Tim Øsleby wrote: > Ann. Most likely your system already has XP service pack 2 installed. That's > the one update you will need if it isn't. Without it your computer is very > vulnerable.
As someone who works on security software for Windows and Linux, I'd strongly urge keeping up with Windows updates, even post XP SP2. You only have to get "owned" once to have large amounts of your money disappear from your bank account or get added to your credit cards or your identity get stolen. I do review the updates that they try to send, I keep good backups, I only install critical updates, and I always refuse to let Windows Genuine Advantage or its updates install. But if Microsoft is issuing a patch for it, there's a good reason. Some of the vulnerabilities, especially some of the ones in Internet Explorer, are positively frightening, allowing "drive by" exploitation of your system. That means the attacker plants the malware in such a way that you get infected by simply going to a reputable web page that has ads on it from a poorly defended or less than reputable ad system. It's happened, too. A year or two ago, the online IT technology (IT geek) newspaper "The Register" (http://www.theregister.co.uk or http://www.theregister.com) was using an ad service provider that got exploited. Just going to "The Register" web page and being unlucky enough to get one of the infected ads got your computer infected, IIRC, by a password stealer or spam engine (if you didn't have the proper patches installed). A lot of the "virus" hype /is/ hype. Shameless hype. But some of it isn't. Over the past couple of years there's been a definite and obvious shift in the motives of the purveyors of malware. It's gone from more like graffiti or other vandalism to more like business (profit motive). At the moment, there seems to be another shift underway, toward more focused attacks rather than the "shotgun approach". The idea being to get the malware "under the radar" of the security monitoring folks. That means that, for example, the A/V engines don't get signatures for them because either the "virus sensors" out in the Internet never see the actual malware, or because the number of folks affected is "too small". There have already been several of these sorts of targeted attacks in England and Scandinavia against specific banks. Through a partnership with some customers, my development team is seeing a lot of this sort of activity right now. -- Thanks, DougF (KG4LMZ) -- PDML Pentax-Discuss Mail List [email protected] http://pdml.net/mailman/listinfo/pdml_pdml.net
