Hackers Wouldn't Bother To Spoof SP2's Security Center

Microsoft on Thursday flatly denied reports that one of Windows XP Service Pack 2's most touted features leaves users open to possible attacks. In effect, hackers have better things to do, Microsoft said.
According to one outside analysis, SP2's Windows Security Center, the dashboard-like console that monitors and reports on the status of various security defenses -- from firewalls to anti-virus software -- can be spoofed by hackers into displaying false information, such as an enabled firewall or a even a totally bogus anti-virus package supposedly protecting the PC.

Security status could be faked, said the researchers, by a number of possible exploit avenues, including the drag-and-drop vulnerability in Internet Explorer that was made public last week. The possible goal by hackers: disable defenses but at the same time remain under the radar.

Many in-the-wild worms intentionally disable long lists of firewalls and anti-virus products. Recent variations of the Bagle worm, for instance, target almost 300 different pieces of protective software for termination. By combining that trait with this spoof, worms could infect a PC and yet remain undetected by the user.

Microsoft denied that Windows Security Center has a vulnerability. “In order for an attacker to spoof the Windows Security Center, he or she would have to have local administrator rights on the computer,” Microsoft said in an e-mailed statement.