PCMagazine is running an article claiming that "Windows XP SP2 Has a Dangerous Hole." The premise is that XPSP2 has a new feature, "Windows Security Center", which displays the status of your firewall, automatic updates, and antivirus program. The "security hole" that PCMagazine is reporting is that it's possible for code running as an Administrator on your box to spoof these settings, and thus present a false picture to the user about what's actually going on.
Here's the thing, though: code running on your system as Administrator can do ANYTHING. Once you let code run on your box, it's game over: the attacker owns your computer. Yes, it can tell you that your firewall is still up, when in fact it's turned it off. Or, since it's running as Administrator, it can just bypass the firewall altogether. It can send spam from your PC, turn on your webcam, reformat your hard drive, or whatever. It's not a hole that code running as Administrator can do bad things -- it's how computers work.
What XPSP2 does do for you is make it much harder for you to be tricked into running malware (worms, trojan horses, viruses, whatever) by mistake. But still, if someone emails you a malware executable in a ZIP file and you unzip it and run it, your machine is no longer yours. No operating system on the planet can stop that.
Another thing you can do is not run as Administrator. Unfortunately, this isn't necessarily as easy in Windows as it should be, but it's definitely possible. For about two months now, I've been running as a LUA (Limited User Account) on my laptop. Even if I am tricked into running a program that I shouldn't, that program can only mess up my user account on this PC -- it can't take over the operating system, because my account doesn't have Administrator privileges. For more information on how to run as LUA on Windows, check out Aaron Margosis' excellent blog.
Posted by Mike at August 26, 2004 09:55 PM