Internet Security measures in XP/SP3

  • Thread starter Thread starter P. Jayant
  • Start date Start date
P

P. Jayant

Guest
I have not been able to locate any list of the Internet security features

included in SP3 as against the previous versions of XP: SP1 and SP2. I

discovered a new feature in O E 8 after installing SP3. There is a Spam

Folder and it appears as if any message from a party who is not in my

Address Book is sent to the Spam Folder. I can look at the Sender’s name and

the subject and if I need to keep it, I can Move it to the Inbox Folder by

right clicking on the subject and selecting Move from the options; but the

Spam tag given to it remains there as a prefix to the Subject.



The second security measure I came across yesterday, involved quite a bit of

struggle. I receive various bills like the one from the Electricity Utility

Company by e-mail and pay it through Internet Banking Facility. I have

accounts in two banks and I have been paying the electricity bill for quite

a few years from one of these two banks when my system was under SP1 and

later under SP2. This bank asked me only to log in and confirm twice that I

approved paying the amount specified in the bill. But after the recent

installation of SP3 on my computer, XP refused yesterday to clear the

payment because of insufficient Merchant Data, giving Data Execution

Prevention requirement as the reason.



Since I did not know if I could resolve the problem, I decided to pay the

bill from the account in the second bank. This bank asks first for Log-in

username and password. Then it asks for the Username and Password for paying

by Internet transaction. And when that too is cleared, it displays three or

four English alphabets on the payment screen, one alphabet per box with

space for entering two digits in a box below. On the reverse of my ATM Card

from this bank are the two digits corresponding to the English alphabets.

When I read that table behind the ATM card and enter the two digits in each

box correctly, the payment is instantly made. Thus there are much stricter

security measures in the system of the second Bank: measures which

apparently fulfill the Data Execution Prevention requirement of XP3.







Could any knowledgeable user of XP3 indicate if XP3 really has introduced

this new feature for Internet transaction security? Or could there be any

other reason for the blockade?







P. Jayant
 
> I have not been able to locate any list of the Internet security features

> included in SP3...



List of fixes that are included in WinXP SP3

http://support.microsoft.com/kb/946480



> I discovered a new feature in O E 8 after installing SP3. There is a Spam

> Folder and it appears as if any message from a party who is not in my

> Address Book is sent to the Spam Folder.



You may be running a security suite that includes an anti-spam component but

the functionality's certainly not part of SP3.



PS: You may have installed IE8 but you're still running OE6.



PPS: The other "security measures" you're referring to are included in IE8,

not SP3.

--

IE-specific newsgroup:

news://msnews.microsoft.com/microsoft.public.internetexplorer.general



~Robear Dyer (PA Bear)

MS MVP-IE, Mail, Security, Windows Client - since 2002





P. Jayant wrote:

> I have not been able to locate any list of the Internet security features

> included in SP3 as against the previous versions of XP: SP1 and SP2. I

> discovered a new feature in O E 8 after installing SP3. There is a Spam

> Folder and it appears as if any message from a party who is not in my

> Address Book is sent to the Spam Folder. I can look at the Sender’s name

> and

> the subject and if I need to keep it, I can Move it to the Inbox Folder by

> right clicking on the subject and selecting Move from the options; but the

> Spam tag given to it remains there as a prefix to the Subject.

>

> The second security measure I came across yesterday, involved quite a bit

> of

> struggle. I receive various bills like the one from the Electricity

> Utility

> Company by e-mail and pay it through Internet Banking Facility. I have

> accounts in two banks and I have been paying the electricity bill for

> quite

> a few years from one of these two banks when my system was under SP1 and

> later under SP2. This bank asked me only to log in and confirm twice that

> I

> approved paying the amount specified in the bill. But after the recent

> installation of SP3 on my computer, XP refused yesterday to clear the

> payment because of insufficient Merchant Data, giving Data Execution

> Prevention requirement as the reason.

>

> Since I did not know if I could resolve the problem, I decided to pay the

> bill from the account in the second bank. This bank asks first for Log-in

> username and password. Then it asks for the Username and Password for

> paying

> by Internet transaction. And when that too is cleared, it displays three

> or

> four English alphabets on the payment screen, one alphabet per box with

> space for entering two digits in a box below. On the reverse of my ATM

> Card

> from this bank are the two digits corresponding to the English alphabets.

> When I read that table behind the ATM card and enter the two digits in

> each

> box correctly, the payment is instantly made. Thus there are much stricter

> security measures in the system of the second Bank: measures which

> apparently fulfill the Data Execution Prevention requirement of XP3.

>

>

>

> Could any knowledgeable user of XP3 indicate if XP3 really has introduced

> this new feature for Internet transaction security? Or could there be any

> other reason for the blockade?

>

>

>

> P. Jayant
 
DEP has nothing to do with online transaction security. Its role is to

(attempt to) prevent the execution of data in memory as if it were a program.

This typically arises when a buffer-overrun exploit is attempted by a

malicious site, or by badly-coded software.



Which begs the question, were you on the correct site, or did you mistype

the URL and land on a spoof/phishing page? A check of your browser's history

should tell you if that was the case. If so you should do a thorough malware

check and change your banking password.



It may of course be that the page was genuine, and the bank in question had

installed an activex control containing coding mistakes which went unnoticed

without DEP. Though, that is unusual and would soon be reported to the bank

if it were the case.



"P. Jayant" wrote:



>

>

> I have not been able to locate any list of the Internet security features

> included in SP3 as against the previous versions of XP: SP1 and SP2. I

> discovered a new feature in O E 8 after installing SP3. There is a Spam

> Folder and it appears as if any message from a party who is not in my

> Address Book is sent to the Spam Folder. I can look at the Sender’s name and

> the subject and if I need to keep it, I can Move it to the Inbox Folder by

> right clicking on the subject and selecting Move from the options; but the

> Spam tag given to it remains there as a prefix to the Subject.

>

> The second security measure I came across yesterday, involved quite a bit of

> struggle. I receive various bills like the one from the Electricity Utility

> Company by e-mail and pay it through Internet Banking Facility. I have

> accounts in two banks and I have been paying the electricity bill for quite

> a few years from one of these two banks when my system was under SP1 and

> later under SP2. This bank asked me only to log in and confirm twice that I

> approved paying the amount specified in the bill. But after the recent

> installation of SP3 on my computer, XP refused yesterday to clear the

> payment because of insufficient Merchant Data, giving Data Execution

> Prevention requirement as the reason.

>

> Since I did not know if I could resolve the problem, I decided to pay the

> bill from the account in the second bank. This bank asks first for Log-in

> username and password. Then it asks for the Username and Password for paying

> by Internet transaction. And when that too is cleared, it displays three or

> four English alphabets on the payment screen, one alphabet per box with

> space for entering two digits in a box below. On the reverse of my ATM Card

> from this bank are the two digits corresponding to the English alphabets.

> When I read that table behind the ATM card and enter the two digits in each

> box correctly, the payment is instantly made. Thus there are much stricter

> security measures in the system of the second Bank: measures which

> apparently fulfill the Data Execution Prevention requirement of XP3.

>

>

>

> Could any knowledgeable user of XP3 indicate if XP3 really has introduced

> this new feature for Internet transaction security? Or could there be any

> other reason for the blockade?

>

>

>

> P. Jayant

>

>

> .

>
 
Thanks for your comments. I did mean I E 8 and yes indeed, I am on O E 6.

Sorry for the mistake. Your clarification about D E P was useful. I shall

check my browser history to find if I had done any mistake in entering a web

address.

But does it mean that the security checks in SP3 are the same as in the

previous two service packs?



P. Jayant
 
[To keep track of things, it helps immensely if you quote all of the

previous message(s) in your replies to the newsgroup. Thank you.]



"Windows® XP Service Pack 3 (SP3)...includes a small number of new

functionalities, which do not significantly change customers’ experience

with the operating system. This white paper summarizes what is new in

Windows XP SP3..."

http://www.microsoft.com/downloads/details.aspx?FamilyID=68c48dad-bc34-40be-8d85-6bb4f56f5110



Also see...



IE8 Security Part I: DEP/NX Memory Protection:

http://blogs.msdn.com/ie/archive/2008/04/08/ie8-security-part-I_3A00_-dep-nx-memory-protection.aspx

--

IE-specific newsgroup:

news://msnews.microsoft.com/microsoft.public.internetexplorer.general



~Robear Dyer (PA Bear)

MS MVP-IE, Mail, Security, Windows Client - since 2002





P. Jayant wrote:

> Thanks for your comments. I did mean I E 8 and yes indeed, I am on O E 6.

> Sorry for the mistake. Your clarification about D E P was useful. I shall

> check my browser history to find if I had done any mistake in entering a

> web

> address.

> But does it mean that the security checks in SP3 are the same as in the

> previous two service packs?

>

> P. Jayant
 
On Fri, 14 May 2010 12:34:29 -0400, "PA Bear [MS MVP]"

wrote:



>[To keep track of things, it helps immensely if you quote all of the

>previous message(s) in your replies to the newsgroup. Thank you.]



It also helps immensely to bottom post.
 
This is a Microsoft newsgroup. As top-posting is the default in WinXP's

default newsreader (i.e., OE), top-posting is the custom here (and in every

other MS newsgroup...while they're still available).



PS: Bite me!





WaIIy wrote:

> On Fri, 14 May 2010 12:34:29 -0400, "PA Bear [MS MVP]"

> wrote:

>

>> [To keep track of things, it helps immensely if you quote all of the

>> previous message(s) in your replies to the newsgroup. Thank you.]

>

> It also helps immensely to bottom post.
 
You must log in or register to reply here.

Similar threads

Microsoft Windows
Increased security measures for Windows 11
Replies
0
Views
2
Microsoft Windows
Microsoft Windows
S
Do I need to reset the TPM so newly enabled SHA PCR Banks work?
Replies
0
Views
7
Soda Can1
S
Windows Server
Disabling predetermined security defaults in Office 365
Replies
0
Views
2
Windows Server
Windows Server
K
I did not apply for the the norton security, yet I've been charged
Replies
0
Views
12
karyne roweton
K
D
Urgent Assistance Required: Recurring Microsoft Account Security Issues
Replies
0
Views
11
DavitKiphiani
D
Back
Top