We evaluated the security features of Windows XP SP2 on a test machine, following a clean install of XP Pro with no configuration changes and no third-party software or drivers installed. We installed XP with the NTFS file system, choosing all of the factory defaults, then patched it with each recommended security update including SP-1 (required), before installing SP2.
...
Microsoft declined many opportunities to harden Windows XP in a meaningful way; that is, by disabling unnecessary services, enforcing the multiuser environment, setting sensible user and file permissions, and installing a fully-functional packet filter.
...
Windows may be easy to use, but it is extremely complicated and difficult to administer, especially for security, with a tremendous number of hidden functions and many complex configuration interfaces.
...
The Security Center is a good idea, but as it's been implemented, it's little more than a gimmick that will lead to a false sense of security. Our test system remained vulnerable to a vast host of online threats, especially those involving user interaction. And that's a pity, because a Windows system can be hardened significantly so that even careless users will have trouble infecting it - so long as one knows how to go about it.
...
Unfortunately, Windows remains a quite dangerous system to connect to the Internet, and users are still very much on their own in terms of security solutions.
[WinXP SP2 = security placebo?]
Žiadne komentáre:
Zverejnenie komentára