Slashdot Mirror
Windows XP SP2 Beta Reviewed
worm eater writes "Ars Technica has a characteristically thorough review of Windows XP Service Pack 2 Beta, with plenty of screen shots. In a nutshell, it's all about security fixes, including a seriously beefed up firewall. The final release is expected this summer." The review concludes: "Overall, Microsoft has made a step in the right direction with this service pack. The increased focus on security will be good not only for the average user who does not spend much time thinking about security her system, but also for 'power users' and those who work supporting end users."
I'd tolerate all the exploits if this thing would make me toast and coffee in the morning.. meh.
http://www.babysmasher.com
http://www.openingbands.com
A review of a service pack? What's next, A screenshot of RTPatch? I can see it now...
"Here we see the patch process at 37% complete. Note that the progress bar is roughly one third filled in with a nice blue color."
Please!!
popup blocker in IE. Finally!
:D
It ASKS YOU before installing random crap in the background and at least notes that "Some software could be harmful"
Good. Step in the right direction.
You can download the service pack here
"The increased focus on security will be good not only for the average user who does not spend much time thinking about security her system, but also for 'power users' and those who work supporting end users."
The only security improvement that I would characterize as being "good" for those who work support end users is one which prevented them from using the computer in the first place.
Please, God, take me now....
(been a long day)
-- "Government is the great fiction through which everybody endeavors to live at the expense of everybody else."
Does it default allowed or denied? The screenshot shows it checked (allowed) but did it come that way?
'power users', 'Windows'... in the same sentance.. what are you smoking? :P
moo
Overall, Microsoft has made a step in the right direction with this service pack. The increased focus on security will be good not only for the average user who does not spend much time thinking about security her system, but also for 'power users' and those who work supporting end users."
We still have a couple of W2k and XP boxes that we'll probably keep, but the damage over the past couple of years with poor security has been done. We have been migrating many of our Wintel systems to OS X for a whole variety of reasons. I really hope that this service pack works as advertised as I still own some Microsoft stock, but I am afraid that Microsoft needs to completely re-engineer the OS like they are doing with Longhorn to resolve the security problems with Windows. Unfortunately that will be in what....2006?
Visit Jonesblog and say hello.
Wait , OMG... I must format my Gentoo build now, and install this superior Operating system.
Electronic Music Made Using Linux http://soundcloud.com/polyp
No; from what I know it's available to MSDN Universal subscribers and BetaPlace members.
i personally advise customers to *never* update their windows systems.
i receive many calls regarding windows computers that are no longer working and when i ask when the system last worked they say before they updated. then they express their confusion at having been told to keep their system up to date.
part of the problem is that (beyond the initial service pack for any particular microsoft product) not enough people install the updates so that the bugs in the updates are not addressed.
the "never install software from..." button.
Microsoft must be trying to bankrupt Gator / GAIN / THAT COMPANY THAT MAKES a product remarkably simliar to SPYWARE. They'll be filing for name changes once a week now.
There are some people that if they don't know, you can't tell 'em.
Yes, but it is not good to combine bug fixes with new features! Also, we need those bug fixes now! There are hundreds of them.
Shouldn't these features have been part of XP from the beginning though? That's like saying the brakes on my Ford are a new "feature". I suppose......
All-in-all a good review. I wonder if this will raise any new "monopoly" charges though with everyone from Norton Internet Security to Pop-up blocker companies' business going down the drain - virtually overnight.
I am generally pretty critical on Microsoft but I like how you can Slipstream a service pack into the base OS. Well, not enough to use Windows but I like it.
I work in tech support for an ISP, and quite a few calls come in where the ICF is blocking DHCP, DNS, HTTP, or SMTP requests. Does this mean that we will stop having calls about this? I doubt it, because most of the users will just assume that if they hit the 'Close' button in the alert about the app, it will be allowed automatically. Also, I'm sure that most users won't be able to figure out the 'Configure' dialog box that is there.
Crushing dreams at the speed of sarcasm
I've been running 2003 as a desktop for a couple of weeks now. Haven't found one thing that ran on XP that couldn't be made to run on 2003. Everything is locked down until expressly opened. All the eye candy and useless dross from XP is turned off or MIA. Seems much peppier as a desktop and webserver than XP or even 2000. IIS 6 almost (almost) makes you forget all the crap MS released in the past.
IE has been updated with some good things, but does anyone know if they have fixed the numerous issues that standards oriented web developers have to work around? The png issues, box model issues, absolute positioning issues, etc?
Microsoft is holding back many websites from doing some amazing designs because of their lack of standard compatibility.
"BEHOLD, CORN!!" - Dr. Weird, ATHF
What I'd like to know is, are there any forced lock-ins -- such as "you only get these nice security patches which you need to avoid worms if you also install our new version of DRM, which locks you out of things you could previously do".
Not something you could easily tell in a first review -- but it's what I suspect will be more and more common, especially as MS loses the digital battle with ITMS/ITMS-wannabes
(and what's with the "wankerdesk" in the URL? :) )
Found this article from Microsoft, might be of interest to some, "This document contains preliminary information about the security technologies in Windows XP SP2."
Windows XP Service Pack 2: A Developer's View
Nah. There is always SOMETHING to complain about!
Manipulate the moderator system! Mod someone as "overrated" today.
IE now has a popup blocker.. thereby making Telnet the last (by my count) internet-related application that does NOT have a built-in popup blocker. Are companies still paying for that shit? I can't imagine them getting anything approaching a good return on investment for popup ads these days. Unless they can get them free in specially-marked boxes of cereal, or something. On an unrelated note, why are they giving XP users a firewall? Any XP user that needs a firewall should be on 2000, if not Linux/Unix. XP is for media and third-graders. :(
I wish MS would implement Service Packs as a way to add other bug fixes to the OS (generally SP's are security only), new add-ons and more features. Additionally, listening to what users want and adding these changes/features into the Service Packs would be nice.
One of the things that make 'Nix based distros, and OS X attractive is that each new development cycle (and they tend to be quick) brings more apps and more features to increase productivity. Granted Linux depends on the developer community and OS X upgrades cost money, MS is comparatively stagnant on technology and OS improvements. MS relies on major development cycles which are generally every 3 to 4 years (e.g. 95 --> NT 4 --> 2000/XP).
For one thing, a major upgrade to IE, Outlook Express and Windows Explorer (make it crash less) are needed. Given all the websites on "Tweaking" Windows 2000/XP, MS should give more thought into making GUI and other OS improvements before Longhorn comes out -- since that will probably be another 2 or 3 year away. In the meantime, OS X should probably be OS XI and RH (for instance) will be at version 11 or 12.
You, apparently, since you decided to reward us with your insight.
Several years ago mentioned that windows will look more and more like unix every version
Looks to me that Linux is looking more like Windows XP, but that's just me. As to "the backend", ideally Windows will continue to look more like what Dave Cutler intended it to be. We can only hope.
An example would be that there are several things that don't kick off or operate properly in windows until someone logs in
Whatever "group" you're working with don't know what the fuck they're doing. That's your problem. Unless you can tack developer/analyst/consultant stupidity on the OS vendor, which is relatively uncommon. But I guess you can do that if you want. I mean, it's a great anecdote if you want to make a point that "Windoze is teh sux". I think I'll start blaming RedHat or Debian every time my weekly Mozilla build fails, eh? It's so much easier!
Sure it is about time that IE gets a popup blocker, but one thing I'd like to see improved about IE would be its horridly aged quirky, standards-violating rendering engine. It is the "Netscape 4" of today.
But of course at about 95% of the global browser market share Microsoft see no need to improve that vital component of the browser.
Internet Explorer's browser monopoly is hurting the progress badly by locking the majority to legacy HTML that we should have left behind in the 90's already.
while true; do eject; eject -t; done
So it's large because most of the binaries have been recompiled, even ones where the code hasn't changed.
However, the main thing that drew my attention was this, which Ars Technica only briefly mentioned:(lots more detail on the MSDN link)
Question about the firewall: The "exceptions" dialog indicates that the checked programs "will be allowed to receive connections from other computers." What if I simply want to prevent a program from making outbound connections, the way I can with ZoneAlarm?
I almost get the sense that some folks don't want Microsoft to "take a step in the right direction" on security.
After all, if their operating systems are actually just as or more secure, proponents of alternative operating systems can no longer use that as ammunition, can they?
Is it worth it that systems be broken into as a demonstration of Microsoft's insecurity, so the masses and companies "wake up" (as they were supposedly already doing), just so people migrate to Linux? Necessary evil? No. No data loss is a necessary evil.
The coolest voice ever.
Speaking as a phone tech support drone for a large university, many of these changes will be most welcome. The "Blaster" incident cost our university thousands of dollars in overtime and set back all of the activities that were going on at the beginning of the school year.
However, i'm not so sure that the fancier firewall will be such a good thing unless it is implemented properly. Ever since the newer version of AIM that came out in August or September 2003, we have been flooded with calls of it blinking on and off. These problems have been traced to ZoneAlarm - another free firewall that many people use because the one in XP was insufficient. If the new firewall has trouble with an application that is as popular as AIM is among our college students, it could create more problems then its worth for IT departments everywhere.
It may sound as if i'm overreacting for such a simple thing, but try working in IT for a few weeks and receiving over 150 phone calls a day from disgruntled students cussing you out because they can't chat with their friends.
Overall, its long past due that Microsoft focus on security instead of whizz-bang features that serve to slow down the O/S and cause it to be more unstable. XP Professional was a step in the right direction as far as stability, but the security issues are most definitely a large concern, especially to those of us with a phone to our ear.
"To strive, to seek, to find, and not to yield." - Tennyson
A Longhorn preview is available for download from the MSDN site. You also might be able to order a CD, although its really not worth the effort at this point.
The preview build is slow, buggy, and doesn't have enough new features yet to be interesting for more than 10 minutes.
What exactly defines the "power users" who need this new-and-improved-maybe-this-time-it-won't-suck version of Windows?
Let's look at the word...
Power and User come together. Obviously, this implies that the user has some kind of power. However, this user is using Windows, which gives no power to its users. Thus, this mysterious user must actually WORK at Microsoft. Now why would the staff of MS need a version of Windows with security that doesn't suck?
the answer: to cover their asses for making crappy software.
Esoteric reference.
Because that would be the single most hypocritical thing anyone had ever done. At least thats one obvious reason.
The one problem with developing useful 3rd party apps under MS is that its just a matter of time.. Of course this is something that Microsoft had to do eventually, especially now that people are getting infected before they get a chance to download security updates. 3rd Party Windows software companies of basic utility sw can now only protect their investments by (ab)using patent law... (eg The One Click Firewall, One-Click Unzip etc...) or having a better support infrastructure (not easy)
Ars Technica: Windows XP SP2 Beta first look: Page 1 -- (1/2004)
2004 pages! Now that's thorough! Oh, wait a minute...
UNIX? They're not even circumcised! Savages!
Note: THIS is the new machine killer. Having cleaned a disturbingly increasing number of affected machines lately (including to a smaller degree, my own!), I think that this should be Microsoft's New Frontier. "Stealth" installations of crapware need to be stopped... Somehow.
After all, what good is your computer if it takes you 15 minutes to boot it up and crashes every 5 mins. thereafter?
"...Well, there's egg and bacon; egg sausage and bacon; egg and spam; egg bacon and spam; egg bacon sausage and spam..."
A lot of people on here give XP a bad name.
Over 40% of the computer users in the world use XP, and most have no trouble with Blaster or random spywares, or indeed security hacks.
There are a lot of posters in here who claim to have had so many problems with XP. Obviously then it is a lack of knowledge and experience on your part. Just because you can't get it going well doesn't mean it is a problem with the OS. Lots of Joe Home Users are very happy with it. I am a very happy XP user, and have absolutely none of the problems that are bleated on about here. Turn into real users.
Not affiliated with Microsoft at all!! No doubt I will be called a troll by the Linux zealots in here!
from trojaned broadband users, is welcome with me. i have to deal with this stuff, and i know a lot of you do too.
:>
wait - we all have to deal with this. the level of spam sent from trojaned users using exclusively microsoft's more modern (you may permit yourself a slight snicker at this point) operating systems is over 50%. that's more than half, for the numerically challenged.
this is a serious problem. microsoft's inattention to security has literally destabilized the fundamental mechanisms of the Net.
ok, that's pretty dramatic. but whatever
This feature was added specifically to address buffer overflows and the execution of arbitrary code.
With the Intel x86-32 CPU and many other CPUs there are only two flags applicable to a section of memory: read or write. There is no execute flag; if the memory can be read then the instruction pointer can be set to it and it will execute.
The exploitation of a buffer overflow involves overwriting a block of memory to both fill it with code and also to overwrite the return address of the current function. When the function attempts to return to the previous function in the stack trace it instead will jump to the contents of code within the buffer and will perform whatever dastardly deed that was programmed there.
Now with XP SP2 and a supported chipset (which, unfortunately, is only the 64-bit AMD offerings) these sections of memory can be marked as "no-execute" so even if a buffer overflow vulnerability exists it could still overwrite sections of memory but the program would not be capable of executing them. That won't prevent DOS-style buffer overflow exploits (where the program crashes) but it does stop the execution of arbitrary code which is usually the foundation of worms.
Take the tinfoil hat off, this is a great idea. I just wish the Intel x86-32 line supported it.
Dear god yes! my hosts file was given me by another- I took a few entries out, and it works for me.. and I immediately stuck it in my Mothers, Fathers, co-workers, and work computers.. (didn't tell them either) I really hope these 'never install' will be easily moved/shared/installed from comp to comp.
every day http://en.wikipedia.org/wiki/Special:Random
Overall, its long past due that Microsoft focus on security instead of whizz-bang features
Since when has Microsoft done either??
Microsoft is reacting to the overwhelming failure of its operating system to provide even a moderate level of security! Microsoft is reacting to the proliferation of the community's knowledge and understanding that there are more secure, more stable alternatives (thanks to Linux and FreeBSD/OSX).
What "whiz bang" features are you referring to? Popup blocking? Again, this is a three year old technology that Microsoft has tried its best to not implement but is only grudgingly deploying because other products like the Google Toolbar have proven to be incredibly valuable and desireable by the community and its encroached into Microsoft's attempt to hijack the Internet's searching system.
The only thing Microsoft focuses on are continued ways to milk more money from the dominant market position they have in the industry.
Except of course the fact that the opensource community rarely comes up with a patentable idea before a commercial product makes for some nice prior art.
A self-serving myth spread by commercial interests. If you include the academic community in the open source community, open source has more ideas hands down. Where do you think the internet, the web, email and the computer, were invented? Commercial interests are often good at development but their record is mixed on research, unless you regard innovation in marketing has positive.
---
User friendly M$Windows/XP.
User unfriendly M$Windows/XP license.
You of course realize that pop-up blocking becoming mainstream will just push sites and advertisers into another, equally or more annoying method of pushing unwanted crap in your face before you can get to the content you want.
I can just see it, you must view the ad for 15 seconds before you can load the next page and there's no getting around it, unless you want to spend your life picking apart javascript or whatever for code to load the next page.
What you got today is an annoyance, what you might have tomorrow is a headache. Time to get back to lynx.
A feeling of having made the same mistake before: Deja Foobar
1. The most annoying option will be the default.
2. The more aggrevating the behavior of a default option, the more difficult it will be to find where it's set and change the setting.
A feeling of having made the same mistake before: Deja Foobar
Whatever about the spam blockers, the eye candy and the new wireless widget, I wonder if SP2 will detect and disable XP installations with illegally generated corporate volume license keys in the same fashion that SP1 did.
Da Blog
As the AC asked, why specifically do you believe that ZoneAlarm is one of the worst possible firewalls?
at 222MB, they should consider sending every registered MS user a CD. I'm sure they could afford it. During the previous security fiasco, their defense was that the patch was available but people didn't bother upgrading their systems. Not everyone is on broadband, so it has to be easier to distribute the patch the same way AOL sends those coasters. Leave it to the user to decide whether to throw out the CD or not.
Funny thing about Software firewalls. They are subject to "Social Engineering". A SW firewall is really 2nd level (even 3rd level) defence. Microsoft have done a good thing by enabling it as default and making it a bit more functional, as an interim measure. (I suspect ZA may disagree)
To stop rogue incoming traffic, it's easier than trying to work out which of the many interrelated default Windows services they can disable, or configure to listen to local requests only... which is the approach I assume Longhorn is be taking.... Security-wise this is the conceptual flaw with Windows. Power without responsibility... A firewall will paste over the cracks for a short time - but for how long?
To stop rogue out going traffic, well usually its too late by then ...
Firewall: "Do you wish to allow "Very Important Microsoft Firewall Update to access the intenet?"
User: Err... yes?
Trojan: "Sucker!!! ..."
Umm.. that's part of the point of a Beta, dumbass.
No software company has the resources to test every possible combination and interaction of software and every possible application it is used for. Customers test Beta software in their own situations and report on any issues they see so they can be fixed by release time.
How about you download the Beta and do the same?
Mmmm.. Donuts
As you've probably ready a slew of posts by now about how "M$ still suxors!" and how MS will "never be as secure as *ix".
Keep something in mind. While a good portion of the m$ directed slings and arrows are legitimate concerns over the security of the OS, with good reason, the majority of slasdot users hate M$ because of a completely different ideal. M$ is huge. By nature, slashdot folks just hate corporations. All corporations are bad. They do nothing but steal from the public and rape their employees. They kick puppies and steal candy from kids.
What folks here would really hate most is this: Microsoft actually getting their OS into a position where the *ix folks would have nothing to complain about that didn't happen years in the past. The best they could do is say, "Well I don't trust an OS that is as buggy as Windows USED TO BE"
I use Linux and Windows. I prefer Linux however the apps I need to do work don't exist on Linux. Linux advocates need to put pressure on software developers to release versions for Linux (Starting with Macromedia IMHO).
Unless that can happen, more CEO's and CTO's (Who are mostly clueless) are going to read these changes Microsoft is making and remain a Microsoft shop.
Karma means nothing to me, so suck it...
All ports sub-1056 are stealthed, assuming you don't disable ICF.
Ports are open from the inside, but RPC no longer accepts remote anonymous connections.
Take note that NO OUTGOING TRAFFIC is filtered unless explicitly configured, with the exception of several ICMP packets.
This signature does not exist. It has never existed. It is all a figment of your imagination.
Did you troll on purpose or what?
Windows XP is based on the NT kernel and is a direct descendant of Windows 2000, itself a descendant of NT 4/3.
All of the above mentioned operating systems are true securable multiuser systems.
Microsoft hides and softens the details in Windows XP Home edition, but that changes nothing. On an XP pro workstation, create users and assign them permissions and group membership as you desire, including full DACL support on both the registry and filesystem.
tl;dr: think & know before you open your mouth.
Natural != (nontoxic || beneficial)
And you need a few million dollars to litigate the patent. Of course, some attorneys may be willing to do it on a contingency basis.
There is a reason patents are referred to as the "legal sport of kings."
When I (and most Open Source writers) write something Open Source (granted my stuff is rinky-dinky) I just write it in my spare time with no desire or capability to invest money into it. I just can't afford to patent things on my own. That is why most patents are assigned to a major company. You need money to get patents.
I don't know what the financial situation is for the major projects (Linux kernel, Mozilla, KDE, etc.) but they'd have to make a serious commitment of money and time (as it takes ~5yrs to get a software patent now a days) to get patents. Until recently, the majority of MSFT's patent portfolio was in keyboards and mice! It wasn't until they got scared with the recent patent attacks against them that they started to build their software portfolio.
Another small problem for the Open Source community is that many countries bar you from getting a patent if you have published the idea before filing the application. Given the open nature of Open Source, you might run into a statutory bar on your patent if you put the code in CVS before you file the application.
And as a side issue...
A good example would be the pop up blocker (It probably isn't patentable from proir-art but for argument sake).
A good patent attorney should be able to find a way to patent MSFT's implementation of the pop-up blocker. It'll be a narrow damn near worthless patent I'll grant you, but it can be done.
I work as an independent computer support consultant servicing mostly Windows users, and I can assure you that a large portion of "regular joe" users have huge problems with viruses, spyware, and trojan horses. Most of them don't even know it- they just complain about having a lot of popup windows (spyware) or having trouble with their Internet connection (Blaster). Many of them continue to struggle to use their computer for months with these problems.
And it's not just my clients (who obviously are limited to the set of folks who have problems bad enough to call a professional)... the percentage is high in my social network as well.
Now yes- I agree an expert can avoid these things. I didn't even have virus protection on my primary machine for years, and yet I never got an infection. But that was because I never got attachments from untrusted sources. And I never downloaded "risky" software. But average users and even "experts" who are unfamiliar with this particular OS are vulnerable, and it's ludicrous to suggest that these huge problems are an issue of user skill.
Frankly, from a purely financial perspective, what MS is doing is bad for my business... I really should send a nice thank you note to the turd that wrote Blaster. But something tells me I'm not going to be running out of work anytime soon...
-R