XP SP2 passes security experiment
By Matt Whipp
Posted on 1 Dec 2004 at 15:22
Service Pack 2 really does prevent hackers breaking in to XP systems, according to USA Today.
The news service performed an experiment to place a number of computers online to see how long it would take before they were hijacked.
Unprotected 'vanilla' installations of Windows XP lasted less than four minutes before being compromised. And within 12 minutes three separate attacks had been successful, using a series of techniques exploited by the Blaster and Sasser worms.
After being hooked up to the Internet, all the systems fell prey to a barrage of automated attacks. That a Windows XP machine with SP1 was averaging 341 attacks an hour may come as small surprise, but almost on a par was the Mac OS X machine, subjected to an average of 339 attacks an hour over the course of the two week experiment. One would have thought that with a 90 per cent market share of the desktop space, there would be a far larger differential.
Conversely, the XP system with SP2 installed - which boosts security levels by turning on the firewall for example - only had to fend off 3.4 attacks an hour. Indeed adding even a basic firewall to XP SP1 reduced the attack levels to 2.1. A Linspire Linux machine, again with a firewall activated, improved this still further to 1.9 attacks per hour.
The XP SP1 machine was broken into nine times, and a Dell box running Microsoft's Small Business Server was compromised once. Neither were running a firewall. The Mac OS X box retained its integrity, despite no active firewall.
However, ultimately it was the firewall that really shored up defences - whether it was activated through the installation of SP2 or bought from a third party.
Microsoft told us that Windows XP has been sold with SP2 pre-installed since October, while OEMs have had the security add on since it was released to manufacturing even earlier. They will have had plenty of time to update the images they use to put the operating system on the computers they sell.
The moral of the story then is that anyone buying a new Windows XP computer should demand it is supplied with SP2. The risks of doing otherwise will be clear within four minutes of going online.
Microsoft offers safe computing advice at its website.
From around the web
advertisement
- Laptop bag reviews: nine tested
- Sony VAIO T Series Ultrabook review: first look
- Revealed: the military standards and robots HP uses to test its laptops
- Windows 8: multi-monitors and double standards?
- Why is TalkTalk's year-old porn filter suddenly big news?
- Why are laptop screens so far behind mobiles?
- HP EliteBook Folio review: first look
- The shoebox-sized all-in-one printer
- Forget the Ultrabook: here comes the HP Sleekbook
- HP Spectre XT review: first look
- Why you have to be left in the dark on OS patches
- Publishing your email address isn't a security disaster
- Why antivirus is fighting a losing battle in your office
- Four year olds used to steal their parents' data
- An acceptable use policy for your kids
- Paying for your crimes with Bitcoin
- Pavement hacking: What it is and how to avoid it
- Google's risky pre-loaded pages
- Mac under attack: how secure is Apple's OS?
- Has your browser been hijacked?
advertisement
