rely only on WinXP, remove my linksys router and SME server, and expose my whole network to the internet....  I's like some of you reputable people out there to comment if you could, please, I'd appreiciate it so much.

Thanks in advance and regards

GB

[arthurhanlon]

giannib,

Whilst I believe that Microsoft has reached an acceptable security level with the introduction of SP2 the fact of the matter remains the same, Windows is the dominant OS out there and hence will be a more targeted OS with regards to virii and malicious hackers. As for Windows update, very succesful but, there will most definately be someone somewhere that can expose a Windows security flaw sooner than Micorsoft can find it leaving Microsoft to play catch up and leaving your Windows box comprimised whilst they craft a patch for it.

I myself have removed all kinds of third party firewall software from my Windows XP box as I am satisfied that the built in firewall has acheived a level of maturity equal to some other solutions but, am still behind a dedicated router with firewalling capabilities (better to be safe than sorry eh?) I currently have SME on the DMZ of my network and it works a treat and has not been comprimised once.

At the end of the day it all boils down to personal preference and how important your data is to you. If you decide that your data is very important to you or your organisation then I would do as much as possible to secure that data.

Hope this helps,

Arthur

[dasx]

Giannib

It sounds as if your Tech has been to one too many Microsoft partner events. There has been a big push recently to undervalue Linux and overstate MS.

I should make it clear here that I have been in the IT industry for a few years now and I am a Registered Microsoft Partner.

I agree that there has been some improvement since SP2 but you will lose alot by removing your router and SME not just in security but also functionality.

"Since the emergence of Windows XP SP2 from Microsoft, it is our view and the view of most of the industry that the protocol based security and integrity levels that Microsoft have achieved within Windows itself are superior to anything that can be achieved with external appliances (including SME)"

Well I have been in the industry for over 7 yrs and I don't agree with that.

"and the simple nature of a approach makes life much easier"

easier for who?? you or your tech.

"Another huge advantage of the WinXP based solution relates to the Microsoft automatic updates feature whereby if a new major threat emerges that is identified by Microsoft, the necessary update is delivered and installed onto each XP computer within hours."

This simply is not true there have been and will be many instances of bugs and threats that have existed for a long time before they have been patched. eg Microsoft took seven months to fix one of its most serious security vulnerabilities (Microsoft Security Bulletin MS04-007). There are some bugs that Microsoft have freely admitted will never be fixed. I'm sure I'm not the only tech that has had to develop a "Workaround" for an issue that after reading an extensive KB that states in the end 'Microsoft recognises this is a problem'. But there is no fix.

This is a quote from  by Greek Keiser in TechWeb News
"Malicious software is so rampant that the average time it takes for an unpatched Windows XP to be compromised after connecting it directly to the Internet is 16 minutes" We actually tested this in our lab with a 1.5Mbs DSL connection and it actually took 9 mins !!

You must realise that by removing your router and SME that there are many features you will be missing out on for example
-Email server
-Secure Web server (IIS (Microsoft) Makes up less than 30% of all web servers and we all remember 'Code Red Worm')
-Ability to create complex routing and firewall rules
-A secure FTP
-VPN
-Caching proxie

etc etc I could go on!!

I agree that Windows will always be with us and for the majority of users it is still the best option for workstations. This is mainly because of familiarity and availabilty/compatibility of software. Despite the GREAT work done by samba.org windows is still the best file management system for other windows clients. I should point out that this is only because MS have gone out of their way to make life difficult for samba users.

Your security and functionality should be the in the realm of your Tech I know if I get the option I will always use a hardware router and some form of Linux firewall in front of the network. After that you can go Mad with windows if that floats your boat.

I look after 150+ clients and those that rely on Linux solutions measure downtime in months rather than days. For example I have one company running a Debian Box that has not been restarted for 2 yrs!!

I could go on about this but as a final point I don't know of any techs that would recommend you reduce your levels of security in order to increase protection.

[jackl]

Hi All,

In the last couple of weeks we have repaired two XP P.C's that have become infected with malware, both were SP2.
One machine had it's wallpaper changed similar to the blue screen of death with the warning that the pc was now infected with spyware and to run any available anti-spyware program. There were several icons placed on the desktop naturally one claiming to be an anti-spyware program. Tracing the path it pointed to an application stored in c:\programfiles\antispyware\.
Several exe files were dumped on the hard disk, one to load the bitmap for the blue screen accompanied by the bitmap itself.
When right clicking on the desktop and then properties to restore the background, it was found that all tabs were missing, this was found to be caused by  group policy modifications carried out by the malware program.
This infection also created about 15-20 shortcuts in favourites and numerous other modifications. We have not seen infections like this ever since the introduction of SP2, but this was as bad if not worse than any of the infections we have seen pre SP2.
The user did not click yes to download any software and was using IE6. I realise that it most likely IE6 that allowed this to happen and not any issue with the XP firewall however it is totally unacceptable.
However these are the first we have seen post SP2, so we reckon there is more to come as it took Microsoft months to fix this problem last time out.

Regards
Jack

PS PC was up to date at the time.
User is now using Firefox instead of IE6

[giannib]

Hi Guys,

thanks for the replies, keep 'em coming the more the better so that I can show them to the decision makers


thanks again and best regards to all

GB

[mach1_4fun]

Hi All,

Personally, I dont think that windows XP is something that should really be connected directly to the internet, I mean you really want to have a dedicated firewall and NAT (network address translation) between your network and the rest of the world. It sounds like they want to add unnesscessary risk.

from my experience, the only thing that XP SP2 offers, is that it turns on the built in firewall by default. In my college dorms we had a data trunk, and everyone had a public IP, I have seen worms slip right through the firewall on the fully updated machine a few people who's computers I fixed, even some had been hacked!.
You should have seen my firewall logs, 1000's of attempts an hour!

If you are going to connect it directly, I would invest in a good software firewall (zonealarm, black ice, etc.) and make sure you patch it as soon as they come out.

just my opinion.

[arnoldob]

I think your consultant wants to make life easier for himself. Personally, I would not leave any windows machine exposed on the internet. While it is certainly true that MS has made progress, their position as the most popular OS makes them the biggest haxor target. You can get a fairly secure platform in XP SP2 by using the MS firewall and setting all the browser security options to high. But has others have pointed out the update process lags behind new threats to a disturbing degree. I would thank the consultant for his work and not call him again.