In case there was any doubt about the advice in the the aritcle about service pack 2, “Fun with XP SP2 and NMAP“, I think users should apply the patch if they can. (Unless of course someone else is responsible for the machine, such as a network administrator.)
Users may have heard security experts claim that XP SP2 has vunerabilities. This may be true, but so are these facts:
1) Some of the vunerabilities existed in previous versions of Windows XP and simply remain unaddressed.
2) Security is about layers, and this service pack impliments some new layers, the net effect is a good thing.
3) A lot of the stuff the experts are speaking about is pretty esoteric stuff, requiring certain conditions to pre-exist and also requiring the user to be more or less a zombie. Larry Seltzer had a good quote about this on the BugTraq list.
here do we draw the line on this social engineering stuff? If I send an e-mail to someone telling them to flush their iPod down the crapper does that mean the iPod is vulnerable to a toilet attack?
So, to summarize: YES, apply serivce pack 2 on Windows XP machines that you are responsible for. NO, do not flush your iPod.
Related reading: “A Feast of Egos“, by Tim Mulen of Security Focus