 |
 |
| ActiveWin | Anonymous | Create a User | Reviews | News | Forums | Advertise | VBA in Excel | Users Online: 0 |
|
|
|
|
|
User Controls |
|
New User |
|
Login |
|
Edit/View My Profile |
|
|
|
|
|
|
|
Active Network |
|
ActiveMac |
|
ActiveWin |
|
ActiveXbox |
|
DirectX |
|
Downloads |
|
FAQs |
|
Interviews |
|
MS Games & Hardware |
|
Reviews |
|
Rocky Bytes |
|
Support Center |
|
TopTechTips |
|
Windows 2000 |
|
Windows Me |
|
Windows Server 2003 |
|
Windows Vista |
|
Windows XP |
|
|
|
|
|
|
|
News Centers |
|
Windows/Microsoft |
|
Apple/Mac |
|
Xbox/Xbox 360 |
|
News Search |
|
XML/RSS Newsfeeds |
|
Pocket PC Site |
|
|
|
|
|
|
|
FAQ's |
|
Windows Vista |
|
Windows 98/98 SE |
|
Windows 2000 |
|
Windows Me |
|
Windows Server 2003 |
|
Windows XP |
|
Windows 7 |
|
Windows 8 |
|
Internet Explorer 6 |
|
Internet Explorer 5 |
|
Xbox 360 |
|
Xbox |
|
DirectX |
|
DVD's |
|
|
|
|
|
|
|
Latest Reviews |
|
Xbox/Games |
|
Fable 2 |
|
|
|
Applications |
|
Windows Server 2008 R2 |
|
Windows 7 |
|
Adobe CS5 Master Collection |
|
|
|
Hardware |
|
Microsoft Express Mouse |
|
|
|
|
|
|
|
Latest Interviews |
|
Mike Swanson |
|
|
|
|
|
|
|
Site News/Info |
|
About This Site |
|
Advertise |
|
Affiliates |
|
Contact Us |
|
Default Home Page |
|
Link To Us |
 |
SP2 'Flaw' Report Falls Short | |
|
||
| Time: 01:40 EST/06:40 GMT | News Source: eWeek | Posted By: Jonathan Tigner | ||
|
Opinion: The misguided advisory from Heise Security sets unrealistic expectations for a new Windows security feature and then criticizes Microsoft for not meeting them. When I first saw the advisory "Flaws in SP2 security features," written by Jürgen Schmidt of Heise Security, I just laughed and blew it off as a big nothing. Now, I agree that it illustrates limitations in one of the new security features of Windows XP Service Pack 2. But a flaw? That's a hard claim to make. The basic claim of the advisory is that the new file-attachment security features of SP2 have a hole that allows attachments from untrusted sources to be executed in spite of protections Windows claims to provide. What are these protections? According to Microsoft's description of these new capabilities, "Application developers will be able to call the new AES [Attachment Execution Service] dialog box from their Windows applications." It appears that CMD.EXE doesn't do this. This is what Heise's Schmidt found. |
||
|
Read Only Comments Return to News |
Displaying Comments 1 through 1 of 1 |
This is an archived static copy of ActiveWin.com. |
| #1 By 1474 (160.125.216.131) at Friday, August 20, 2004 10:36:25 AM |
| the web user that would fall for this type of "here's my computer, mess it up for me" are the same ones that will open any attachment, read spam and reply, think that everything on the internet is true and sue McDonalds over hot coffee and for being fat. They do not wear seat belts while driving and they do not have Anti-virus software on the computer. We can not protect stupid people. |
