PPRuNe Forums - View Single Post - Microsoft warns of widespread Windows flaw
Thread: Microsoft warns of widespread Windows flaw
View Single Post
Old 11th February 2004 | 21:22
  #6 (permalink)  
RomeoTangoFoxtrotMike
20 Anniversary
 
Joined: Mar 2002
Posts: 448
Likes: 0
From: London, UK
Ant,

Certainly if you have an external firewall (i.e. a hardware one in your ADSL modem or use one of the free software ones to turn an old PC into a firewall www.smoothwall.org , www.ipcop.org or www.freesco.org for example) you should be pretty safe.

The problem with this vulnerability is that it affects some very low-level code in the network stack. Which in turn means that it potentially could affect almost anything that "does" networking on the PC, including XP's own builtin firewall, or a third-party's offering unless that TP offering goes to great lengths to only use it's own trusted version of that software. And even then the possibility exists that at the point that the TP firewall hooks into Windows there could still be a problem.

There is still some confusion (read FUD) about all of this, thanks in no small part ot Microsoft's "lack of transparency" (they've been sitting on this "unusually serious security problems with its Windows software" for at least 6 months, possibly longer [Microsoft quote -- one wonders what they consider "usually serious" to be...] but if the problem is as described in the various advisories, it should be straightforward to patch (simply replacing a DLL) but with MS, who knows...

This is why I and others on the forum constantly stress the value of using an external firewall (external to your PC that is) and not trusting your security to software that is running on top of a gernal-purpose operating system with a dubious security track-record at best...

If you don't have an external firewall, you need to patch ASAP. If you do have a stateful external FW you should be OK, but should patch anyway.

I'm sure others on this forum will be updating this thread as we try to separate the wood from the trees...

[The software firewalls mentioned above all use stripped-down versions of their respective unix-based operating systems to (a) ensure that there isn't anything lying around that isn't needed -- which helps to protect against vulnerabilities in unecessary code; and (b) makes it a whole lot easier to secure what left. All three of these products will run on hadware that most people wouldn't even use as a doorstop -- I setup one installation for a friend on a 486 with 16MB of memory works like a charm on a 56K dialup at least. ]
RomeoTangoFoxtrotMike is offline