XP users

[Bocar]

XP users

[Bocar]

Go here and grab this little proggy. While your there, read up on what the Plug and Play security hole is all about. You might be surprised by what you find out.

Security Patch

[Buck]

The problem isn't with Plug and Play, it's with a little used feature called "Universal plug and play", which is in older O/s's, but not a commonly used feature. the difference with XP is that it's enabled by default.

there is also a fix avaliable directly from Microsoft. Those guys, whoever they are, are pushing their own tool to disable and and report on the status of UPnP.

Just get the MS patch, that's all that is required.
 

[Bocar]

I disagree Buck...run the MS patch then go scan your system...its still open. Gibson's proggy shuts it completly down. Like I said in my first post...read the article. By me stating you might be surprised by what you read, that relates to Plug and Play. Most people think its the normal Plug and Play for installing hardware but its not. Its a universal Plug and Play the leaves some network ports open.

Again...with just the MS Security Patch installed, your still open.

[Viper 508]

I read the article and downloaded/ran the program. It looks like MS can just do whatever the hell they want with our computers and nobody's going to stop them, what else is new.  

[Fox7cf]

Thanks for the link, Bocar. I thought Microsoft completely fixed the issue and my computer was safe, but now I realize I was wrong. I downloaded the program and now UPnP is competely disabled!

[Reflex]

Gibson is incorrect as usual, I have always been considered paranoid by most standards, but Gibson takes the cake.  Universal PnP is NOT a security hole by default.  There was a security hole in UPnP and MS issued a patch.  The patch does not shut down UPnP, it closes the hole.  Shutting down UPnP completely for one hole is like removing Winsock because a hacker might get into your system if your connected to the net.

[alecl]

Well, using best practices, you're supposed to shut down any services you don't need because it's a potential security hole.  I mean on unix boxes, you don't leave mail servers, web servers, ftp servers, etc running if you don't use them.  After it's patched, there's nothing inherently wrong with UPNP, but it's an open port just like any other so it's not a bad idea to close it.  I run a hardware router that also acts as my firewall so I don't need to worry about these things because only what ports I tell to go through actually get there.

[Reflex]

The reason such features are turned by default is that later products will be designed around them.  UPnP is a major part of what will become .NET.  For the moment, turning it off is fine, but for the average consumer who dosen't understand services, it would suck to explain how to start a service in the first place when they subscribe or purchase a new product or service that requires it.  As Gibson also admitted in the article, even the simple built in firewall in XP will block the potential exploits, and if you want something more comprehensive, simply download ZoneAlarm.  Once agian this was an issue that was blown out of proportion, especially as far as the average consumer is concerned.

[imtim83]

Just wondering but why is ever issue that appears is considered blown out of proportion everytime? I have been seeing this.

[crosscourt]

I disagree with you Buck on the UPOP is in all older windows versions it is not.I showed Reflex an article from Microsoft I hope we can find or he at least remembers from awhile back but Win98/se does not have UPOP unless the XP client is installed.Winme/win2k does have UPOP but its turned off by default so WinXP is the only OS that comes with UPOP on by default.
My point here is the security hole isnt a problem for older users unless they have the Xp client installed or have it turned on rather than off by default.XP has the problem by default and all users should take Reflexs and Bocars advice and plug it,otherwise most users have nothing to worry about at least from this issue.CC

[FallGuy]

I know this isn't a VIA problem, but this thread and the issue of uPnP and using the built-in firewall of WinXP to block access through that port made me decide to enable it. But it brings up a question that I think I should know the answer to but don't. When you look at the services that you can check off to allow them to work with the ICS Firewall enabled, there are options for everything from IMAP to TCP/IP. How do you know which ones to enable or disable without compromizing your system?

You also need to open certain ports to allow applications like NetMeeting and AOL-IM to work, but how do you know that someone won't attack your system through these ports?

[Reflex]

FallGuy - I wish I could answer you, but unfortunatly my specialty is not network security, I have an idea of how it works, but someone who really knows would come and rip me a new one if I tried to explain.  ;>

intim - Yes, these days everything is exaggerated, be it news about MS, Intel, AMD, nVidia, Ati, etc.  ANy of the big names and suddenly they are out to screw over the end user.  People seem to forget that its in all these companies best interests to do as much for the consumer as possible, and they all know that.  That dosen't mean that they can do no wrong, or have no bad buisness practices or design decisions, but articles like Gibson's ignore the basic fact that companies like MS are NOT out to screw you over.

Crosscourt - Yes, according to that article this does not affect non-XP users by default.  Honestly it dosen't affect XP users either if they just enable their firewall or install a better one.  No big deal in my opinion.

[crosscourt]

I agree with you Reflex it isnt a big deal and has been blown out of proportion.Thanks for the confirmation,CC

[Bocar]

Heres my take on it being a big deal or not. I could care less about the companies but I damn sure want to know what's going on in my rig. I did some snooping around and heres what I come up with. If you do a normal install of XP, UPNP DOES NOT get loaded. If you do a full custom install, UPNP DOES get loaded and it's open. The MS patch only closes the port but does not disable it. Gibson's patch disables it or you can go to add/remove proggys and uninstall it from there if you did a full custom install or you can disable it in services panel.
Now to the big deal....Each and everyone one of us knows people who DO NOT run anti-virus, who DO NOT know about firewalls and in general, have no clue. These people are the one's that need to be informed or educated. XP was presented as the best and most secure op system ever, so naturally, people felt safe. I would rather of heard about UPNP the way I did, then find out later and be sorry. Whether or not UPNP is used now or in the future, the fact remains that a port was left wide open by default. If anyone in this forum would have been hacked, you would damn sure be pissed. To me that is a big deal.  

[Reflex]

Bocar - Fortunatly, for the users you mentioned, the default on Windows Update is to download and install critical fixes automatically.  So for the users you mentioned, this bug is a non-issue as they would have had the patch installed the day the hole was found.  I'm sorry, but its still not a big deal.

[Gurm]

Ok, let's get a few points straight...

1. Steve Gibson is a paranoid dumbass.

Well, perhaps dumbass isn't the right word. But he's certainly not the most knowledgeable guy out there. He tries to pretend that he is, but he isn't.

Let's take his "Shields Up" tester, for example. According to this tester, my default installation of Windows XP (which I've "tweaked" by turning off unnecessary services) is the most secure system imagineable. Yes, every single port is stealth. Wow. That's amazing, considering Steve insists that WinXP is inherently insecure.

Every time Steve goes out on a limb about some security issue, he gets put back in his place by REAL security experts. But then, instead of just eating crow like he ought to, he proceeds to scare the bejeezus out of the casual user. What a jerk!

2. uPnP isn't a problem.

There was a problem with it. It has been fixed. To insist that uPnP itself is a problem is like insisting that Windows itself is a problem (sarcastic smartasses need not respond with the inevitable "but Windows IS a problem, dude!").

3. Software firewalls are NOT necessary.

I fail to see the point of a software firewall. I have yet to hear anyone give me a GOOD reason, other than extreme paranoia and/or a desire to monitor net traffic, to use one of these pieces of crap. And yes, they ARE pieces of crap. Your network traffic gets slowed down considerably, and they are fairly resource-intensive as compared to other "runs all the time" processes.

"But without it, my system will be insecure!" I hear you whining. NOT SO. Go turn off the useless services, configure the ones you do use, and you're all set. Want to know how NOT to have an open port 21? Don't run an FTP server... or secure the one you DO run. How hard is this? Turn off all the dumb network listening services that MS ships with the OS, configure your machine properly, and you're all set. What, exactly, do these software firewalls do other than block ports that are otherwise open? Nothing, other than blocking OUTBOUND traffic. And if you have a trojan or a net-enabled virus, whose fault is it? Hmm?

Seriously. If anyone can give me a GOOD reason to run one of these turds, I'll give them a cookie (not the Internet kind, the kind with raisins and oatmeal that's all warm and soft and yummy).

4. Steve Gibson is a turd.

Well, I had to reiterate this. He's not ALWAYS wrong - just usually. But anyone that scares instead of informing the general public is a big fat turd. Go check out the Register's assessment of his services... while I usually think THOSE idiots are bad enough, this time they got it right.

- Gurm

[Viper 508]

But Windows IS a problem, dude!
I had to say it, dude! No. Seriously though. I agree with GURM. I don't run a firewall. I dont use A/V software anymore. I have had to re-install my system twice due to A/V software, and not once due to a virus. I don't open most attachments and only read solicited mail. I'm only online 1 or 2 hours per night. My system isn't secure or immune but if someone has absolutely no life and wants to hack into my computer through my UPNP port then let him. By the time he get's through I'm logging off and getting ready to play some Empire Earth and he's sitting there thinking of the time he wasted trying to get into my computer and read the contents of MYFILES! Ha! I think it is blown out of proportion somewhat. MS did release a patch at least, they didn't totally ignore it. And by disabling it alltogether they would just recieve more email and such from non-computer-type people who find that something won't work without UPNP and have no idea how to load it back up, like Reflex said. I am the average user and this is blown out of propotion for me!

PS - While you were reading this I hacked in through your open UPnP port and copied the contents of your c:\Myfiles\MyPictures\Neighbor'sNakedWife\ folder. Ha!

[sirosis]

Damn and I was saving those pics all to myself.  I promised her I wouldn't put them all over the web.  
Can I have them back?  
PUUUULLEEEEZZZZEEEE?

[Viper 508]

Shure man, I'm not totally cruel. You can grab them from my FTP site, no prob!