Cameras
Camcorders
Cell Phones
Components
Desktops
HDTV
Home Theater
GPS
Laptops
Monitors
MP3 Players
Networking &
Printers
Storage
WiFi Finder
Locate wireless services by a specific address, city, state, country, airport, or zip code.
Feds to XP Users: Turn Off Plug and Play!
FBI agency's Web site urges users to disable source of security flaw despite Microsoft's patch.
Todd R. Weiss, Computerworld Online
A government computer security agency is recommending that Windows XP users consider turning off XP's universal plug-and-play service to close a security hole that can allow hackers to break into a user's computer.
The recommendation, which follows a patch offered last week by Microsoft, was posted Saturday on the Web site of the FBI's National Infrastructure Protection Center after discussions with Microsoft on the vulnerability.
The hole could lead to distributed denial-of-service attacks and other intrusions, according to the NIPC, which is recommending that universal plug and play, or UPnP, be disabled on systems in which it's not being used. Full directions on how to disable UPnP are included in the NIPC security bulletin. The alert also suggests that system administrators monitor and block ports 1900 and 5000, as increased activity on them can indicate active scanning by hackers seeking vulnerable systems.
Last Thursday, Microsoft posted its own "critical" security advisory about the security hole, which also affects Windows 98, 98 SE, and Me when using the UPnP service. The UPnP service allows PCs to discover and use various network-based devices such as printers. Windows XP has native UPnP capability, which runs by default on the system. Windows ME also includes native UPnP capability, but it doesn't run by default. With Windows 98 and 98 SE, UPnP must be installed via the Internet Connection Sharing client that ships with Windows XP.
Representatives at the NIPC and Microsoft couldn't be reached for comment today.
Alan Paller, research director at the SANS Institute, an IT security agency in Bethesda, Maryland, said the new Windows XP vulnerability highlights what has been a constant concern of many users: Software continues to arrive from vendors with major services turned on by default, rather than allowing users to choose the features they want to use.
"There's a huge need in the user community to not be given something where everything is broken" as soon as it arrives from the vendor, Paller said. "We're seeing it all over the place."
Users want to see features included in products, he said, but they want to be able to turn them on as needed, not have them installed with every option available from the start, leaving them potentially vulnerable to security problems.
"This is only the first volley in what will be the biggest shift in computer security that's taken place over the last two decades," Paller predicted. "You're just seeing the tip of the iceberg."
For more enterprise computing news, visit Computerworld. Story copyright © 2007 Computerworld Inc. All rights reserved.
Microsoft Office Home and Student 2007
Full Windows 7 coverage
People who read this also read:
Best Prices on Antivirus Software
Norton Antivirus 2010 (Full Product, 1 User)Price: $17.50
Norton AntiVirus 2009 (Full Product)Price: $15.68
Anti-virus 2010 (OEM Product, 1 User)Price: $21.72
Norton Antivirus 2010 (Full Product, 1 User)Price: $24.00
Anti-Virus 2009 (Full Product)Price: $15.04
Norton Antivirus 2010 (Full Product, 3 Users)Price: $38.50
- 15 Minutes to a Secure Business Get the Secure in 15 toolkit starting with the "15 Minutes Month-at-a-Glance" calendar. McAfee will send you additional tools and tricks to stay protected around the clock.
- A Buyer's Guide to Data Protection Implementing data protection products and processes can be daunting. Make the right decisions by exploring what is available and what makes sense for your organization. Use this simple guide to evaluate different vendor offerings.
