Slashdot Mirror
Windows XP SP2 Beta Reviewed
worm eater writes "Ars Technica has a characteristically thorough review of Windows XP Service Pack 2 Beta, with plenty of screen shots. In a nutshell, it's all about security fixes, including a seriously beefed up firewall. The final release is expected this summer." The review concludes: "Overall, Microsoft has made a step in the right direction with this service pack. The increased focus on security will be good not only for the average user who does not spend much time thinking about security her system, but also for 'power users' and those who work supporting end users."
I'd tolerate all the exploits if this thing would make me toast and coffee in the morning.. meh.
http://www.babysmasher.com
http://www.openingbands.com
A review of a service pack? What's next, A screenshot of RTPatch? I can see it now...
"Here we see the patch process at 37% complete. Note that the progress bar is roughly one third filled in with a nice blue color."
Please!!
popup blocker in IE. Finally!
:D
It ASKS YOU before installing random crap in the background and at least notes that "Some software could be harmful"
Good. Step in the right direction.
You can download the service pack here
Does it default allowed or denied? The screenshot shows it checked (allowed) but did it come that way?
'power users', 'Windows'... in the same sentance.. what are you smoking? :P
moo
Overall, Microsoft has made a step in the right direction with this service pack. The increased focus on security will be good not only for the average user who does not spend much time thinking about security her system, but also for 'power users' and those who work supporting end users."
We still have a couple of W2k and XP boxes that we'll probably keep, but the damage over the past couple of years with poor security has been done. We have been migrating many of our Wintel systems to OS X for a whole variety of reasons. I really hope that this service pack works as advertised as I still own some Microsoft stock, but I am afraid that Microsoft needs to completely re-engineer the OS like they are doing with Longhorn to resolve the security problems with Windows. Unfortunately that will be in what....2006?
Visit Jonesblog and say hello.
Wait , OMG... I must format my Gentoo build now, and install this superior Operating system.
Electronic Music Made Using Linux http://soundcloud.com/polyp
No; from what I know it's available to MSDN Universal subscribers and BetaPlace members.
the "never install software from..." button.
Microsoft must be trying to bankrupt Gator / GAIN / THAT COMPANY THAT MAKES a product remarkably simliar to SPYWARE. They'll be filing for name changes once a week now.
There are some people that if they don't know, you can't tell 'em.
Yes, but it is not good to combine bug fixes with new features! Also, we need those bug fixes now! There are hundreds of them.
Shouldn't these features have been part of XP from the beginning though? That's like saying the brakes on my Ford are a new "feature". I suppose......
All-in-all a good review. I wonder if this will raise any new "monopoly" charges though with everyone from Norton Internet Security to Pop-up blocker companies' business going down the drain - virtually overnight.
I am generally pretty critical on Microsoft but I like how you can Slipstream a service pack into the base OS. Well, not enough to use Windows but I like it.
I work in tech support for an ISP, and quite a few calls come in where the ICF is blocking DHCP, DNS, HTTP, or SMTP requests. Does this mean that we will stop having calls about this? I doubt it, because most of the users will just assume that if they hit the 'Close' button in the alert about the app, it will be allowed automatically. Also, I'm sure that most users won't be able to figure out the 'Configure' dialog box that is there.
Crushing dreams at the speed of sarcasm
I've been running 2003 as a desktop for a couple of weeks now. Haven't found one thing that ran on XP that couldn't be made to run on 2003. Everything is locked down until expressly opened. All the eye candy and useless dross from XP is turned off or MIA. Seems much peppier as a desktop and webserver than XP or even 2000. IIS 6 almost (almost) makes you forget all the crap MS released in the past.
IE has been updated with some good things, but does anyone know if they have fixed the numerous issues that standards oriented web developers have to work around? The png issues, box model issues, absolute positioning issues, etc?
Microsoft is holding back many websites from doing some amazing designs because of their lack of standard compatibility.
"BEHOLD, CORN!!" - Dr. Weird, ATHF
Found this article from Microsoft, might be of interest to some, "This document contains preliminary information about the security technologies in Windows XP SP2."
Windows XP Service Pack 2: A Developer's View
Nah. There is always SOMETHING to complain about!
Manipulate the moderator system! Mod someone as "overrated" today.
IE now has a popup blocker.. thereby making Telnet the last (by my count) internet-related application that does NOT have a built-in popup blocker. Are companies still paying for that shit? I can't imagine them getting anything approaching a good return on investment for popup ads these days. Unless they can get them free in specially-marked boxes of cereal, or something. On an unrelated note, why are they giving XP users a firewall? Any XP user that needs a firewall should be on 2000, if not Linux/Unix. XP is for media and third-graders. :(
I wish MS would implement Service Packs as a way to add other bug fixes to the OS (generally SP's are security only), new add-ons and more features. Additionally, listening to what users want and adding these changes/features into the Service Packs would be nice.
One of the things that make 'Nix based distros, and OS X attractive is that each new development cycle (and they tend to be quick) brings more apps and more features to increase productivity. Granted Linux depends on the developer community and OS X upgrades cost money, MS is comparatively stagnant on technology and OS improvements. MS relies on major development cycles which are generally every 3 to 4 years (e.g. 95 --> NT 4 --> 2000/XP).
For one thing, a major upgrade to IE, Outlook Express and Windows Explorer (make it crash less) are needed. Given all the websites on "Tweaking" Windows 2000/XP, MS should give more thought into making GUI and other OS improvements before Longhorn comes out -- since that will probably be another 2 or 3 year away. In the meantime, OS X should probably be OS XI and RH (for instance) will be at version 11 or 12.
Sure it is about time that IE gets a popup blocker, but one thing I'd like to see improved about IE would be its horridly aged quirky, standards-violating rendering engine. It is the "Netscape 4" of today.
But of course at about 95% of the global browser market share Microsoft see no need to improve that vital component of the browser.
Internet Explorer's browser monopoly is hurting the progress badly by locking the majority to legacy HTML that we should have left behind in the 90's already.
while true; do eject; eject -t; done
So it's large because most of the binaries have been recompiled, even ones where the code hasn't changed.
However, the main thing that drew my attention was this, which Ars Technica only briefly mentioned:(lots more detail on the MSDN link)
Question about the firewall: The "exceptions" dialog indicates that the checked programs "will be allowed to receive connections from other computers." What if I simply want to prevent a program from making outbound connections, the way I can with ZoneAlarm?
I almost get the sense that some folks don't want Microsoft to "take a step in the right direction" on security.
After all, if their operating systems are actually just as or more secure, proponents of alternative operating systems can no longer use that as ammunition, can they?
Is it worth it that systems be broken into as a demonstration of Microsoft's insecurity, so the masses and companies "wake up" (as they were supposedly already doing), just so people migrate to Linux? Necessary evil? No. No data loss is a necessary evil.
The coolest voice ever.
Speaking as a phone tech support drone for a large university, many of these changes will be most welcome. The "Blaster" incident cost our university thousands of dollars in overtime and set back all of the activities that were going on at the beginning of the school year.
However, i'm not so sure that the fancier firewall will be such a good thing unless it is implemented properly. Ever since the newer version of AIM that came out in August or September 2003, we have been flooded with calls of it blinking on and off. These problems have been traced to ZoneAlarm - another free firewall that many people use because the one in XP was insufficient. If the new firewall has trouble with an application that is as popular as AIM is among our college students, it could create more problems then its worth for IT departments everywhere.
It may sound as if i'm overreacting for such a simple thing, but try working in IT for a few weeks and receiving over 150 phone calls a day from disgruntled students cussing you out because they can't chat with their friends.
Overall, its long past due that Microsoft focus on security instead of whizz-bang features that serve to slow down the O/S and cause it to be more unstable. XP Professional was a step in the right direction as far as stability, but the security issues are most definitely a large concern, especially to those of us with a phone to our ear.
"To strive, to seek, to find, and not to yield." - Tennyson
What exactly defines the "power users" who need this new-and-improved-maybe-this-time-it-won't-suck version of Windows?
Let's look at the word...
Power and User come together. Obviously, this implies that the user has some kind of power. However, this user is using Windows, which gives no power to its users. Thus, this mysterious user must actually WORK at Microsoft. Now why would the staff of MS need a version of Windows with security that doesn't suck?
the answer: to cover their asses for making crappy software.
Esoteric reference.
The one problem with developing useful 3rd party apps under MS is that its just a matter of time.. Of course this is something that Microsoft had to do eventually, especially now that people are getting infected before they get a chance to download security updates. 3rd Party Windows software companies of basic utility sw can now only protect their investments by (ab)using patent law... (eg The One Click Firewall, One-Click Unzip etc...) or having a better support infrastructure (not easy)
A lot of people on here give XP a bad name.
Over 40% of the computer users in the world use XP, and most have no trouble with Blaster or random spywares, or indeed security hacks.
There are a lot of posters in here who claim to have had so many problems with XP. Obviously then it is a lack of knowledge and experience on your part. Just because you can't get it going well doesn't mean it is a problem with the OS. Lots of Joe Home Users are very happy with it. I am a very happy XP user, and have absolutely none of the problems that are bleated on about here. Turn into real users.
Not affiliated with Microsoft at all!! No doubt I will be called a troll by the Linux zealots in here!
Sweeping generalizations like this are bad. You shouldn't say "Never update your windows system," you should say "Only update it when the problem affects you," or "Only update after you've thoroughly tested the patch." Both of these use common sense. Never patching is not.
SP2 is probably going to break a lot of software. Especially the kind that is built with bad assumptions (pinging hosts, expected levels of access etc). Am I going to deploy it day 1? No. Am I going to what a month and see what everyone else says, then install it on a small test group? Yes.
-- DrZaius - Minister of Sciences and Protector of the Faith
Then you're part of the problem, not the solution.
When people get advice like that, they then blame Microsoft for "putting out a bad operating system" and causing all the problems like Blaster, Code Red, etc.
In actuality, many (I'm not saying all) of the problems had been patched months and months before... but people refused to patch, either out of fear or ignorance.
So by proudly flaunting your advice of "never updating"... you are admitting to cause more problems than you're fixing. If ever there were a time to be an AC, your comment would have been one.
Advocating ignorance is not something to be proud of.
"PC Load Letter? What the $@#% does that mean?!"
Overall, its long past due that Microsoft focus on security instead of whizz-bang features
Since when has Microsoft done either??
Microsoft is reacting to the overwhelming failure of its operating system to provide even a moderate level of security! Microsoft is reacting to the proliferation of the community's knowledge and understanding that there are more secure, more stable alternatives (thanks to Linux and FreeBSD/OSX).
What "whiz bang" features are you referring to? Popup blocking? Again, this is a three year old technology that Microsoft has tried its best to not implement but is only grudgingly deploying because other products like the Google Toolbar have proven to be incredibly valuable and desireable by the community and its encroached into Microsoft's attempt to hijack the Internet's searching system.
The only thing Microsoft focuses on are continued ways to milk more money from the dominant market position they have in the industry.
Except of course the fact that the opensource community rarely comes up with a patentable idea before a commercial product makes for some nice prior art.
A self-serving myth spread by commercial interests. If you include the academic community in the open source community, open source has more ideas hands down. Where do you think the internet, the web, email and the computer, were invented? Commercial interests are often good at development but their record is mixed on research, unless you regard innovation in marketing has positive.
---
User friendly M$Windows/XP.
User unfriendly M$Windows/XP license.
You of course realize that pop-up blocking becoming mainstream will just push sites and advertisers into another, equally or more annoying method of pushing unwanted crap in your face before you can get to the content you want.
I can just see it, you must view the ad for 15 seconds before you can load the next page and there's no getting around it, unless you want to spend your life picking apart javascript or whatever for code to load the next page.
What you got today is an annoyance, what you might have tomorrow is a headache. Time to get back to lynx.
A feeling of having made the same mistake before: Deja Foobar
1. The most annoying option will be the default.
2. The more aggrevating the behavior of a default option, the more difficult it will be to find where it's set and change the setting.
A feeling of having made the same mistake before: Deja Foobar
Whatever about the spam blockers, the eye candy and the new wireless widget, I wonder if SP2 will detect and disable XP installations with illegally generated corporate volume license keys in the same fashion that SP1 did.
Da Blog
As the AC asked, why specifically do you believe that ZoneAlarm is one of the worst possible firewalls?
All ports sub-1056 are stealthed, assuming you don't disable ICF.
Ports are open from the inside, but RPC no longer accepts remote anonymous connections.
Take note that NO OUTGOING TRAFFIC is filtered unless explicitly configured, with the exception of several ICMP packets.
This signature does not exist. It has never existed. It is all a figment of your imagination.
Did you troll on purpose or what?
Windows XP is based on the NT kernel and is a direct descendant of Windows 2000, itself a descendant of NT 4/3.
All of the above mentioned operating systems are true securable multiuser systems.
Microsoft hides and softens the details in Windows XP Home edition, but that changes nothing. On an XP pro workstation, create users and assign them permissions and group membership as you desire, including full DACL support on both the registry and filesystem.
tl;dr: think & know before you open your mouth.
Natural != (nontoxic || beneficial)
And you need a few million dollars to litigate the patent. Of course, some attorneys may be willing to do it on a contingency basis.
There is a reason patents are referred to as the "legal sport of kings."
When I (and most Open Source writers) write something Open Source (granted my stuff is rinky-dinky) I just write it in my spare time with no desire or capability to invest money into it. I just can't afford to patent things on my own. That is why most patents are assigned to a major company. You need money to get patents.
I don't know what the financial situation is for the major projects (Linux kernel, Mozilla, KDE, etc.) but they'd have to make a serious commitment of money and time (as it takes ~5yrs to get a software patent now a days) to get patents. Until recently, the majority of MSFT's patent portfolio was in keyboards and mice! It wasn't until they got scared with the recent patent attacks against them that they started to build their software portfolio.
Another small problem for the Open Source community is that many countries bar you from getting a patent if you have published the idea before filing the application. Given the open nature of Open Source, you might run into a statutory bar on your patent if you put the code in CVS before you file the application.
And as a side issue...
A good example would be the pop up blocker (It probably isn't patentable from proir-art but for argument sake).
A good patent attorney should be able to find a way to patent MSFT's implementation of the pop-up blocker. It'll be a narrow damn near worthless patent I'll grant you, but it can be done.
I work as an independent computer support consultant servicing mostly Windows users, and I can assure you that a large portion of "regular joe" users have huge problems with viruses, spyware, and trojan horses. Most of them don't even know it- they just complain about having a lot of popup windows (spyware) or having trouble with their Internet connection (Blaster). Many of them continue to struggle to use their computer for months with these problems.
And it's not just my clients (who obviously are limited to the set of folks who have problems bad enough to call a professional)... the percentage is high in my social network as well.
Now yes- I agree an expert can avoid these things. I didn't even have virus protection on my primary machine for years, and yet I never got an infection. But that was because I never got attachments from untrusted sources. And I never downloaded "risky" software. But average users and even "experts" who are unfamiliar with this particular OS are vulnerable, and it's ludicrous to suggest that these huge problems are an issue of user skill.
Frankly, from a purely financial perspective, what MS is doing is bad for my business... I really should send a nice thank you note to the turd that wrote Blaster. But something tells me I'm not going to be running out of work anytime soon...
-R