In-Depth

Briefs

More XP SP2 woes, fraud awareness survey, Can-Spam's failure

• By Mathew Schwartz
• 08/25/2004

SP2 Security Entangles Some XP apps

For corporate users experiencing application and security software difficulties after upgrading to Microsoft Windows Service Pack 2 (SP2), SP2’s new security features might be to blame. Microsoft has delayed releasing SP2 via the automatic update capability in XP until some of these issues are resolved.

According to the wide-eyed-sounding “Some programs seem to stop working after you install Windows” bulletin from Microsoft (article 842242 in the Microsoft Knowledgebase), a number of programs are incompatible with SP2’s default security settings, which include an active software firewall for inbound communication attempts.

The compatibility problems range from Symantec’s AntiVirus Corporate Edition 8.0 to Computer Associates’ eTrust 7.0 to Microsoft’s own Microsoft’s Systems Management Server 2003—for remote-control access to PCs—as well as other Microsoft server-based applications.

On the consumer front, a number of multiplayer games have SP2-related issues. In an announcement, eBay also reported some difficulties with two pieces of software it distributes. In its eBay Toolbar, for example, “some of the features are working and others are not.” The company is working to resolve the issues.

Microsoft’s suggested fixes range from configuring the software firewall to allow discrete access. In some cases, registry changes are necessary.

For more information:
http://support.microsoft.com/default.aspx?kbid=842242

- - -

Symantec Says Users See Fraud

Despite identity theft making headlines and affecting record numbers of people, many users still don’t see the link between it and their behavior online. While three-quarters of people know about spyware, only a quarter know about phishing scams.

Those results come from an Insight Express survey of 300 people, researching their awareness of online fraud and their overall behavior online.

Other interesting findings: half of respondents say they are “very concerned” with online fraud, and a similar number receive daily unsolicited e-mails. A majority says they have not been victims of online fraud. Even so, 86 percent of those not affected have altered their online behavior.

In particular, three-quarters of respondents only use secure e-commerce sites. Half, however, won’t submit confidential data via the Internet to such sites. A third still eschew online banking.

In addition, users are more vigilant than ever, with 80 percent checking banking statements monthly to proactively spot fraud, and almost that many studying their credit card statements monthly. Yet only 23 percent of respondents receive a regular credit report, useful for spotting whether others have opened accounts or lines of credit in their name.

Despite some steps by consumers to combat all forms of fraud, confusion still persists. For example, only half of respondents think they know how to adequately protect themselves from online fraud.

- - -

Can-Spam Compliance Sinks

When Can-Spam (the Controlling the Assault of Non-Solicited Pornography and Marketing Act) took effect in January, it was lawmakers’ bid to end spam. The rules were simple: no faking an e-mail “from” address, include a real-world postal address, using a subject line that reflects e-mail content, and providing a working opt-out system.

According to current results, however, Can-Spam isn’t canning anything; spam is still on the increase. MX Logic, an e-mail monitoring service, says a sample of 10,000 e-mails every week in July 2004 found 84 percent of all e-mail was spam, up from 75 percent in June. Of that July spam, only 0.54 percent complied with Can-Spam, the lowest compliance level ever since Can-Spam took effect.

“No one should be shocked by the decrease in compliance,” says Scott Chasin, chief technology officer of MX Logic. “The Can-Spam Act was never designed to be an antidote for spam.” Rather, he says, it was to empower agencies and ISPs to pursue spam purveyors.

More effort, however, will be needed to stem spam. “What we need now is progress on other fronts, namely, industry cooperation on e-mail authentication protocols, continued technological innovation and end-user education.” In particular, he cites work by the Internet Engineering Task Force to hone the Sender ID proposal, which is a combination of the Microsoft-backed Caller ID for E-mail with the Sender Policy Framework.

RELATED STORIES

Windows XP SP2-Related Articles

Ready, Set, Wait: Experts Advocate XP Upgrade Delay
http://www.esj.com/security/article.asp?EditorialsID=1088

Web Caller-ID Arrests Spoof Sites
http://www.esj.com/security/article.asp?EditorialsID=1087

Microsoft Says Security Improvements Coming
http://esj.com/news/article.asp?editorialsId=875

Fraud- and Phishing-Related Articles

Heading off phishing attacks
http://www.esj.com/security/article.asp?EditorialsID=1035

Spam-related Articles

Can-Spam Charges
http://esj.com/news/article.asp?editorialsId=957

Case in Point: Law Firm Battles Spam
http://www.esj.com/news/article.asp?EditorialsID=787