On CBS MoneyWatch: 6 things NOT to do on Twitter, Facebook
BNET Business Network:
BNET
TechRepublic
ZDNet
211 TalkBacks

By Robert Lemos
Posted on ZDNet News: Jan 29, 2005 12:50:00 AM

A Russian security company claims it found a way to beat a security measure in Microsoft's Windows XP Service Pack 2, a major update aimed at securing customers' PCs.

The SP2 measure, known as Data Execution Protection, is intended to prevent would-be attackers from inserting rogue code into a PC's memory and tricking Windows into running the program. However, in a paper published Friday, Moscow-based Positive Technologies said two minor mistakes in the implementation of the technology allow a knowledgeable programmer to sidestep the protection.

The company notified Microsoft of the problem Dec. 22, but it apparently decided not to wait for the software giant to patch the flaws.

Neither Microsoft nor Positive Technologies immediately responded to requests for comment Friday.

After several delays, Microsoft began rolling out SP2 in August of last year, at which time company Chairman Bill Gates called the update "a significant step in delivering on our goal to help customers make their PCs better isolated and more resilient in the face of increasingly sophisticated attacks."

SponsoredWhite Papers, Webcasts, and Downloads

  • Talkback
  • Most Recent of 211 Talkback(s)
The only REAL fix would be....
...for Microsoft to abandon the "Code Complete" "methodology", which dictates that you build a piece of flaming crap as soon as humanly possible - it doesn't matter how bad it is, it doesn't even have... (Read the rest)
Posted by: jeffdickey Posted on: 02/04/05 You are currently: a Guest | | Terms of Use
What a surprise!  drawback_z | 01/28/05
one of these days  linuxoverwindows | 01/31/05
XP sp2 Flaw Memory Revealed  wwiley@... | 01/28/05
DEP is not a panacea  rpmyers1 | 01/28/05
You wouldn't care so much if you didn't rely so much on Windows  Jeff Spicoli | 01/29/05
Hey that's funny...  Linux User 147560 | 01/29/05
OSX is just as suceptable...  ShadeTree | 01/29/05
I CONDEMN it! Facts or no facts..  Jeff Spicoli | 01/29/05
With a little sass and your head up your ....  I_am_hellion_z | 01/31/05
dont matter to me...  linuxoverwindows | 01/31/05
Do you have the link that shows that so we have the facts?  mlindl | 01/29/05
ZDNet  johnnyu | 01/30/05
Not really...  MacCanuck | 01/31/05
random acts of idiocy  linuxoverwindows | 01/31/05
And this has what to do with the story?  AmusedAtItAll | 02/01/05
short article  linuxoverwindows | 01/31/05
Why is it....  AmusedAtItAll | 01/31/05
Gone MAC?  colotech | 01/31/05
Ummmm yeah  Jeff Spicoli | 01/31/05
RE: Ummmm yeah  richdave | 01/31/05
Brazil  bybelknap | 01/31/05
Message has been deleted.  cashaww | 02/01/05
Swiss cheese...  Wolfie2K3 | 01/31/05
RE: You wouldn't care so much if you didn't rely so much on Windows  richdave | 01/31/05
Goes to show...  skw_z | 01/31/05
Reality Check  Capt_Caveman | 01/31/05
A hint to Microsoft QA...  John Le'Brecage | 01/29/05
Wow!  Linux User 147560 | 01/29/05
Not really  seosamh_z | 01/29/05
I see both sides  Mack DaNife | 01/31/05
this is the scientific way  k3di | 01/31/05
The only REAL fix would be....  jeffdickey | 02/04/05
You do realize, Johh,  Confused by religion | 01/29/05
Statistically speaking...  Zogg | 01/30/05
My confidence icreases  Confused by religion | 01/30/05
Ugh - sorry for the spelling errors!  Confused by religion | 01/30/05
But what about the logical ones?  Immanuel Tranz-Mischen | 02/01/05
The difference between "trying" and "succeeding"...  Zogg | 01/31/05
Vendor aware of breaches??  Anti_Zealot | 01/31/05
Have you read any Apple denials lately?  Confused by religion | 01/31/05
No, I haven't  tic swayback | 01/31/05
Me neither. Care to post a few links? (NT)  Anti_Zealot | 01/31/05
RE: Statistically speaking...  richdave | 01/31/05
Not going nuts, but not following you either...  Zogg | 01/31/05
Re: You do realize, Johh,  none none | 01/30/05
dont forget the sshd logs  linuxoverwindows | 01/31/05
Not so sure on one point  Mack DaNife | 01/31/05
Milly, I must agree with on a few points....  htotten | 01/31/05
And once again  AmusedAtItAll | 02/01/05
Feel?  cashaww | 02/01/05
I use Firefox  Art Royce | 02/01/05
they know...  linuxoverwindows | 01/31/05
RE: A hint to Microsoft QA...  Rayhastie | 01/31/05
same ole same ole  linuxoverwindows | 01/31/05
Your lack of knowledge is showing  AmusedAtItAll | 02/01/05
Spare me....  cashaww | 02/01/05
All the patches in the world..  Real World | 01/29/05
If it were as simple as locking a car door it might work  Laff | 01/29/05
That's why I make extra $$$  Linux User 147560 | 01/29/05
yeah, right  Delmont | 01/30/05
Why?  Patrick Jones | 01/31/05
Avast might be better than AVG...  Anton Philidor | 01/31/05
In that case  AmusedAtItAll | 02/01/05
how about a car analogy:  linuxoverwindows | 01/31/05
mmmmm DOS  linuxoverwindows | 01/31/05
Toaster?  Zirconium_z | 01/31/05
Yes but...  Mack DaNife | 01/31/05
Experts vs average user  tygeverink@... | 01/31/05
RE: If it were as simple as locking a car door it might work  richdave | 01/31/05
Sorry...  BitTwiddler | 01/31/05
RE: Sorry...  richdave | 01/31/05
The problem is  cashaww | 02/01/05
How soon they forget!  ShadeTree | 01/29/05
They are accomplishing politics as usual  FilledOut | 01/29/05
just a regulah ganksta str8 outta compton  linuxoverwindows | 01/31/05
Here's the difference  mlindl | 01/29/05
ugh  Voyonyx | 01/29/05
oops  Voyonyx | 01/29/05
I wish you were around when I gave away my Quadra  MacGeek2121 | 01/31/05
65 on the interstate?  linuxoverwindows | 01/31/05
Will you poeple please stop bringing Bush/Kerry/Dems/Reps into it?  CobraA1 | 01/30/05
Because their hacks!  Delmont | 01/30/05
I feel left out  tic swayback | 01/31/05
Off Subject...  MacGeek2121 | 01/31/05
theyre reaching (nt)  linuxoverwindows | 01/31/05
Cool is in  seosamh_z | 01/30/05
$300 BILLION and counting! National ID! RFID!!  Laff | 01/30/05
Spotty?  neverhome | 01/31/05
Go back to school? Why? I got more than enough sleep  Laff | 01/31/05
And  FilledOut | 01/30/05
RE: Here's the difference  richdave | 01/31/05
We have not forgotten  cashaww | 02/01/05
No convinced  BXLE | 01/29/05
Being Positive  Roger Ramjet | 01/31/05
RE: Being Positive  richdave | 01/31/05
Security update  eag1e11 | 02/01/05
So why is Microsoft laying off software testers?  whisperycat | 01/31/05
Maybe they tested positive for Linux  FilledOut | 01/31/05
ROFLMAO!  Linux User 147560 | 01/31/05
Computer fills up with ink?...  vandamme | 01/31/05
Oxymoron  Chad_z | 01/31/05
Windows Fixable? Short answer: NO Long answer: NEVER  Xunil_Sierutuf | 01/31/05
Windows Security  prenaud@... | 01/31/05
Emulation?  tic swayback | 01/31/05
why should backward compatibility be an issue?  linuxoverwindows | 01/31/05
RE: Windows Security  richdave | 01/31/05
Confused  tic swayback | 01/31/05
RE: Confused  richdave | 01/31/05
But can you run OSX  tic swayback | 01/31/05
windows xp  jan133 | 01/31/05
That's why it's called ...  Neil Parks | 01/31/05
huh?  neverhome | 01/31/05
Didn't you know  Linux User 147560 | 01/31/05
i thought...  bbuddy_z | 01/31/05
Win98 was the best Windows  neverhome | 01/31/05
if i had to choose a windows...  linuxoverwindows | 01/31/05
Actually  Mack DaNife | 02/01/05
Any OS is vulnerable.....  DrDennis69 | 01/31/05
Windows is worse than any other OS  MacGeek2121 | 01/31/05
Typo... "I'm NOT defending these people"  MacGeek2121 | 01/31/05
A dog story  robapacl@... | 01/31/05
Wrong appraoch to security  carl.a.paglione@... | 01/31/05
thats not the end all...  linuxoverwindows | 01/31/05
Touche'  I_am_hellion_z | 01/31/05
also  linuxoverwindows | 01/31/05
Not All - Just kill enough (or the right ones) for a good example ... wink  I_am_hellion_z | 01/31/05
RE: Wrong appraoch to security  richdave | 01/31/05
Will Windows ever get it Right  r.myers@... | 01/31/05
Everyone has bugs  DonPMitchell@... | 01/31/05
Its absurd,  bit_rot | 01/31/05
open source != perfect  linuxoverwindows | 01/31/05
Microsoft Security  woodymiller | 01/31/05
Will MS ever secure Windows?  neilwilkes | 01/31/05
"Those who approach the Bridge of Death ..."  jmintalar | 01/31/05
Software Security  RonS_z | 01/31/05
Why I stick with ME!  Neil Parks | 01/31/05
Deliberate Design and Security  Filker0_z | 01/31/05
Agreed...  dinosaur_z | 01/31/05
Next release to be codenamed "Quilt"  tim@... | 01/31/05
Past Court Case a Sham  gaelicfog@... | 01/31/05
Yes I Believe  IceTheNet@... | 01/31/05
Unix, Linux, Mac......It don't matter  bammike | 01/31/05
Right on!  jrniccolls@... | 01/31/05
Re: Windows Secure?  okiekid | 01/31/05
So what's the answer?  bobb88 | 01/31/05
alt browsers in linux  linuxoverwindows | 01/31/05
Windows security  liradvilas@... | 01/31/05
Windows will never be secure, but neither will anyone else.  MacGeek2121 | 01/31/05
nothings perfect  elliottxp | 01/31/05
Try  Mack DaNife | 02/01/05
Stop patching the potholes and fix the road...  IT Makes Sense | 01/31/05
Interesting Analogy  luckyg | 01/31/05
Well  IT Scion | 01/31/05
Windows Unplugged . . .  heppert@... | 01/31/05
correction...  linuxoverwindows | 01/31/05
Securing Windows?  WillemGrooters | 01/31/05
Why all the fuss?  neverhome | 01/31/05
A lot of people/consumers don't want a HOBBY they  Laff | 01/31/05
Know Your Tools  neverhome | 01/31/05
I agree except...  IT Scion | 01/31/05
you can't be serious.....  hightideinternet@... | 01/31/05
Actually  Mack DaNife | 02/01/05
nicely said (nt)  linuxoverwindows | 01/31/05
Windows security  dap@... | 01/31/05
Amen!  neverhome | 01/31/05
Volume of users is a factor..however it is NOT the only  Laff | 01/31/05
car analogy?  linuxoverwindows | 01/31/05
Oh No...  neverhome | 01/31/05
There's also the HATE FACTOR  neverhome | 01/31/05
hmmm...  IT Scion | 01/31/05
We don't need apologists for poor quality  hipparchus2000 | 01/31/05
Too Much  neverhome | 01/31/05
here's the hard truth...  hightideinternet@... | 01/31/05
Windows security  jw122739@... | 01/31/05
look at the post just before this you apologist you  hipparchus2000 | 01/31/05
Windows & security  bear2bar@... | 01/31/05
Windows/Linux/Unix/Apple  dw5437@... | 01/31/05
Microsoft Patching Analogy  itanalyst | 01/31/05
dont forget the other part of the analogy...  linuxoverwindows | 01/31/05
We users are to blame  n2add@... | 01/31/05
very good point - this is why I think being an apologist is wrong  hipparchus2000 | 01/31/05
There's a good reason  neverhome | 01/31/05
That's not true  IT Scion | 01/31/05
Users partially to blame  techbiker01 | 01/31/05
I'm beginning to like Linux more and more.  FredFarkle | 01/31/05
This is minor  Fordee | 01/31/05
Why Windows will not be secured  dimonic | 01/31/05
Who Cares!  pwagnon@... | 01/31/05
So True  neverhome | 01/31/05
So So True  techbiker01 | 01/31/05
here we go again  gselby4@... | 01/31/05
So be it...  JRD_z | 01/31/05
IGNORE THIS POST  neverhome | 01/31/05
Security Flaw in SP 2?  Whywayne | 01/31/05
Will Microsoft ever be secure  n.argo@... | 01/31/05
Will Windows ever be secure?  pikachodan | 01/31/05
Fundamentally Flawed  xhpconsultant | 01/31/05
Definition?  AdeOghert | 02/01/05
Well, I've been waiting...  jrniccolls@... | 01/31/05
Microsoft Safe?  cosmicfoole@... | 01/31/05
they dont want security  dfowensby | 01/31/05
Are homes burglar proof? Are cars?  hightideinternet@... | 01/31/05
Will Windows ever be secure?  ronbabb@... | 01/31/05
At least we know to whom we have to turn, and look at...  uofis | 02/01/05
Who are they?  AdeOghert | 02/01/05
Probably not.  oldguybobh | 02/01/05
Will MS Ever Be Able to Secure Windows  tbsteph@... | 02/01/05
Why securing Windows ? Don't do this !  tom123_z | 02/02/05
Please don't do that!!  kumchan | 02/02/05
DPE Opening  dennisling@... | 02/02/05
Software Security is Possible  bengland | 02/03/05

What do you think?

advertisement
advertisement

White Papers, Webcasts, and Downloads

Meet Doc