Slashdot Mirror
WinXP SP2 Sacrifices Compatibility for Security
goldragon writes "TechRepublic is reporting that "Microsoft is pulling out all the stops to improve security. So much so, in fact, that it will cause many problems because SP2 will de-emphasize backward compatibility with legacy systems and code for the sake of security." One small step forward for Microsoft, one giant leap backwards for mankind?"
Giant leap backwards?
Let's face it, you can't remain compatible with old software forever. It causes, well, Windows XP. XP is trying so hard to be everything to everyone, that it can't even pop up a delete confirmation fast enough to not make me wait for it (On an Athlon XP 2700+ with 1GB of DDR333, fresh from boot).
Compatibility is an important issue, but at some point shouldn't the ten-year-old programs run in a virtual environment separate from the OS?
That what was all this school was for... to teach us how to solve our own problems. -- janeowit
Keep your eyes to the sky.
...for the comments? I know this is slashdot and all, but that really has no place in the article summary.
less people to patch? I can bet it is going to drive IT managers crazy because now they will have to do hardcore tests of all their software to make sure it still works after the patch.
This might just make things less secure overall because nobody is going to want to bork their software. Will it be possible to roll back the patch quickly if someone finds they cannot run program X anymore?
But then again, who knows, it might "accidentally" break Office 97 so people think they need to upgrade to Office 2003.
I wouldn't call this a small step forward. I'd call it a huge leap. It shows that Microsoft actually cares about security. You can't keep an API exactly the same forever. It'll get crufty eventually.
Hopefully, there'll be more breaking for the sake of security.
TheMadRedHatter
while(1)
{
}
Ah, the story of life.
Aren't all Windows users already sacrificing security for compatibility just by using Windows? Perhaps this is just meant to level the playing field.
I'm sure Microsoft will be releasing an update full of application compatibility fixes shortly after the SP2 release. Even in vanilla XP, you can run applications in Win95/98 compatibility mode. I don't see any reason to change it now.
-- Stu
/. ID under 2,000. I feel old now.
Microsoft is making it more secure by not allowing their applications to run!
The article indicates that most of the things being broken will be viruses and trojans.
And that the only other major change will be to Finally honor the NX(Non-executable) memory designation, IOW if you want self-modifying code, you can still have it, but you can't place a call to an area that has been marked as Data-only or NX.
Seems to be all good to me...
Food not Bombs is a nice platitude but it breaks down when you notice that the Bombees are usually well fed
Just another reason for folks to migrate away from their closed systems with forced expensive updates and security holes.
You mean a free service pack that improves security somehow translates into expensive updates with security holes? I'm sorry I fail to get your bizarro logic.
SP2 represents a big change in Microsoft's security vs. ease-of-use stance.
In the past, Windows shipped with many unlikely-to-be-useful services such as the NetBIOS Messenger service turned on by default installations, meaning that a user who wanted to use the service just needs to start using it and it'll already be there ready to work. Of course, we all know how this has been exploited by spammers.
Now, such non-essential services will default to the "off" position, and the user will have to take a step to affirmatively activate the services they want to use. This makes plug-and-play operation a little harder to accomplish, but Microsoft has finally decided that the security gained is worth more than the ease lost.
It was overrated when Apple told its users, "deal with it." And it's overrated now. If you want backwards compatibility, use a Win2k emulator.
!#@%*)anks for hanging up the phone, dear.
this is a giant step FORWARD. if it can keep my network from being bombarded by all those damned windows viruses it's GOOD no matter what. and i don't even use windows.
i'd say this is the brightest idea microsoft had in the last decade (if they deliver that is)
Hey, given the choice between the two, I think MS is right to choose security. You're often forced to lean toward security at the expense of some convenience, or vica-versa. And in this case, given the recent (past 10 years) track record, security is more important right now.
I, for one, welcome our new Antichrist overlord.
1. Launch Windows Update.
2. Prepare sacrificial animal in accordance with the EULA.
3. Open CD tray.
4. Allow some blood to drain into computer and close tray.
5. Smear remaining blood on monitor frame.
6. When install completes, reboot and enjoy the ritually clean goodness!
particlesphere.com - quantum
Does that mean they will finaly ditch program manager? I realy hope there isn't any one still using programs for win 3.1 that still require that. And if so, why are they running it on XP anyway...
Don't believe me, or just feeling nostalgic for windows 3.1, go to run, or a comand promt and execute progman.
It was me, I did it, I moved your cheese
OS X did this brilliantly with the Classic compatibility layer. 99% of the time the layer was app-compatible and it ran at least as fast as running OS 9 alone. Many people bitched at first, but when they started using OS X, it was pretty clear that there was a huge advance in stability that made people actively dump their Classic applications and invest in the X architecture. We're still in the transition phase but with Apple proclaiming 9 dead last year, it has been successful for the OS transition.
The reason Windows is in such a hurt is compatibility with everything. Even most Linux distros dont offer the level of backwards compatibility that windows xp or less does. You can still to this day run Win16 apps under windows and still print and save, as if it were no big deal. Thats just not possible with Linux. Try downloading or running a binary from 1994 that was compiled for linux and see if it works, im sure libc and glibc and aout and elf will make things fun.
Its kinda sad how things are around here for Microsoft, Damned of they do, Damned of they dont. Somebody shows progress and they get pounced.
"...one giant leap backwards for mankind?"...And recreating an OS from the 70's isnt? Thats pretty narrow thinking.
http://www.freebsd.org
Ie this message is moreso for the submitter. Love the tone of your voice. We see almost daily MS lack-of security woes and now MS does something about it. Then you have to bitch about not supporing legacy this or that in the name of security. I think I would rather choose security. hell, all you need to be considered a computer security expert is just say "everything's insecure."
I wonder how much of the copy protection on software this is going to break. Gamers are probably going to be the loudest yelling demographic when this hits.
You think the spam zombie/pwned newbie PCs will be upgraded?
I've been looking at XP SP2's release canadidate for a couple days now, and it's pretty obvious that it will cause nightmares for Windows admins for quite a while. However, it looks like they're making steps towards better security, which will be better in the long run.
Anyone who works in Windows shops knows the proliferation of COM-based software that was thrown together in Visual Basic, and this software often performs critical functions. It will take lots of testing/planning to make sure SP2 doesn't break these extremely fragile apps. There are many, many in-house applications that are still chugging along, even in compatibility mode, because they simply can't be replaced easily. Unfortunately, Microsoft can't test these in-house apps.
We'll see what happens...
Microsoft tries to make their operating systems backwards-compatible to the point of running about half of the old 16-bit DOS programs that are still floating around out there. If you've studied WinAPI, you'll note that about half of the arguments and functions are never used, legacies of decisions made by Microsoft in the elder days. Yet those functions are still implemented and, for the most part, work the same way they did when they were first created.
This isn't fuel to bash Microsoft, this is good news for those of us who use their operating system, whether by choice or necessity.
If my answers frighten you, stop asking scary questions.
Blame microsoft for the problems brought on by bad programs made by other companies. Then bitch because windows is insecure. Then bitch because they're trying to fix the situation and remove backwards compatibility to lessen the problems. Then say how microsoft is only doing this so people have to buy updated software. Well sometimes you have to bite the bullet and upgrade. If you're using some ten year old word processor on top for windows XP, then you better have a good reason of doing so. If you don't want to spend the money, switch to open office.
/. uses linux and other 1337 shit.
I can't understand how microsoft gets bashed for having the security holes and then again for trying to fix them. Besides, how many people on here still use windows? I'm always under the impressions that everyone on
I have a funny suspicion the "code monkeys" are not necessarily the ones to blame. Given clear specs and sufficient time I bet they'd love to make good software. Being led by marketing people who are more concerned with features to advertise, and don't have the overall architecture in mind is likely the problem.
"I expect to hear screams of pain as people deploy SP2 and discover that legacy applications no longer work, but those are probably the same people who complain so loudly (and legitimately) that Microsoft doesn't deploy secure systems."
Here goes my karma, but how true will this statement be here at slashdot?
One small step forward for Microsoft, one giant leap backwards for mankind?
Spoken like a true zealot. I'm an OOS advocate, but I disagree with this type of statement. It's a damned if you do/damned if you don't situation when someone makes comments like this. Hey, security is important here, and I'm sure Microsoft gauged this responce carefully before making these changes. Sure it's going to break some systems, but sometimes something has to give to move forward. I don't know about you, but security is very important to me. If the patch breaks your system, don't install it untill you're ready for the change. No one is forcing the service pack down your throat.
OTOH, Microsoft just about HAS to break some programs to get security halfway decent. There's no good solution, but I think MS is justified in breaking some compatability in this case.
Slow down, cowboy! It has been 4 hours since you last posted. You must wait another few hours.
Other things that I find good include port management that both handle the opening and closing of ports, but also allows some applications to run as a regular user instead of administrator.
There first complaint with SP2 was the NX command - which isn't available on most current processors. The second sounds like a benefit, not a complaint:
Then they go on to complain about not offering to pirated copies, but forget to mention it's only the ten most pirated product keys. It's still a large number, I imagine, but not the whole picture.That what was all this school was for... to teach us how to solve our own problems. -- janeowit
The WinXP article is dated June 7. The link points to a Silicon.com article about a security flaw in OS X, and that article is dated May 26.
It was on June 7, the same day, that Apple released a second Security Update that fixed the remaining vulnerabilities.
~Philly
Spam zombie/pwned newbie machines will be running dog slow. The owners of said machines will either pay a techie to "fix AOL for them" at which point the techie removes viruses and spyware and installs the latest Windows updates (i.e. SP2) or the machines will simply be considered 'broken' by the owners (you'd be suprised how many people think they need to upgrade their hardware because they broke the software by installing crap) at which point Dell/PC World/Emachines will ship them a shiny new box complete with a patched up version of SP2. It might take a year or two, but assuming SP2 is as secure as MS is making out its proliferation will be very good for the internet at large.
Far too many Windows applications require that the user be logged in as Administrator. So many apps unreasonably require admin privledges that many users opt to be permanently logged in as Administrator. This in itself is a huge security hole.
Microsoft needs to close this hole and improve the application install/uninstall process. Many of the other fixes in XP sp2 are just window dressing without these necessary loopholes being closed.
-- "Most people prefer a popular myth to an unpopular truth"
From a linux user, I see backwards compatability as the biggest nightmare of linux today. There is just too much of it, and it's holding back progress. Many of the points I'm about to address come from OS X, as I'm also a happy user of that system, and think it's a model for what can be improved about operating systems if you're willing to sacrifice some backwards compatability.
/usr/include, /usr/lib, /usr/share. This conventional *nix approach practically requires a package manager to keep things straight. Then, all that is required to compile against it, both finding includes and library search path, is a simple '-framework foo' argument to gcc, which follows a single search path. Easier to write makefiles, without wasting your time in autoconf.
Over 4 years ago slashdot was full of posts about how it would take the OOS community a couple weeks, months at most, to match Apple's nifty new compositing window system. Well, today 99% of us are still using X, and it really hasn't changed significantly. Even the extensions being worked on at FreeDesktop aren't in wide use, and it doesn't look like they will be soon.
We're still stuck with an ancient standard directory hierarcy, and multiple search paths meant to find the same thing (what? I still have to have a huge autoconf macro in order to find both the LDFLAGS and CFLAGS necessary to include library foo?). This obviously isn't the best it could be, and yet no one even considers trying to change, because 'that's the way it was always done'. Again, look towards OS X. Headers, libraries, resources, documentation, XML files with library metadata, everything associated with libfoo is contained in a single directory 'foo.framework', not scattered in
A lot of lessons have been learned since these systems have been designed. If you insist on supporting everything ever made, you're never going to get anywhere.
While I fully applaud what MS is doing, it seems like the wrong time to be breaking legacy apps. Put out an actual new Windows release, rather than just a point update. People will be far less surprised when old software breaks with a full release, but with an update to the old system you shouldn't be breaking compatibility.
This isn't a damned if you do, damned if you don't situation in reality, it just needs to be managed properly. By jumping the gun on this, they'll likely piss off users, but if it were longhorn or some interim release then some breakages are simply to be expected.
That said, since I don't run Windows on my own machines, I get to be one of those that benefits by not having as much email or log spam due to 0wn3d winboxes (less spam please indeed!) so I can't complain. This is a distinct advantage of the Free software model, since Mozilla, OpenOffice, etc can be updated for no cost if this release happens to break them.
"I may not have morals, but I have standards."
>You have absolutely no evidence to support your claim that SP2 is causing your machine to access hotmail.com.
You are correct, I have no evidence. I only know that it "happened" to occur as I was running Windows Update and that Windows Update "happened" to stall until I permitted the connection. I agree this is circumstantial at best, but interesting nonetheless.
>In fact, it was probably a virus your machine got earlier that is making it act as an email relay. You're just aware of it now.
First off, AVG scans daily and Adaware gets run once/week. Second, the "hotmail" machine in question isn't an MX server and won't accept connections on port 25 (SMTP). The connection attempt was on port 80 anyway.
Third, and most important, http://law15-f93.law15.hotmail.com:80/ redirects to http://windowsupdate.microsoft.com/.