Coffeehouse Thread

40 posts

Forum Read Only

This forum has been made read only by the site admins. No new threads or comments can be added.

Does anyone else not like Service pack 2?

Back to Forum: Coffeehouse
  • User profile image
    prog_dotnet

    1, Its RC1, and u will find bugs.
    2. SP2 breaks all anti virus products, and it should not be used in a production inviroment
    3. Damn if you do, damn if you dont. There will allways be customers that do not like a product. But hey, feel free to use linux or any other operating system.

    4.There are two large problems security and system administrators need to overcome. First, management often believes that the computer security threat is not a great enough risk to justify funds for protective measures. Second, there is a general misunderstanding of how complex the problem of computer security really is and how many resources are required to adequately defend against attacks. For example, firewalls are necessary components of a security architecture, but firewalls alone do not protect networks. An improperly configured firewall or a firewall without other security measures in place can be worse than an open system if it provides the company with a false sense of security.

    For the last six years the Computer Security Institute (CSI) has performed a survey in cooperation with the Federal Bureau of Investigation's (FBI) Computer Intrusion Squad to help determine the extent of computer crime in the United States. In March 2001, CSI published its “2001 Computer Crime and Security Survey,” which is based on responses from 538 computer security practitioners in U.S. corporations, government agencies, financial institutions, medical institutions, and universities. Of those organizations surveyed, 91 percent reported detecting computer security breaches in the last 12 months[1] and 97 percent of those polled had Web sites. Of those with Web sites, 23 percent reported suffering an attack within the last 12 months and 27 percent did not know if they had experienced an attack. Of those reporting attacks, 21 percent reported two to five incidents and 58 percent reported ten or more.

    [1] Power, Richard. 2001. 2001 CSI/FBI Computer Crime and Security Survey. San Francisco: Computer Security Institute.

    These statistics may be alarming, but the actual state of computer security may be worse than the statistics suggest. Many organizations are still not equipped to detect security breaches. Only 61 percent (up from 50 percent in 2000) of those polled in the CSI survey reported using intrusion detection. Thus, it is likely the actual number of attacks and losses are greater than those reported. While it appears that organizations are starting to implement more security controls, security incidents and losses continue to grow. This could be due to the fact that the security products are not implemented correctly or that the proper policies and procedures are not built around them. In the 2001 CSI survey Patrice Rapalus, CSI director, provided this insight on why incidents and loss continue to grow:

    The survey results over the years offer compelling evidence that neither technology nor policies alone really offer an effective defense for your organization… . Organizations that want to survive need to develop a comprehensive approach to information security embracing both the human and technical dimensions.[2]

    [2] Power, Richard. 2001. 2001 CSI/FBI Computer Crime and Security Survey. San Francisco: Computer Security Institute, p. 1.

    Organizations were also asked to estimate the financial damages they suffered as a result of the security breaches. Although 64 percent reported financial damages, only 35 percent were able to quantify the losses. Table 1-1 shows the results. Although the $377,828,700 in reported damages seems an enormous number, it is important to note that this reflects the damages suffered by a mere 186 organizations (35 percent of those surveyed). Considering the number of computer-using organizations in the country, the overall cost of computer security breaches must be vastly greater.

    Not only is the problem bad, it appears that it is getting worse. In the years 1997–1999, the average damage due to break-ins was $120,240,180. The year 2000 losses were more than double that average. The losses continued to increase in the year 2001, with a more than 42 percent increase over the year 2000 losses despite 87 fewer organizations reporting losses.[3] Table 1-2 shows the results of the CSI survey over the last five years. Although some of the increased reported damages in the 2001 survey come from improved detection and reporting, a large portion of the increase is due to increased hacker activity.

    [3] Power, Richard. 2001. 2001 CSI/FBI Computer Crime and Security Survey. San Francisco: Computer Security Institute.

    The reported sources of the attacks were also interesting. External attacks continue to be more common, but the threat from internal sources is still there—49 percent of the respondents reported attacks from internal sources. Internet connections were frequent targets, as stated by 70 percent of the respondents, while 31 percent reported their internal systems were a common point of attack. Keep in mind that many companies more closely monitor Internet-connected systems for abuse and unauthorized activity than internal systems. Even considering this fact, the results support the reality that the threat from both internal and external sources is great. While the reported frequency of internal attacks is lower than that for external ones, internal attackers can often cause more damage due to their proximity to and knowledge of the systems.

    Table 1-1. Losses Reported in Dollars by Type (for 2001)
    Type Loss
    Unauthorized insider access $6,064,000
    Theft of proprietary information $151,230,100
    Telecom fraud $9,041,000
    Financial fraud $92,935,500
    Viruses $45,288,150
    Laptop theft $8,849,000
    Insider abuse of Internet access $35,001,650
    Denial of service $4,283,600
    Sabotage $5,183,100
    System penetration $19,066,600
    Telecom eavesdropping $886,000
    Active wiretapping $0
    Other $0
    Total $377,828,700
    Source: Power, Richard. 2001. 2001 CSI/FBI Computer Crime and Security Survey. San Francisco: Computer Security Institute.

    The CSI survey provides a wealth of information and statistics concerning computer crime and security. We have touched on just a small portion of the results that help illustrate the risks. You can obtain a free copy of the complete CSI survey by visiting www.gocsi.com.

    Table 1-2. Total Reported Financial Losses by Year
    Year Respondents (Number Reporting Losses/% of Total Respondents) Reported Losses
    2001 186 respondents/35% $377,828,700
    2000 273 respondents/42% $265,586,240
    1999 161 respondents/31% $123,779,000
    1998 216 respondents/42% $136,822,000
    1997 331 respondents/59% $100,119,555
    Total   $1,004,135,495
    Source: Power, Richard. 2001. 2001 CSI/FBI Computer Crime and Security Survey. San Francisco: Computer Security Institute.

    CSI is not the only organization whose surveys indicate a growing computer security threat. A global survey released in July 2000 of 4,900 information technology (IT) professionals across 30 nations, conducted by InformationWeek Research and fielded by PricewaterhouseCoopers LLP, predicts U.S. firms will suffer losses of over $266 billion this year from viruses and computer hacking.[4] The prediction for worldwide losses climbs to $1.6 trillion. The CERT Coordination Center maintains statistics for the number of incidents reported each year (www.cert.org/stats/cert_stats.html). In 2000 there were 21,756 incidents, which is more than double the number of incidents reported in 1999 (9,859 incidents). All these statistics indicate the threat appears to be growing, which calls for a renewed sense of urgency to address the security issues facing every company.

    [4] PRNewswire. 2000. “Study Finds Computer Viruses and Hacking Take $1.6 Trillion Toll on Worldwide Economy.” Wire report, July 7.

    The statistics are persuasive, but they are sometimes not enough to make the case for increased computer security. However, the statistics are not the only indication of increased computer crimes. Media outlets have started to take notice of computer crimes and have increased the reporting of system compromises, particularly attacks that involve well-known companies. Some of the attacks involve denial of service, stolen information, or other forms of loss.

    In February 2000, many large Internet companies suffered major disruptions in service from distributed denial-of-service (DDoS) attacks. Denial-of-service (DoS) attacks generally involve trying to overwhelm or bring down a target system to make it unavailable for use. (DoS attacks are covered in greater detail in Chapter 21.) Yahoo.com, Amazon.com, ETRADE.com, Buy.com, CNN.com, eBay.com, and others were offline for hours combating the problem. These incidents brought great visibility to cyber crime.

    Other well-known attacks also help illustrate the increase in computer crime. In October 2000, news sources reported an attack against Microsoft's internal systems, targeting its source code. In May 1999, the FBI investigated several hacking groups based in the United States. After the FBI seized a suspected teenage hacker's computer, several hacker groups retaliated by defacing government Web sites. At one point, a DoS attack caused the FBI Web site to be taken offline for seven days.[5] In January 2000, an Internet hacker threatened CD Universe, stating that if the company did not pay a ransom of $100,000 he would publish 300,000 credit card numbers he stole from its Web site. The company refused to pay the ransom and the hacker published over 25,000 credit card numbers. This attack destroyed consumer confidence in CD Universe and added to the mistrust consumers already have in online buying. Between the middle of 1999 and the beginning of 2000, computer viruses such as Melissa, I LOVE YOU, and Explorer.zip devastated corporate networks, forcing companies to shut down for days to combat the viruses. These viruses demonstrated the frailty of present-day virus scanners and how easy it is to get users to execute malicious code. The incidents also illustrated the problems and losses a company can suffer from an attack.

    [5] Mell, Peter, and John Wack. 2000. “Mitigating the Hacker Threat.” Accessed on July 18, 2000, at the National Institute of Standards and Technology Web site, http://csrc.nist.gov/publications/nistbul/itl00-06.txt.

    Web-site defacements are one of the most prevalent security incidents. Hundreds of defaced Web sites are posted on hacker sites each month. Attrition.org (www.attrition.org) and 2600 (www.2600.org) are two of many sites that contain defaced Web-site archives. The archives contain a listing of sites that have been defaced and in some instances display a copy of the defaced site. Figure 1-1 shows an example of the listings of defaced Web sites from Attrition.org. Defacements may consist of impolite messages, a hacker's claim to fame, pornographic material, or other embarrassing information. Even in cases where an attack is not destructive, the loss of confidence in the organization's ability to protect sensitive data will drive customers away.

    This information should be sufficient to make a strong case for putting information security in the forefront of an organization's IT strategy. Most security professionals are already aware of the risks facing IT managers today. However, there is no way security and system administrators can both satisfy their job requirements and proactively secure their systems without user and management support. A good way to gain support is through effective security awareness training that is both convincing and constant. Users need to be continually reminded of the dangers of lax security and what they can and must do to protect against these problems. Security programs and policies must be designed to be easy to use and follow, and they must be enforceable

    Source:

    Hack I.T.: Security Through Penetration Testing

    T. J. Klevinsky Scott Laliberte Ajay Gupta Publisher: Addison Wesley

    First Edition February 01, 2002
    ISBN: 0-201-71956-8

  • User profile image
    smartguy

    Really sp2 has too much to offer. I mean let mcafee or other firewall companys do there job. Microsoft Windows firewall will cause home users to stop buying Firewalls. And lets hope not another 100jobs are lost. But large companys will always buy new firewall tech. *hackers always find a way. i should know. heheh. lol*

  • User profile image
    vanlandw

    for me the firewall will be the first thing disabled....i play online games and windows firewall always messes up those connections. 

  • User profile image
    warren

    vanlandw wrote:

    for me the firewall will be the first thing disabled....i play online games and windows firewall always messes up those connections. 



    Yeah, well that was the old firewall.  The one with XP SP2 lets you add in exceptions on a per-application basis, allowing games to bypass the firewall without complaint. 

  • User profile image
    Loadsgood

    I like Service Pack 2. Up yours to anyone who doesn't

  • User profile image
    jamie

    every network admin i know loves it.

    every developer/designer i know ..well its the opposite

  • User profile image
    jamie

    Windows firewall - SP2 - enabled by default


    send file on msn messenger - get following:

    Slow file transferIf you are experiencing slow transfer rates in MSN Messenger, you or the person you are communicating with might be behind a firewall or network address translator (NAT) that prevents a direct connection to the Internet. If your Internet service provider uses a firewall or NAT, you might be prevented from connecting directly, even if neither of you is behind a firewall or NAT.

    so - i should turn it off right??
    lol

    how can you go from being for the USER - into being SECURE without contradicting 20 years of MS stregnth? - allow user to DO WHAT THEY WANT unencumbered

    sheesh
    roll back
    restore
    oops -
    cant
    or no more winupdate
    stuck
    Sad

  • User profile image
    Wiseman

    also i hate Trustworthy Computing

  • User profile image
    jamie

    That's not really in SP2... but I could see how you could be easily be mistaken by the removal of many user / client side things that were always there before but now have been disallowed.

  • User profile image
    rampage

    While SP2 is certainly not perfect yet, it's still in development and Microsoft is taking everybody's feedback about the product to heart.

  • User profile image
    jamie

    oops - just came across another one:

    In service pack TOO (much)

    when you let it manage your updates - it demands to restart your computer - regardless of work you have open.

    If you are lucky enough - to still be up at witching hour - or rebooting hour - it bugs you over and over - "You have 5 minutes - and we are rebooting"  no option to say - DONT reboot till im done all my work.

    Man i got like 18 windows open - FP, Corel, photoshop, word, emails .. i come down in the morning and WINDOWS decided to reboot!!!!!!!!

    sorry but..  over riding Save? commands is bad - no no

    poo on sp2

    i want a shirt

  • User profile image
    jamie

    PROOF!

    ok.

    as stated above - SP2 is bugging me to reboot.  I let it as that is its default setting:

    Its witching hour - late night - its bugging me to re-boot -- so after 3 "buggings" i decide to let it to do it - to help me prove my point: - please witness the following:

    1. My desktop - - open coreldraw - draw a box - DO NOT SAVE

    2. open msn mess and media player - open window and start pink floyd album

    here is that:
    http://www.jamiegrant.com/ms1.jpg

    ok - so this time - i let the ms thing reboot auto SP2 thing do what it wants

    Wants to reboot - hands off - :
    http://www.jamiegrant.com/ms2.jpg


    it will at least not reboot - IF I FORGOT TO SAVE MY WORK RIGHT???


    NO!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

    it reboots
    in the middle of night
    all work lost

    poo on SP2 - i want a shirt haha

  • User profile image
    jamie

    ps- the powers that be at channel 9 may also want to look at this ( off topic)


    http://www.jamiegrant.com/1600.JPG

  • User profile image
    jamie

    Rampage:  I hope so

  • User profile image
    Lwatson

    So now you are saying that because I chose poorly and did not save my work before I went to bed that the power going off that night would be SP2's fault? The results would be the same, whatever I worked on would be gone. Now I will be the first to agree that windows perpensity to reboot at the drop of a hat is an annoyance that gets tiresome but if you have automatic updates happening then you must understand that the reboot is coming. We are talking about windows here.

  • User profile image
    Shining Arcanine

    jamie wrote:
    how can you go from being for the USER - into being SECURE without contradicting 20 years of MS stregnth? - allow user to DO WHAT THEY WANT unencumbered


    People building homes did it. Before they didn't have locks on the doors, now they do. So now people have to insert a key to get into their houses. Big deal.

    jamie wrote:
    That's not really in SP2... but I could see how you could be easily be mistaken by the removal of many user / client side things that were always there before but now have been disallowed.


    That is why I'm jumping for joy over Service Pack 2. It makes things difficult, for hackers, to hack into computers.

    Lwatson wrote:
    So now you are saying that because I chose poorly and did not save my work before I went to bed that the power going off that night would be SP2's fault? The results would be the same, whatever I worked on would be gone. Now I will be the first to agree that windows perpensity to reboot at the drop of a hat is an annoyance that gets tiresome but if you have automatic updates happening then you must understand that the reboot is coming. We are talking about windows here.


    Longhorn is supposed to eliminate reboots.

  • User profile image
    jamie

    Im talking about not only saving your work - but also everything you have open.

    If i have photoshop open - with 30 web graphics, 8 IE windows, notepad css all open - for the project im working on - how dare Windows decide to close them all.

    You cant seriously suggest there should not be a "Later" button added to the reboot box - and that it should not reboot until I have said - "ok"

    * who on earth came up with the 5 Minutes idea as well - if i say Cancel - i mean cancel till i am done..not to asked over and over every 5 minutes

    ( i think this is the only app youve ever released to do this)

  • User profile image
    lars

    Yayy! The rude full screen crap is history. Bring it on baby.

    /Lars.

Conversation locked

This conversation has been locked by the site admins. No new comments can be made.