Security Watch Special: Windows XP SP2 Security Center Spoofing Threat

Microsoft Responds

We spoke with representatives from Microsoft about the Windows Security Center, and the ease with which it can be read or spoofed. They disagreed that the ability to change what the user sees in the Windows Security Center (WSC) is a hole, or a crater. Here's what they said.

"In SP2, we added functionality to reduce the likelihood of unknown/devious applications running on a user's system, including turning Windows Firewall on by default, data execution prevention, attachment execution services to name a few. To spoof the Windows Security Center WMI would require system-level access to a PC. If the user downloads and runs an application that would allow for spoofing of Windows Security Center, they have already opened the door for the hacker to do what they want. In addition, if malware is already on the system, it does not need to monitor WSC to determine a vulnerable point of attack, it can simply shut down any firewall or AV service then attack – no WSC is necessary."

"Windows Security Center, found in the Windows XP Control panel, provides customers the ability and makes it easier to check the status of these essential security functionalities such as firewalls, automatic updates and antivirus. Windows Security Center will inform users whether key security capabilities are turned on and up to date and will notify users if it appears that updates need to be made or if additional action steps may need to be taken to help them get more secure."

Microsoft also pointed out that most malicious attackers would go for the most direct route, such as directly shutting down the firewall or antivirus, rather than lying in wait, watching for the user to do it. We agree that most attackers might use most direct method, but it would depend on the attacker's motive. The hacker may want to be more subtle, getting in under the defenses, undetected until the right time to attack. WMI gives them all the information they need.

Microsoft brings up the point that the user must be in Administrator mode, and the program running on the local machine to get to the WMI. For the enterprise, users may run at more protected levels. But Windows XP home edition installs in Administrator mode, and most end users never change it. So, having administrator mode as the default is a security risk.

For running locally, that's not too difficult. As much as we tell end users not to execute unfamiliar e-mail attachments, they still do. Then there are the attacks using exploits to download code, though many are patched or detected in SP2. And of course there's the time tested way—downloading a game demo or utility.

We suggested to Microsoft that it would be more secure if the WMI only allow interaction with pre-approved applications. Using some of the built-in mechanisms such as Object signing would keep the rogue programs from accessing potentially usable security data. Microsoft replied that the design decision was made to make it as open as possible for any Antivirus or Firewall vendor to access.

We see the WMI and WSC as an indirect security risk, or hole, or whatever you want to call it. Maybe we're giving hackers and malware writers too much credit. WMI allows a program to get the security status of a user's system, as well as spoof it to give the user a false sense of security. Maybe it is too subtle. However, it is another tool in the hacker's toolbox. To have easy public access to the security status of a user's machine is like sending a password in plain text to a web site. It may not be used, but then again it might.

The Bottom Line:

Do we think that end users should upgrade? Yes, Windows XP Service Pack 2 is a must do, especially for end users. However, we would recommend users not take the WSC as gospel, If you use an antivirus, or 3rd party firewall, look at their status panels as a sanity check. Keep your Antivirus, windows, firewall updates current, and most of all, be very careful of what you run on your system.

< back   next >  
Email Order Reprints of this Article.
  • Add to My Yahoo!
  • Add to Google
  • Add to My MSN

Ziff Davis Partner Sites

  • New Server Resources & News
  • Devloper Resource Center

  • Search more than 60,000 tech jobs. Search by keywords, skill, job title and location.

    Powered by:Dice_logo
    Upcoming eSeminars
  • Dec 18, 12:30 p.m. ET
    Workload Automation: A Foundation for the Real Time Enterprise
    with Frank Derfler. Sponsored by CA
  • Dec 18, 2 p.m. ET
    Solving the OS Migration Challenge to Vista and Beyond with Client Virtualization
    with Michael Krieger. Sponsored by Intel
  • Dec 19, 12:30 p.m. ET
    DB2 Version 9 For z/OS - What Does It Mean For Your Business?
    with Frank Derfler. Sponsored by CA
  • Dec 19, 2 p.m. ET
    Beyond GHz: Are Desktops Dead? (P.S. No, They're Not)
    with Michael Krieger. Sponsored by Intel
  • Mobility VTS Logo 189x68
    View our Secure Mobility Virtual Tradeshow: Building & Securing the Mobile Enterprise. Top analysts, consultants, experts and industry execs discuss how to enhance productivity with wireless and mobile solution, maximize security and protection for your growing mobile workforce, update network infrastructure to provide reliable and seamless service, extend security and mobility beyond the perimeter, and deploy wireless technologies to cut costs, improve productivity and enhance services.
    Click on a link below to view one of our free offers!

    >> brought to you by Network
    Find By Topic
    Cell Phones  XML
    Bluetooth Phone, Verizon Cell Phones,
    Cingular Cell Phones, Motorola Cell Phones
    Computer Security  XML
    Virus Software, Spam Software, Spyware Software, Firewall Software
    Computer Software  XML
    Backup Software, System Utilities, Video Editing Software, Office Suites
    Desktops  XML
    Cheap Desktops, Media Desktops, Dell Desktops,
    Mac Desktops, Desktop PC Reviews

    Digital Camcorders  XML
    Sony Digital Camcorders, JVC Digital Camcorders, Cheap Camcorders
    Digital Cameras  XML
    Cheap Digital Cameras, Canon Digital Cameras,
    Nikon Digital Cameras, Digital Camera Reviews

    Editors' Choice Products  XML
    Best Laptops, Best Digital Cameras,
    Best Camcorders, Best Security Software
    Graphics Cards  XML
    ATI Graphic Cards, 256 MB Graphic Cards,
    Cheap Graphic Cards

    HDTVs  XML
    Plasma HDTV, LCD HDTV, Rear Projection TV,
    Sony HDTV, HDTV Reviews
    InkJet Printers  XML
    Cheap InkJet Printers, Epson InkJet Printers,
    Canon InkJet Printers

    Laptops & Notebooks  XML
    Cheap Laptops, Toshiba Laptops, Dell Laptops, Business Laptops, Laptop and Notebook PC Reviews
    Laser Printers  XML
    Black & White Laser Printers, Cheap Laser Printers
    LCDs  XML
    LCD TV, LCD Monitors, Cheap LCDs
    MP3 Players  XML
    Cheap MP3 Players, Microsoft Zune, Apple iPods,
    iRiver MP3 Players, MP3 Player Reviews

    Multi-Function Printers  XML
    Laser MFPs, InkJet MFPs, HP MFPs, Canon MFPs
    PDAs  XML
    Palm PDA, Pocket PC PDA
    Scanners  XML
    Flatbed Scanners, Scanners under $500, Canon Scanners, HP Scanners
    Speakers  XML
    Klipsch Speakers, Altec Lansing Speakers,
    2-Channel Speakers, Cheap Speakers

    Storage Devices  XML
    CD Burners, Hard Drives, DVD Burners,
    Flash Drives
    Wireless Networking  XML
    Wireless Routers, Wireless Access Points, Netgear, Linksys Routers
    Small Business Center 
    Small Business Laptops, Small Business Desktops,
    Smart Phones, Inkjet Printers, Wireless Networking,
    Business Accounting Software

    GearLog: Cool Gadgets—Now  XML
    Digital Cameras, Digital Video, Gadgets & Gizmos, MP3 Players, Desktops, Laptops, Wearable Tech, Cheap Geek
    ExtremeTech  XML
    Top Deep Tech Stories, CPUs, Boards & Components, 3D Graphics, Audio & HDTV,
    Build It, OS, Software & Networking
    TechnoRide  XML
    Car Technology, Car Video Systems, Car Audio,
    Auto News, GPS Car Navigation, Car Reviews,
    Hybrid Cars, Concept Cars, Car Advice, Auto Shows

    Smart Device Central  XML
    Smartphones, Smartphone Software,
    Smartphone Accessories, Smartphone Tips,
    PDAs, PDA Software, PDA Tips, PDA Accessories
    Game Systems 
    Nintendo Wii, Sony PS3, Microsoft Xbox 360,
    Sony PSP, Nintendo DS Lite, Game System Reviews

    View all RSS Feeds >

    table of contents
    Top Threat: Windows Security Center Spoof
    Microsoft Responds
    Top 10 E-mail Viruses
    Top 5 Vulnerabilities
    Phish of the Week
    Security Tip
    Security Alerts and Updates
    Jargon Watch
    Security Watch Story Feed