I was testing the security of SP2 for XP and found a security flaw. Those on SP2, go to this site and click the "File execution" test. http://browsercheck.qualys.com/ (You have to click a few other buttons first).
On my SP1 PC, it passes all these tests as well as this one. On my SP2 test computer, that test opened up Notepad AUTOMATICALLY. I got the file download box for about a tenth of a second which was evidently referencing a .txt file (which is bad), and it then opened the file automatically and ran it without any intervention from me! This is pretty pathetic that SP1 does NOT have this security issue and SP2 does! On my SP1 PC, I get the file download PROMPT which is good, plus it references a .exe file which is what it's supposed to do if you pass. Even worse, the patch for this vulnerability here won't run on SP2! So, SP2 users are wide open to this vulnerability! http://www.microsoft.com/technet/security/bulletin/MS02-047.mspx I click the file on the SP2 PC and it says "This update requires IE6 to be installed". Huh!!!?????? Both computers have the EXACT SAME software installed, so it's obviously a problem with SP2. The settings on the SP2 PC are set as high as they can be while still allowing functionality. I'm sure all would be interested in knowing how SP2 users fair with that test in your case. Please post your results, and if you happen to PASS it, please post your IE settings info. Remember to read the explanation well regarding how to determine if you pass or fail. You have to allow the cookie (can't have any red "-" sign @lower right) and your PU blockers must be off. It passed all of the other security tests. I just noticed something else very disturbing. I checked to make sure the XP firewall was on, and it was OFF! I haven't even TOUCHED it since SP2 was installed and I set it up! It was disabled, and I have absolutely no idea how it could have gotten disabled! So, it also appears SP2 users are going to have to check on a regular basis to be sure the XP SP2 firewall is still enabled! And no, re-enabling it didn't change the results of the test. -Clint God Bless Clint Hamilton, Owner http://OrpheusComputing.com ============= PCWorks Mailing List ================= Don't see your post? Check our posting guidelines & make sure you've followed proper posting procedures, http://pcworkers.com/rules.htm Contact list owner <[EMAIL PROTECTED]> Unsubscribing and other changes: http://pcworkers.com =====================================================
