1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Internet Security measures in XP/SP3

Discussion in 'Windows XP' started by P. Jayant, May 13, 2010.

  1. P. Jayant

    P. Jayant Flightless Bird

    I have not been able to locate any list of the Internet security features
    included in SP3 as against the previous versions of XP: SP1 and SP2. I
    discovered a new feature in O E 8 after installing SP3. There is a Spam
    Folder and it appears as if any message from a party who is not in my
    Address Book is sent to the Spam Folder. I can look at the Sender’s name and
    the subject and if I need to keep it, I can Move it to the Inbox Folder by
    right clicking on the subject and selecting Move from the options; but the
    Spam tag given to it remains there as a prefix to the Subject.

    The second security measure I came across yesterday, involved quite a bit of
    struggle. I receive various bills like the one from the Electricity Utility
    Company by e-mail and pay it through Internet Banking Facility. I have
    accounts in two banks and I have been paying the electricity bill for quite
    a few years from one of these two banks when my system was under SP1 and
    later under SP2. This bank asked me only to log in and confirm twice that I
    approved paying the amount specified in the bill. But after the recent
    installation of SP3 on my computer, XP refused yesterday to clear the
    payment because of insufficient Merchant Data, giving Data Execution
    Prevention requirement as the reason.

    Since I did not know if I could resolve the problem, I decided to pay the
    bill from the account in the second bank. This bank asks first for Log-in
    username and password. Then it asks for the Username and Password for paying
    by Internet transaction. And when that too is cleared, it displays three or
    four English alphabets on the payment screen, one alphabet per box with
    space for entering two digits in a box below. On the reverse of my ATM Card
    from this bank are the two digits corresponding to the English alphabets.
    When I read that table behind the ATM card and enter the two digits in each
    box correctly, the payment is instantly made. Thus there are much stricter
    security measures in the system of the second Bank: measures which
    apparently fulfill the Data Execution Prevention requirement of XP3.



    Could any knowledgeable user of XP3 indicate if XP3 really has introduced
    this new feature for Internet transaction security? Or could there be any
    other reason for the blockade?



    P. Jayant
     
  2. PA Bear [MS MVP]

    PA Bear [MS MVP] Flightless Bird

    > I have not been able to locate any list of the Internet security features
    > included in SP3...


    List of fixes that are included in WinXP SP3
    http://support.microsoft.com/kb/946480

    > I discovered a new feature in O E 8 after installing SP3. There is a Spam
    > Folder and it appears as if any message from a party who is not in my
    > Address Book is sent to the Spam Folder.


    You may be running a security suite that includes an anti-spam component but
    the functionality's certainly not part of SP3.

    PS: You may have installed IE8 but you're still running OE6.

    PPS: The other "security measures" you're referring to are included in IE8,
    not SP3.
    --
    IE-specific newsgroup:
    news://msnews.microsoft.com/microsoft.public.internetexplorer.general

    ~Robear Dyer (PA Bear)
    MS MVP-IE, Mail, Security, Windows Client - since 2002


    P. Jayant wrote:
    > I have not been able to locate any list of the Internet security features
    > included in SP3 as against the previous versions of XP: SP1 and SP2. I
    > discovered a new feature in O E 8 after installing SP3. There is a Spam
    > Folder and it appears as if any message from a party who is not in my
    > Address Book is sent to the Spam Folder. I can look at the Sender’s name
    > and
    > the subject and if I need to keep it, I can Move it to the Inbox Folder by
    > right clicking on the subject and selecting Move from the options; but the
    > Spam tag given to it remains there as a prefix to the Subject.
    >
    > The second security measure I came across yesterday, involved quite a bit
    > of
    > struggle. I receive various bills like the one from the Electricity
    > Utility
    > Company by e-mail and pay it through Internet Banking Facility. I have
    > accounts in two banks and I have been paying the electricity bill for
    > quite
    > a few years from one of these two banks when my system was under SP1 and
    > later under SP2. This bank asked me only to log in and confirm twice that
    > I
    > approved paying the amount specified in the bill. But after the recent
    > installation of SP3 on my computer, XP refused yesterday to clear the
    > payment because of insufficient Merchant Data, giving Data Execution
    > Prevention requirement as the reason.
    >
    > Since I did not know if I could resolve the problem, I decided to pay the
    > bill from the account in the second bank. This bank asks first for Log-in
    > username and password. Then it asks for the Username and Password for
    > paying
    > by Internet transaction. And when that too is cleared, it displays three
    > or
    > four English alphabets on the payment screen, one alphabet per box with
    > space for entering two digits in a box below. On the reverse of my ATM
    > Card
    > from this bank are the two digits corresponding to the English alphabets.
    > When I read that table behind the ATM card and enter the two digits in
    > each
    > box correctly, the payment is instantly made. Thus there are much stricter
    > security measures in the system of the second Bank: measures which
    > apparently fulfill the Data Execution Prevention requirement of XP3.
    >
    >
    >
    > Could any knowledgeable user of XP3 indicate if XP3 really has introduced
    > this new feature for Internet transaction security? Or could there be any
    > other reason for the blockade?
    >
    >
    >
    > P. Jayant
     
  3. Anteaus

    Anteaus Flightless Bird

    DEP has nothing to do with online transaction security. Its role is to
    (attempt to) prevent the execution of data in memory as if it were a program.
    This typically arises when a buffer-overrun exploit is attempted by a
    malicious site, or by badly-coded software.

    Which begs the question, were you on the correct site, or did you mistype
    the URL and land on a spoof/phishing page? A check of your browser's history
    should tell you if that was the case. If so you should do a thorough malware
    check and change your banking password.

    It may of course be that the page was genuine, and the bank in question had
    installed an activex control containing coding mistakes which went unnoticed
    without DEP. Though, that is unusual and would soon be reported to the bank
    if it were the case.

    "P. Jayant" wrote:

    >
    >
    > I have not been able to locate any list of the Internet security features
    > included in SP3 as against the previous versions of XP: SP1 and SP2. I
    > discovered a new feature in O E 8 after installing SP3. There is a Spam
    > Folder and it appears as if any message from a party who is not in my
    > Address Book is sent to the Spam Folder. I can look at the Sender’s name and
    > the subject and if I need to keep it, I can Move it to the Inbox Folder by
    > right clicking on the subject and selecting Move from the options; but the
    > Spam tag given to it remains there as a prefix to the Subject.
    >
    > The second security measure I came across yesterday, involved quite a bit of
    > struggle. I receive various bills like the one from the Electricity Utility
    > Company by e-mail and pay it through Internet Banking Facility. I have
    > accounts in two banks and I have been paying the electricity bill for quite
    > a few years from one of these two banks when my system was under SP1 and
    > later under SP2. This bank asked me only to log in and confirm twice that I
    > approved paying the amount specified in the bill. But after the recent
    > installation of SP3 on my computer, XP refused yesterday to clear the
    > payment because of insufficient Merchant Data, giving Data Execution
    > Prevention requirement as the reason.
    >
    > Since I did not know if I could resolve the problem, I decided to pay the
    > bill from the account in the second bank. This bank asks first for Log-in
    > username and password. Then it asks for the Username and Password for paying
    > by Internet transaction. And when that too is cleared, it displays three or
    > four English alphabets on the payment screen, one alphabet per box with
    > space for entering two digits in a box below. On the reverse of my ATM Card
    > from this bank are the two digits corresponding to the English alphabets.
    > When I read that table behind the ATM card and enter the two digits in each
    > box correctly, the payment is instantly made. Thus there are much stricter
    > security measures in the system of the second Bank: measures which
    > apparently fulfill the Data Execution Prevention requirement of XP3.
    >
    >
    >
    > Could any knowledgeable user of XP3 indicate if XP3 really has introduced
    > this new feature for Internet transaction security? Or could there be any
    > other reason for the blockade?
    >
    >
    >
    > P. Jayant
    >
    >
    > .
    >
     
  4. P. Jayant

    P. Jayant Flightless Bird

    Thanks for your comments. I did mean I E 8 and yes indeed, I am on O E 6.
    Sorry for the mistake. Your clarification about D E P was useful. I shall
    check my browser history to find if I had done any mistake in entering a web
    address.
    But does it mean that the security checks in SP3 are the same as in the
    previous two service packs?

    P. Jayant
     
  5. PA Bear [MS MVP]

    PA Bear [MS MVP] Flightless Bird

    [To keep track of things, it helps immensely if you quote all of the
    previous message(s) in your replies to the newsgroup. Thank you.]

    "Windows® XP Service Pack 3 (SP3)...includes a small number of new
    functionalities, which do not significantly change customers’ experience
    with the operating system. This white paper summarizes what is new in
    Windows XP SP3..."
    http://www.microsoft.com/downloads/details.aspx?FamilyID=68c48dad-bc34-40be-8d85-6bb4f56f5110

    Also see...

    IE8 Security Part I: DEP/NX Memory Protection:
    http://blogs.msdn.com/ie/archive/2008/04/08/ie8-security-part-I_3A00_-dep-nx-memory-protection.aspx
    --
    IE-specific newsgroup:
    news://msnews.microsoft.com/microsoft.public.internetexplorer.general

    ~Robear Dyer (PA Bear)
    MS MVP-IE, Mail, Security, Windows Client - since 2002


    P. Jayant wrote:
    > Thanks for your comments. I did mean I E 8 and yes indeed, I am on O E 6.
    > Sorry for the mistake. Your clarification about D E P was useful. I shall
    > check my browser history to find if I had done any mistake in entering a
    > web
    > address.
    > But does it mean that the security checks in SP3 are the same as in the
    > previous two service packs?
    >
    > P. Jayant
     
  6. WaIIy

    WaIIy Flightless Bird

    On Fri, 14 May 2010 12:34:29 -0400, "PA Bear [MS MVP]"
    <PABearMVP@gmail.com> wrote:

    >[To keep track of things, it helps immensely if you quote all of the
    >previous message(s) in your replies to the newsgroup. Thank you.]


    It also helps immensely to bottom post.
     
  7. PA Bear [MS MVP]

    PA Bear [MS MVP] Flightless Bird

    This is a Microsoft newsgroup. As top-posting is the default in WinXP's
    default newsreader (i.e., OE), top-posting is the custom here (and in every
    other MS newsgroup...while they're still available).

    PS: Bite me!


    WaIIy wrote:
    > On Fri, 14 May 2010 12:34:29 -0400, "PA Bear [MS MVP]"
    > <PABearMVP@gmail.com> wrote:
    >
    >> [To keep track of things, it helps immensely if you quote all of the
    >> previous message(s) in your replies to the newsgroup. Thank you.]

    >
    > It also helps immensely to bottom post.
     

Share This Page