Gee, maybe there’s something to this “trustworthy computing” thing after all. ZDNet reports:
Security company F-Secure has reverse-engineered SP2, a process the company compares to taking apart a virus or worm to see how it functions, and the company’s initial reaction is very positive.
“They have implemented it very well, especially the stack protection and the memory protection. They really did it right this time. We won’t be seeing outbreaks like Sasser. It will be hard to attack Windows XP via automated network worms,” said Mikko Hyppönen, director of antivirus research at F-Secure.
“If we had a worm like Sasser again, it would only hit users with earlier versions such as Windows 2000 or those who hadn’t patched Windows XP,” he said.
Of course, the latest upgrade to Windows is not a complete cure for all of its security ills, says Hyppönen. There are plenty of third-party applications, such as instant messaging clients, that create similar vulnerabilities. There is also the continuing problem of users.
“There are always users who are going to do the wrong things, and that will remain the number one problem–but the attacks will spread much more slowly. We will be getting rid of most of the fast-spreading network worms,” he said.
And of course, none of this protection will take place unless computer users actually bother to update their software.
“I really hope users will be downloading SP2,” he said.
For what it’s worth, I got a half-dozen copies of the latest Bagle worm variant today. Just for grins, I tried executing the code on a safe test machine. SP2 blocked it completely.
Impressive.
Ed Bott 