Slashdot Mirror
Microsoft Releases Changelist for Upcoming XP SP2
kylef writes "As we know from independent sources, Microsoft is busy readying Service Pack 2 for Windows XP. They have published on their website a changelist document (link goes to TechNet download page) detailing the nature of the security-related fixes and updates. The document is targeted towards XP admins and covers some interesting things such as the new Internet Explorer Pop-up Manager and various security policy changes. Some other juicy tidbits from the document: Internet Connection Firewall will be enabled by default, and there will be new support for something called "Execution Protection" which allows developers to make use of the NX (no execute) page guard flag on Intel's Itanium and newer AMD processors. An interesting read."
> detailing the nature of the security-related fixes
DMCA violation.
Expert in software patents or patent law? Contribute to the ESP wiki!
Go read the doc. before you post.
IE has a popup manager in SP2
Looks like MS is finally doing somethin intelligent for once. We'll have to wait to see how intelligent though.
We tend to become like the worst in those we oppose. --Bene Gesserit Coda--
Did you RTFA? (I hate saying that, it makes me feel .. like all the other assholes who say that)
...
Internet Explorer Pop-up Manager
Q. What does Pop-up Manager do?
A. Pop-up Manager blocks most unwanted pop-up windows from appearing. Pop-up windows that are launched when the end user clicks a link will not be blocked.
End users and IT administrators can let specific domains launch programmatic pop-up windows. Developers will be able to use or extend the pop-up functionality in Internet Explorer for applications hosting Internet Explorer.
Q. Who does this feature apply to?
A. For end users, browsing the Web will be less annoying, because unwanted pop-up windows will not automatically appear.
For Web developers, Pop-up Manager affects the behavior of windows opened by Web sites, for example, by using the window.open() and showHelp() methods
For application developers, there is a new user interface: InewWindowManager.
Applications that use the rendering engine in Internet Explorer to display HTML can choose to use or extend the Pop-up Manager functionality.
I downloaded the doc file, and tried to open it with WordPad (which is supposedly compatible with MS Word (which I refuse to buy), at least up to the level of displaying the text (without tables/pics)
Guess what ? WinXPpro SP1 is very sorry for the inconvenience but decides to throw up on me (an exception that is) and bail out !
When will I end this grieving ? When will my future begin ?
"wordpad.exe has generated errors and will be closed by Windows.
You need to restart the program.
An error log is being created."
nice.
this Service Pack doesn't break anything 'useful'... *sigh*
With WinXP I got into some serious trouble with my computer and trying to play games. At first everything worked as it should then after a weekend not a single game would play, black screen on launching a game.
After A LOT of work the conclusion was that quickfix 'SP2 Q328310', which had been auto download from MS, did something which stopped a lot of games which need 3D support from working.
Now I always gets a message when I start windows, about 'new updates available': -Yeah sure! It's still buggering me to download the patch.
This really helps MS too, I'm so much more willing to download updates/patches when I know that a quickfix to lets say notepad, might break something totally unrelated; like the ability to shut down WinXP >:(
Was that the sound of the personal firewall market dying?
READY.
#
TextEdit under osx works fine :)
Thanks again for the .doc format.
Why not put such documents in a more Portable Document Format? Even assuming I have Word Reader or Openoffice, why on earth would you dissemante information via a word processor document format?
I really wonder if there will be undocumented securityfixes included in this Service Pack. I recently heard a director of Microsoft say that when Microsoft finds a security vulnerability, they don't disclose it, but just fixed it in a service pack. I hope I misinterpreted him, but it makes me wonder if a pre SP build of some Microsoft products might have something under the hood for bad guys to use.
Use Adsense for Charity
The file is in the "OpenOffice.org MS Word doc" format. Wordpad does it's best to open this OpenOffice.org format but it' can't be expected to keep up with the regular format changes.
Expert in software patents or patent law? Contribute to the ESP wiki!
The 32-bit version of Windows currently leverages the "no-execute page protections" processor feature as defined by Advanced Micro Devices (AMD). This processor feature requires that the processor run in Physical Address Extension (PAE) mode.
Although the only processor families with Windows-compatible hardware support for execution protection that are currently shipping are the AMD K8 and the Intel Itanium processor families, it is expected that future 32-bit and 64-bit processors will provide execution protection.
This sounds nifty, too bad x86 CPUs don't support it (barring AMD's x86-64 offerings). However, doesn't PAE mode result in significant I/O performance degradation?
Executio Protection
Old man Saddam could use feature that right about now.
Only to idiots, are orders laws.
-- Henning von Tresckow
In earlier versions of Windows, there is a window of time between when the network stack was running and when ICF provides protection. This results in the ability for a packet to be received and delivered to a service without ICF filtering and potentially exposes the computer to vulnerabilities. This was due to the firewall driver not starting to filter until the firewall service was loaded and had applied appropriate policy. The firewall service has a number of dependencies which causes the service to wait until those dependencies are cleared before it pushes the policy down to the driver. This time period is based upon the speed of the computer.
What bugs me about this is that it strikes me as a problem that was well known about when the developers were writing the original code for ICF. They knew about it, and they didn't do shit about it.
What has *science* done?!? -- Dr. Weird (ATHF)
You must be new here.
This feature is a great idea, it means that if, for example, Acrobat Reader is causing IE to crash then at least I know who is to blame and can uninstall or upgrade it.
Mozilla Firebird works quite well too, and isn't shareware either. And I heard you get a browser that's better than IE as a special offer! :-D
Beware: In C++, your friends can see your privates!
This detection has nothing to do with the error reporting feature already in Windows XP. It's just designed to better handle crashes in 3rd party software attached to IE.
Beware: In C++, your friends can see your privates!
Bleh, troll, or did you just skim the file? Either way. . . .
What this new feature does (and it IS rather nifty) is detects which piece of spyware loaded up with IE is causing crashes, and lets the user disable said spyware.
Nice actually. ^_^
Need help treating your acne? Come here!
I just read through that thing - there are a lot of good fixes in there. For one, they've apparently made a lot of changes to IE that will make it less of a pain in the ass to use. Some major changes to popup windows in general - they're making it much harder to trick users with popups.
They also seem to have made a lot of changes to the firewalling stuff - firewalling is on by default, too. They also made it so that the File Sharing and Networking ports only work in the local subnet -this means people won't be able to hit you with Windows Messenger spams from the 'net anymore, or access your RPC ports... good stuff.
Maybe, just maybe, MS will eventually get security right. This Service Pack appears to be a sizable step in the right direction.
using namespace slashdot;
troll::post();
>Doesn't the blocking of ads violate the terms of use of some sites?
Possibly. Who cares? I don't agree with such limitations - you put a site on the web for people to read, free of restrictions. I've yet to agree to anything on my computer other than EULAs. Reading a website does not signify I consent to anything.
I think you misunderstand:
HTML writers - web page authors - cannot just bypass the pop-up manager changes. The new interface they reference is for applications that use IE to render HTML. This new interface is part of the Win32 API essentially, and cannot just be called willy-nilly from a webpage (just like any piece of Win32 API).
The little FAQ snippet makes this distinction bu but not very clearly. For app-developers this means that instead of using a little piece of Javascript to open a window they will have to hitch into the API to create a new window.
Basically its just a move to allow app-developers to still use the renderer in an effective way with minimal code changes. Most developers I know however do not use the HTML engine to open new windows. They instead create a new window with API or a language construct and then assign a new instance of the IE activex object to that handle. It's a much more reliable way of opening new HTML windows in applications.
All of the things listed in the patch that are suppose to help security, such as the firewall, are useless. Why, you ask? Because Dell, HP, Compaq, whoever, they don't ship pre-patched like they should. Why doesn't Microsoft get off their fat ass and require that computer manf. patch with SP2? HMMM? Insert a freaking update CD into the box, setup a 1-800 number that the Windows installer contacts to get the latest updates. There's a ton of things Microsoft COULD do, patching isn't enough.
Rant over.
Fortress of Insanity
No, application developers that use the IE renderer can choose to use or extend the blocker functionality, NOT the website designers. You know, applications running locally?
Be wary of any facts that confirm your opinion.
Preferences->Homepage->exclude stories->Microsoft.
I'm sure an enterprising geek could write a script to do that for them. You could even cron job it to give MS free days/weeks.
Considering the complexity of modern spyware, does anyone else think there's a good possibility that disabling said spyware won't be that easy?
Way back in my Comp Sci days, I could have sworn that when a 386 (and to some extent a 286) was running in protected mode, different areas of memory could be marked as 'code' for execution and for 'data' that could not be executed. Trying to read or write to the code area, or execute a data area would result in exceptions. It was many years ago though ...
Now, that's marketing.
As an aside, when is Windows going to include multiple desktops in their shell? I've used a number of third party pagers, but each has its drawbacks and flaws, probably because it's not written with the privilage of truly understanding the Windows code.
Who mediates your information?
Download Mozilla Firebird and you don't need that kind of potentially suspicious (Is it spyware? Does it like to get uninstalled nicely or will it leave something behind? Is the company making it really trustworthy?) closed-source software...
the funny part is everyone who doesnt use outlook as a mail client has had safer email for years.
I wish they would fess up and tell the truth... they are making outlook safer to use.
My unix email clients never have opened and executed a virus, as it is still stupid to allow someone to execute an attachment without forcing them to save it ti a location first.
also, have they disabled the stupid "feature" to hide file extensions? this one thing is one of the worst securtiy holes in existance.
Do not look at laser with remaining good eye.
Each section detailed in the document has this Orwellian subheading. But I feel it's missing the appropriate emphasis...
What breaks or "works differently"?
I think I'll wait a while before applying it so other users can find all the new "features".
one word: activeX
Ie is just too insecure. Look at all the spyware that utterly rapes it. With Mozilla as mature and stable as it is, there is just zero excuse to use ie for daily surfing. Sure there are the rare occasional times you need it for crappy sites that refuse to run on standard compliant browsers, but 99% of your surfing time should be in Moz (or opera or anything else).
Lawyers, MBA's, RIAA? A jedi fears not these things!
To ignore it would be to ignore what this site is all about. This stuff does matter to a great many people in their everyday business environment. /. != Linux
* Winners compare their achievements to their goals, losers compare theirs to that of others.
http://cbs.marketwatch.com/news/story.asp?guid=%7B 605678E9-C043-4B7E-94C7-E693D2BBA696%7D&siteid=goo gle&dist=google
So the implication is that Intel is only supporting this security feature on enterprise servers (Itanium), while AMD is supporting security on desktops and servers.
I've switched to Firebird, finally. I got sick of finding that my HOSTS file, favourites, and start page were being rewritten by malicious web pages.
On the other hand, Firebird doesn't use the MS JVM, it uses the Sun JVM, which occasionally decideds to use 99% of my system resources. It behaved the same way when I tried to use it for IE as well.
On the other, other hand (what, three hands???) I love tabbed browsing, though I haven't yet adjusted - I keep dragging the cursor towards the taskbar looking to switch processes before redirecting to the tabs.
On the fourth hand (this is getting weird) I now see the effects of all the tiny errors in my hand-coded HTML that IE was running - and a proper browser is refusing to display. I actually like that, since forcing compliant coding on me makes my work accessible to more browsers than just IE... of course since they're just vanity pages for me and the wife, it was never critical which is why the errors were never checked for before.
I'm out of hands, now.
Alternately:
-- They knew about it, and management wouldn't let them do shit about it.
-- They knew about it, but addressing it would take significant time and effort, so they opted to defer that to a later release. After all, a million people running a mediocre firewall is better than a million people running no firewall at all.
-- They didn't actually realize it until later on. Are you psychic, or do you just happen to have a buddy who was on the ICF dev team?
But I suppose those angles would just mess up a good troll.
Slashdot quality declines as the number of hot grits posts decreases. - Provolt's Law, Apr-09-2005
http://news.google.com/news?hl=en&ie=ISO-8859-1&sc oring=d&edition=us&q=amd+overflow&btnG=Search+News
This google search turns up a link "Commentary: Working with Microsoft to plug a big hole"
now the funny thing is that this morning the link was called "AMD grabs key security advantage" and that's also in the title bar of the page and in big caption. Interesting how that was replaced with the subtitle that downplays a big win for AMD. I had trouble even finding the link which was obvious this morning. Things that make you go 'hmm.
Why do I have the feeling that Pop-up Manager doesn't sound like Pop-up Killer?
Of course I haven't RTFA, but I hope it pops up a dialog box asking what to do instead of barging straight on in and changing all the (firewall) settings.
doesn't PAE mode result in significant I/O performance degradation?
No, or at least on older processors it wouldn't, I don't know much about newer processor design. This is done in hardware, and it can be done in parallel with the usual work of the processor. That means it will make the processor an insignificant bit larger, but not slower.
Since it's in MS Office format, has anyone found any intering meta info in it yet? :-)
zWhat would an EWOULDBLOCK block, if an EWOULDBLOCK could block would? -- me
Who cares about pop-up blocking in IE? How about: _you_ will care, when you start seeing pop-ups in Mozilla or Opera.
The whole "IE is inferior because it can't block popups" charade existed only _because_ the dominant browser didn't block those. Most people were content to make their pop-ups IE only.
Now that IE has changed, let's think like one of those dishonest marketers. So you were making money serving on-load pop-ups. They no longer work. What next?
How about looking at a little detail: IE, just like Mozilla and Opera, will not block stuff resulting from a user click.
Does it give you ideas yet?
If still not: Want to bet how long until you'll see sites where all links are done with JavaScript that also opens a pop-up window? Where every single drop-down and button and link is accessible only through JavaScript, which incidentally also opens a pop-up or three?
But wait, surely people will start blocking pop-ups completely, right?
Again, let's think like a slimeball some more. Remember, the goal of this exercise is to think not like the user annoyed by those pop-ups, but like the slimeball who pushes them onto you.
He doesn't care if you're annoyed, nor how annoyed. He just wants to make a buck. That's all that matters. He's really got the same moral standards as the spammer filling your inbox with V14GR4 ads.
So in that state of mind: Hmm... what to do against those users still blocking your valuable pop-ups, even when they're triggered by a click?
Well, blimey, make the whole site unusable or crippled without pop-ups. E.g., if you have to log in or fill a form, stuff it in a pop-up window. E.g., all the links to other sites are surely best opened in a separate window, via JavaScript. (All in the name of convenience for the user, of course;) E.g., the site-map, search, articles, etc, surely are best viewed in a separate window opened through JavaScript.
So there you go. Now the whole site is unusable unless the user disables pop-up protection.
Fat lot of good did that pop-up blocking do, eh?
A polar bear is a cartesian bear after a coordinate transform.
This already exists - Ingo Molnar has written something called the exec-shield patch which implements this functionality in a slightly different fashion. Here is a link to one of Ingo's patch announcements.
SCREW THE ADS! http://adblock.mozdev.org/ Proud user of teh Fox of Fire - Registered Linux User #289618
> So instead of finding the source(s) of the crashes and fixing it,
> they have apparently given up on that,
You've completely misunderstood. The entire point of the Crash Detection system is so that Microsoft ARE aware of when crashes are happening and CAN fix them. If this system wasn't there - they wouldn't even know your browser had ever crashed. Users rarely report bugs (and especially don't bother to give you detailed information) so this system is an excellent idea.
Additionally, this new system "Add-on Crash Detection" allows them to give you useful advice if a 3rd party (IE non MS) component causes a crash.
I don't know about anyone else, but my IE has been crashing quite a lot since I installed Macromedia Flash 7. This isn't obviously Microsofts fault, but they might be able to tell Macromedia what crashes are occuring and how they were caused.
I *really* hate stupid ill-thought-out comments like yours.
So there you go. Now the whole site is unusable unless the user disables pop-up protection.
A site that broken, run by someone with that little regard for his users, is a site I have zero interest in visiting anyway. So what's the problem?
Will it even run on a P3 1.33?
To within half a percent, pi seconds is a nanocentury. -- Tom Duff
God, IE could really use some better CSS handling. I'm disappointed they didn't add any with this service pack.
I read the document and apparently the pop up blocker is crap. Here's why
ustomers will still see pop-ups launched in the following cases:
The pop-up is opened by a link which the user clicked.
The pop-up is opened by software that is running on the computer.
The pop-up is opened by ActiveX controls that are instantiated from a Web site.
The pop-up is opened from the Trusted Sites or Local Intranet zones.
I sense an increased use of ActiveX by ad-ridden websites in the future. What this is really, is not a way for MS to help out the user by eliminating annoyance. It is a strategy to get everyone who wants pop up ads on their site to use ActiveX. And hopefully when they're using ActiveX they'll make important parts of their site with it. Like say, the navigation bar. I'll stick to Firebird tyvm.
The GeekNights podcast is going strong. Listen!
Firstly, the firewall stuff is good.
.rar file, winrar might be specified, if no applocation is registered to handle this, it wont display this option. Also, anything thats executable e.g. *.bat, *.pif, *.scr, *.exe, *.com wont be allowed to execute and must be saved to disk and/or opened with a seperate application. And, certain things like the program that runs *.vbs scripts would be banned so that they dont appear in this list and you cant say "open with this app by default")
Especially things like "by default, only local machines can talk to the windows network messenger (a.k.a. winpopup), windows file sharing and etc ports".
But, its still not a good substitute for a server-based firewall solution (e.g. a linux box with ipchains/iptables) or for a firewall box like the "firewall+DSL modem+router+switch/hub+nat+etc boxes" that are popular with home broadband networks.
Execution Protection is a good feature, I am surprised that intel didnt add support for marking pages as "execuatble" or "not execuatble" way back when with the 386,486, pentium or whatever.
Given the number of Internet Explorer addons in the lists of Spyware programs like Ad-Aware and Spybot Search & Destroy, the Add-on Manager is something thats long overdue. This should at least prevent those who are clued up enough to check it once in awhile from being hit with Spyware addons.
As for the Java stuff, I think the best thing would be for MS to modify all future operating systems and service packs to completly remove the MSJVM if it is present and to install the sun Java VM instead (I expect that as long as they were shipping it unmodified and shipping as recent a version as possible, sun would just love this)
The MSJVM is a piece of garbage that should disappear for good, along with any lame-braned sites/content/software designed to work with it and only with it.
Now, the MIME type handling stuff.
IMO, the best solution is for IE to completly ignore the file extention and contents if it has a MIME type.
Basicly, if it gets a MIME type, it uses that and ignore both the extention and the content. If it doesnt have a MIME type (e.g. local disk file or FTP server, it should use the extention only and ignore the content).
If the MIME type it has is for something like text/plain or image/png or text/html or something else that IE can handle, it should handle it.
If the MIME type is one for which a system program has regisered itself (for example, ms word could register itself for application/x-msword-document), it gets handed off to that.
Otherwise, windows will display a dialog box asking the user to select from:
1.open with the application registered to handle the extention passed in (for example, if its a
2.open with an application of the users choice.
or 3.save to disk
With an option to save this as the default action for this file extention (and the case of no mime type) and a way to remove that "save as default" and re-specify later on, this would be the ideal solution. Plus, unlike what the MS proposal says, it would actually force web-servers to do away with the "send text/plain as default for anything we dont understand" features and configuractions. The right response (IMO, I havent read the RFCs or anything) is to send no MIME type at all for files that you dont have a specific MIME type for.
As for pop-up manager, here is what MS should do:
1.turn off any features in HTML that allows the changing of the "z-order" of windows (e.g. to make a window move to the back like with a pop-under)
and 2.turn the pop-up blocker on by default
But personally, I think the fault lies with the idiot that invented window.open() in the first place. What legitimate use is there for being able to open a new browser window in this maner?
Many web-sites use links that use the TARGET attribute of the tag to create a new window with content in it and thats pefectly fine.
The only uses for window.open() that I know of are:
1.popups, popunders
Why, why, why no full IE PNG support?
Argh.
May we never see th
Marques Johansson
actually $10 says there's some sort of security bug/error that DOES let people access the pop-up manager directly from HTML.
m ag eLoader(src='/img/text.png', sizingMethod='scale');
remember, you can embed VBScript in an HTML page and set it to run on the user's end.
And then, there's my favorite hack for getting PNGs to display transparent in IE (breaks links if you're using the transparent PNG as a background, if the link is on top of the PNG...but it still looks pretty).
filter:progid:DXImageTransform.Microsoft.AlphaI
now, really, that's not even valid CSS. but place that in your CSS rule where you want a transparent background, and BAM! Transparent PNG.
So say what you will about jerkoffs writing pop-up spam not being able to access the pop up manager, i'm firmly placing myself in the skeptic arena.
Is it me or are they actually beginning to shape up? I know it's blasphemy to praise MS, but after reading that document I was quite impressed. A few times I was surprised and uttered, "Wow, they actually fixed that!" to myself as I was reading.
...but what's the catch? Seems too good to be true.
Perhaps there is some remote code that manipulates pixels on your screen to subliminally flash messages to you thus making you relinquish your spiritual ownership and connection to your soul. You are now one of them.
We have secretly replaced these Slashdot mods' sense of humor with a rusty nail. Let's see if they notice!!
"The funny part is everyone who doesnt use outlook as a mail client has had safer email for years."
Disclaimer: I absolutly HATE Outlook and Exchange...
But in the defense of MS (yikes) they have managed to cobble together enough bandaid fixes to make Outlook rather sane. In this day and age downloading stuff before you run it simply isn't enough. Of the three near virus problems I've had on the network, people downloaded something that was from someone they didn't know, didn't even have a double extension, and was labeled something suspicous ("sexyfun.exe"? If that doesn't scream virus, I don't know what does).
With the latest update of Outlook 2000, & Exchange 2000 MS simply crippled ALL "dangerous" file formats. At first I was going to re-enable them but thinking about it, I decided not to. There is no reason to send an exe file directly through email, and if you do wrap it in a zip file and save some bandwidth while you're at it.
Obviously if I didn't have to use exchange for mail I could easily filter mail at the server, but I have to work with what I've got. MS has at least taken some steps in the right direction (although it's still not a substitute for designing something with security in mind).
"Execution Protection" (NX) has nothing to do with TCPA. NX means the heap and stack are not executable unless you take specific measures to make them so. NX should make it MUCH more difficult for worms and viruses to execute arbitrary code via buffer overruns. Unfortunately, NX is not possible on current 32-bit Intel processors.
PAE mode is not the same a 64bit.
p or t/driver/notes/pae.html
PAE is for 32bit processors that want to be able to access more than 4Gb of memory.
Usually you would not enable PAE unless you needed that much memory, such as on a database server.
Because the AMD64 must be running in PAE mode for the NX bit to function desktop user will need to use PAE even though they don't have over 4Gb.
Most drivers for consumer equipment are not written to operate in PAE mode, so the HAL is emulating standard 32bit mode in order to ensure compatibility.
http://developers.sun.com/solaris/developer/sup
If you are running the 64bit version of Windows you will not need to enable PAE as the NX flag is availible in 64bit mode.
"Taligent is still pure vapor. Maybe they'll be the last who jumps up on Openstep... "
"Internet Connection Firewall will be enabled by default..."
About damned time. I just hope that DHCP works through it by default, because right now it doesn't, and if it blocks DHCP, all of those broadband users who connect the PC right to the cable/dsl "modem" will deactivate the firewall to get online.
Of course, what we really need is for ISPs to include a user-manageable firewall in the damned devices in the first place.
Way back in my Comp Sci days, I could have sworn that when a 386 (and to some extent a 286) was running in protected mode, different areas of memory could be marked as 'code' for execution and for 'data' that could not be executed. Trying to read or write to the code area, or execute a data area would result in exceptions. It was many years ago though ...
That's how it works now, and the CPU won't execute from instructions in areas marked nonexecutable. Problem is, the stack is executable, and that's where buffer overruns happen. And a certain code technique called a trampoline, which generates asm on the stack to execute, requires an executable stack. Trampolines aren't strictly necessary, but they are fast and easy, and they're not going to be easy to get out of everything that needs it. I'm told there's ways around the nonexecutable stack as well, though I'm not certain what they are. Regardless, I'm not sure if it's even possible to make the stack nonexecutable on IA32...
I've finally had it: until slashdot gets article moderation, I am not coming back.
Those are two totally different things.
/var, to prevent any programs there from being uploaded and then run to take advantage of an exploit or other such issues.
Drepper is talking about being able to mount disks with the noexec flag, which prevents programs on that partition from being executed. This is most often used on filesystems that could possibly be written by public users, like
Execution Protection is probably referring to making the code pages of a program non-writeable. The goal is to prevent buffer overflows from allowing a script kiddie to write to the code segments and load the shell code. Take a look at OpenBSD's W^X (write xor execute) for more info.
What the hell are you talking about?
The API in question is the Inet interface provided by Internet Explorer since IE4.0.. it isn't a "standard", nor is it published anywhere outside of MS, nor is it sanctioned by any standards body. It's just an API they created to allow developers to use IE's HTML rendering engine.
It is not covered under the settlment.
So... WHAT EXACTLY is your reference to Konq/Moz and how is it relevant?
"Execution Protection" marks pages *in memory* as data rather than code. That helps prevent buffer overrun and stack-smashing attacks -- where cleverly arranged faulty data can be executed as though it's a program.
The "Execution Protection" is a feature of the CPU, which operating systems can add support for. If it isn't already in Linux I'd expect to see it soon.
The Linux stuff is about marking entire *disks* (mountpoints, really) as containing only data, and not programs you want to run. That prevents someone from uploading a nasty program onto your disk, then running it. (For example, you could mount your operating system / built-in programs on a read-only disk, then mark everything else as 'noexec' -- making an attacker's job much tougher).
four nine eighteen twenty-7 thirty-nine forty-7 fiftyeight sixty-nine seventy-9 eighty-8 one-hundred-and-nine one-twenty
trolling on slashdot
poor substitute for a life
yet it still goes on
Also, keep in mind that having a running firewall is going to break a lot of apps and cause a lot of pain. I predict the number of calls to MS phone support (and to XYZ company's phone support) will explode after this service pack rolls out.
Suddenly gamers won't be able to host multiplayer games, for one. People's distributed file sharing clients won't let them share anything. etc...
I suspect that this anticipated user pain is the reason the ICF was not on by default at XP ship time.
I just made the same suggestion to my neighbor who just wired up his house for a home network of 5 PCs. You can get a switch/router with DHCP service, NAT, firewall services for under $25 bucks nowadays. One of the reps in CompUSA told him he would need to purchase a copy of Norton for every PC in his house to make sure his network is secure. fscking asshole
With tabs I can see related sets of tab headers in one quick glance.
With the dreaded grouping, everything is hidden from you until you click below. While I enjoy having things wrapped for me at christmas, I would find it exceedingly annoying to have everything wrapped for me all year long, the actual contents hidden until I unwrapped them.
The grouping was the first thing I turned off in XP and the single most requested feature to help other people disable once they found it it was possible.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
From http://www.openbsd.org/34.html#new :
It's a bit of a kludge on i386 (unlike amd64 or ppc), but it can still be done."It's better to keep your mouth shut and be thought a fool than to open it and remove all doubt."
That is absurd. Microsoft wants to kill ActiveX on the web just as much as you do.
I can't remember the last time I read an article on MSDN or any other MS developer website where it was suggested you should use a client side ActiveX component to provide a rich interface.
They have already recognized its major shortcomings (notably "all or nothing" trust of components) and are now pushing new alternatives to a rich web experience (.NET smart clients, Avalon XAML apps in Longhorn, etc).
The reason they can't block ActiveX controls is that an ActiveX control can do whatever it wants if the browser allows it to execute. There is no fine grained control over what it is allowed to do.
No conspiracy here.
This section provides detailed information about the technologies included in Windows XP Service Pack 2 that help inform the user about security technologies and ensure that computers have current security updates. These technologies are either designed to help provide security or have been improved to provide more security than before.
This content is not available in this preliminary release.
Conserve Oil, Recycle, Boycott Walmart
This reminds me of GeoCities where people with a GeoCities homepage (as they call it) were not allowed to put in HTML, JavaScript, or anything else that blocked or altered the adds. I have never heard of an EULA that had anything to do with agreeing to not block popup adds or add images.
Even if an EULA forbid people browsing the web from blocking the popup adds that would be very stupid because there is no way to inforce such an agreement and stop people from using Squid Guard and such software. Besides, HTML is an interpreted language. It's up to the web browser to figure out how it should look in the end.
Maybe someone could make an EULA that forbids blocking any images on the web page, altering the text size, defult font, colors, and forbids the use of text-only browsers such as lynx. If anyone does let me know so we can sterilize those people and their descendants so we can rid the gene pool of such people. :)
Losing faith in humanity one person at a time.
Uhm, why do I get modded flamebait for providing a link to a tool that allows to convert .doc -> .txt? Well, lick my balls Mr.Moderation...