|Security Watch Special: Windows XP SP2 Security Center Spoofing Threat|
We spoke with representatives from Microsoft about the Windows Security Center, and the ease with which it can be read or spoofed. They disagreed that the ability to change what the user sees in the Windows Security Center (WSC) is a hole, or a crater. Here's what they said.
"In SP2, we added functionality to reduce the likelihood of unknown/devious applications running on a user's system, including turning Windows Firewall on by default, data execution prevention, attachment execution services to name a few. To spoof the Windows Security Center WMI would require system-level access to a PC. If the user downloads and runs an application that would allow for spoofing of Windows Security Center, they have already opened the door for the hacker to do what they want. In addition, if malware is already on the system, it does not need to monitor WSC to determine a vulnerable point of attack, it can simply shut down any firewall or AV service then attack no WSC is necessary."
"Windows Security Center, found in the Windows XP Control panel, provides customers the ability and makes it easier to check the status of these essential security functionalities such as firewalls, automatic updates and antivirus. Windows Security Center will inform users whether key security capabilities are turned on and up to date and will notify users if it appears that updates need to be made or if additional action steps may need to be taken to help them get more secure."
Microsoft also pointed out that most malicious attackers would go for the most direct route, such as directly shutting down the firewall or antivirus, rather than lying in wait, watching for the user to do it. We agree that most attackers might use most direct method, but it would depend on the attacker's motive. The hacker may want to be more subtle, getting in under the defenses, undetected until the right time to attack. WMI gives them all the information they need.
Microsoft brings up the point that the user must be in Administrator mode, and the program running on the local machine to get to the WMI. For the enterprise, users may run at more protected levels. But Windows XP home edition installs in Administrator mode, and most end users never change it. So, having administrator mode as the default is a security risk.
For running locally, that's not too difficult. As much as we tell end users not to execute unfamiliar e-mail attachments, they still do. Then there are the attacks using exploits to download code, though many are patched or detected in SP2. And of course there's the time tested waydownloading a game demo or utility.
We suggested to Microsoft that it would be more secure if the WMI only allow interaction with pre-approved applications. Using some of the built-in mechanisms such as Object signing would keep the rogue programs from accessing potentially usable security data. Microsoft replied that the design decision was made to make it as open as possible for any Antivirus or Firewall vendor to access.
We see the WMI and WSC as an indirect security risk, or hole, or whatever you want to call it. Maybe we're giving hackers and malware writers too much credit. WMI allows a program to get the security status of a user's system, as well as spoof it to give the user a false sense of security. Maybe it is too subtle. However, it is another tool in the hacker's toolbox. To have easy public access to the security status of a user's machine is like sending a password in plain text to a web site. It may not be used, but then again it might.
The Bottom Line:
Do we think that end users should upgrade? Yes, Windows XP Service Pack 2 is a must do, especially for end users. However, we would recommend users not take the WSC as gospel, If you use an antivirus, or 3rd party firewall, look at their status panels as a sanity check. Keep your Antivirus, windows, firewall updates current, and most of all, be very careful of what you run on your system.
FREE ZIFF DAVIS ESEMINARS AT ESEMINARSLIVE.COM
View our Secure Mobility Virtual Tradeshow: Building & Securing the Mobile Enterprise.
Top analysts, consultants, experts and industry execs discuss how to enhance productivity with wireless and mobile solution, maximize security and protection for your growing mobile workforce, update network infrastructure to provide reliable and seamless service, extend security and mobility beyond the perimeter, and deploy wireless technologies to cut costs, improve productivity and enhance services.
|Click on a link below to view one of our free offers!
If you have legacy applications to support while moving toward a service-oriented architecture, you'll want to read Forrester's Report, "Got Legacy? Four Fates Await Your Applications." Sponsored by IBM, it details the four decisions you'll have to make regarding your legacy applications. The report also covers important issues to consider when deciding your legacy application direction.
Download it Today!
Build your own customized PC around Thermaltake. Choose your components and register to win! (no purchase necessary)
>> brought to you by PCMag.com Network
Bluetooth Phone, Verizon Cell Phones,
Cingular Cell Phones, Motorola Cell Phones
Virus Software, Spam Software, Spyware Software, Firewall Software
Backup Software, System Utilities, Video Editing Software, Office Suites
Cheap Desktops, Media Desktops, Dell Desktops,
Mac Desktops, Desktop PC Reviews
Sony Digital Camcorders, JVC Digital Camcorders, Cheap Camcorders
|Digital Cameras |
Cheap Digital Cameras, Canon Digital Cameras,
Nikon Digital Cameras, Digital Camera Reviews
|Editors' Choice Products
Best Laptops, Best Digital Cameras,
Best Camcorders, Best Security Software
|Graphics Cards |
ATI Graphic Cards, 256 MB Graphic Cards,
Cheap Graphic Cards
Rear Projection TV,
Sony HDTV, HDTV Reviews
|InkJet Printers |
Cheap InkJet Printers, Epson InkJet Printers,
Canon InkJet Printers
|Laptops & Notebooks
Cheap Laptops, Toshiba Laptops, Dell Laptops, Business Laptops, Laptop and Notebook PC Reviews
|Laser Printers |
Black & White Laser Printers,
Cheap Laser Printers
LCD Monitors, Cheap LCDs
|MP3 Players |
Cheap MP3 Players, Microsoft Zune, Apple iPods,
iRiver MP3 Players, MP3 Player Reviews
InkJet MFPs, HP MFPs, Canon MFPs
Palm PDA, Pocket PC PDA
Flatbed Scanners, Scanners under $500, Canon Scanners, HP Scanners
Klipsch Speakers, Altec Lansing Speakers,
2-Channel Speakers, Cheap Speakers
CD Burners, Hard Drives, DVD Burners,
|Wireless Networking |
Wireless Routers, Wireless Access Points, Netgear, Linksys Routers
|Small Business Center
Small Business Laptops,
Small Business Desktops,
Smart Phones, Inkjet Printers, Wireless Networking,
Business Accounting Software
|GearLog: Cool GadgetsNow |
Gadgets & Gizmos,
Top Deep Tech Stories, CPUs, Boards & Components, 3D Graphics, Audio & HDTV,
Build It, OS, Software & Networking
Car Technology, Car Video Systems, Car Audio,
Auto News, GPS Car Navigation, Car Reviews,
Hybrid Cars, Concept Cars, Car Advice, Auto Shows
|Smart Device Central
PDAs, PDA Software, PDA Tips,
Nintendo Wii, Sony PS3, Microsoft Xbox 360,
Sony PSP, Nintendo DS Lite, Game System Reviews
|View all PCMag.com RSS Feeds >