Windows XP SP2 TCP/IP "Patch"

[Mastertech]

Worm protection, it's called Updated AntiVirus Software and Applying Security Patches not limits to the TCP/IP protocol. This doesn't stop you from getting a Worm. Therefore it is irrelevant to most people. I don't feel sorry for people who get infected from a Worm because they are too lazy or incompetent to have updated AV and apply security patches. Even if this limit only remotely affected my internet connection in ANY way I would want it removed.

[umteen]

Like what? I am currently downloading 10 items through Bittorent (Azureus) and have not seen a single error.

Well 10 items isn't much, if you mean 10 files.

If you don't understand why the patch came about, that's ok. The patch works for what it was meant to do.

I agree if you are saying that too many people have applied it without understanding the first thing about it.

That's as far as my agreement goes.

[EduardValencia]

well,people my humble opinion is that this patch breaks ALMOST all the idea of SP2,this will make your surface attack probability increase on your system.

i don't recomemnd to crack this.

[umteen]

well,people my humble opinion is that this patch breaks ALMOST all the idea of SP2,this will make your surface attack probability increase on your system.

i don't recomemnd to crack this.

585424341[/snapback]

IF that was "almost all of the idea of SP2", Microsoft could have released a hotfix of a few kilobytes instead of the actual SP2, get a grip.

[Squirrelington]

This is why I dont let my boss know about this stuff (I inform him not to install patches from 3rd parties unless we discuss it, as hes still naive to everything he sees). This reminds me of when he visited a miscellaneous box.sk site and what does he do when it says 'You must click yes to download this [iTEM]'. *suspense here...* He clicked YES! I later told him he was a 'bad dog!' and that he shouldn't believe everything he sees and rectified is mistake. Now what does this have to do with this topic you may ask? It illustrates that people that don't understand what they are doing, will keep making dumb mistakes and so on. If you do not understand why Microsoft did what they did, and what implications it has on your 'eXPerience', then you SHOULD research how TCP/IP works, and reply to posts regarding the subject in a constructive and contributing manner. Thank you for your time. Happy broswing ^_^

[Mastertech]

People need to know that it is perfectly safe to install this fix. The original TCP/IP outbound connection limit does nothing for your safety, therefore it is irrelevant.

[John Veteran]

People need to know that it is perfectly safe to install this fix. The original TCP/IP outbound connection limit does nothing for your safety, therefore it is irrelevant.

585427102[/snapback]

:no:

[Mastertech]

Then please explain how this limit improves your personal security?

[John Veteran]

It will slow the initial spreading of worms so that quicker action can be taken.

[Mastertech]

It will slow the initial spreading of worms so that quicker action can be taken.

585427130[/snapback]

How does that improve your security if you have updated AV, all security patches applied and a firewall?

If a worm is on your system what does this patch do to protect you?

[umteen]

hehe, now we are getting our patches mixed up.

[Frank]

How does that improve your security if you have updated AV, all security patches applied and a firewall?

If a worm is on your system what does this patch do to protect you?

585427140[/snapback]

This limitation wasn't designed to protect the user who has the virus but it is designed to slow down the spread of a worm until the AV companies release new definitions and the user updates their patterns.

When a virus hits AV companies don't automatically have a fix for it. Depending on the company it could take a day before they receive the virus, analyze the virus and make the dat file available to the public to download. Then you have to remember you won't receive the update right away depending on your update schedule.

[Mastertech]

This limitation wasn't designed to protect the user who has the virus but it is designed to slow down the spread of a worm until the AV companies release new definitions and the user updates their patterns.

When a virus hits AV companies don't automatically have a fix for it. Depending on the company it could take a day before they receive the virus, analyze the virus and make the dat file available to the public to download. Then you have to remember you won't receive the update right away depending on your update schedule.

Which means it does NOTHING for your own personal security. All the worms that hit were caused because people never applied security patches that had been out for six months or more. It is totally irrelevant if you apply this to your system or not. All this does it "potentially" slow the spread of a worm between careless users, not a big loss IMO. Maybe they will learn to use updated AV and apply security patches.

[EduardValencia]

It will slow the initial spreading of worms so that quicker action can be taken.

585427130[/snapback]

agreed :yes:

[EduardValencia]

Which means it does NOTHING for your own personal security. All the worms that hit were caused because people never applied security patches that had been out for six months or more. It is totally irrelevant if you apply this to your system or not. All this does it "potentially" slow the spread of a worm between careless users, not a big loss IMO. Maybe they will learn to use updated AV and apply security patches.

585433228[/snapback]

Of course it does,this fix not only limits the initial spreading stages of any worm,it reduces the risk of being detectable to port scanners.remember that there are port scanners capable of detecting when the system is vulnerable at any instance (u could be port scannned for almost a day),depending on how many applications u are using,the more applications (more connections opened of course) being used,the more vulnerable u are.

the idea is to be resilent in the web.Opening more connections= (it's like buliding more doors to your house for the thieves :laugh: ) in childish words

And P2P programs are the biggest conduct for worms and viruses nowdays :sleep:

remember that these applications of massive file sharing,increased the spreading of viruses and worms for the last decade.that's why we have ,bloody AV's and FW?s on our systems.these P2P applications open multiple connections on your system.

Well and the final words are.The operating system (abbreviated as OS) wasn't meant to live side by side with an antivirus or third party firewall,it was meant to have a basic,reliable and resilent operation,without dangers.

i felt explaining this to an ignorant kid,i should call you "mastertech of naiveness":DD

Edited February 8, 2005 by EduardValencia

[Mastertech]

Please explain exactly how this reduces you from being detected by port scanners if you are not infected by a worm?

And P2P programs are the biggest conduct for worms and viruses nowdays

remember that these applications of massive file sharing,increased the spreading of viruses and worms for the last decade.that's why we have ,bloody AV's and FW?s on our systems.these P2P applications open multiple connections on your system.

Nope, it is still email by far.

Well and the final words are.The operating system (abbreviated as OS) wasn't meant to live side by side with an antivirus or third party firewall,it was meant to have a basic,reliable and resilent operation,without dangers.

Then you run Windows without AV and a Firewall. Good security advice there!:no::

i felt explaining this to an ignorant kid,i should call you "mastertech of naiveness

Your naive in thinking this has ANY affect on security for a system not infected with a worm.

[Mastertech]

Here is the real point, once your infected you machine is compromised! Any virus writer with half a brain will include a workaround for this in the virus. The whole thing is idiotic, this does nothing to improve your security, you have to be infected with a worm first of all which means your security has already been compromised. All this does is make it take a little bit longer to infect other careless users who did not patch. Like I said once your system is compromised the worm could easily and probably will just unpatch this. This is a big joke.

[EduardValencia]

Windows XP SP2 will bring TCP connection limits that may cause issues with busy software. A blurb on Warp2Search.net reveals that P2P software resulted in an Event Log message about too many connection attempts.

This new feature is one of the stack?s ?springboards,? security features designed to proactively reduce the future threat from attacks like blaster and Sasser that typically spread by opening connections to random addresses. In fact, if this feature had already been deployed, Sasser would have taken much longer to spread.

It?s not likely to help stop the spread of spam unless spammers are trying to reach open e-mail relays in the same way, by opening connections on SMTP ports of random IP addresses. This is new with XP SP2 and they're trying to get it right so that it does not interfere with normal system operation or performance of normal, legitimate applications, but does slow the spread of viral code. New connection attempts over the limit for half-open connections get queued and worked off at a certain (limited rate).

this explain your doubts?

[Mastertech]

I understand how it works. Sasser spread because people didn't apply a six month old patch and either had no AV or it was outdated, those who did were unaffected. You also did not answer the question how does having this enabled on your PC secure your PC from being infected by a worm? How does this do anything on your PC to protect you from anything?

Do you realize that once your infected, a worm can easily change this making it useless? Scaring people into believing this in some way secures your PC more is laughable.

[John Veteran]

All this does is make it take a little bit longer to infect other careless users who did not patch.

585437060[/snapback]

That's exactly the idea, and it doesn't hurt your connections/speed at all anyway, so why mess with it? :wacko:

[umteen]

We messed with it because we wanted to annoy you, ok?

[EduardValencia]

Don't come here bashing microsoft of their security methods,when u got infected by a worm,i'll be there to remember you

what a shame,it's up to you mastertech :unsure:

[Mastertech]

Don't come here bashing microsoft of their security methods,when u got infected by a worm,i'll be there to remember you

Who's bashing Microsoft's security methods? I promote security! Such as not getting infected with a worm in the first place! Complaining about people changing a TCP/IP setting and then trying to scare them with it is something that affects their security is pure propaganda. You failed to inform them that changing this setting on their computer WILL NOT protect them from anything. I wouldn't worry the people this might affect don't patch and run updated AV so they are highly likely to have not changed this setting and if they do the only people affected are others who don't patch and use updated AV. Worrying about this setting as some sort of security risk is just not founded.

[EduardValencia]

Who's bashing Microsoft's security methods? I promote security! Such as not getting infected with a worm in the first place! Complaining about people changing a TCP/IP setting and then trying to scare them with it is something that affects their security is pure propaganda. You failed to inform them that changing this setting on their computer WILL NOT protect them from anything. I wouldn't worry the people this might affect don't patch and run updated AV so they are highly likely to have not changed this setting and if they do the only people affected are others who don't patch and use updated AV. Worrying about this setting as some sort of security risk is just not founded.

585444145[/snapback]

Mastertech u are an advanced user,i'm not questoning your method,i've patched various systems to test them and had a problem with 2 worms and spent almost a month fixing the problem (it wasn't my network though), in my personal opinion it's not recommendable to users who lacks knowledge about the benefits/consequences that this might bring spesially in networked enviroments.I'd preferably say that this patch is for users who love updating their systems continiously,and want them tweaked it to the hilt.

[umteen]

And for people like me, I don't tweak anything much, I have "Bliss" desktop background still.

It's not much of an "up to the hilt" tweak.