[ news_security_news ]
BOSS Warns Of XP Problems
SecurityProNews
Staff Writer
2005-03-31
 Insider Reports RSS Feed
Enterprises with any Windows XP-based computers in their organizations face an imminent threat of software incompatibility problems...
...and other network security issues when Microsoft next month begins pushing Service Pack 2 as part of automatic Windows updates.
Microsoft made XP SP2 security update available last summer to fix security holes in its Windows XP operating system. SP2 is a crucial update to protect computers from intruders and other security risks - it blocks all executable program files, closes all TCP/UDP communications ports, enables firewalls, disables pop-up windows and disables some communication protocols.
Although that frustrates hackers and prevents viruses and malicious programs, it also wreaks havoc on about 70 percent of the business applications that are client/server based and use Windows-based clients with servers that use UNIX and other operating systems.
After initial complaints from enterprises whose users were allowing Microsoft to install the SP2 update automatically on their computers, Microsoft provided a temporary "block" of the automated delivery of SP2 to Windows machines. That delay expires April 12 when Microsoft plans to resume the automated installs.
Mani Sridharan, vice president of business solutions for BOSS, the Norcross, Ga.-based network solutions company, said enterprises that have not worked out issues related to SP2 and properly installed the update on all Windows XP PCs in their organizations could experience significant problems if they do not act now.
"If there are just a few machines in your organization that don't have SP2 installed, you could experience the same problems others faced last summer," Sridharan said. "SP2 automatically closes ports that may be needed for other applications and, unless you take steps to keep those ports open, the applications will not work."
Enterprise network managers should use a deployment utility, such as BOSS's DiagWin Professional, to make sure SP2 and all future patches and upgrades can be correctly installed and confirmed on each computer in the organization, Sridharan said. DiagWin provides network managers with an effective tool to address what BOSS calls the "5Ps" of SP2 deployment problem areas: ports, protocols, programs, pop-ups and protection.
Organizations that deploy Web-based applications could be particularly vulnerable. Many of those sites use pop-up windows, particularly in the log-on phase. And, unless the user - or the network manager - configures each computer to allow pop-ups for that Web site, it won't work.
Even organizations using Microsoft's Software Update Services (SUS) to control the distribution of Windows updates could be exposed to potential problems resulting from the automatic installation of SP2. According to Sridharan, SUS will only prevent automated deployment to systems configured to point directly to the SUS server. So if an organization has overlooked configuration of a few systems, or new systems have been added to the network with the default Windows Update settings, those systems will receive the forced install.
Additionally, when remote users connect outside the organization's network, SP2 could be installed either manually by end users -- who are trying to help -- or automatically when logging on to a home network for which they have administrative rights.
Smaller organizations and independent users may be particularly vulnerable to the problems encountered after SP2 is deployed, since often, even the more tech-savvy users don't know where to get the information they need to identify, construct and implement a rule in the software to open the port or ports that other applications require.
"The solution is to take make certain SP2 installation occurs in a controlled environment before something goes wrong," said Sridharan.
BOSS, a Microsoft Gold Certified software development partner, specializes in assisting large organizations manage computer network resources and deploy operating systems, software and "patches" like SP2 throughout their organizations.
BOSS's DiagWin Professional is an easy-to-use IT asset management and application deployment solution that enables systems management from a single help desk or network administrator PC. With DiagWin, deployment packages can be easily customized to configure each desktop or laptop computer connected to the network so end users will not have to participate in the upgrade process and will not lose any productivity because of the installation. A free, fully-functional trial of DiagWin is available for download from the BOSS, which allows users to manage up to five machines for a period of 14 days. Customers that have used BOSS's DiagWin software to develop and deploy a "custom wrapper" with SP2 reported no major instances of software incompatibility, Sridharan said.
A number of third-party hardware and software vendors still have yet to provide patches and updates to their products that will allow them to work with SP2, Sridharan noted.
"But once those patches become available," he said, "network administrators can also use DiagWin to deploy them properly in their organizations without having to physically 'touch' each machine."
About the Author:
SecurityProNews is a daily online and email publication focusing on internet security issues.
More news_security_news Articles
Insider Reports RSS Feed
|
|
iEntry 10th Anniversary
RSS
Archive
