Catch up on stories from the past week (and beyond) at the Slashdot story archive

 


Forgot your password?
Close
typodupeerror
×
Security Operating Systems Software Windows IT

Windows XP Firewall Bug Flies Under the Radar 30

Posted by timothy from the mistakes-were-made dept.
echocharlie writes "Last Friday, the Computer World reported a quiet update to Windows XP that fixed a bug in the Windows Firewall included in SP2. Gary Schare, Director of Windows Product Management, said it was 'an unfortunate oversight.' The update wasn't mentioned in Microsoft's Security Bulletin even though it's listed as critical because it's a configuration change, not a software fix. The bug may cause shared files and printers to be accessible by others on the Internet. Unfortunate, indeed. Patch those boxes."
This discussion has been archived. No new comments can be posted.

Windows XP Firewall Bug Flies Under the Radar More

Windows XP Firewall Bug Flies Under the Radar

Comments Filter:
  • my xp box shut down in the middle of the night last weekend, tossing some unsaved mozilla composer pages away in the process....I HATE microsofts high handedness.
    • ... Your "box" shutting down.. and you blame Microsoft before anything else? Do have a UPS? Is your hardware stable? Stable drivers?

      Why didn't you save your work?

      Why would you even be using XPSP2?
      • Its my best and most reliable system and it stays up for weeks on end. Heretofore, I only lost stuff if we lost power [right, no UPS]. If I know we are in for bad weather, I save. If I have been doing a lot of typing, I save. I lost more confidence than content this time around. As for why use XP/SP2... indeed! why? see my reply to my own post [ I cut the original short, seeing as it was a first post, and then continued it in the reply.]

        "tipping point" : e.g. the moment when the sheep notices that he
        • So you can't keep an XP box running, good job.

          You want Linux? Try fedora.redhat.com

          Don't want Fedora, try googling for something.

          And about cutting it short to get first post.. WTF for?

          This isn't K5, grow up.
    • I put off the SP2 upgrade for months because I heard of all the trouble that came with the fixes. I had my XP box set to tell me of patches but not install them. Then, in a fit of carelessness, I just clicked on the darned "Apply updates" dialog. I am used to being asked which of the patches I want but this time it just shot the whole wad into my poor machine. I got WMP10, I got DRMcrap.dll's up the wazoo, I got icons all over my desktop. Nero, which had been burning stuff for me flawlessly stopped work
      • Hi. The Windows oriented ones are Xandros and Linspire. You can google for a free Linspire download coupon (web site will still say it costs money but I'm hearing that apparently it doesn't). You can also try the CD based Knoppix, downloadable from linuxiso.org [linuxiso.org]. Knoppix can boot only from the CD so you can nondestructively test it and then install it later if you like it.
    • I HATE microsofts high handedness.

      Please, quit it with the Microsoft bashing. If you don't like the default, then change it. It's a no brainer. Microsoft has made this as easy as possible.

      Go to Control Panel: Automatic Updates, and check "Download updates for me, but let me choose when to install them".
      • ...Microsoft has made this as easy as possible.
        maybe even easier! I knew better than to take the SP2 in the first place but got annoyed at the constant nagging. I didn't used to take auto-updates by choice and by deliberatly configuring the update service. But after the SP2 install, I either slept through the config dialog for update service or it defaulted to full-auto without asking my preference....all water over the dam now. I have since set config back to just warn me it has new stuff. I will s
        • I think one of the reasons that Microsoft turned auto-update to full-auto by default is that most Windows users are "newbies" and won't install the updates without the extra help.

          We can all hope that this will help patch a lot of Windows boxes and stop them from becoming zoombies.

        • I either slept through the config dialog for update service or it defaulted to full-auto without asking my preference

          You have probably slept throught he config. It does ask you this question.
    • my xp box shut down in the middle of the night last weekend, tossing some unsaved mozilla composer pages away in the process....I HATE microsofts high handedness

      Just shut off the automatic updates installations. Let it download and prompt for an install.

    • If automatic updates is on, XP will reboot spontaneously once it's finished installing your updates. It does put a pop-up window on the screen with a countdown timer, and if you don't hit the button, blammo. The solution is to have it download, but not install, the updates. You can then install (and reboot) when it's convenient for you.
  • I applied 3 updates maybe a week ago? Can't remember for sure. But now instead of the blue blocks cycling through 1/3rd of the box once, it cycles through 1.5 x. Nothing major, but angering that patches should make my boot time longer for no good reason.

  • Re: (Score:2, Insightful)

    by account_deleted ( 4530225 )
    Comment removed based on user account deletion
    • If it's merely the latter, then how is that a bug? I mean, that's like saying "The bug may allow computers with "on" buttons to be powered up."

      So you have no problem with me pressing print a million times with full page KKK propoganda, wasting your ink and paper, while you sleep?
      • Comment removed based on user account deletion
        • Lets say youre running a network in your home and you're using a Windows box as the firewall for a home network. (not the best setup, I know, but hey, I know some people who do it. Home users where the "IT guy" is Dad with a Computers for Dummies book) You're sharing a printer and files from this firewall box so that everyone in the house can get to them... NOW. Any firewall would keep such a service local, so that no one on the internet side of things can even SEE it, or ANYTHING for that matter... but peo
      • So you have no problem with me pressing print a million times with full page KKK propoganda, wasting your ink and paper, while you sleep?

        Absolutely, but I think what he's saying is that there's nothing wrong with your shared system showing up someplace to BE shared... After all, that's what sharing is for. People just need to make sure their stuff is secured first.

        On a sidenote though, it would make for a good possibility for Apr1 jokes. ;)
  • Assuming of course that not a whole lot of people knew about this vulnerability, this may have been one of those exceptions where security through obscurity may have actually worked out for the better.

  • short summary (Score:5, Insightful)

    by TheGratefulNet ( 143330 ) on Wednesday December 22, 2004 @01:51PM (#11160349)
    use an external firewall, one you can trust, one that ONLY does routing/firewalling.

    sp2's fw is nice to have. but not SUFFICIENT to have.

    that about sums it up.
  • I had to disable my M$ firewall after installing XPsp2 because of daily crashes. Since disabling, I no longer get crashes.

    Use another professional FW product.

    JsD
    [dreaming of not working through windoze on my corporate heat generator]

Slashdot Top Deals

Software production is assumed to be a line function, but it is run like a staff function. -- Paul Licker

Close