The Security Mentor

Service Pack 2 of Windows XP stamps an invisible warning label on files you download from the Internet. If you try to run a file, XP checks for the label and warns you that the file is from an untrusted source.

Imagine, for example, that someone tricks you into opening an attachment and it puts a file called nastyvirus.exe on your disk. If you go back the next day and double-click on nastyvirus.exe, Windows will ask whether you really want to do that.

That's a good and clever feature. How well does it work? Security researchers have been studying SP2 intently (and mostly finding good things), and Juergen Schmidt has taken a close look at the warning-label feature. He's found some ways to get around it. He can get XP to run a downloaded program without warning.

The good news is that the warning-label feature is good enough to protect against all known kinds of attacks. Nobody's ever seen a virus that could use the tricks that Schmidt invented. The bad news is that Microsoft is going to leave the door open: their reponse was "we don't see these
issues as being in conflict with the design goals".

What does this all mean to you?

• Don't let email trick you into running "cmd" with a downloaded file


• Keep your guard up in general. SP2 is no substitute for staying alert.

Details for technical people.