IT Admins Not 'Trusting' SP2 Security

Found on eWeek on Monday, 23 August 2004

IT administrators and security experts who have had a chance to install, work with and investigate the changes Windows XP Service Pack 2 makes to the operating system said last week the upgrade doesn't live up to the spirit of Microsoft's Trustworthy Computing campaign announced by Chairman and Chief Software Architect Bill Gates in January 2002.

Within about a week of its limited release two weeks ago, a German security researcher found two issues with SP2 that changed the way Microsoft products typically warn users about dangerous online content.

One of the added features of SP2 is a default installation of the IIS (Internet Information Services) Web server package, which includes an HTTP server and an SMTP server. Although IIS�which is not known for its security�is not enabled by default, the fact that it is installed as part of a security update worries many in the security community.

It's not like this SP was expected to be the ultimate solution to the security problems with MS software. But what amazes me is the installation of IIS. There's no real need for this on a personal computer (and not even on a server).

Browse all articles« Previous « » Next »