I just have to say that Microsoft is working on higher and tighter security [Windows XP Service Pack 2]
As far as I can say it looks promising. Maybe it is a bit too late but they are moving - Server 2003 is more secure, most services are tuned off by default and Windows XP goes in that direction. The new virii/worms are getting in the social engineering direction. Look at sven - fake mail microsoft style or sober - "you have been caught" and mimail - which was zipped - indeed proves that after Iloveyou nobody has learned - uh oh - letīs look into it !!!, and not to forget Sobig which pretended to origin from known senders and flooded mailservers. IMHO if another outbreak (very likely) occours it should be on the media (TV and Radio) so even Joe Sixpack knows then: -> Do not run that attatchment ! -> Download THIS update to stay secure. Sometimes itīs to blame us administrators for not installing patches - slammer and blaster patches were released way BEFORE the outbreak(s) occured but most admins did not patch, simply they dontīt even know that there is a patch available ! Could you blame Microsoft on that ? Simply no, cause as admin I have to know about patches/releases, I have to be on the MS security mailinglist and so on. e.g. I had to help out one large organisation (the famous infected notebook thingy) to patch the whole IT, what a nightshift ... *nix admins patch regulary but some (so called) windows admins) donīt - cause they did not realize that there is something to patch ... Itīs all about knowledge and education. I recommend the MS SUS server, itīs free, you can test patches before approving them and it is inexpensive compared to SMS But thatīs for us admins with a clue, what about the aunt annie and Joe Sixpack ? IMHO Windows may be insecure by default but there are patches and windows update but most private users turn it of by default - heck if I had a modem I would do the same ... What should MS do ? - Put free CDs with Patches everywhere [like [censored] AOL does with their "Software"] - Go to media, even it hurts - Shut down unecessary (insecure) Services - Change the behavior of XP Home (everyone is admin) - create an own install account with warning background - SuSE like with bombs - Include a security tour after (pre)-installation (OEM) - Software vendors - change your installers - most games run only as admin in WinXP ... And I truly agree with Tobias Weisserth that Windows XP Home should have been locked down and hardened for the home user (Joe Sixpack). Itīs a crippled version of XP Pro with less features even in the security area, you can patch it - like the german magazine CT pointed out - but that is not manageable for the home user without any clue - heck I have had one mate who put his windows9x into the recycle bin and called me his windows wonīt boot anymore. Nothing is impossible ! So donīt blame the Joe Sixpacks around - Media coverage and a better security support is all. just my 0,0002 cents Helmut Hauser Systemadministration EDV _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html