2kmaro
Think
Premium,ExMod 1 BC
join:2000-07-11
ColossalCave
clubs:  
| As opposed to debating on what's valid and what's not, perhaps we should focus back on the test conducted.
First: It was an unpatched out-of-the-box copy of XP. As I recall, one of the first things that is tossed at a user once they install XP is an offer to go check for current updates. Every wise and informed user should do that and can be expected to do that. The careless, uneducated and uninformed may not.
I would consider this a more valid test if it were conducted with an XP system with all patches/updates, including SP2, installed and left at their default settings. Consider that an out-of-the-box XP setup, for just one example, has their own built-in firewall turned off. SP2 turns that around to default to FIREWALL=ON.
justin  makes mention in another part of this thread that testing with SP2 a few months from now might be a better test. I'd recommend a "then and now" (or "now and then") test: test it with SP2 now and then go back in a few months and retest to see what holes in IE/Windows XP/SP2 have been found and opened up in those months.
One problem I think I see in Microsoft's security plan is that they appear to be very REactive as opposed to being PROactive. They fix things that are reported to them, but they themselves don't seem to be doing much in house to be the first to discover the vulnerabilities and potential exploits. If they don't have it already, they need to set up their own Xtreme-Hackers division with nothing to do but find ways to punch through the defenses in their mainstream products such as Windows, Office, and their various server products.
--
Good judgment comes from experience, and experience comes from bad judgment. Barry LePatner |
