On Tue, 14 Jun 2005 18:32:46 GMT, Mister C wrote:
Hmmm, missing lots of updates there. Poor security practice.

Well that explains it.
nslookup 62.255.64.20
shows name = dhcp1-popl.server.ntli.net.

You are part of NTL cable network and your node gets it's ip address
from NTLI's DHCP server. Your DHCP client and their DHCP server chat with each
other through ports 67,68 to get/renew your DHCP assigned ip address.

In article <slrndau9hp.60v.BitTwister@wb.home.invalid>,
Bit Twister <BitTwister@mouse-potato.com> wrote:
:On Tue, 14 Jun 2005 18:32:46 GMT, Mister C wrote:
:> This is my setup:

:> 1. I use WinXP + SP1 at home.

:Hmmm, missing lots of updates there. Poor security practice.

As best I (not a Windows expert!) can tell, Microsoft is making
security patches available for both SP1 and SP2 at present.
Is there a significant security difference between fully-patched SP1
and fully-patched SP2?

I was running SP2 but there was something that wasn't working that
did work under SP1 that I installed on a different partition. If
one cannot effectively run one's system with SP2 but can with SP1,
then is it truly "good security practice" to upgrade to the version
that is functionally unusable under the local circumstances?

If so, then would it not be even better security practice to upgrade
to Windows HP -- a version of Windows that consists of nothing other
than repeated processor HALT instructions, to keep the system from
running anything at all ?
--
Oh, to be a Blobel!

From: "Walter Roberson" <roberson@ibd.nrc-cnrc.gc.ca>

| In article <slrndau9hp.60v.BitTwister@wb.home.invalid>,
| Bit Twister <BitTwister@mouse-potato.com> wrote:
| :On Tue, 14 Jun 2005 18:32:46 GMT, Mister C wrote:
| :> This is my setup:
|
| :> 1. I use WinXP + SP1 at home.
|
| :Hmmm, missing lots of updates there. Poor security practice.
|
| As best I (not a Windows expert!) can tell, Microsoft is making
| security patches available for both SP1 and SP2 at present.
| Is there a significant security difference between fully-patched SP1
| and fully-patched SP2?
|
| I was running SP2 but there was something that wasn't working that
| did work under SP1 that I installed on a different partition. If
| one cannot effectively run one's system with SP2 but can with SP1,
| then is it truly "good security practice" to upgrade to the version
| that is functionally unusable under the local circumstances?
|
| If so, then would it not be even better security practice to upgrade
| to Windows HP -- a version of Windows that consists of nothing other
| than repeated processor HALT instructions, to keep the system from
| running anything at all ?
| --
| Oh, to be a Blobel!

There is a big difference in WinXP SP2 and SP1 which includes IE6/OE6 SP2 which is not
available for Win9x/ME and Win2K.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

On 14 Jun 2005 20:03:56 GMT, Walter Roberson wrote:
(not a Windows expert either) but I would bet they are not.

Then why make a SP2.

See there is a difference between SP1 and SP2. I would guess sp2 closed
a security flaw on a system call used by the defunct application.
Could have been an update to make a system call argument mandatory
which is not provided in the failing application causing it to fail.

You might want to read the above sentence out loud.

Having an unpatched system is negligent.

Let's say someone uses your unpatched system to steal credit cards and
sells them using your system. Do you think, "but, but, judge, I
installed a patch and I could not run one of my applications so I
backed out the patch." is going to keep you out of jail.

Now you are just being stupid.
http://www.eeye.com/html/research/upcoming/

My solution was to install Mandrive/Mandrake linux.

In article <slrndaufnk.7is.BitTwister@wb.home.invalid>,
Bit Twister <BitTwister@mouse-potato.com> wrote:
:Having an unpatched system is negligent.

:Let's say someone uses your unpatched system to steal credit cards and
:sells them using your system. Do you think, "but, but, judge, I
:installed a patch and I could not run one of my applications so I
:backed out the patch." is going to keep you out of jail.

In your strawman argument, are you speaking in terms of being
convicted of "negligence" or of being convicted as if you were yourself
the perpetrator of the credit card trafficing?

My Windows XP SP1 system is behind a firewall that is configured to
disallow incoming connections, and is patched with the latest SP1
patches (well, before the ones released earlier today.) A finding
of "negligence" is unlikely in such a matter.


Microsoft has a list of "Top 10 Reasons to Install Windows XP
Service Pack 2",
http://www.microsoft.com/windowsxp/sp2/topten.mspx

Reasons #1 thru 4, and 8 thru 10 have to do with products such
as Internet Explorer and Outlook that I do not run.

Reason 5 has to do with the Windows Firewall -- unnecessary for
someone who has a real firewall.

Reason 6 is the convenience of the Windows Security Centre. Being
able to "manage key security settings in one convenient place" is
not exactly at the top of my list of must-have security features.

Reason 7 is enhancements to Windows Automatic Updates. I have my
system set to notify me of updates, which I then examine first
-before- blindly installing.


If you examine the list of "Key Security Technologies" for SP2,
http://www.microsoft.com/windowsxp/s...soverview.mspx
you will not find much of interest to someone who runs their own
firewall and doesn't use IE or OE.
--
"Never install telephone wiring during a lightning storm." -- Linksys

In article <N7Hre.8307$2K4.4103@trnddc08>,
David H. Lipman <DLipman~nospam~@Verizon.Net> wrote:
:From: "Walter Roberson" <roberson@ibd.nrc-cnrc.gc.ca>

:| Is there a significant security difference between fully-patched SP1
:| and fully-patched SP2?

:There is a big difference in WinXP SP2 and SP1 which includes IE6/OE6 SP2 which is not
:available for Win9x/ME and Win2K.

David, I've re-read your sentance several times, but I am having
difficulty in parsing it. Are you saying that IE6/OE6 SP2 is available
for XP SP2 but not for XP SP1? I am thrown a bit by the
9x/ME and 2K reference ?

If one does not use IE6 nor OE, are the differences relevant?

--
Feep if you love VT-52's.

On 14 Jun 2005 21:02:37 GMT, Walter Roberson wrote:
The site cracked could go the negligence route asking for damages.

That is what is going to cost you the big lawyer bucks to get out of
going to prison.

Depending on what kind of firewall, that is a good first step.
SP1 patched systems were getting cracked in about 4 minutes after
connected to the net.

Would guess the cracked site's lawyer would be pushing the fact that
you do not have all updates (SP2) installed so it is negligence.

I seriously doubt MS would publish that SP2 fixes unpatched problems in SP1.
I wonder why MS thought about forcing SP2 or disallow any updates at
one point in time.

Well there is my point. Based on that, there should be no reason for
your application to not run on SP2.
After all, sp2 just fixed a few applications.

On 14 Jun 2005 20:03:56 GMT, roberson@ibd.nrc-cnrc.gc.ca (Walter
Roberson) wrote:

I believe that its generally accepted as better practice to diagnose
and resolve the problem, than avoid it by removing security.

"Since I fitted locks to my house, I often can't get in when I'm
drunk."
"Why not just take the locks back off then?"
"Problem solved"

ROFL.

From: "Walter Roberson" <roberson@ibd.nrc-cnrc.gc.ca>

| In article <N7Hre.8307$2K4.4103@trnddc08>,
| David H. Lipman <DLipman~nospam~@Verizon.Net> wrote:
| :From: "Walter Roberson" <roberson@ibd.nrc-cnrc.gc.ca>
|
| :| Is there a significant security difference between fully-patched SP1
| :| and fully-patched SP2?
|
| :There is a big difference in WinXP SP2 and SP1 which includes IE6/OE6 SP2 which is not
| :available for Win9x/ME and Win2K.
|
| David, I've re-read your sentance several times, but I am having
| difficulty in parsing it. Are you saying that IE6/OE6 SP2 is available
| for XP SP2 but not for XP SP1? I am thrown a bit by the
| 9x/ME and 2K reference ?
|
| If one does not use IE6 nor OE, are the differences relevant?
|
| --
| Feep if you love VT-52's.

WinXP SP2 containe IE/OE SP2. There is no IE/OE SP2 for earlier MS Operting Systems.

Since the HTML capabilities of the OS are tied to IE then the fact that you do not directly
use IE or OE still means that that the HTML vulnerabilities remain.

There are other pertinent changes in SP2 as well. This includes the XP FireWall and
recoding of some WinXP components.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

On 14 Jun 2005 21:02:37 GMT, roberson@ibd.nrc-cnrc.gc.ca (Walter
Roberson) wrote:

You may not run them, but they're installed and the IE rendering
engine is used by a swathe of apps. If you leave this inadequately
patched, you're asking for trouble.

I agree the other three reasons are irrelevant for anyone who has
their own f/w and performs updates religiously.

There's no such thing as "not running" IE or OE....

Mark McIntyre wrote:

...if that were the case you would not be using Windows at all!!!

Bit Twister wrote:


Ah come on. If all of that were true Bill Gates would have a endless supply
of "soap on a rope"...for he is more guilty than anyone else.

On Tue, 14 Jun 2005 15:08:51 -0700, Michael J. Pelletier wrote:

I see you are running Knode. If you were able to read the End User
Licence (EUL) you will see you agree to _not_ hold MS responsible for
anything.

Shoot, I can not even cut/paste it for inclusion in a text file.

In article <d9jua1h2dh3ltibkt0rmhsvjb97fmagq4t@4ax.com>,
Mark McIntyre <markmcintyre@spamcop.net> wrote:
:On 14 Jun 2005 20:03:56 GMT, roberson@ibd.nrc-cnrc.gc.ca (Walter
:Roberson) wrote:

:>I was running SP2 but there was something that wasn't working that
:>did work under SP1 that I installed on a different partition. If
:>one cannot effectively run one's system with SP2 but can with SP1,
:>then is it truly "good security practice" to upgrade to the version
:>that is functionally unusable under the local circumstances?

:I believe that its generally accepted as better practice to diagnose
:and resolve the problem, than avoid it by removing security.

Windows is closed-source, and rather obtuse to debug. I spend
*far* more time trying to track down problems on my single XP system
at home than I spend on my routers, switches, firewalls, or
unix systems. I don't have *time* to debug any substantial XP problem.

It is *not* "generally accepted" as "better practice" to spend your
time hitting your head against a wall.
--
"Never install telephone wiring during a lightning storm." -- Linksys

Walter Roberson wrote:

Did I just hear the ever familiar sound of a can of worms being opened...?

On Wed, 15 Jun 2005 00:38:19 GMT, Dale Richards wrote:
New SP2 with firewall was supposed to stop those pesky worms.

On 6/14/2005 2:35 PM, Mark McIntyre wrote:
SOrry officer, I couldn't get out the door, I had to use Windows . . .

David H. Lipman (DLipman~nospam~@Verizon.Net) gurgled happily, sounding
much like they were saying :

Only if you use IE. Other browsers, which completely ignore IE, are
available.

On 14 Jun 2005 21:02:37 GMT, roberson@ibd.nrc-cnrc.gc.ca (Walter
Roberson) wrote:

And you do not use any programs which use IE as a componant? Just
because you don't use IE as your main browser does not necessarily
mean that you are not using it all and can therefore neglect security
patches for it.


--
Stephen Chadfield
http://www.chadfield.com/

From: "Adrian" <toomany2cvs@gmail.com>


|
| Only if you use IE. Other browsers, which completely ignore IE, are
| available.

No. Not really. Say for example you have a .URL shortcut in a folder and you click on it.
The OS will do a file preview of that URL. It won't be an alternate browser it will be the
IE HTML rendering components that will show the web site in the preview.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm