Move along, nothing to see here

There are evidently people with lots of free time on their hands who delight in uncovering security problems in Windows. Many deserve our thanks, but some, it seems, are only looking for yet another way to blow their own horn.

One of the latter appears to be the recent warning that Windows XP SP2's Windows Security Center, a console similar to a dashboard that monitors and reports on the status of various security devices such as firewalls and anti-virus software, can be compromised by crackers into displaying false information such as claiming that a firewall is up and running properly when, in fact, it has been disabled.

You might ask, as my editor did, which company trumpeted this “warning.” Since I’ve stated that I think they only do it to toot their own horn, I’ve chosen not to help them in this by identifying them. If you really, really need to know, then Google is your friend!

While Microsoft doesn’t deny that this could occur, it does point out that malware writers would need local administrator privileges on any machine they wished to compromise. Additionally, they’d need to disable the security device (such as a firewall) before they could attempt to spoof its data. That means knowing the particular security device in order to know how to disable it as well as what data (and what format) the device used to communicate with the Security Center.

Microsoft doesn’t believe that spoofing firewall data would be the first thing a cracker would do upon gaining local administrator privileges, and neither do I. This would be like a bank robber who, after tunneling into the bank at night, first cut the electricity then rewired the “time and temperature” display over the door so it ran on battery power. That might deter the casual observer from knowing that something was wrong, but the time spent re-wiring should probably be put to better use (like emptying the vault) before the cops surround the building.

I’m no apologist for Microsoft. I’ve written enough about its security problems so that my credentials shouldn’t be challenged. But finding obscure, unlikely-to-be-used exploits and trumpeting about them as if they could cause the fall of western civilization is no favor to hard-working Windows network managers. The only real way to improve the signal-to-noise ratio is to reduce the noise. You’ve never been shy about telling me what you think, so start telling the “noise makers” what you think of them. And, I promise, no mention of SP2 in the next issue. Do come back!