Slashdot Mirror
Microsoft Releases Changelist for Upcoming XP SP2
kylef writes "As we know from independent sources, Microsoft is busy readying Service Pack 2 for Windows XP. They have published on their website a changelist document (link goes to TechNet download page) detailing the nature of the security-related fixes and updates. The document is targeted towards XP admins and covers some interesting things such as the new Internet Explorer Pop-up Manager and various security policy changes. Some other juicy tidbits from the document: Internet Connection Firewall will be enabled by default, and there will be new support for something called "Execution Protection" which allows developers to make use of the NX (no execute) page guard flag on Intel's Itanium and newer AMD processors. An interesting read."
> detailing the nature of the security-related fixes
DMCA violation.
Expert in software patents or patent law? Contribute to the ESP wiki!
Looks like MS is finally doing somethin intelligent for once. We'll have to wait to see how intelligent though.
We tend to become like the worst in those we oppose. --Bene Gesserit Coda--
Did you RTFA? (I hate saying that, it makes me feel .. like all the other assholes who say that)
...
Internet Explorer Pop-up Manager
Q. What does Pop-up Manager do?
A. Pop-up Manager blocks most unwanted pop-up windows from appearing. Pop-up windows that are launched when the end user clicks a link will not be blocked.
End users and IT administrators can let specific domains launch programmatic pop-up windows. Developers will be able to use or extend the pop-up functionality in Internet Explorer for applications hosting Internet Explorer.
Q. Who does this feature apply to?
A. For end users, browsing the Web will be less annoying, because unwanted pop-up windows will not automatically appear.
For Web developers, Pop-up Manager affects the behavior of windows opened by Web sites, for example, by using the window.open() and showHelp() methods
For application developers, there is a new user interface: InewWindowManager.
Applications that use the rendering engine in Internet Explorer to display HTML can choose to use or extend the Pop-up Manager functionality.
"wordpad.exe has generated errors and will be closed by Windows.
You need to restart the program.
An error log is being created."
nice.
this Service Pack doesn't break anything 'useful'... *sigh*
With WinXP I got into some serious trouble with my computer and trying to play games. At first everything worked as it should then after a weekend not a single game would play, black screen on launching a game.
After A LOT of work the conclusion was that quickfix 'SP2 Q328310', which had been auto download from MS, did something which stopped a lot of games which need 3D support from working.
Now I always gets a message when I start windows, about 'new updates available': -Yeah sure! It's still buggering me to download the patch.
This really helps MS too, I'm so much more willing to download updates/patches when I know that a quickfix to lets say notepad, might break something totally unrelated; like the ability to shut down WinXP >:(
Was that the sound of the personal firewall market dying?
READY.
#
Thanks again for the .doc format.
Why not put such documents in a more Portable Document Format? Even assuming I have Word Reader or Openoffice, why on earth would you dissemante information via a word processor document format?
I really wonder if there will be undocumented securityfixes included in this Service Pack. I recently heard a director of Microsoft say that when Microsoft finds a security vulnerability, they don't disclose it, but just fixed it in a service pack. I hope I misinterpreted him, but it makes me wonder if a pre SP build of some Microsoft products might have something under the hood for bad guys to use.
Use Adsense for Charity
Executio Protection
Old man Saddam could use feature that right about now.
Only to idiots, are orders laws.
-- Henning von Tresckow
You must be new here.
Bleh, troll, or did you just skim the file? Either way. . . .
What this new feature does (and it IS rather nifty) is detects which piece of spyware loaded up with IE is causing crashes, and lets the user disable said spyware.
Nice actually. ^_^
Need help treating your acne? Come here!
Preferences->Homepage->exclude stories->Microsoft.
I'm sure an enterprising geek could write a script to do that for them. You could even cron job it to give MS free days/weeks.
For one, they've apparently made a lot of changes to IE that will make it less of a pain in the ass to use.
:)
Biggest pain for me (as a non-IE user anyway) is that they *STILL* haven't added proper PNG transparancy support! Every other browser on the planet handles it fine, even IE on the Mac.
It's not like it's a big secret everyone's hiding from MS
Who cares about pop-up blocking in IE? How about: _you_ will care, when you start seeing pop-ups in Mozilla or Opera.
The whole "IE is inferior because it can't block popups" charade existed only _because_ the dominant browser didn't block those. Most people were content to make their pop-ups IE only.
Now that IE has changed, let's think like one of those dishonest marketers. So you were making money serving on-load pop-ups. They no longer work. What next?
How about looking at a little detail: IE, just like Mozilla and Opera, will not block stuff resulting from a user click.
Does it give you ideas yet?
If still not: Want to bet how long until you'll see sites where all links are done with JavaScript that also opens a pop-up window? Where every single drop-down and button and link is accessible only through JavaScript, which incidentally also opens a pop-up or three?
But wait, surely people will start blocking pop-ups completely, right?
Again, let's think like a slimeball some more. Remember, the goal of this exercise is to think not like the user annoyed by those pop-ups, but like the slimeball who pushes them onto you.
He doesn't care if you're annoyed, nor how annoyed. He just wants to make a buck. That's all that matters. He's really got the same moral standards as the spammer filling your inbox with V14GR4 ads.
So in that state of mind: Hmm... what to do against those users still blocking your valuable pop-ups, even when they're triggered by a click?
Well, blimey, make the whole site unusable or crippled without pop-ups. E.g., if you have to log in or fill a form, stuff it in a pop-up window. E.g., all the links to other sites are surely best opened in a separate window, via JavaScript. (All in the name of convenience for the user, of course;) E.g., the site-map, search, articles, etc, surely are best viewed in a separate window opened through JavaScript.
So there you go. Now the whole site is unusable unless the user disables pop-up protection.
Fat lot of good did that pop-up blocking do, eh?
A polar bear is a cartesian bear after a coordinate transform.
I read the document and apparently the pop up blocker is crap. Here's why
ustomers will still see pop-ups launched in the following cases:
The pop-up is opened by a link which the user clicked.
The pop-up is opened by software that is running on the computer.
The pop-up is opened by ActiveX controls that are instantiated from a Web site.
The pop-up is opened from the Trusted Sites or Local Intranet zones.
I sense an increased use of ActiveX by ad-ridden websites in the future. What this is really, is not a way for MS to help out the user by eliminating annoyance. It is a strategy to get everyone who wants pop up ads on their site to use ActiveX. And hopefully when they're using ActiveX they'll make important parts of their site with it. Like say, the navigation bar. I'll stick to Firebird tyvm.
The GeekNights podcast is going strong. Listen!
Firstly, the firewall stuff is good.
.rar file, winrar might be specified, if no applocation is registered to handle this, it wont display this option. Also, anything thats executable e.g. *.bat, *.pif, *.scr, *.exe, *.com wont be allowed to execute and must be saved to disk and/or opened with a seperate application. And, certain things like the program that runs *.vbs scripts would be banned so that they dont appear in this list and you cant say "open with this app by default")
Especially things like "by default, only local machines can talk to the windows network messenger (a.k.a. winpopup), windows file sharing and etc ports".
But, its still not a good substitute for a server-based firewall solution (e.g. a linux box with ipchains/iptables) or for a firewall box like the "firewall+DSL modem+router+switch/hub+nat+etc boxes" that are popular with home broadband networks.
Execution Protection is a good feature, I am surprised that intel didnt add support for marking pages as "execuatble" or "not execuatble" way back when with the 386,486, pentium or whatever.
Given the number of Internet Explorer addons in the lists of Spyware programs like Ad-Aware and Spybot Search & Destroy, the Add-on Manager is something thats long overdue. This should at least prevent those who are clued up enough to check it once in awhile from being hit with Spyware addons.
As for the Java stuff, I think the best thing would be for MS to modify all future operating systems and service packs to completly remove the MSJVM if it is present and to install the sun Java VM instead (I expect that as long as they were shipping it unmodified and shipping as recent a version as possible, sun would just love this)
The MSJVM is a piece of garbage that should disappear for good, along with any lame-braned sites/content/software designed to work with it and only with it.
Now, the MIME type handling stuff.
IMO, the best solution is for IE to completly ignore the file extention and contents if it has a MIME type.
Basicly, if it gets a MIME type, it uses that and ignore both the extention and the content. If it doesnt have a MIME type (e.g. local disk file or FTP server, it should use the extention only and ignore the content).
If the MIME type it has is for something like text/plain or image/png or text/html or something else that IE can handle, it should handle it.
If the MIME type is one for which a system program has regisered itself (for example, ms word could register itself for application/x-msword-document), it gets handed off to that.
Otherwise, windows will display a dialog box asking the user to select from:
1.open with the application registered to handle the extention passed in (for example, if its a
2.open with an application of the users choice.
or 3.save to disk
With an option to save this as the default action for this file extention (and the case of no mime type) and a way to remove that "save as default" and re-specify later on, this would be the ideal solution. Plus, unlike what the MS proposal says, it would actually force web-servers to do away with the "send text/plain as default for anything we dont understand" features and configuractions. The right response (IMO, I havent read the RFCs or anything) is to send no MIME type at all for files that you dont have a specific MIME type for.
As for pop-up manager, here is what MS should do:
1.turn off any features in HTML that allows the changing of the "z-order" of windows (e.g. to make a window move to the back like with a pop-under)
and 2.turn the pop-up blocker on by default
But personally, I think the fault lies with the idiot that invented window.open() in the first place. What legitimate use is there for being able to open a new browser window in this maner?
Many web-sites use links that use the TARGET attribute of the tag to create a new window with content in it and thats pefectly fine.
The only uses for window.open() that I know of are:
1.popups, popunders