IP: Fw: today's wp, fbi suggests xp fix beyond that suggested by ms; ms refuses to send email notification to upgrade

[David Farber <dfarber@earthlink.net>]

-----Original Message-----
From: Paul Foldes <pfoldes@eidmgt.com>
Date: Sat, 22 Dec 2001 11:48:49 
To: dave@farber.net
Subject: today's wp, fbi suggests xp fix beyond that suggested by ms;
  ms refuses to send email notification to upgrade

Dave, of interest to IP

Note that MS position is that it is unnecesary to notify XP users by email 
to urge them to upgrade to safety patch;as, according to MS, a new feature 
of XP can automatically dowload the fix, and prompt to install it.

This would be a good opportunity to survey XP users as to:

1)  how many knew XP had this feature,
2) availed themselves of this automatic update feature, and
3) in fact installed the patch

as from an infrastructure safety point of view, it is of no utility if 
software has a feature that is not adequately trusted to be used; and 
notification of users is specifically declined by the manufacturer of such 
software found to have a glaring design fault.

Further to my suggestion in an earlier post this morning.

Paul Foldes


>To view the entire article, go to 
>http://www.washingtonpost.com/wp-dyn/articles/A15817-2001Dec22.html
>
>FBI Advises Windows XP Users On Measures to Block Hackers
>
>By Ted Bridis
>
>The FBI's top cyber-security unit warned consumers and corporations last 
>night to take steps beyond those recommended by Microsoft Corp. to protect 
>against hackers who might try to attack major flaws discovered in the 
>newest version of Windows software.
>
>The FBI's National Infrastructure Protection Center said that, in addition 
>to installing a free software fix offered by Microsoft on its Web site, 
>consumers and corporations using Windows XP should disable the product's 
>"universal plug and play" features affected by the glitches.
>
>The FBI did not provide detailed instructions for how to do this. 
>Microsoft considers disabling the features unnecessary.
>
>The company acknowledged this week that Windows XP suffers from serious 
>problems that allow hackers to steal or destroy a victim's data files 
>across the Internet or implant rogue computer software. The glitches were 
>unusually serious because they allow hackers to seize control of all 
>Windows XP operating system software without requiring a computer user to 
>do anything except connect to the Internet.
>
>Outside experts cautioned that disabling the affected Windows XP features 
>would threaten to render unusable an entire category of high-tech devices 
>about to go on the market, such as a new class of computer printers that 
>are easier to set up. But they also acknowledged that disabling them could 
>afford some protection against any similar flaws that might be discovered 
>in the future.
>
>The FBI bulletin also urged professional computer administrators to 
>monitor for certain types of Internet traffic that might indicate an 
>attack was underway.
>
>A top Microsoft security official, Steve Lipner, maintained that 
>installing the free "patch" was the best course of action to protect their 
>systems.
>
>The FBI warning came after FBI and Defense Department officials and some 
>top industry experts sought reassurance from Microsoft that the software 
>fix really stops hackers from attacking the flaws.
>
>  Microsoft declined to tell U.S. officials how many XP owners downloaded 
> and installed its fix in the first 24 hours it was available. Experts 
> from Internet service providers, including AT&#38;T Corp., said the 
> information was vital to determine the scope of the threat.
>
><<< Microsoft also indicated it would not send e-mails to XP customers to 
>alert them to the importance of installing the patch. The company 
>explained that a new feature of XP can automatically download the fix and 
>prompt consumers to install it.>>> <emphasis added>





>

-----------------------------------------------------------------------------
Paul Foldes  JD, BE,EE
Business Consultant  &  Adjunct Professor
Business, Management & Info-Science

E-Mail:  <mailto:pfoldes@eidmgt.com>
Tel: +1 (703) 370-0008  Direct
As Needed: Fax #  / PGP Encryption / IM Info

Research .. Teaching  .. Consulting
*  Co$t Effective Use of New Technologies
*  User Respectful ePrivacy Practices
    THE Competitive Advantage
    


Sent from Dave's Blackberry.

For archives see:
http://www.interesting-people.org/archives/interesting-people/