• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

PC-WELT discovers and fixes serious security issue in Windows XP SP2

L

LiLithTecH

Diamond Member
This has to give you that warm, fuzzy, secure, feeling inside.

As soon as you install SP2 on a Windows XP PC with a certain configuration, your file and printer sharing data are visible worldwide, despite an activated Firewall. This also applies to all other services. The PC only has to provide sharing for an internal local network and connect to the Internet via dial-up or ISDN. Users of DSL services are also affected, if a firewall is not integrated into the DSL modem or a common modem instead of a DSL router is used. Additionally, Internet Connection Sharing of the PC has to be disabled.




To read the rest of the story.
 
When I installed my first release candidate of SP2 I looked at the firewall setup, and the way it was designed seemed unusual but logical to me. I have a LAN at home behind a router and a connection to Comcast cable, but I also take my notebook to work and connect to other networks. One of the first things I figured out was that it just made sense to use custom settings for the exceptions that would limit their availability to my own LAN (or another one that happened to use the same IP range) and to check the Don't Allow Exceptions checkbox before connecting directly to the Internet by dial-up and before connecting directly to other networks.

Mostly I reserve my wireless connection for use at home and connect by Ethernet when out and about, so I also unbind file and print sharing (and usually the client since I don't usually log onto domains) from the wired NIC.

I like the logic and flexibility of the layout, but I can see that it would easily escape the attention of the average household user that an apparently safe home networking setup would not constitute a safe setup of the firewall for use with a dial-up account.

It's interesting that enabling ICS changes the behavior of the firewall for the dial-up connection. (Did I read that correctly?) I'm going to look at that again. It never occurs to me to think about using ICS for any purpose, much less with a dial-up connection. In a weird sort of way it all kind of makes sense. (Well, to me anyway, but I'm kind of odd, myself.) If you're connected directly via dial-up to the Internet, well the Internet is your "subnet" -- heh-heh.

prosaic
 
I didn't think that article was that well researched. They talked about ICF not functioning, and then enabling ICS. Well, guess what, ICS/ICF are the *same* component, so if ICS was disabled, then it stands to reason that ICF was too. Poor article.
 
I didn't think that article was that well researched. They talked about ICF not functioning, and then enabling ICS. Well, guess what, ICS/ICF are the *same* component, so if ICS was disabled, then it stands to reason that ICF was too. Poor article.
Click to expand...

Hmmm. I won't claim to know precisely the underpinnings of ICF and ICS, but they aren't really the "same" component insofar as the way the user interface presents them. A user can certainly (apparently) enable ICF without enabling ICS. I'm not sure what would be the rational for allowing a public address to be considered a part of "My network (subnet) only" by default, or of the propriety of expecting the average user to know that he needed to either change the scope manually or to check "Don't allow exceptions". I don't know how many average users set up a local network and enable file and print sharing behind a router and also use dial-up. But I can see how, under those circumstances the UI might mislead them into leaving themselves vulnerable when using the dial-up connection.

It seemed natural to me, just upon cursory inspection when I first used it, to use the right settings. I don't know how many people this would really be a problem for, but, if it works the guys who wrote the article say, I suppose it could be a pitfall for some people.

If I get a little time today I'm going to look at the interaction between ICF and the ICS settings just to see how they interact with each other -- just for my own edification. Or maybe not. I don't really care much how ICS works. I can't even imagine using it. Heh.

prosaic
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top