Slashdot Mirror
Windows XP SP2 Beta Reviewed
worm eater writes "Ars Technica has a characteristically thorough review of Windows XP Service Pack 2 Beta, with plenty of screen shots. In a nutshell, it's all about security fixes, including a seriously beefed up firewall. The final release is expected this summer." The review concludes: "Overall, Microsoft has made a step in the right direction with this service pack. The increased focus on security will be good not only for the average user who does not spend much time thinking about security her system, but also for 'power users' and those who work supporting end users."
I'd tolerate all the exploits if this thing would make me toast and coffee in the morning.. meh.
http://www.babysmasher.com
http://www.openingbands.com
A review of a service pack? What's next, A screenshot of RTPatch? I can see it now...
"Here we see the patch process at 37% complete. Note that the progress bar is roughly one third filled in with a nice blue color."
Please!!
popup blocker in IE. Finally!
:D
It ASKS YOU before installing random crap in the background and at least notes that "Some software could be harmful"
Good. Step in the right direction.
You can download the service pack here
"The increased focus on security will be good not only for the average user who does not spend much time thinking about security her system, but also for 'power users' and those who work supporting end users."
The only security improvement that I would characterize as being "good" for those who work support end users is one which prevented them from using the computer in the first place.
Please, God, take me now....
(been a long day)
-- "Government is the great fiction through which everybody endeavors to live at the expense of everybody else."
Is this available for download now? where?
Does it default allowed or denied? The screenshot shows it checked (allowed) but did it come that way?
'power users', 'Windows'... in the same sentance.. what are you smoking? :P
moo
Overall, Microsoft has made a step in the right direction with this service pack. The increased focus on security will be good not only for the average user who does not spend much time thinking about security her system, but also for 'power users' and those who work supporting end users."
We still have a couple of W2k and XP boxes that we'll probably keep, but the damage over the past couple of years with poor security has been done. We have been migrating many of our Wintel systems to OS X for a whole variety of reasons. I really hope that this service pack works as advertised as I still own some Microsoft stock, but I am afraid that Microsoft needs to completely re-engineer the OS like they are doing with Longhorn to resolve the security problems with Windows. Unfortunately that will be in what....2006?
Visit Jonesblog and say hello.
Wait , OMG... I must format my Gentoo build now, and install this superior Operating system.
Electronic Music Made Using Linux http://soundcloud.com/polyp
i personally advise customers to *never* update their windows systems.
i receive many calls regarding windows computers that are no longer working and when i ask when the system last worked they say before they updated. then they express their confusion at having been told to keep their system up to date.
part of the problem is that (beyond the initial service pack for any particular microsoft product) not enough people install the updates so that the bugs in the updates are not addressed.
the "never install software from..." button.
Microsoft must be trying to bankrupt Gator / GAIN / THAT COMPANY THAT MAKES a product remarkably simliar to SPYWARE. They'll be filing for name changes once a week now.
There are some people that if they don't know, you can't tell 'em.
Yes, but it is not good to combine bug fixes with new features! Also, we need those bug fixes now! There are hundreds of them.
I hope this does not slow down or complications to my system like other updates from microsoft have.
Shouldn't these features have been part of XP from the beginning though? That's like saying the brakes on my Ford are a new "feature". I suppose......
All-in-all a good review. I wonder if this will raise any new "monopoly" charges though with everyone from Norton Internet Security to Pop-up blocker companies' business going down the drain - virtually overnight.
I am generally pretty critical on Microsoft but I like how you can Slipstream a service pack into the base OS. Well, not enough to use Windows but I like it.
Praise Jebus the service pack is in beta stages! So when will we see the final release, or is longhorn the final release? Woo hoo! Updated security, does that mean i can finally hook up my laptop. How exciting.
I work in tech support for an ISP, and quite a few calls come in where the ICF is blocking DHCP, DNS, HTTP, or SMTP requests. Does this mean that we will stop having calls about this? I doubt it, because most of the users will just assume that if they hit the 'Close' button in the alert about the app, it will be allowed automatically. Also, I'm sure that most users won't be able to figure out the 'Configure' dialog box that is there.
Crushing dreams at the speed of sarcasm
How much of the beta will still be in its original shape when its available to the public? I for one still use XP at work and home and still find it useful for all of my needs *gaming*. I applaud MS for getting this out quickly because it should clear up the long mess that is in my add/remove programs list.
Sweet! My windoze computer is finally protected from the outside world... oh wait, nevermind.
I've been running 2003 as a desktop for a couple of weeks now. Haven't found one thing that ran on XP that couldn't be made to run on 2003. Everything is locked down until expressly opened. All the eye candy and useless dross from XP is turned off or MIA. Seems much peppier as a desktop and webserver than XP or even 2000. IIS 6 almost (almost) makes you forget all the crap MS released in the past.
IE has been updated with some good things, but does anyone know if they have fixed the numerous issues that standards oriented web developers have to work around? The png issues, box model issues, absolute positioning issues, etc?
Microsoft is holding back many websites from doing some amazing designs because of their lack of standard compatibility.
"BEHOLD, CORN!!" - Dr. Weird, ATHF
Try saying that 5x fast.
What I'd like to know is, are there any forced lock-ins -- such as "you only get these nice security patches which you need to avoid worms if you also install our new version of DRM, which locks you out of things you could previously do".
Not something you could easily tell in a first review -- but it's what I suspect will be more and more common, especially as MS loses the digital battle with ITMS/ITMS-wannabes
(and what's with the "wankerdesk" in the URL? :) )
Found this article from Microsoft, might be of interest to some, "This document contains preliminary information about the security technologies in Windows XP SP2."
Windows XP Service Pack 2: A Developer's View
Nah. There is always SOMETHING to complain about!
Manipulate the moderator system! Mod someone as "overrated" today.
IE now has a popup blocker.. thereby making Telnet the last (by my count) internet-related application that does NOT have a built-in popup blocker. Are companies still paying for that shit? I can't imagine them getting anything approaching a good return on investment for popup ads these days. Unless they can get them free in specially-marked boxes of cereal, or something. On an unrelated note, why are they giving XP users a firewall? Any XP user that needs a firewall should be on 2000, if not Linux/Unix. XP is for media and third-graders. :(
Nothing forces a company like microsoft to improve their products than a little competition. I like how they focused on security this time. If linux for desktops wasn't gaining market share as fast as it is now, I doubt we would have seen this service pack this soon and this full of security updates. Microsoft isn't stupid, they understand why a lot of people switch to linux. They give up that "secure feeling" of windows for actual security. I don't know if this will bring back converts, but I think it will slow down the acceleration of linux adoption for those "regular folks".
I wish MS would implement Service Packs as a way to add other bug fixes to the OS (generally SP's are security only), new add-ons and more features. Additionally, listening to what users want and adding these changes/features into the Service Packs would be nice.
One of the things that make 'Nix based distros, and OS X attractive is that each new development cycle (and they tend to be quick) brings more apps and more features to increase productivity. Granted Linux depends on the developer community and OS X upgrades cost money, MS is comparatively stagnant on technology and OS improvements. MS relies on major development cycles which are generally every 3 to 4 years (e.g. 95 --> NT 4 --> 2000/XP).
For one thing, a major upgrade to IE, Outlook Express and Windows Explorer (make it crash less) are needed. Given all the websites on "Tweaking" Windows 2000/XP, MS should give more thought into making GUI and other OS improvements before Longhorn comes out -- since that will probably be another 2 or 3 year away. In the meantime, OS X should probably be OS XI and RH (for instance) will be at version 11 or 12.
Might want to have a look at task scheduler...
Imagine how much harder physics would be if electrons had feelings! -Feynman, maybe
You, apparently, since you decided to reward us with your insight.
Several years ago mentioned that windows will look more and more like unix every version
Looks to me that Linux is looking more like Windows XP, but that's just me. As to "the backend", ideally Windows will continue to look more like what Dave Cutler intended it to be. We can only hope.
An example would be that there are several things that don't kick off or operate properly in windows until someone logs in
Whatever "group" you're working with don't know what the fuck they're doing. That's your problem. Unless you can tack developer/analyst/consultant stupidity on the OS vendor, which is relatively uncommon. But I guess you can do that if you want. I mean, it's a great anecdote if you want to make a point that "Windoze is teh sux". I think I'll start blaming RedHat or Debian every time my weekly Mozilla build fails, eh? It's so much easier!
Sure it is about time that IE gets a popup blocker, but one thing I'd like to see improved about IE would be its horridly aged quirky, standards-violating rendering engine. It is the "Netscape 4" of today.
But of course at about 95% of the global browser market share Microsoft see no need to improve that vital component of the browser.
Internet Explorer's browser monopoly is hurting the progress badly by locking the majority to legacy HTML that we should have left behind in the 90's already.
while true; do eject; eject -t; done
So it's large because most of the binaries have been recompiled, even ones where the code hasn't changed.
However, the main thing that drew my attention was this, which Ars Technica only briefly mentioned:(lots more detail on the MSDN link)
Question about the firewall: The "exceptions" dialog indicates that the checked programs "will be allowed to receive connections from other computers." What if I simply want to prevent a program from making outbound connections, the way I can with ZoneAlarm?
Knowing M$ the firewall in this SP will probably be preconfigured to block all access to competing products (Linux, OpenOffice, ...). That is, if John/Jane Doe ever finds his/her way out of the MSDN version of the web...
After reading the article I thought I would ask the question I thought about for a while. Whey can't we ( The opensource community) patent our ideas. Then we can allow them only of opensource projects. A good example would be the pop up blocker (It probably isn't patentable from proir-art but for argument sake). We could take a good idea and patent so others couldn't use it unless they had a opensource product. We could even fund the patent process with a non-profet orginastion.
I didn't use the preview button, so get over it!!!!
Mike
I almost get the sense that some folks don't want Microsoft to "take a step in the right direction" on security.
After all, if their operating systems are actually just as or more secure, proponents of alternative operating systems can no longer use that as ammunition, can they?
Is it worth it that systems be broken into as a demonstration of Microsoft's insecurity, so the masses and companies "wake up" (as they were supposedly already doing), just so people migrate to Linux? Necessary evil? No. No data loss is a necessary evil.
The coolest voice ever.
This is good news. I like the new exceptions dialog in the ICF. Maybe now programs that require port ranges instead of just one port will be automagically handled by Windows and not require 50 billion entries in the list. Yes, I know, 65535 blah blah...50 billion makes my issues seem more important :D
Once, I booted WinXP for a couple of hours to do one specific thing. I didn't use a firewall because it was only for a couple of hours. Before I shut down, my machine had Blaster!
Two days ago, I installed a small XP partition in preperation for a LAN party. My system already seems to be infected with something that hijacks Google's links.
A deep unwavering belief is a sure sign you're missing something...
Speaking as a phone tech support drone for a large university, many of these changes will be most welcome. The "Blaster" incident cost our university thousands of dollars in overtime and set back all of the activities that were going on at the beginning of the school year.
However, i'm not so sure that the fancier firewall will be such a good thing unless it is implemented properly. Ever since the newer version of AIM that came out in August or September 2003, we have been flooded with calls of it blinking on and off. These problems have been traced to ZoneAlarm - another free firewall that many people use because the one in XP was insufficient. If the new firewall has trouble with an application that is as popular as AIM is among our college students, it could create more problems then its worth for IT departments everywhere.
It may sound as if i'm overreacting for such a simple thing, but try working in IT for a few weeks and receiving over 150 phone calls a day from disgruntled students cussing you out because they can't chat with their friends.
Overall, its long past due that Microsoft focus on security instead of whizz-bang features that serve to slow down the O/S and cause it to be more unstable. XP Professional was a step in the right direction as far as stability, but the security issues are most definitely a large concern, especially to those of us with a phone to our ear.
"To strive, to seek, to find, and not to yield." - Tennyson
look it up
Yay me!
What exactly defines the "power users" who need this new-and-improved-maybe-this-time-it-won't-suck version of Windows?
Let's look at the word...
Power and User come together. Obviously, this implies that the user has some kind of power. However, this user is using Windows, which gives no power to its users. Thus, this mysterious user must actually WORK at Microsoft. Now why would the staff of MS need a version of Windows with security that doesn't suck?
the answer: to cover their asses for making crappy software.
Esoteric reference.
This beta release includes debugging symbols, which, while fairly large, are not normally installed by end-users. Look for a pretty significant reduction in size for the final release.
From the article's last page:
One major change in the core is the addition of support for hardware-enforced no-execute. CPUs that support this feature can protect application code from data, which will help prevent attacks from viruses that work by attacking memory marked for data.
Unfortunately the only known XP-compatible processors that support this feature are the Athlon 64/Opteron family.
I like the blurb that appears on the screen shot too: You can disable the built-in protection that helps prevent incompatible and non-secure software from running on your computer. I wonder what gets deamed incompatible or non-secure. At least they offer the ability to disable it at the moment. It'll be hard to trust Microsoft with such a technology. Execution control would be a nice feature for a OS, but as we all know, with great power comes great responsibility, and MS seams to be responsible for one thing: profit.
Cthulhu Saves.
Ok, I don't have a very current nightly build, but since when does Mozilla magically know which popups you want and which you don't?
--
the strongest word is still the word "free"
The one problem with developing useful 3rd party apps under MS is that its just a matter of time.. Of course this is something that Microsoft had to do eventually, especially now that people are getting infected before they get a chance to download security updates. 3rd Party Windows software companies of basic utility sw can now only protect their investments by (ab)using patent law... (eg The One Click Firewall, One-Click Unzip etc...) or having a better support infrastructure (not easy)
Now, I want you to think very carefully about this... You are installing a beta version of a service pack?
Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
Ars Technica: Windows XP SP2 Beta first look: Page 1 -- (1/2004)
2004 pages! Now that's thorough! Oh, wait a minute...
UNIX? They're not even circumcised! Savages!
Note: THIS is the new machine killer. Having cleaned a disturbingly increasing number of affected machines lately (including to a smaller degree, my own!), I think that this should be Microsoft's New Frontier. "Stealth" installations of crapware need to be stopped... Somehow.
After all, what good is your computer if it takes you 15 minutes to boot it up and crashes every 5 mins. thereafter?
"...Well, there's egg and bacon; egg sausage and bacon; egg and spam; egg bacon and spam; egg bacon sausage and spam..."
A lot of people on here give XP a bad name.
Over 40% of the computer users in the world use XP, and most have no trouble with Blaster or random spywares, or indeed security hacks.
There are a lot of posters in here who claim to have had so many problems with XP. Obviously then it is a lack of knowledge and experience on your part. Just because you can't get it going well doesn't mean it is a problem with the OS. Lots of Joe Home Users are very happy with it. I am a very happy XP user, and have absolutely none of the problems that are bleated on about here. Turn into real users.
Not affiliated with Microsoft at all!! No doubt I will be called a troll by the Linux zealots in here!
from trojaned broadband users, is welcome with me. i have to deal with this stuff, and i know a lot of you do too.
:>
wait - we all have to deal with this. the level of spam sent from trojaned users using exclusively microsoft's more modern (you may permit yourself a slight snicker at this point) operating systems is over 50%. that's more than half, for the numerically challenged.
this is a serious problem. microsoft's inattention to security has literally destabilized the fundamental mechanisms of the Net.
ok, that's pretty dramatic. but whatever
Yeah but.. Wormage. It doesn't matter if you have a firewall if someone contracts the Nachi worm on their laptop and plugs in the CAT 5. It's happened here, and it sucks.
"...Well, there's egg and bacon; egg sausage and bacon; egg and spam; egg bacon and spam; egg bacon sausage and spam..."
This feature was added specifically to address buffer overflows and the execution of arbitrary code.
With the Intel x86-32 CPU and many other CPUs there are only two flags applicable to a section of memory: read or write. There is no execute flag; if the memory can be read then the instruction pointer can be set to it and it will execute.
The exploitation of a buffer overflow involves overwriting a block of memory to both fill it with code and also to overwrite the return address of the current function. When the function attempts to return to the previous function in the stack trace it instead will jump to the contents of code within the buffer and will perform whatever dastardly deed that was programmed there.
Now with XP SP2 and a supported chipset (which, unfortunately, is only the 64-bit AMD offerings) these sections of memory can be marked as "no-execute" so even if a buffer overflow vulnerability exists it could still overwrite sections of memory but the program would not be capable of executing them. That won't prevent DOS-style buffer overflow exploits (where the program crashes) but it does stop the execution of arbitrary code which is usually the foundation of worms.
Take the tinfoil hat off, this is a great idea. I just wish the Intel x86-32 line supported it.
From the ICF screenshot when a program attempts to open a port:
"Some software can be harmful. Only allow software from publisheres you trust to accept online connections"
Hmm... If you don't trust the software, why the hell are you running it in the first place? IMHO this may prevent a lot of spyware crap, but the real solution is to not run the programs in the first place. Technically, the 'programs' (spyware) can just disable the ICF feature when run (if running as admin).
On the other hand, if not run as admin, they couldn't disable the ICF and this feature should be quite useful.
I.O.U One Sig.
Dear god yes! my hosts file was given me by another- I took a few entries out, and it works for me.. and I immediately stuck it in my Mothers, Fathers, co-workers, and work computers.. (didn't tell them either) I really hope these 'never install' will be easily moved/shared/installed from comp to comp.
every day http://en.wikipedia.org/wiki/Special:Random
Overall, its long past due that Microsoft focus on security instead of whizz-bang features
Since when has Microsoft done either??
Microsoft is reacting to the overwhelming failure of its operating system to provide even a moderate level of security! Microsoft is reacting to the proliferation of the community's knowledge and understanding that there are more secure, more stable alternatives (thanks to Linux and FreeBSD/OSX).
What "whiz bang" features are you referring to? Popup blocking? Again, this is a three year old technology that Microsoft has tried its best to not implement but is only grudgingly deploying because other products like the Google Toolbar have proven to be incredibly valuable and desireable by the community and its encroached into Microsoft's attempt to hijack the Internet's searching system.
The only thing Microsoft focuses on are continued ways to milk more money from the dominant market position they have in the industry.
However, this post, which I aknowledge to be be WTFOT will not be modified.
Ah life on /..
"Talk minus action equals nothing" - Joey Shithead, D.O.A.
"Talk minus action equals
"The increased focus on security will be good not only for the average user who does not spend much time thinking about security [securing] her system, but also for 'power users' and those who work supporting end users."
Are you implying that men are better at securing their systems then women?
Im dreaming ofa big bndwdth, That can resist the
You of course realize that pop-up blocking becoming mainstream will just push sites and advertisers into another, equally or more annoying method of pushing unwanted crap in your face before you can get to the content you want.
I can just see it, you must view the ad for 15 seconds before you can load the next page and there's no getting around it, unless you want to spend your life picking apart javascript or whatever for code to load the next page.
What you got today is an annoyance, what you might have tomorrow is a headache. Time to get back to lynx.
A feeling of having made the same mistake before: Deja Foobar
Mozilla Firebird is better, and a cursory look at its support for privacy and CSS, is in my mind 'enough'.
Karma: It's all a bunch of tree-huggin' hippy crap!
You, you and your developer buddy(s)? Your whole virtual development community? Who gets to decide who had critical input and who didn't?
Who pays for the review/legal fees?
Who researches prior art before preparation/submittal?
Who is responsible for lawsuits if you wanna go after someone? Who funds that?
Tough questions....Anyone have answers?
Is the juice worth the sqeeze?
1. The most annoying option will be the default.
2. The more aggrevating the behavior of a default option, the more difficult it will be to find where it's set and change the setting.
A feeling of having made the same mistake before: Deja Foobar
opinion is all well and good, but have you any facts to back it up ? why is ZA the "worst possible firewall" ? all i can find are glowing reviews
no really , what makes ZA so bad yet Kerio is so good ?
Microsoft's definition of a 'power user' is a user who can change their own settings and install software which won't break Windows...
Karma: It's all a bunch of tree-huggin' hippy crap!
I recently bought an Opteron system...and planned to use it for gaming purposes (keep the criticism to yourselves, I've heard it all). I tried installing 2003 because my school had recently given me a copy and I felt that was a good time as any to try it out, because I wouldn't have to backup everything to do a clean install with XP afterwards. If I liked it, I'd keep it.
First...I could *not* get directX working. It installed, but dxdiag wouldn't enable direct3d. It kept saying my driver didn't support hardware acceleration. Then I installed sound card drivers, and THAT was horrible. It BSOD'ed. Then every time it rebooted, the software that came with the audigy's drivers would start up pop up a screen which would cause the computer to bsod again. I went to safe mode, stopped that application from starting up automatically, rebooted, and used add/remove programs to remove the audigy software. In the middle of the uninstall, it bsod'ed. I tried again, it bsod'ed in the same place.
Given that 2003 is a server OS, I can draw two conclusions...it's a HORRIBLE server OS, because it's not frigging stable, or it's not meant to have graphics/sound because it's a server OS, and it's stable otherwise. WinXP has absolutely NO problems with my hardware at all.
Warning: Opinions known to be heavily biased.
Whatever about the spam blockers, the eye candy and the new wireless widget, I wonder if SP2 will detect and disable XP installations with illegally generated corporate volume license keys in the same fashion that SP1 did.
Da Blog
...when I saw it has about a 50% thumbs up rating on cnet. Alot of people were having issues with it. And if the odds are that 1 out of 2 people will have a problem, I know which one I get to be.
Hold your breath until IE supports a single clickable button to remove all privacy-sensitive information.
Karma: It's all a bunch of tree-huggin' hippy crap!
Yeah, because emerge -u system is just too much to type sometimes.
Karma: It's all a bunch of tree-huggin' hippy crap!
I though the idea of a beta was to find the bugs. if this patch is only beta, does that mean the original was alpha?
Damn, Microsoft is smart, they sell there alpha version and the give away the beta version
it is only after a long journey that you know the strength of the horse.
As the AC asked, why specifically do you believe that ZoneAlarm is one of the worst possible firewalls?
Any corporate setting that already has ZLID running will never see any benefit to migrating to a new desktop firewall of unknown quality. The rule set you've worked so hard would be useless. And as far as anyone can tell the update fixes address the known vulnerabilities. Mega SPs will slow everyone down for very little if any perceived benefit.
Call me paranoid, but this sounds a lot like "trusted computing" "NX" will probably be used to enforce "no execute" on non MS software.
What?
sparc+solaris has had hardware enforced stack execution protection since Solaris 7. Absolutely fantastic.
IE Pop-up blocker needs two things; an override key and a visual queue.
With google toolbar i just hold the ctrl key while clicking and the pop-up is permitted. It's very useful for sites like www.showcasecinemas.com where you click to bring up a list of showings and it comes in a second window.
Sound queues annoy me too; and for the less anal retentive they may be unavailable (that's less likely these days; but still possible); again something like the visual queue google gives.
The allow pop ups for a specific site is a nice addition though.
I'd like to know what I'm signing over to Gates & Co., what kind of global permissions I have to grant them, and what kind of invasive tricks they have up their sleeve- just to make sure my system is as secure as it should have been in the first place.
I'd like to see a nmap scan of the ports still open after applying SP2. And a good reason why those ports are still open. Is 1025 open? If then, why? Does Microsoft break functionality in favor of security in an product that targets home users? A proper documentation for the ports used by XP Home and Pro would be far better than a obscure new service pack that does things and more voodoo. I read the document on expected changes with SP2 (looks weird in OOs, but it's readable). Almost words about those funny ports beyond 1024 where those dynamic mappings to the RPC begin.
Keep up the...work Microsoft.
Signed The Moops
at 222MB, they should consider sending every registered MS user a CD. I'm sure they could afford it. During the previous security fiasco, their defense was that the patch was available but people didn't bother upgrading their systems. Not everyone is on broadband, so it has to be easier to distribute the patch the same way AOL sends those coasters. Leave it to the user to decide whether to throw out the CD or not.
Funny thing about Software firewalls. They are subject to "Social Engineering". A SW firewall is really 2nd level (even 3rd level) defence. Microsoft have done a good thing by enabling it as default and making it a bit more functional, as an interim measure. (I suspect ZA may disagree)
To stop rogue incoming traffic, it's easier than trying to work out which of the many interrelated default Windows services they can disable, or configure to listen to local requests only... which is the approach I assume Longhorn is be taking.... Security-wise this is the conceptual flaw with Windows. Power without responsibility... A firewall will paste over the cracks for a short time - but for how long?
To stop rogue out going traffic, well usually its too late by then ...
Firewall: "Do you wish to allow "Very Important Microsoft Firewall Update to access the intenet?"
User: Err... yes?
Trojan: "Sucker!!! ..."
I'll wait for SP3 that way all the new holes in SP2 are covered. ;)
Umm.. that's part of the point of a Beta, dumbass.
No software company has the resources to test every possible combination and interaction of software and every possible application it is used for. Customers test Beta software in their own situations and report on any issues they see so they can be fixed by release time.
How about you download the Beta and do the same?
Mmmm.. Donuts
As you've probably ready a slew of posts by now about how "M$ still suxors!" and how MS will "never be as secure as *ix".
Keep something in mind. While a good portion of the m$ directed slings and arrows are legitimate concerns over the security of the OS, with good reason, the majority of slasdot users hate M$ because of a completely different ideal. M$ is huge. By nature, slashdot folks just hate corporations. All corporations are bad. They do nothing but steal from the public and rape their employees. They kick puppies and steal candy from kids.
What folks here would really hate most is this: Microsoft actually getting their OS into a position where the *ix folks would have nothing to complain about that didn't happen years in the past. The best they could do is say, "Well I don't trust an OS that is as buggy as Windows USED TO BE"
I use Linux and Windows. I prefer Linux however the apps I need to do work don't exist on Linux. Linux advocates need to put pressure on software developers to release versions for Linux (Starting with Macromedia IMHO).
Unless that can happen, more CEO's and CTO's (Who are mostly clueless) are going to read these changes Microsoft is making and remain a Microsoft shop.
Karma means nothing to me, so suck it...
I want to know about the status of the Eolas "fix". I'm pretty surprised the reviewer did not mention its absence/presence.
In addition to Solaris, sparc+OpenBSD has this feature. We've been buyin SUN hardware just because of Sparc's cool features.
Only Microosft could claim that this is innovationb
Moneyed corporations, non-working 'poor' and criminal prisoners are turning productive citizens into tax-slaves.
Did you troll on purpose or what?
Windows XP is based on the NT kernel and is a direct descendant of Windows 2000, itself a descendant of NT 4/3.
All of the above mentioned operating systems are true securable multiuser systems.
Microsoft hides and softens the details in Windows XP Home edition, but that changes nothing. On an XP pro workstation, create users and assign them permissions and group membership as you desire, including full DACL support on both the registry and filesystem.
tl;dr: think & know before you open your mouth.
Natural != (nontoxic || beneficial)
Naa man, you're way off.
I'm unfortunate to work every day with end users that had no idea there were even alternatives to Internet Explorer, let alone that they can do great things like tabbed browsing, block popups, protect your security, save passwords better, use less memory... etc..
I tell them, and very often they download and install Mozilla. They usually like it a lot.
If people were informed of such things as this, they'd use them. If Internet Explorer wasn't included in Windows, we'd see a wider spectrum of browsers being used, and with the lackluster features, performance, and rendering anomolies, IE wouldn't be on the top of the list.
- It's not the Macs I hate. It's Digg users. -
The WinXP ICF is designed to coexist with other firewalls, first off.
The pop-up blocker also coexists with other popup blockers. I currently have three different ones installed (Earthlink's blocker from months ago, the Google popup blocker which is disabled, and I'm running SP2) and see no problems.
However, the new IE popup blocker still won't block SOME popups, namely popups that occur due specifically to your clicking a link. It will only block "automatic" popups. (i.e. a link you click is scripted to open a popup while at the same time navigating to another page. The popup will still display)
This signature does not exist. It has never existed. It is all a figment of your imagination.
tell them to quit downloading so much porn
And you need a few million dollars to litigate the patent. Of course, some attorneys may be willing to do it on a contingency basis.
There is a reason patents are referred to as the "legal sport of kings."
When I (and most Open Source writers) write something Open Source (granted my stuff is rinky-dinky) I just write it in my spare time with no desire or capability to invest money into it. I just can't afford to patent things on my own. That is why most patents are assigned to a major company. You need money to get patents.
I don't know what the financial situation is for the major projects (Linux kernel, Mozilla, KDE, etc.) but they'd have to make a serious commitment of money and time (as it takes ~5yrs to get a software patent now a days) to get patents. Until recently, the majority of MSFT's patent portfolio was in keyboards and mice! It wasn't until they got scared with the recent patent attacks against them that they started to build their software portfolio.
Another small problem for the Open Source community is that many countries bar you from getting a patent if you have published the idea before filing the application. Given the open nature of Open Source, you might run into a statutory bar on your patent if you put the code in CVS before you file the application.
And as a side issue...
A good example would be the pop up blocker (It probably isn't patentable from proir-art but for argument sake).
A good patent attorney should be able to find a way to patent MSFT's implementation of the pop-up blocker. It'll be a narrow damn near worthless patent I'll grant you, but it can be done.
If I'm trolling, then why do you reply with so much information? Or what.
I keep re-reading your reply, but I don't see a demonstration or depiction of multiple concurrent users. For argument's sake, Mac OS-X is not a concurrent multi-user OS. Darwin is though. If you can, I would be very interested in how multiple concurrent users can run arbitrary userspace programs concurrently on XP.
BTW: I *am* trolling, but not for flames. If you (or anyone else reading this) is so hot on XP, you could help inform me and win me over a bit with some of your experience. Until then, I've got a real lack of perspective here. I just don't see it!
"tl;dr: think & know before you open your mouth. Good advice in general. I would add RTFA/RTFM. In my experience, when one of those lessons is learned, the other is not far off.
--- Nothing clever here: move along now...
I work as an independent computer support consultant servicing mostly Windows users, and I can assure you that a large portion of "regular joe" users have huge problems with viruses, spyware, and trojan horses. Most of them don't even know it- they just complain about having a lot of popup windows (spyware) or having trouble with their Internet connection (Blaster). Many of them continue to struggle to use their computer for months with these problems.
And it's not just my clients (who obviously are limited to the set of folks who have problems bad enough to call a professional)... the percentage is high in my social network as well.
Now yes- I agree an expert can avoid these things. I didn't even have virus protection on my primary machine for years, and yet I never got an infection. But that was because I never got attachments from untrusted sources. And I never downloaded "risky" software. But average users and even "experts" who are unfamiliar with this particular OS are vulnerable, and it's ludicrous to suggest that these huge problems are an issue of user skill.
Frankly, from a purely financial perspective, what MS is doing is bad for my business... I really should send a nice thank you note to the turd that wrote Blaster. But something tells me I'm not going to be running out of work anytime soon...
-R
OK. So they are securable. I think I failed to clearly make my real point. The APIs encourage bad security practice. Case and point: to put a user process inside a user sandbox, you have to get a handle on the user obeject from the OS. How long did it take Microsoft to think about the quality of their client/server password validation scheme? How much otherwise good software has been exploitable for how long before l0pht put out their famous password sniffer? What else did they overlook? What else have you got buried in there?
Also, my case isn't about the facts or the architecture or the exploits. Cutting to the chase: bad faith. Bad code is always rooted in bad assumptions.
--- Nothing clever here: move along now...
AdMuncher R0xXoR5
[Fuck Beta]
o0t!
After I installed SP1, my windows xp installation went from great to plain aweful.
1.) The number of errors I got from event manager spiraled thru the roof.
2.) It also caused internet explorer to error out with dll errors every other page.
3.) My scanner would scan in all pitch dark pictures.
4.) My graphics card would just get dll errors in the middle of games that would work before.
I re-norton ghosted back an image of pre SP1, and all was in harmony again. You can pay me to touch SP2.
Windows security is substandard by design. Once you run an ActiveX control on your system it's pretty much like running a .exe file. It can do anything it wants to your system. This is why ActiveX is disabled by default in IE6.
Windows has a lot of legacy APIs it keeps lugging around. This is the reason why it's easy to find holes and exploits in it. Microsoft became the victim of their own success. Their inherently insecure Win32 API is still alive and kicking and it's being patched for security in a stovepipe fashion. Windows will not be secure until the Win32 legacy is parted with.
Your pizza just the way you ought to have it.
Yeah, seeing as how Gentoo themselves got hacked, along with GNU/FSF, GNOME, and Debian.
"Sufferin' succotash."
Brilliant. We should just say "No offense" after every sentence. No offense. That way nobody will ever be offended by anything we say! No offense. I'm a damn genius! No offense.
Using fast user switching?
Presumably you meant to ask about concurrent *interactive* programs, and no, you can't do this in XP but it's not because the OS can't support it. Server OSes (Win2k and 2003) have had this functionality for years.
And what exactly constitutes "bad security practice" here?
I set up Opera for myself about a year and a half ago when I was experiencing intermittant lockups with IE. Unfortunately the crashes in Opera were more frequent than the IE lockups so I switched back.
One problem I see is that web sites like amazon are using flash plugins to get the effect of pop-ups without blocking them. Will this ti more common in IE?
keep re-reading your reply, but I don't see a demonstration or depiction of multiple concurrent users.
Specifically XP cannot support multiple concurrent users. But the NT kernel was made for and supports it just fine. I've a 2k3 box that's been running since the product was RTM and I keep a terminal services session open to it from my main machine at all times. Also have accounts set up for a few other folks who I work with. No problems with multiple users at the same time.
The "remote desktop connection" is not enough
Why not?
I wonder how long the average windows user will deal with "Allow jf934yhf.exe to use the internet" before they shut down the firewall because of "annoyances."
Obviously, knowing what's going out of your PC is important, but that level of sophistication might make more people see firewalls as a PITA than something they need, not to mention the problems that come up when you're in a game or something that hides or obscures those little 'allow' boxes.
I liked the old firewall because it was simple. It blocked stuff from coming in and arguably your virus scanner should be taking care of the PC itself. I also don't think asking the customer is such a bright idea, if it hooked onto a database somewhere on the net and told you "This is a safe application, this is Quicken" then fine, but it leaves the user guessing what s3rvices.exe is and as we have seen clicking Yes on everything is default behavoir.
Outbound blocking seems like a lot of trouble for little return. I'm assuming this firewall does or will support UPnP so eventually the trojan writers will just exploit that.
I'd much rather see the firewall on by default (is it?), ActiveX off by default (with the exception of windowsupdate), and Windows update on by default. More features isn't the solution, shipping the product airtight is.
Really now, we've had warning windows in Outlook for quite some time and people tend to ignore them. "You say everything is harmful, stupid computer!"
even though macs are somewhat nice, if you want to upgrade 1 component, you are stuck buying a whole new system. With Intel/AMD systems running Windows or Linux, you can upgrade as you wish with no problems...
What I use Mozilla, once in a while I get a 'VERIFIER BUG' virus, that I have to actually go into the sub/java directory to delete. This never happens with IE.
Use runas, launch processes with different users, and watch
Windows 2000 Advanced Server has Terminal Services, which we now call Remote Desktop Connection. I forget who they bought it from, Citrix I think? You can have many users signed in at once. It's actually pretty useful, there's a free unsupported (by M$ anyway) Unix client (rdesktop) these days, and there's a RDC client for MacOSX, and of course several for Windows including web via ActiveX, and two native Win32 clients, one standalone, and a snap-in for MMC.
I seem to recall that some versions of Windows have a telnetd with Microsoft authentication of some sort. You might be able to do the same sort of thing with Windows Services for Unix, which I seem to recall seeing available for a $7 shipping fee or something. It wouldn't be encrypted (though Windows provides VPN support including PPTP and IPSec) but at least your password wouldn't be sent in the clear. So you might not even need addon software like cygwin. However cygwin is just a library (or a set thereof) really, and a toolchain, and a set of packages, primarily gnu tools. It ties POSIX functions to Win32 ones, and the binaries are still normal Win32 binaries, they simply link to the Cygwin DLLs. Pretty neat. So it's simply not able to use any functionality NT doesn't already have in some form. Anyway I can run X applications from my Windows system. I can run window managers, too, and so on. I could log into the system remotely and run an X desktop back to an X server someplace, with all the clients running on the WinXP system. Is that multiuser enough for you?
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
the size of this sp make it quite inaccessible for anyone on a dialup. hopefully those of us that bought the cd and registered it will receive a free copy of this patch in the via FedEx the day before it's released to the public on the internet.
With the price of PC's nowadays. What is the point of
Multiple-Concurrent Users?
Security fixes are bug fixes!
Because you cannot work on the same machine locally while someone is connecting to it remotely.
Your pizza just the way you ought to have it.
parent is a worm. don't click the link windows users. jaz
Life is what happens to you while you are busy making other plans. No-one sees motorcycles
Windows NT/2000/XP family operating systems are NOT securable. The same counts for the average UNIX operating system (except the trusted variants). Why this is? You already mentioned it: DACL. If you read the common criteria target of evaluation for windows 2000, you will see that Microsoft has used the Controlled Access Protection Profile. This profile assumes not malicious outsiders or administrators. The much stricter Mandatory Access Protection Profile on the other hand does assume malicious outsiders, users and administrators. The trusted UNIX variants protect against this (and SELinux does so as well). As for securable... i much prefer to secure an Irix system over a windows system any day. UNIX in general is very transparent (less so with Irix, hence me mentioning it) where windows is very opaque. I don't know what windows components do, i do know what UNIX components do. KISS and SMILE are your friends in security, complexity is not.
I personally don't like my data being controlled by activation. How does the SP2 work if Reset5 is installed?
I don't hate big corporations, I actually work for one, And I have seen the damage to our profits that MS software has caused. Our reputation has not been damaged just out of sheer luck, other companies on the same field have benn bitten very badly for one or tow bad decisions (amongst them to deploy MS serversfor any mission critical applications).
What I hate is corporations that behave in an unethical, or like MS, even illegal manner.
I don't understand why some folks would avoid convicted criminals as their first choice to do business but are all so happy to submiss themselves to a company known to abuse his business partners and costumers.
I don't care if they make the greatest products in the universe, I have ethical standards and MS does not come even close to match them.
IANAL but write like a drunk one.
In order for a virus to infect your system, you have to run the virus code. Just receiving a virus through mail will not get you infected when using most e-mail clients.
Conclusion: You are talking complete nonsense.
I hope the moderators who modded you up get a good and hard beating in meta moderation, because they obviously waste mod points on misinformation!
Clever signature text goes here.
now that windows has a built-in (functional) firewall, which should be on by default, and a possibly upcoming anti-virus, what do the companies that are currently selling these solutions think?
i see their market disappearing in one clean windows-update swoop.
I use Internet Explorer with the Google Toolbar. Haven't seen a popup since.
Insert offensive troll-style sig here. Please mod or respond appropriately.
Well, I can only speak from experience, but in one year I went through 2 Linksys routers, both dying in different ways. I switched to Netgear and haven't had a problem since.
Where I work, they license and use Citrix Metaframe. Software that works fine locally on the desktop works differently (and sometimes not at all) on Citrix servers, and the problem is more pronounced using Terminal Services. Culturally, it is no big deal. That is what I think the problem is.
Theoretically, using Cygwin, or other techniques (like run as user like someone suggested), multiple concurrent users can be done. It isn't good though. Because (like someone else said) PC's are so cheap, people just don't try very hard. Therefore there is an underlying assumption that a problem with one PC mostly only affects the productivity of one user. Internet worms are shaking that tree, but there is still the idea that a PC keeps a user sandboxed. It's the assumption that one user or one PC factors in very little to the cost/benefit of the whole. If that's the way you want it, that's great, but you have to actually be responsible for that assumption by doing some risk reduction in the system design.
You have a correct, but oversimplified understanding of the requirements of supporting concurrency.
You are SO right about the issue of input and output. Please try to consider what it takes to program a serial execution program that repeatedly operates on the same source of input and sink for output over and over. Then think about what you have to do differently to support threads. Then think about how to maximize thread concurrency (hint: it usually involves threads and event loops). Then zoom out and think about a kernel managing multiple processes in userspace.I have no doubt that the kernels and low level facilities of NT through XP had sufficient process virtualization to support a good process separation security model. What I don't see is a history (if not current practice) of hackers (not necessarily the malicious type) and lusers sharing a running kernel. It's a hard problem to give the hackers the power to solve difficult software problems in novel ways and prevent their experimentation from breaking the system for simple users who barely understand what they are doing. The Opteron execution approval/disapproval stuff in XP SP2 is a significant step forward, but XP won't be secure until *NOT* doing that sort of thing is taboo. The discipline is not practiced in real life. Why bother with one user per PC?
--- Nothing clever here: move along now...
This quick-n-dirty script parses the .aspx files on the above-mentioned pr0n site and leeches all of the .WMV movies without bothering to download the adverts.
/dev/null 2>&1 /dev/null 2>&1 ... please wait ... /dev/null 2>&1
Happy pr0n watching, slashdotters!
#!/bin/sh
for i in `seq 1 10000`; do
wget -O ViewMovie-${i}.1 http://www.neox3.com/ViewMovie.aspx?ClipID=$i >
ASX=`grep 'SRC="BuildASX.aspx' ViewMovie-${i}.1`
ASX='a='`echo -n "${ASX##*a=}" | sed s/[\"\'\ \)\;]//g | tr '\r' '\000'`
echo "$ASX" | egrep '[0-9]' >
if [ "$?" == "0" ]; then
wget -O ViewMovie-${i}.2 "http://www.neox3.com/BuildASX.aspx?$ASX" >/dev/null 2>&1
MMS=`grep -i mms: ViewMovie-${i}.2 | grep -v Ads | cut -f2 -d\"`
echo Downloading $MMS \(${MMS##*/}\)
mplayer -dumpfile ${MMS##*/} -dumpstream $MMS >
rm -f ViewMovie-${i}.2
fi
rm -f ViewMovie-${i}.1
done
----------------------------------------
Religious war: fighting over who has the real imaginary friend.
FSCK! Wish Microsoft would just come out with a perfect version of there OS so i could steal that n not have to deal with this crap. Think'n they're so smart stopping me from installing services packs just cuz I didn't *pay* for they're software. . .
The last few viruses did not affect all Windows mail clients at all, since most of them don't execute attachments by default, and therefore the virus cannot infect the system.
.zip file. Did people unzip it and then run the .exe? Of course they did. Mail client vulnerabilities are completly optional these days.
I'm afraid you are mistaken. The last few viruses going around did not attempt to be auto-executed by any particular mail client. They just depended on people being clueless enough to run the executable manually after downloading it. Which, needless to say, a lot of people did. Every Windows mail client is equally vulnerable to this because it has nothing to do with the mail client at all. See also: social engineering v. exploiting a security hole.
The recent Mimail virus even sent itself out as a
I like my women like my coffee... pale and bitter.
I don't want my e-mail to cripple my use of it by blocking certain attachments, but on the other hand I don't want it to run executable attachments automatically either.
What you are talking about us not vulnerabilities in the software, but stupid people who open random attachments from complete strangers. Spocial engineering, perhaps, but not exploiting a security hole. Not a security vulnerability in most e-mail clients.
Try to get your facts straight before you attempt to re-define well known terms.
It doesn't matter if the virus spreads by social engineering - the software is not vulnerable. If you pick up a floppy disk on the street, put it in your PC and run a program on it which happens to contain a virus, that doesn't mean that it's a security vulnerability in the floppy!
So quit talking nonsense.
Clever signature text goes here.
Thank you for paraphrasing exactly what I said. I believe I stated clearly that the mail clients are not vulnerable, but people are, hence social engineering and everyone having the same chance of infection no matter what mail client they're using (since it doesn't depend on any particular client vulnerability).
What part of that did you disagree with?
I like my women like my coffee... pale and bitter.
With XP that is true. Not so for 2000 Server or 2003.
Flamebait? What a crock of shit, I was quoting text from Windows itself. Jesus... go to the User Accounts control panel time time.
Karma: It's all a bunch of tree-huggin' hippy crap!
All AMD K8 parts support it.
That includes the A64, the FX and Opteron.
> > I wist[sic] windows would have the grep command =(
> Windows NT/2000/XP/2003 and the Win 98 Resource Kit has a similar command in findstr. A basic set
> of regular expressions are included like character classes, ranges, beginning and end of
> words and lines, and multiple matching.
Better yet (imho), just install Cygwin, which gives you a full unix environment with all the tools necessary to use Win32 without feeling the need to gut yourself. That includes grep, find, locate and similar tools.
Plus, if you're insane enough, you can use it to install X11 and run KDE 3.1 or GNOME 1.4 instead of explorer.exe. Well, except that they're not yet mature on this platform (KDE runs extremely slowly, while GNOME is both not up to date and a bit less stable than what you'd expect from GNOME).
--
-JC
coder, needs FT work, Long Island, NY
http://www.jc-news.com/parse.cgi?coding/main
keep yourself logged in, get yourself some good karma, and you'll get to metamoderate. I do it everyday as I think all members (with karma) get to do it.