Computers running Windows XP Service Pack 2 are 15 times less likely than those running XP or XP SP1 to be infected by some of the most dangerous forms of malware, according to a Microsoft security guru.
Jason Garms, who heads the company's anti-malware product team, said Tuesday that this improvement had been revealed by an internal analysis of SP2's performance.
SP2--a major security update released in August--was designed to turn on auto-update by default and consolidate security controls into a "security center."
"A machine that had Windows XP or XP SP1 was 15 times more likely to have one of the highly prevalent top 20 worms installed than on a machine running XP SP2," said Garms, who spoke at a conference sponsored by Australia's national Computer Emergency Response Team, or AusCERT.
He said that the default turning-on of auto update had made a dramatic difference to users. "Within days of Microsoft releasing a patch," he said, "the vast majority of the Windows ecosystem is up to date."
Garms also revealed that Microsoft is planning to release an enterprise version of its anti-spyware tool, which is currently available in beta form on the company's Web site. However, he would not reveal when the new tool would be available, or whether it would be a free utility or sold as a separate application.
"It is currently in our plans (to have) an enterprise offering that addresses spyware," Garms said. "The product and packaging details are still to be decided."
He added that spyware could be responsible for up to one-third of all Windows crashes, citing data culled by the Windows error reporting tool, which sends data back to Microsoft when an application crashes.
"The primary problem that users have with spyware is that their systems crash or are really slow or don't behave in the way they expect them to," Garms said. "We try to figure out how many of the crashes that are reported to us are actually attributable to spyware, and it turns out that at least one-third of those machines had spyware installed on them, so it is a big problem."
Garms noted that people are more worried about their computer behaving erratically and running slowly than they are about being spied upon by malware.
"Some people will have you believe that the primary impact of spyware is the spying on your systems, but that is the secondary impact of spyware," Garms said. Spyware causing crashes and erratic behavior "are the things that generate user help desk calls."
quote: <<<A machine that had Windows XP or XP SP1 was 15 times more likely to have one of the highly prevalent top 20 worms installed than on a machine running XP SP2," said Garms>>>
NO kidding! Those people that have computers infested with worms and spyware are also the least likely to upgrade to SP2.
quote: <<<A machine that had Windows XP or XP SP1 was 15 times more likely to have one of the highly prevalent top 20 worms installed than on a machine running XP SP2," said Garms>>>
NO kidding! Those people that have computers infested with worms and spyware are also the least likely to upgrade to SP2.
Yeah, SP2 made windows so much more secure that alot of the end users out there ended up not even being able to access the net at all.
SP2 does not make XP more secure. Quite a few of XP's problems are not even addressed by SP2.
SP2 was created to give Microsoft a higher degree of access to your computer. It is made to "look" good by doing things like forcing up the crappy XP firewall. You are better protected by using a router and running Zone Alarm than using the XP firewall, with or without SP2.
Yeah, SP2 made windows so much more secure that alot of the end users out there ended up not even being able to access the net at all.
SP2 does not make XP more secure. Quite a few of XP's problems are not even addressed by SP2.
SP2 was created to give Microsoft a higher degree of access to your computer. It is made to "look" good by doing things like forcing up the crappy XP firewall. You are better protected by using a router and running Zone Alarm than using the XP firewall, with or without SP2.
If Windows have 97,000 virus issues and now are 15 times safer then 97,000/15=6466 still to worry about. Isn't that great! Considering Tiger has zero, Windows is still infinitely less secure since 6466/0=infinite. Now c|net can put out another of the bs stories that Apple is insecure even though there are still zero instances other than in the minds of the writers at c|net.
If Windows have 97,000 virus issues and now are 15 times safer then 97,000/15=6466 still to worry about. Isn't that great! Considering Tiger has zero, Windows is still infinitely less secure since 6466/0=infinite. Now c|net can put out another of the bs stories that Apple is insecure even though there are still zero instances other than in the minds of the writers at c|net.
that is analogous to putting a 2year roof on a house that has none. yes, its a roof, but a poor one to start with in the first place! And I agree, the PCs promoting spyware are owned by those that shuld not be allowed to own a computer in the first place!
PC licenses!! Are you qualified? Registry today! :P
that is analogous to putting a 2year roof on a house that has none. yes, its a roof, but a poor one to start with in the first place! And I agree, the PCs promoting spyware are owned by those that shuld not be allowed to own a computer in the first place!
PC licenses!! Are you qualified? Registry today! :P
I rolled out SP2 before 2004 was over. Up until that time my users had all kinds of pop-ups and slow downs. Today, a pop-up is rare. Spyware scans are less frequent and when they are ran, they find MUCH MUCH MUCH less infections. After some deliberation, I decided to leave the auto-update ON. Afterall, I install the updates anyway, so why not.
In addition, I upgraded all of my servers to 2003 and now my network has never ran smoother. Hopefully, I'm not putting myself out of a job here.
No MS OS, broswer, or server can hold a candle to other alternatives.
This is completely meaningless. XP with SP2 may be the best of what MS offers, but it is still total garbage. Take their best products and compare them to what is out there.
XP vs OSX or any distribution of linux: XP loses
IE vs Firefox, Opera or Safari: IE loses
Any MS server product vs any major alternative, free or otherwise: Microsoft loses
Office vs OO or any other commerical offerings: Office loses due to massive amounts of bloat
No matter how you dress it up, MS produces the most unsecure, bloated and buggy software.
I rolled out SP2 before 2004 was over. Up until that time my users had all kinds of pop-ups and slow downs. Today, a pop-up is rare. Spyware scans are less frequent and when they are ran, they find MUCH MUCH MUCH less infections. After some deliberation, I decided to leave the auto-update ON. Afterall, I install the updates anyway, so why not.
In addition, I upgraded all of my servers to 2003 and now my network has never ran smoother. Hopefully, I'm not putting myself out of a job here.
No MS OS, broswer, or server can hold a candle to other alternatives.
This is completely meaningless. XP with SP2 may be the best of what MS offers, but it is still total garbage. Take their best products and compare them to what is out there.
XP vs OSX or any distribution of linux: XP loses
IE vs Firefox, Opera or Safari: IE loses
Any MS server product vs any major alternative, free or otherwise: Microsoft loses
Office vs OO or any other commerical offerings: Office loses due to massive amounts of bloat
No matter how you dress it up, MS produces the most unsecure, bloated and buggy software.
Despite it's "trustworthy computing initiative" from so many years gone by, Microsoft never took security seriously, and this article is yet another reminder that they still haven't grasped the problem. Microsoft was well aware of the emergence of worms, trojans. viruses, etc., for years, yet they didn't lift a finger to seriously address the issue until the recently released SP2. In those intervening years, MS simply left the barn door of it's OS wide open and effectively sent the message to the virus/trojan/ worm authors of the world that it's okay; do your best work, we're not going to stop you. Is it any wonder at all that the problem proliferated to an exponential level? They ceded control of Windows to fifteen year-old kids who could write simple scripts that would wreck havoc on your computer. And the adults took notice. Trojans that are currently written for Windows are the work of seriously sophisticated, evolutionary programming. Microsoft just sat back and watched as it's neighborhood was overrun by the bad guys. Now it belongs to the bad guys. It's their neighborhood now. In a kind of perverse way, Microsoft understands this. Thus the introduction of it's own branded security software, protecting you from it's OS that it sold you...
It's not the web thats the problem, folks, any Apple OS X or Linux user can attest to that. It's MS Windows, and SP2 or not, so long as your system has activeX and the Windows registry installed, you are vulnerable. Period.
And when Jason Garms says that "the improvement had been revealed by an internal analysis of SP2's performance" that should raise more than a few eyebrows. Internal analysis? Reality check, Jason. Behavior in the wild is significantly different than behavior in from within a controlled, company sponsored "internal analysis."
Uh, "microsoft hasn't grasped the problem"? Have you just not been paying attention?
ASP.NET alone is going through 8,000+ individual security checks before its next ship. Every internal MS product team has to have a security plan and threat model as part of its product spec. Every shipping product is currently undergoing security reviews for the upcoming automated patch service.
How about doing some reading before spewing uneducated and inaccurate bullsh*t?
Terry Murphy, that was a well-thought out and insightful commentary of the sad state of Windows in 2005. You managed to highlight why many users have abandoned their Windows computers for a perceived downgrade to the Mac OS.
I used to think the Mac was a toy - but now that I've been an owner for the past 7 months, I now view Windows as built best for playing games on while the Mac is the poweruser's tool - safe, reliable and effecient to the core (pun intended).
Windows registry installed? Mate, the registry is just a database file. It is not installed, it is just where settings are stored. Obviously you couldn't find your RegEdit with two help desks and a readme.
Despite it's "trustworthy computing initiative" from so many years gone by, Microsoft never took security seriously, and this article is yet another reminder that they still haven't grasped the problem. Microsoft was well aware of the emergence of worms, trojans. viruses, etc., for years, yet they didn't lift a finger to seriously address the issue until the recently released SP2. In those intervening years, MS simply left the barn door of it's OS wide open and effectively sent the message to the virus/trojan/ worm authors of the world that it's okay; do your best work, we're not going to stop you. Is it any wonder at all that the problem proliferated to an exponential level? They ceded control of Windows to fifteen year-old kids who could write simple scripts that would wreck havoc on your computer. And the adults took notice. Trojans that are currently written for Windows are the work of seriously sophisticated, evolutionary programming. Microsoft just sat back and watched as it's neighborhood was overrun by the bad guys. Now it belongs to the bad guys. It's their neighborhood now. In a kind of perverse way, Microsoft understands this. Thus the introduction of it's own branded security software, protecting you from it's OS that it sold you...
It's not the web thats the problem, folks, any Apple OS X or Linux user can attest to that. It's MS Windows, and SP2 or not, so long as your system has activeX and the Windows registry installed, you are vulnerable. Period.
And when Jason Garms says that "the improvement had been revealed by an internal analysis of SP2's performance" that should raise more than a few eyebrows. Internal analysis? Reality check, Jason. Behavior in the wild is significantly different than behavior in from within a controlled, company sponsored "internal analysis."
Uh, "microsoft hasn't grasped the problem"? Have you just not been paying attention?
ASP.NET alone is going through 8,000+ individual security checks before its next ship. Every internal MS product team has to have a security plan and threat model as part of its product spec. Every shipping product is currently undergoing security reviews for the upcoming automated patch service.
How about doing some reading before spewing uneducated and inaccurate bullsh*t?
Terry Murphy, that was a well-thought out and insightful commentary of the sad state of Windows in 2005. You managed to highlight why many users have abandoned their Windows computers for a perceived downgrade to the Mac OS.
I used to think the Mac was a toy - but now that I've been an owner for the past 7 months, I now view Windows as built best for playing games on while the Mac is the poweruser's tool - safe, reliable and effecient to the core (pun intended).
Windows registry installed? Mate, the registry is just a database file. It is not installed, it is just where settings are stored. Obviously you couldn't find your RegEdit with two help desks and a readme.
You clearly have information that most of the public does not. So before insulting others, please note the common public perception is that MSFT does not have a clear handle on security. The company may be trying to change that, but in this case perception is more important than reality, at least in terms of MSFT's future viability.
MS does have a handle on this situation. They purpously make things the way they are. They know what they are doing. A big part of SP2 is there specificly for Microsoft's own use....to let MS know via the web if your copy of XP is legit.
You clearly have information that most of the public does not. So before insulting others, please note the common public perception is that MSFT does not have a clear handle on security. The company may be trying to change that, but in this case perception is more important than reality, at least in terms of MSFT's future viability.
MS does have a handle on this situation. They purpously make things the way they are. They know what they are doing. A big part of SP2 is there specificly for Microsoft's own use....to let MS know via the web if your copy of XP is legit.
Google creates an animated doodle that features a boy, a girl, Google's search engine, and a jump rope. But might there be darker, more analytical, more troubling interpretations to this tale?
Data gathered by several companies publishing news readers for both iPhone and iPad suggest that there is a clear difference in when users check out articles via those devices. And anyone wanting to build apps for both devices should heed those lessons.
Chamtech's spray-on antenna uses a nano material to provide a low-power boost to antenna range. The wireless-in-a-can product may some day bring an end to unsightly cell towers.
EnerG2 opens a plant to make an engineered carbon that will improve performance of energy storage devices and make storage for start-stop hybrid cars less expensive.
NO kidding! Those people that have computers infested with worms and spyware are also the least likely to upgrade to SP2.
XP is more for Microsoft than for the end user. When you use XP, you place yourself on your knees doing exactly what MS wants you to do.
NO kidding! Those people that have computers infested with worms and spyware are also the least likely to upgrade to SP2.
XP is more for Microsoft than for the end user. When you use XP, you place yourself on your knees doing exactly what MS wants you to do.
SP2 does not make XP more secure. Quite a few of XP's problems are not even addressed by SP2.
SP2 was created to give Microsoft a higher degree of access to your computer. It is made to "look" good by doing things like forcing up the crappy XP firewall. You are better protected by using a router and running Zone Alarm than using the XP firewall, with or without SP2.
SP2 does not make XP more secure. Quite a few of XP's problems are not even addressed by SP2.
SP2 was created to give Microsoft a higher degree of access to your computer. It is made to "look" good by doing things like forcing up the crappy XP firewall. You are better protected by using a router and running Zone Alarm than using the XP firewall, with or without SP2.
then 97,000/15=6466 still to worry about. Isn't that great!
Considering Tiger has zero, Windows is still infinitely less secure
since 6466/0=infinite. Now c|net can put out another of the bs
stories that Apple is insecure even though there are still zero
instances other than in the minds of the writers at c|net.
When Tiger has been out for a few years and has 500 million users, then crow about how few viruses it has, *******.
then 97,000/15=6466 still to worry about. Isn't that great!
Considering Tiger has zero, Windows is still infinitely less secure
since 6466/0=infinite. Now c|net can put out another of the bs
stories that Apple is insecure even though there are still zero
instances other than in the minds of the writers at c|net.
When Tiger has been out for a few years and has 500 million users, then crow about how few viruses it has, *******.
that is analogous to putting a 2year roof on a house that has
none. yes, its a roof, but a poor one to start with in the first
place! And I agree, the PCs promoting spyware are owned by
those that shuld not be allowed to own a computer in the first
place!
PC licenses!! Are you qualified? Registry today! :P
that is analogous to putting a 2year roof on a house that has
none. yes, its a roof, but a poor one to start with in the first
place! And I agree, the PCs promoting spyware are owned by
those that shuld not be allowed to own a computer in the first
place!
PC licenses!! Are you qualified? Registry today! :P
In addition, I upgraded all of my servers to 2003 and now my network has never ran smoother. Hopefully, I'm not putting myself out of a job here.
This is completely meaningless. XP with SP2 may be the best of what MS offers, but it is still total garbage. Take their best products and compare them to what is out there.
XP vs OSX or any distribution of linux: XP loses
IE vs Firefox, Opera or Safari: IE loses
Any MS server product vs any major alternative, free or otherwise: Microsoft loses
Office vs OO or any other commerical offerings: Office loses due to massive amounts of bloat
No matter how you dress it up, MS produces the most unsecure, bloated and buggy software.
In addition, I upgraded all of my servers to 2003 and now my network has never ran smoother. Hopefully, I'm not putting myself out of a job here.
This is completely meaningless. XP with SP2 may be the best of what MS offers, but it is still total garbage. Take their best products and compare them to what is out there.
XP vs OSX or any distribution of linux: XP loses
IE vs Firefox, Opera or Safari: IE loses
Any MS server product vs any major alternative, free or otherwise: Microsoft loses
Office vs OO or any other commerical offerings: Office loses due to massive amounts of bloat
No matter how you dress it up, MS produces the most unsecure, bloated and buggy software.
Seriously though, Windows XP + SP2 + Microsoft AntiSpyware = fairly safe computing environment, provided that users don't do something foolish.
Seriously though, Windows XP + SP2 + Microsoft AntiSpyware = fairly safe computing environment, provided that users don't do something foolish.
secure OS would be a nice start.
I guess there's always Longhorn if you're not in a hurry.
secure OS would be a nice start.
I guess there's always Longhorn if you're not in a hurry.
Despite it's "trustworthy computing initiative" from so many
years gone by, Microsoft never took security seriously, and this
article is yet another reminder that they still haven't grasped the
problem. Microsoft was well aware of the emergence of worms,
trojans. viruses, etc., for years, yet they didn't lift a finger to
seriously address the issue until the recently released SP2. In
those intervening years, MS simply left the barn door of it's OS
wide open and effectively sent the message to the virus/trojan/
worm authors of the world that it's okay; do your best work,
we're not going to stop you. Is it any wonder at all that the
problem proliferated to an exponential level? They ceded control
of Windows to fifteen year-old kids who could write simple
scripts that would wreck havoc on your computer. And the
adults took notice. Trojans that are currently written for
Windows are the work of seriously sophisticated, evolutionary
programming. Microsoft just sat back and watched as it's
neighborhood was overrun by the bad guys. Now it belongs to
the bad guys. It's their neighborhood now. In a kind of perverse
way, Microsoft understands this. Thus the introduction of it's
own branded security software, protecting you from it's OS that
it sold you...
It's not the web thats the problem, folks, any Apple OS X or
Linux user can attest to that. It's MS Windows, and SP2 or not, so
long as your system has activeX and the Windows registry
installed, you are vulnerable. Period.
And when Jason Garms says that "the improvement had been
revealed by an internal analysis of SP2's performance" that
should raise more than a few eyebrows. Internal analysis? Reality
check, Jason. Behavior in the wild is significantly different than
behavior in from within a controlled, company sponsored
"internal analysis."
ASP.NET alone is going through 8,000+ individual security checks before its next ship. Every internal MS product team has to have a security plan and threat model as part of its product spec. Every shipping product is currently undergoing security reviews for the upcoming automated patch service.
How about doing some reading before spewing uneducated and inaccurate bullsh*t?
I used to think the Mac was a toy - but now that I've been an owner for the past 7 months, I now view Windows as built best for playing games on while the Mac is the poweruser's tool - safe, reliable and effecient to the core (pun intended).
Despite it's "trustworthy computing initiative" from so many
years gone by, Microsoft never took security seriously, and this
article is yet another reminder that they still haven't grasped the
problem. Microsoft was well aware of the emergence of worms,
trojans. viruses, etc., for years, yet they didn't lift a finger to
seriously address the issue until the recently released SP2. In
those intervening years, MS simply left the barn door of it's OS
wide open and effectively sent the message to the virus/trojan/
worm authors of the world that it's okay; do your best work,
we're not going to stop you. Is it any wonder at all that the
problem proliferated to an exponential level? They ceded control
of Windows to fifteen year-old kids who could write simple
scripts that would wreck havoc on your computer. And the
adults took notice. Trojans that are currently written for
Windows are the work of seriously sophisticated, evolutionary
programming. Microsoft just sat back and watched as it's
neighborhood was overrun by the bad guys. Now it belongs to
the bad guys. It's their neighborhood now. In a kind of perverse
way, Microsoft understands this. Thus the introduction of it's
own branded security software, protecting you from it's OS that
it sold you...
It's not the web thats the problem, folks, any Apple OS X or
Linux user can attest to that. It's MS Windows, and SP2 or not, so
long as your system has activeX and the Windows registry
installed, you are vulnerable. Period.
And when Jason Garms says that "the improvement had been
revealed by an internal analysis of SP2's performance" that
should raise more than a few eyebrows. Internal analysis? Reality
check, Jason. Behavior in the wild is significantly different than
behavior in from within a controlled, company sponsored
"internal analysis."
ASP.NET alone is going through 8,000+ individual security checks before its next ship. Every internal MS product team has to have a security plan and threat model as part of its product spec. Every shipping product is currently undergoing security reviews for the upcoming automated patch service.
How about doing some reading before spewing uneducated and inaccurate bullsh*t?
I used to think the Mac was a toy - but now that I've been an owner for the past 7 months, I now view Windows as built best for playing games on while the Mac is the poweruser's tool - safe, reliable and effecient to the core (pun intended).