Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Releases Changelist for Upcoming XP SP2

Posted by simoniker on from the times-they-be-a-changing dept.

kylef writes "As we know from independent sources, Microsoft is busy readying Service Pack 2 for Windows XP. They have published on their website a changelist document (link goes to TechNet download page) detailing the nature of the security-related fixes and updates. The document is targeted towards XP admins and covers some interesting things such as the new Internet Explorer Pop-up Manager and various security policy changes. Some other juicy tidbits from the document: Internet Connection Firewall will be enabled by default, and there will be new support for something called "Execution Protection" which allows developers to make use of the NX (no execute) page guard flag on Intel's Itanium and newer AMD processors. An interesting read."

16 of 524 comments (clear)

  1. Just another angry Linux zealot post... by Anonymous Coward · · Score: 5, Insightful

    Thanks again for the .doc format.

    Why not put such documents in a more Portable Document Format? Even assuming I have Word Reader or Openoffice, why on earth would you dissemante information via a word processor document format?

  2. Re:Program Error by melevitt · · Score: 5, Insightful

    Uhh yeah, but it still shouldn't just crash!

  3. Um, no by Sanity · · Score: 4, Insightful
    I know you really hate Microsoft, but even the most zealotous zealot has to admit that they can't be held responsible when a third-party plugin causes IE to crash (it would do the exact same thing to Mozilla).

    This feature is a great idea, it means that if, for example, Acrobat Reader is causing IE to crash then at least I know who is to blame and can uninstall or upgrade it.

  4. Re:*POOOF* by Tim+Browse · · Score: 5, Insightful

    Not unless they up the feature set - when I looked into XP's firewall, it only blocked incoming connections, not outgoing. I use outgoing blocks as a matter of course to catch spyware, etc, and to prevent Outlook Express/MSNIM from fetching images/ads from web servers, etc. I was looking at the XP firewall for my laptop, because Kerio made my laptop's suspend/sleep functions stop working (grrr) so had to find an alternative. As it turned out, I tried Norton Personal Firewall, which was actually quite good, and not nearly as bad as I had feared. None of them are particularly great at config UI though. Norton especially requires a lot of clicks to set rules up.

    It's just occurred to me that maybe MS don't want to implement an outgoing firewall, given that the number of Windows components that randomly connect to MS servers is quite high, and it would highlight this fact if they did outgoing connection blocking. Hmm.

  5. Re:Internet Explorer Add-on Crash Detection by Com2Kid · · Score: 5, Insightful

    Bleh, troll, or did you just skim the file? Either way. . . .

    What this new feature does (and it IS rather nifty) is detects which piece of spyware loaded up with IE is causing crashes, and lets the user disable said spyware.

    Nice actually. ^_^

    --
    Need help treating your acne? Come here!
  6. Re:*POOOF* by davidstrauss · · Score: 4, Insightful
    Was that the sound of the personal firewall market dying?

    To take an objective perspective, firewalls seem best if they are part of the operating system, not wedged in, but I'm surprised they aren't taking the licensing path that they chose with CD burning and disk defragmenting (both are not written by Microsoft and licensed). The XP firewall, however, does lack outgoing connection control, which shouldn't be enabled by default but should be an option (how hard is it to use the same engine for outgoing connections too?).

  7. Re:All this work by Anonymous Coward · · Score: 4, Insightful

    >Doesn't the blocking of ads violate the terms of use of some sites?

    Possibly. Who cares? I don't agree with such limitations - you put a site on the web for people to read, free of restrictions. I've yet to agree to anything on my computer other than EULAs. Reading a website does not signify I consent to anything.

  8. Re:*POOOF* by mshiltonj · · Score: 4, Insightful

    Nope. Like most things from MS, the power users and admins will realize that they need more protectin then what is standard. They will then tell their family/friends, and the market will continue like it was.

    Yep, just like the web browser market.

    Bad-dum-bump.

    Thank you! Thank you! I'll be here all night!

    --
    Software Wars
  9. ...where is tabbed browsing? by BaconLT · · Score: 4, Insightful
    Conspicuously absent: tabbed browsing. It's a simple and popular feature and it surprises me they didn't include it. Psst-Bill, you can just borrow the code from one of the many open sources that already have it, then brag about how you invented it!

    Now, that's marketing.

    As an aside, when is Windows going to include multiple desktops in their shell? I've used a number of third party pagers, but each has its drawbacks and flaws, probably because it's not written with the privilage of truly understanding the Windows code.

    --
    Who mediates your information?
  10. Re:Quick, call the cops! by Zocalo · · Score: 5, Insightful

    That's an interesting point and Microsoft must be torn over this issue. On one hand, they could take this as an opportunity to lock out a few more dodgy copies of Windows XP... for the few days it takes for the inevitable patch or workaround. On the other hand, by waiving that, they potentially get to vastly improve the security of deployed Windows XP installations. Given the amount of bad press that Microsoft gets each time some Internet worm is doing the rounds I wonder which way they will go...

    --
    UNIX? They're not even circumcised! Savages!
  11. Re:Wow. by FrostedWheat · · Score: 5, Insightful

    For one, they've apparently made a lot of changes to IE that will make it less of a pain in the ass to use.

    Biggest pain for me (as a non-IE user anyway) is that they *STILL* haven't added proper PNG transparancy support! Every other browser on the planet handles it fine, even IE on the Mac.

    It's not like it's a big secret everyone's hiding from MS :)

  12. Re:How Microsoft thinks about security, in a nutsh by zero_offset · · Score: 4, Insightful
    They knew about it, and they didn't do shit about it.

    Alternately:

    -- They knew about it, and management wouldn't let them do shit about it.

    -- They knew about it, but addressing it would take significant time and effort, so they opted to defer that to a later release. After all, a million people running a mediocre firewall is better than a million people running no firewall at all.

    -- They didn't actually realize it until later on. Are you psychic, or do you just happen to have a buddy who was on the ICF dev team?

    But I suppose those angles would just mess up a good troll.

    --

    Slashdot quality declines as the number of hot grits posts decreases. - Provolt's Law, Apr-09-2005

  13. Re:*POOOF* by graf0z · · Score: 5, Insightful
    when I looked into XP's firewall, it only blocked incoming connections, not outgoing

    They are definitly intruding the personal fw market: Look into "Appendix B: Netsh Command Syntax for the Netsh Firewall Ipv4 Context" for the "add allowedprogram" command - finally, they realized that there is something like trojans...

    They're still far away from other packetfilters like netfilter/pf/..:

    • no match against source or dest ip
    • nothing beyond TCP/UDP/ICMP (like GRE, ESP, AH)
    • no subchains (or whatever You wanna call conditional ramifications/jumps)
    • no rate-limiting (e.g. against SYN-flood)
    • no NAT
    • it's not clear how stateful it is (i.e. does it verify TCP sequence numbers?)
    • protocol helpers for RPC/DCOM, but not for FTP, IRC, H.323
    • no tweaky guru stuff like TCP-MSS mangling for tunnels (like VPN or PPPoE)

    There's still a lot of work waiting for the ms devel team ...

    /graf0z.

  14. Re:*POOOF* by Darren+Winsper · · Score: 4, Insightful

    To be fair, the XP firewall is pretty basic, and I've not heard that Microsoft intend on fleshing it out that much. It pretty much does its job, prevent incoming connections, which is what most people want.

  15. Re:who cares about ie blocking popups, still insec by Haeleth · · Score: 4, Insightful

    So there you go. Now the whole site is unusable unless the user disables pop-up protection.

    A site that broken, run by someone with that little regard for his users, is a site I have zero interest in visiting anyway. So what's the problem?

  16. Broken firewall? by supabeast! · · Score: 4, Insightful

    "Internet Connection Firewall will be enabled by default..."

    About damned time. I just hope that DHCP works through it by default, because right now it doesn't, and if it blocks DHCP, all of those broadband users who connect the PC right to the cable/dsl "modem" will deactivate the firewall to get online.

    Of course, what we really need is for ISPs to include a user-manageable firewall in the damned devices in the first place.