FBI urges consumers, companies to take additional steps to safeguard Windows XP

Saturday, December 22nd 2001, 12:00 am
By: News On 6

WASHINGTON (AP) _ Consumers and corporations using Microsoft Corp.'s new Windows XP software are being warned by the FBI to take added steps against hackers who might try to take advantage of major flaws.

The bureau's National Infrastructure Protection Center said Friday that, in addition to installing a free software fix offered by Microsoft on the company's Web site, consumers and corporations using Windows XP should disable the product's ``universal plug and play'' features affected by the glitches.

The FBI did not provide detailed instructions how to do this. Microsoft considers disabling the ``plug and play'' features unnecessary.

The company acknowledged this week that Windows XP suffers from serious problems that allow hackers to steal or destroy a victim's data files across the Internet or implant rogue computer software. The glitches were unusually serious because they allow hackers to seize control of all Windows XP operating system software without requiring a computer user to do anything except connect to the Internet.

Outside experts cautioned that disabling the affected Windows XP features threatens to render unusable an entire category of high-tech devices about to go on the market, such as a new class of computer printers that are easier to set up. But they also acknowledged that disabling it could afford some protection against similar flaws discovered in the future.

The FBI also warned professional computer administrators to actively monitor for specific types of Internet traffic that might indicate an attack was under way.

It acted after bureau and Defense Department officials and some top industry experts sought reassurance from Microsoft that the free software fix it offered effectively stops hackers from attacking the Windows XP flaws.

The government's rare interest in the problems with Windows XP software, which is expected to be widely adopted by consumers, illustrates U.S. concerns about risks to the Internet. Friday's discussions came during a private conference call organized by the National Infrastructure Protection Center.

During the call, Microsoft's experts acknowledged the threats posed by the Windows XP problems, but they assured federal officials and industry experts that its fix _ if installed by consumers _ resolves the issues.

Microsoft declined to tell U.S. officials how many consumers downloaded and installed its fix during the first 24 hours it was available. Experts from Internet providers, including AT&T Corp., argued that information was vital to determine the scope of the threat.

Microsoft also indicated it would not send e-mail messages to Windows XP customers to remind them of the importance of installing the patch. It said a new feature of Windows XP can automatically download the free fix, which takes several minutes, and prompt consumers to install it.

``The patch is effective,'' Steve Lipner, Microsoft's director of security assurance, told The Associated Press.

Officials expressed fears to Microsoft about electronic attacks launched against Web sites and federal agencies during the Christmas holidays from computers running still-vulnerable versions of Windows, participants said.

Several experts said they had already managed to duplicate within their research labs ``denial of service'' attacks made possible by the Windows XP flaws. Such attacks can overwhelm Web sites and prevent their use by legitimate visitors.

Another risk, that hackers can implant rogue software on vulnerable computers, was considered more remote because of the technical sophistication required.