Win XP security fears raised
- 30 October, 2001 07:55
Despite Microsoft saying its Windows XP operating system is markedly more secure than previous efforts, IT security firms have warned users they will not have to wait long for the first XP-targeted virus attacks.
"There have been enough betas kicking around for people to familiarise themselves with the operation of the OS to look for new and unique ways of exploiting vulnerabilities," said Symantec Australia managing director John Donovan.
Paul Ducklin who heads global support for Sophos Anti-Virus agreed, albeit more reservedly. "It seems likely that it [XP] will attract virus writers to produce XP-specific viruses," he said.
According to Donovan users will not have to wait long for the first native virus. "I'm guessing it will probably be weeks rather than months," he said.
Asked about such vulnerabilities on the new OS, Paul Roworth, Microsoft Australia's Windows product manager said the company was well partnered with antivirus companies to treat such concerns. However Roworth did recommend people invest in antivirus software.
Although playing down the lack of antivirus features bundled with the operating system itself, Microsoft repeatedly spoke of the operating system's 17 new security features at the launch of XP in Sydney last week. These features, added since Windows 2000, make the platform the company's securest to date. Such examples include file encryption; controlled network access; a restriction to stop the use of blank passwords; and a basic Internet firewall.
While the Internet firewall is probably the product's most significant defence against incursion, Donovan believes users should not invest their full trust in the firewall feature to stop virus infections.
"A bigger issue is the false sense of security that may come from the deployment of the basic Microsoft firewall in XP. As this only looks at traffic in one direction it is a far cry from even the basic requirements the average user has for desktop security," he said.
Tim Smith, an online security consultant with Dimension Data held a similar view.
"The Internet Connection Firewall (ICF) that comes with XP is simply a quick way of disabling all access to a host running the XP operating system. If a user is accessing their email via their Outlook client, there's not a whole lot the firewall is going to do for you in the prevention of virus infestation of the host PC," he said.
According to Smith it is all "very well having a firewall at the desktop layer" but as with all security technology, "if it is not implemented by a security savvy end user then it is worse than useless," he said.