Slashdot Mirror
Windows XP SP2 Beta Reviewed
worm eater writes "Ars Technica has a characteristically thorough review of Windows XP Service Pack 2 Beta, with plenty of screen shots. In a nutshell, it's all about security fixes, including a seriously beefed up firewall. The final release is expected this summer." The review concludes: "Overall, Microsoft has made a step in the right direction with this service pack. The increased focus on security will be good not only for the average user who does not spend much time thinking about security her system, but also for 'power users' and those who work supporting end users."
yeah a pop-up blocker would be cool, and the firewall probably isn't a bad idea. But how will these features interact with programs I have now to do the same thing. For example I use google's Toolbar 2.0, which has a pop-up blocker. More importantly is how will the firewall interact with programs like Zone Alarm?
Zone Alarm, and even ZA Pro, is one of the worst possible personal firewalls you could use.
Kerio or PeerGuardian are far superior in terms of configurability and functionality (although ZA is better for new users who don't really need to know what a firewall is.)
I am generally pretty critical on Microsoft but I like how you can Slipstream a service pack into the base OS. Well, not enough to use Windows but I like it.
who cares...
Several years ago mentioned that windows will look more and more like unix every version. I would imagine they would go with a similar implimentation on the backend eventually.
I work with a group that has to automate all kinds of system operations. Both Unix and Windows. I find the windows guys complaining about simple things all the time.
An example would be that there are several things that don't kick off or operate properly in windows until someone logs in. So you can't just schedule a task like you could in 'cron' and expect the same results. So they have to physically log into hundreds of machines every day after they've been rebooted to make sure the tasks will run corretly.
IE has been updated with some good things, but does anyone know if they have fixed the numerous issues that standards oriented web developers have to work around? The png issues, box model issues, absolute positioning issues, etc?
Microsoft is holding back many websites from doing some amazing designs because of their lack of standard compatibility.
"BEHOLD, CORN!!" - Dr. Weird, ATHF
Nothing forces a company like microsoft to improve their products than a little competition. I like how they focused on security this time. If linux for desktops wasn't gaining market share as fast as it is now, I doubt we would have seen this service pack this soon and this full of security updates. Microsoft isn't stupid, they understand why a lot of people switch to linux. They give up that "secure feeling" of windows for actual security. I don't know if this will bring back converts, but I think it will slow down the acceleration of linux adoption for those "regular folks".
I wish MS would implement Service Packs as a way to add other bug fixes to the OS (generally SP's are security only), new add-ons and more features. Additionally, listening to what users want and adding these changes/features into the Service Packs would be nice.
One of the things that make 'Nix based distros, and OS X attractive is that each new development cycle (and they tend to be quick) brings more apps and more features to increase productivity. Granted Linux depends on the developer community and OS X upgrades cost money, MS is comparatively stagnant on technology and OS improvements. MS relies on major development cycles which are generally every 3 to 4 years (e.g. 95 --> NT 4 --> 2000/XP).
For one thing, a major upgrade to IE, Outlook Express and Windows Explorer (make it crash less) are needed. Given all the websites on "Tweaking" Windows 2000/XP, MS should give more thought into making GUI and other OS improvements before Longhorn comes out -- since that will probably be another 2 or 3 year away. In the meantime, OS X should probably be OS XI and RH (for instance) will be at version 11 or 12.
Sure it is about time that IE gets a popup blocker, but one thing I'd like to see improved about IE would be its horridly aged quirky, standards-violating rendering engine. It is the "Netscape 4" of today.
But of course at about 95% of the global browser market share Microsoft see no need to improve that vital component of the browser.
Internet Explorer's browser monopoly is hurting the progress badly by locking the majority to legacy HTML that we should have left behind in the 90's already.
while true; do eject; eject -t; done
Question about the firewall: The "exceptions" dialog indicates that the checked programs "will be allowed to receive connections from other computers." What if I simply want to prevent a program from making outbound connections, the way I can with ZoneAlarm?
After reading the article I thought I would ask the question I thought about for a while. Whey can't we ( The opensource community) patent our ideas. Then we can allow them only of opensource projects. A good example would be the pop up blocker (It probably isn't patentable from proir-art but for argument sake). We could take a good idea and patent so others couldn't use it unless they had a opensource product. We could even fund the patent process with a non-profet orginastion.
I didn't use the preview button, so get over it!!!!
Mike
I almost get the sense that some folks don't want Microsoft to "take a step in the right direction" on security.
After all, if their operating systems are actually just as or more secure, proponents of alternative operating systems can no longer use that as ammunition, can they?
Is it worth it that systems be broken into as a demonstration of Microsoft's insecurity, so the masses and companies "wake up" (as they were supposedly already doing), just so people migrate to Linux? Necessary evil? No. No data loss is a necessary evil.
The coolest voice ever.
Speaking as a phone tech support drone for a large university, many of these changes will be most welcome. The "Blaster" incident cost our university thousands of dollars in overtime and set back all of the activities that were going on at the beginning of the school year.
However, i'm not so sure that the fancier firewall will be such a good thing unless it is implemented properly. Ever since the newer version of AIM that came out in August or September 2003, we have been flooded with calls of it blinking on and off. These problems have been traced to ZoneAlarm - another free firewall that many people use because the one in XP was insufficient. If the new firewall has trouble with an application that is as popular as AIM is among our college students, it could create more problems then its worth for IT departments everywhere.
It may sound as if i'm overreacting for such a simple thing, but try working in IT for a few weeks and receiving over 150 phone calls a day from disgruntled students cussing you out because they can't chat with their friends.
Overall, its long past due that Microsoft focus on security instead of whizz-bang features that serve to slow down the O/S and cause it to be more unstable. XP Professional was a step in the right direction as far as stability, but the security issues are most definitely a large concern, especially to those of us with a phone to our ear.
"To strive, to seek, to find, and not to yield." - Tennyson
Will you Mac users please stop calling PCs "Wintels"?! It sounds dumb. Especially on /. since a lot of people don't run Windows here.
I called them Wintels because for us, that is exactly what they were. Intel based systems running Windows from Microsoft. They were not AMD based machines (though I like AMD hardware), and they were not running any OS other than Microsoft Windows. I did have a Linux box at one time, but I discovered that OS X did everything the Linux box did, only with more convenience, but the Red Hat distro it had on it was quite nice for Linux. At any rate, Wintel is a very useful short descriptive, and I will continue to use it. No offense.
Visit Jonesblog and say hello.
The one problem with developing useful 3rd party apps under MS is that its just a matter of time.. Of course this is something that Microsoft had to do eventually, especially now that people are getting infected before they get a chance to download security updates. 3rd Party Windows software companies of basic utility sw can now only protect their investments by (ab)using patent law... (eg The One Click Firewall, One-Click Unzip etc...) or having a better support infrastructure (not easy)
Mozilla's popup blocking is actually rather stupid. It's basically "Block all popups for 3 seconds after the page loads"* -- which means that if you click on a window.open link too quickly, the user-requested popup will be blocked.
* Yes, they had a cool javascript sandboxing system, but for some reason it couldn't block all popups. so they switched to this scheme.
M$ now taking steps in the right direction. Makes me think the best thing that has happened to Softee in the past few years is Linux.
It may very well be the case Linux will be for M$ what IBM was when IBM was looking for an OS for the PC. People may forget that Gates didn't really want to be in the OS business back then.
Imagine how much harder physics would be if electrons had feelings! -Feynman, maybe
Any mention of full CSS compatability?
$cat
This feature was added specifically to address buffer overflows and the execution of arbitrary code.
With the Intel x86-32 CPU and many other CPUs there are only two flags applicable to a section of memory: read or write. There is no execute flag; if the memory can be read then the instruction pointer can be set to it and it will execute.
The exploitation of a buffer overflow involves overwriting a block of memory to both fill it with code and also to overwrite the return address of the current function. When the function attempts to return to the previous function in the stack trace it instead will jump to the contents of code within the buffer and will perform whatever dastardly deed that was programmed there.
Now with XP SP2 and a supported chipset (which, unfortunately, is only the 64-bit AMD offerings) these sections of memory can be marked as "no-execute" so even if a buffer overflow vulnerability exists it could still overwrite sections of memory but the program would not be capable of executing them. That won't prevent DOS-style buffer overflow exploits (where the program crashes) but it does stop the execution of arbitrary code which is usually the foundation of worms.
Take the tinfoil hat off, this is a great idea. I just wish the Intel x86-32 line supported it.
Dear god yes! my hosts file was given me by another- I took a few entries out, and it works for me.. and I immediately stuck it in my Mothers, Fathers, co-workers, and work computers.. (didn't tell them either) I really hope these 'never install' will be easily moved/shared/installed from comp to comp.
every day http://en.wikipedia.org/wiki/Special:Random
Overall, its long past due that Microsoft focus on security instead of whizz-bang features
Since when has Microsoft done either??
Microsoft is reacting to the overwhelming failure of its operating system to provide even a moderate level of security! Microsoft is reacting to the proliferation of the community's knowledge and understanding that there are more secure, more stable alternatives (thanks to Linux and FreeBSD/OSX).
What "whiz bang" features are you referring to? Popup blocking? Again, this is a three year old technology that Microsoft has tried its best to not implement but is only grudgingly deploying because other products like the Google Toolbar have proven to be incredibly valuable and desireable by the community and its encroached into Microsoft's attempt to hijack the Internet's searching system.
The only thing Microsoft focuses on are continued ways to milk more money from the dominant market position they have in the industry.
Whatever about the spam blockers, the eye candy and the new wireless widget, I wonder if SP2 will detect and disable XP installations with illegally generated corporate volume license keys in the same fashion that SP1 did.
Da Blog
As the AC asked, why specifically do you believe that ZoneAlarm is one of the worst possible firewalls?
All ports sub-1056 are stealthed, assuming you don't disable ICF.
Ports are open from the inside, but RPC no longer accepts remote anonymous connections.
Take note that NO OUTGOING TRAFFIC is filtered unless explicitly configured, with the exception of several ICMP packets.
This signature does not exist. It has never existed. It is all a figment of your imagination.
I work as an independent computer support consultant servicing mostly Windows users, and I can assure you that a large portion of "regular joe" users have huge problems with viruses, spyware, and trojan horses. Most of them don't even know it- they just complain about having a lot of popup windows (spyware) or having trouble with their Internet connection (Blaster). Many of them continue to struggle to use their computer for months with these problems.
And it's not just my clients (who obviously are limited to the set of folks who have problems bad enough to call a professional)... the percentage is high in my social network as well.
Now yes- I agree an expert can avoid these things. I didn't even have virus protection on my primary machine for years, and yet I never got an infection. But that was because I never got attachments from untrusted sources. And I never downloaded "risky" software. But average users and even "experts" who are unfamiliar with this particular OS are vulnerable, and it's ludicrous to suggest that these huge problems are an issue of user skill.
Frankly, from a purely financial perspective, what MS is doing is bad for my business... I really should send a nice thank you note to the turd that wrote Blaster. But something tells me I'm not going to be running out of work anytime soon...
-R
Working for an ISP, I've had the exact opposite experience: AVG would pick up the viruses that the Big Two missed.
In fact, I've so far not found an instance where one slipped by an up to date installation of AVG. The caveat is that it isn't so good at deleting files which need permission changes, nor is it very good at neutering the viruses it's unable to delete.
It's what we recommend to our customers. Then again, we can't recommend anything commercial to our customers, because they'll never install something they have to pay for, no matter how necessary.