Ironworks Gaming Forum

Ironworks Gaming Forum (http://www.ironworksforum.com/forum/index.php)
-   General Conversation Archives (11/2000 - 01/2005) (http://www.ironworksforum.com/forum/forumdisplay.php?f=28)
-   -   Windows did it again! (http://www.ironworksforum.com/forum/showthread.php?t=92555)

Callum 12-20-2004 08:31 AM
I was just browsing through PC World, when I noticed this article.

Quote:
Microsoft Fixes 'Critical' XP Firewall Issue

Fix prevents users from sharing their files and printers with the entire Internet.


Joris Evers, IDG News Service
Thursday, December 16, 2004


Microsoft has quietly released an update to Windows XP to fix a potentially serious configuration problem in the firewall that ships as part of Windows XP Service Pack 2.


Users who installed SP2 on their Windows XP machines and also have file and printer sharing enabled may have been sharing their files and printers with the entire Internet, according to Microsoft.


By default, file and printer sharing makes changes to the SP2 firewall to give computers on the "local network" access to shared resources. However, the definition of that local network depends on the Internet service provider. In some cases, especially with dial-up ISPs, it meant the entire Internet, according to Microsoft.


"In the default configuration of Windows XP SP2, that (firewall) setting was probably a bit wider than it should have been," said Gary Schare, director of product management for Windows. "This update narrows the scope of what defines the local network."


Local Not So Local


Still, even with the update, a local network could extend beyond what users may consider a local network, Schare said. To cordon off a network and prevent unwanted access, users should place an additional firewall in front of the network, he said. For example, they could use a router with a firewall.


"If you're turning on file and printer sharing, we want you to be aware that you're sharing your files on the network, and if you are connected to the Internet, that network may be larger than you think," Schare said.


Microsoft first discussed the firewall issue in an article on its Web site in September. A "critical" update for Windows XP SP2 was released on Tuesday. However, though issued on the same day, the update was not part of Microsoft's monthly security updates. That's because security updates are only for software vulnerabilities, according to Schare.


"A vulnerability is a software bug that needs to be repaired to avoid a security issue. This is a configuration setting that shipped with Windows XP that was not optimal, but that is not classified as a security vulnerability," he said.


The update to Windows XP SP2 has been pushed out to users with the Automatic Updates feature in Windows.
I particularly liked this quote:
Quote:
Gary Schare, director of product management for windows, said:
"In the default configuration of Windows XP SP2, that (firewall) setting was probably a bit wider than it should have been,"
Imagine that eh? Being able to print all over the world ;)

[ 12-20-2004, 08:36 AM: Message edited by: Callum ]

Vaskez 12-20-2004 08:34 AM
I'm sticking to Linux for work and windows 2k for gaming for the foreseeable future! :D

philip 12-20-2004 08:39 AM
I think I'm about to delete my internet in windows. I use it for gaming only anyway. Oh and for my ICT class, cause my teacher created a nice asp site which doesn't run on firefox :( But well I don't look there much anyway.

LOL still I feel a bit for m$ having to make sure the most computer-illiterate people have reasonable secure computers. Or maybe it's just that their definitions are screwed up so you think you're fine. Local network = internet ROFL that's a real good one :D

Vaskez 12-20-2004 08:41 AM
That's funny that the ASP site doesn't run on firefox, since ASP code runs on the server and should only output HTML and javascript etc.

Hmmm I guess it must be ASP.NET which creates some non-standard HTML components that only IE can display properly - bastard MS!

philip 12-20-2004 09:36 AM
Quote:
Originally posted by Vaskez:
That's funny that the ASP site doesn't run on firefox, since ASP code runs on the server and should only output HTML and javascript etc.

Hmmm I guess it must be ASP.NET which creates some non-standard HTML components that only IE can display properly - bastard MS!
I just wanted to check but his site is down cause of his bandwidth usage. I'll check later what it is exactly but I think I ruled a few of them out cause I couldn't run it on firefox in windows either (shockwave works in there). But I wouldn't be surprised it's m$ again.

Btw it looks like I have to review my original point of view. I don't feel for any writers of an OS that causes a kernel failure when I open a bad word document. So far my half hour of joy with windows today. Happy to be back on linux.

LennonCook 12-21-2004 07:41 AM
<span style="color: lightblue">ASP sends out different code to 'uplevel' and 'downlevel' browsers. Downlevel browsers are fed HTML 3.2, no style sheets, etc (because that's all a downlevel browser can support...). Problem is, the default configuration on this... uplevel is IE. Downlevel is everything else...

harleyquinn 12-21-2004 08:37 AM
Yet one more reason why I rely on my own Firewall and not on M$ for their's. They've just proven too many times that their programs are crap for me to trust them with a firewall.

LennonCook 12-21-2004 05:20 PM
<span style="color: lightblue">For me it isn't so much a bug in the firewall as this little slip:
Quote:
Still, even with the update, a local network could extend beyond what users may consider a local network, Schare said.
<span style="color: lightblue">In other words, all of those vulnerabilities that need "local network access" are, infact, "remote access"...


All times are GMT -4. The time now is 07:00 PM.

Powered by vBulletin® Version 3.8.3
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
©2024 Ironworks Gaming & ©2024 The Great Escape Studios TM - All Rights Reserved