XP SP2 passes security experiment
By Matt Whipp
Posted on 1 Dec 2004 at 15:22
Service Pack 2 really does prevent hackers breaking in to XP systems, according to USA Today.
The news service performed an experiment to place a number of computers online to see how long it would take before they were hijacked.
Unprotected 'vanilla' installations of Windows XP lasted less than four minutes before being compromised. And within 12 minutes three separate attacks had been successful, using a series of techniques exploited by the Blaster and Sasser worms.
After being hooked up to the Internet, all the systems fell prey to a barrage of automated attacks. That a Windows XP machine with SP1 was averaging 341 attacks an hour may come as small surprise, but almost on a par was the Mac OS X machine, subjected to an average of 339 attacks an hour over the course of the two week experiment. One would have thought that with a 90 per cent market share of the desktop space, there would be a far larger differential.
Conversely, the XP system with SP2 installed - which boosts security levels by turning on the firewall for example - only had to fend off 3.4 attacks an hour. Indeed adding even a basic firewall to XP SP1 reduced the attack levels to 2.1. A Linspire Linux machine, again with a firewall activated, improved this still further to 1.9 attacks per hour.
The XP SP1 machine was broken into nine times, and a Dell box running Microsoft's Small Business Server was compromised once. Neither were running a firewall. The Mac OS X box retained its integrity, despite no active firewall.
However, ultimately it was the firewall that really shored up defences - whether it was activated through the installation of SP2 or bought from a third party.
Microsoft told us that Windows XP has been sold with SP2 pre-installed since October, while OEMs have had the security add on since it was released to manufacturing even earlier. They will have had plenty of time to update the images they use to put the operating system on the computers they sell.
The moral of the story then is that anyone buying a new Windows XP computer should demand it is supplied with SP2. The risks of doing otherwise will be clear within four minutes of going online.
Microsoft offers safe computing advice at its website.
From around the web
advertisement
- Chrome's shine getting lost in translation
- BytePac: the cardboard hard disk enclosure
- How tech loosens our grip on reality
- Hokum watch: Safer Internet Day
- Why I'm deleting Adobe from my PC
- Prepare to be patronised: it's Safer Internet Day
- Dear Sony, Samsung and every other tech company in the world: stop trying to be Apple
- Will Apple's Final Cut Pro X update placate the pros?
- Smartr Contacts for iPhone review
- Switching to Office 365's Outlook Web App
- Paying for your crimes with Bitcoin
- Pavement hacking: What it is and how to avoid it
- Google's risky pre-loaded pages
- Mac under attack: how secure is Apple's OS?
- Has your browser been hijacked?
- Can you send a truly anonymous email?
- Is it safe to send bank details over email?
- Sainsbury's Bank bans password storage
- MobileMe triggers credit card blocks
- How to stay safe against session hijacking
advertisement
Printed from www.pcpro.co.uk