Slashdot Mirror
Evaluating Windows XP Service Pack 2 RC2
dncsky1530 writes "Information Week has a good evaluation of Windows XP SP2, excerpt: "The code for release candidate 2 finally looks like a real release candidate. And sure enough, it will help you big-time with security. But what sorts of headaches will the eventual final version mean for IT shops? We'll take it piece by piece... Remember when Microsoft said service packs wouldn't deliver any new functionality? That lasted for about six months back in 1997. Windows XP Service Pack 2 is jammed-packed with both invisible and visible improvements to Windows XP. The biggest boon is that the free update, which will probably ship some time in September, does in fact make Windows XP far more secure""
But there's been quite a bit of reporting that there will be compatibility problems because of the security enhancements. Nonetheless, I'm looking forward to spending less time cleaning up spyware infections on relatives' machines.
Mainstream Web sites that employ unsigned ActiveX applets, downloads, pop-up windows, browser helper objects, and other code- or scripting-based functions may encounter difficulty with SP2 version IE 6. Most of these activities are prevented by default, and until thousands of Web sites and Web-based applications are upgraded to more gracefully deal with the new IE's many security precautions, a lot of Web stuff is going to be broken--or, at least, temporarily halted.
While a lot of people here are going to say, "wow, everyone is going to go to Mozilla/FireFox." I have serious doubts that we will see that. All we are going to see is a bunch of broken websites and people complaining. The solution is going to be to turn off the default security options and go back to browsing like they did before.
Microsoft just isn't that interested in upgrading Internet Explorer's feature set. As a result, it's unlikely we'll see tabbed browsing before Longhorn, and it's not even guaranteed for that release. No wonder so many people are jumping ship for Mozilla Firefox and Opera.
Nah, I really doubt that the single reason people are moving to Mozilla FF and Opera are for tabbed browsing. I surf daily and probably at greater lengths than the average person and I don't find tabbed browsing to be my #1 concern.
I found it particularly interesting that the "Windows Security Center (WSC)" didn't detect NAV or ZA for virus or firewall... While they assured the author that they would be detected by the time that XP SP2 comes out I just have to wonder why MS would force them to rewrite their software to work w/WSC. If MS was so concerned w/third parties being able to protect Windows users you would think that they would work with the companies to get it to work, not the other way around.
Microsoft also is working on the 5.0 version of Windows Update, its Windows-updating Web site, which handles a lot more than just critical updates. It's primarily a user-interface update, but one of the underlying improvements is that you'll no longer be required to restart your computer so often after applying updates.
Honestly, most of my most recent XP updates have been installed without a restart. It's really not a huge deal to *ME* and I am sure it's not a huge deal to most other non-technical users as they probably restart their computer almost daily because of various unknown reasons.
All in all, I look forward to it but I wonder how many will install it. Will it make a difference when it comes out? Will 100% of the XP users out there upgrade and stop the vunerabilities from spreading? I doubt it. We are going to suffer through this same shit because Windows users aren't the smartest bunch out there.
So are we now supposed to congratulate the wealthiest company ever for doing what it should have been doing far better for a while longer and a lot cheaper?
its great that microsoft is trying to make windows more secure... but that's what they've been trying to do for a while, and it seems like a new exploit comes out every day that will allow people to do nasty things to your computer... although this is a step in the right direction, how many steps in the right direction does windows need to become reasonably secure? but don't get me wrong, I think it's great that they are trying to improve their security, and I commend them for at least putting in the effort, I am just wondering whether or not it will be enough... just my two cents
Alas, I'll install this on my little test network before rolling it out throughout the hospital. I gotta feeling that this update is not going to be quite as smooth as the recent few.
Am I the only one that has a little series of computers that I roll out updates before I roll them out enterprise-wide? I know some people have a test system... but for my network (and the sake of the hospital's uptime) I have a small testing network.
I must check for companies that are now posting jobs asking for two years experience in WinXP SP 2. (It goes nicely with the five years .NET experience.)
You actually worry about cleaning it? I just recommend reformatting :p. It's got 2 big advantages:
:).
1) It's easier to do (even if it takes longer there's no guesswork/trudging through the registery)
2) It tends to be such a big deal for the relative (backing up etc) that I tend to get asked less
Then again, doesn't Adaware do a good enough job as it is?
My problem with this is that it didn't ask me to autheticate IE, or other MSFT services. While I agree that this is better for Joe User, and does indeed make the average computer *somewhat* less vulnerable to becoming zombies I actually think that overall it compromises security, because it has the idea of "pre-trusted" programs. So now all a malware has to do to succeed is become trusted, and then it's BEYOND reproof? I'm not sure that that is exactly how this new system works, but more than anything I'm disputing the notion that this is a panacea.
I'm also concerned about companies that make firewall type products. Are they done? Is MSFT going to claim to have all that functionality in the OS? A FALSE sense of security is worse than being unsure. I'd rather people lock down their machines themselves rather than assuming that MSFT has done it for them.
Still, I do think that this is better than nothing.
Nothing great was ever achieved without enthusiasm
This is only good for those with broadband. No one on a modem is going to download this. Service packs are great until you factor in the time to download and install. People who were too lazy to update once a week aren't going to install this service pack for the same reason. Windows, if you patch and use antivirus and a hardware firewall, can be pretty stable and secure. However, without all that you're asking for trouble. I still think the majority of problems stem from ignorant users, not the horribly evil company itself. And why do they charge for mailing these service pack CDs? If you paid $300 retail or even the $40 or so from an oem, you should be entitled to a free update CD with no shipping cost. If AOL can afford to send out millions of those discs, Microsoft can do the same. Hell, they already do it for MSN.
All in all, I look forward to it but I wonder how many will install it. Will it make a difference when it comes out?
Corporate users, at the very least, will install it in droves. The article author said it himself: for businesses, the decision of whether or not to install it "should be a no-brainer":
No matter how annoying or substantively lacking in any real advantage other than increased security, there should be no debate in business or home circles about whether this one should be installed. Just do it. We have enough computer security problems without people getting stubborn about whether this upgrade takes away some of their computer liberties. It really doesn't.
The coolest voice ever.
I do all development and most of my day to day work on linux, I play games on my windows laptop just so all you flamers know I do use both.
Anyway is linux or mozilla more secure? YES.
Why is it more secure? Open Source means better peer review.
Are the "margins" of security between windows and linux really so large? I would have to say NO.
Why you say? The machines being hacked and sending out 80% of the spam in the world are home machines, Why? In general the average user fails to keep there machine up to date, opens up email attachments, or does some other stupid action that causes there pc to get infected. This makes home machines open to direct attack. If a majority of the home machines where linux then you would hear more about linux worms and viruses.
Now due to the way linux is they may not be as bad, patches may be releases faster but with the worlds virus and script kiddies focusing on linux instead of windows there would be problems.
Linux users try to place themselves in such high praise, But they can't, You can't praise yourself until you have truly been subject to the same level of attack and focus as windows.
Personal Website
Oh well. It's a step in the right direction. These rollouts are planned and hardening XP, and protecting the vast majority of n00bs around the world. Outlook express attachment management, ActiveX control panel, etc.
For people crying about enterprise application dependancy, etc.. Piss off, you get paid to work out these bugs. If you're going to cry every single time you've had a "problem" at work, give your job to Kumar or Arvin. I'm sure they'll be more than happy to do your job, at half the price.
You are not the only one with a test network. I once updated my system and then the enterpriseware suddenly quit working. On all the production systems. Boss was angry. I spent the whole night regressing the software until I realized that the software was incompatible with the ICF in WinXP. I announced that to the company's CS and they updated their website Knowledge Base with that tidbit.
From then on, I ran all upgrades through a three system network with one masquerading as the "server". In addition to software status, all configuration data is recorded as well. I wonder if I'm violating my licensing agreement this way. Oh, well.
A NYC lawyer blogs. http://www.chuangblog.com/
Three things strike me about the release:
1. The firewall's on by default. This is a huge shift for Microsoft and I am glad to see it happen. This alone will stop a ton of worm infections.
2. Browser security. From what I can tell, these enhancements are going to go a long way toward stopping the problems that CERT and everyone have been complaining about.
3. Email security. OE is getting hardened in a way similar to IE, and this also is a very much welcomed move.
Between worm propogation and the two most common ways for a user to infect themselves, if they were to even modestly improve in all three of these areas it would make a significant impact on the security posture of people running the update.
I applaud them in advance for even trying.
dmiessler.com -- grep understanding knowledge
If you paid $300 retail or even the $40 or so from an oem, you should be entitled to a free update CD with no shipping cost.
The AOL CD stays pretty much the same over a few months. The WindowsUpdate CD, as well all know, changes quite frequently. You can't ship out stale CDs, as that would be irresponsible to a point that even MS won't do it.
And they have to press the CDs, too, since CD-Rs just don't last that long. Hmm.... All those pressings, must cost a lot of money. And what about those schmoes who never bought XP but run it? How do you verify without pissing off the real users? And what they one guy asks for ten CDs?
Yes. Just charge for them and skip all these headaches.
A NYC lawyer blogs. http://www.chuangblog.com/
It's a whole new operating system, for 99% of people the windows experience will be harder, faster, better etc.
There have been ongoing issues with corporate, XP server users tho, will installing this hose my application?
I always wondered if SERVICEPACKS should be called as PATCHES or BUGFIXES.SERVICEPACK is way too polished.
fifteen jugglers, five believers
Is that -with an illegal key that worked for sp1- it disallowes you after install to go to the winupdate site to get updates.
Sure, you have SP2, but that's about all you'll get. I know a lot of people with this type of install, let's hope they release a crack real soon.
Bah,
peer review has little to do with linux's (almost)top notch security.
Of course it helps, but its the fact that linux is built by geeks and for geeks, therefore, the average linux user can handle a higher level of complexity.
by making it more complex, you enable the system for a higher level of security as well.
The problem of windows is that MS wants to make it so simple that they can't control everything. A simple gui and cute buttons will never cut it for an impenetrable system (if there's such a thing).
Windows XP is meant for granny, daddy, mommy and their kiddies at home, those who have pic-nic on sundays, eat food that is comprised of something else than two buns and ground beef.
But you have a point, linux is known as more secure because it does not receive nearly as much attacks as windows does.
But linux *is* more secure than windows anyway, if it was to receive as much threats as windows, i just know it would react better because linux requires security and password everywhere. Even the way the hard drive works is more secure.
I've played with linux (mandrake, suse & gentoo) and some of them of actually quite nice.
and they prove my point, Suse & Mandrake are somewhat wanna-be windows and it shows! they're so insecure that they're just as dangerous as windows.
Gentoo on the other hand is good.
I'm not a very knowledgeable with linux, this is what I was able to understand from what I read on the web and also from what I tried while messing with the three.
so in the end, you are right, in saying that windows is more insecure because it receives more attacks but what makes it insecure first and foremost is its internal structure, its cute GUI and simplicity. its so simple that you can't control everything.
SuSE and mandrake have the same problem, they're on a linux platform alright but because they're too simple, they're just as insecure but giving too easily root access.
If you look like your passport photo, you're too ill to travel. - Will Kommen
is that it sucks. majorly.
I'm not a Windows user, so I have no idea WHY the windows users don't like it, but they don't. They absolutely hate it, and because of this, they make sure they tell everyone around that it's awful, and not to install it.
If this same reaction is happening in other places, I doubt that many people will install it.
Heh, at a certain point he just had to say it:
"You may snicker and say, well, they had to do it, right? But while you may have long since decided that Windows isn't very well engineered, I would have to disagree with you on that point. Windows is simply the only seriously interesting target for hackers, virus and word authors, and spammers."
Well, the guys at theregister.co.uk don't seem to agree with him on this...
Oh, well, maybe it's because of this:
"Scot Finnie is Editor, the Pipelines and TechWeb, as well as the author of Scot's Newsletter and previously an editor with Windows Magazine, ZDNet, and PC/Computing. He has been writing about Windows and other operating systems for two decades."
So "Fucking Windows" will be worse with SP2's security fixes, and interface tweaking?
Oh, and to turn off Thumbnails, choose View>Details or View> Something Other Then Thumbnails.
Any other display questions?
like any big IT shop is running XP on the desktop. Our big IT shop (8000+) is still finishing up 2k.
...if this were a new OS rather than service pack.
It's great for those who are smart enough to get the service pack. The key concern is the people who wouldn't install it, because they aren't likely to have any security aspects implimented in the first place.
I've been playing with XP SP2 since RC1, and am currently trying RC2. My main interest in the included Blueetooth support: I can run bluetooth using the supplied software from my dongle, but I don't think it is very "polished". And having Bluetooth support provided by the OS maker, I expect to have better, more integrated, support, like the one provided by Apple.
I have a Keyspan BT-2A dongle and it would only work with the supplied drivers. Installed SP2 over it and it still uses the original drivers. Removed the shipped drivers, reinstalled SP2 and still no MS bluetooth support.
Is there anyway to force its installation? I read somewhere that you could manually do it after installation of the service pack. Also, which dongles are supported?
MicroSoft has plans for a subscription-based
security update CD (should be security update
DVD IMO). Shortly after I received my free
M$ security CD this spring, I was sent a poll
to fill out. The jist of the poll was to
determine reaction to Micro$oft's going to
a subscription-based security product.
The security CD was at least 3 months out of
date for security patches, and I don't think
the M$ can really do any better than that.
Bottom line is that if you don't have Broadband,
and will be relying upon M$ security CDs for
your updates, you WILL be vulnerable to what
ever nasty exloits have been discovered for
those 3 months.
The same browser that is used to access internal (intranet) web applications, is used to access the Internet. Now imagine the conflict.
Your question should be answered here: Windows XP Service Pack 2: A Developer's View.
isn't that about all conversations in the world are started ?
:)
:
aka petty talk ?
You're guessing right, yet, you fall in your own trap for your post is also a generalization
- doesn't bring anything new/fresh
- merely remind of what we already know
- opens the way for more discussion
hehe, we're in the infite loop of human interaction, that's just the nature of things
If you look like your passport photo, you're too ill to travel. - Will Kommen
I was recently given a buget to buy a windows box to primarily run windows office pro. I choose win xp pro as the os. Having started on pcs in '83 I'm inured to cracking open the case on a new pc and adding hardware or simply solving minor hardware problems. But with this new pc there was no immediate reason to open the case. I installed win xp and the Symantec anti virus and firewall offline then went online to update. The point being made is the box has been problem free, everything works as it's supposed to and for the first time I have a computer that is an appliance, something to be taken for granted. I've used Linux since Mandrake 6 and am an OSS advocate but I think it's time the Open Source community took note of the advances MS has made and with the advances in security Windows may well have made good on their promise to deliver a secure stable platform. The one drawback I found is IE which doesn't compare with Mozzilla. Just my .02 cents.
"Academicians are more likely to share each other's toothbrush than each other's nomenclature."
Cohen
A firewall that turns itself on without asking me and being forced to install patches prior to shutting down my computer. Smells like Microsoft to me.
who are those slashdot people? they swept over like Mongol-Tartars.
I've read that document. It doesn't address file mappings. It only discusses code stored in memory allocated using VirtualAlloc, which is useless to me.
I don't know if you work in Corporate IT but I have heard here (and in my own personal experience) that Corporate users don't like upgrades.
As a matter of fact, I do work in corporate IT--I'm a sysadmin for a large telco. We dislike having to do upgrades, but we will do them, because we would rather disrupt operations for a little while rather than risk a longer disruption later down the road because we were obstinate about installing something.
The coolest voice ever.
Et cetera.
If this wasn't an anti-Windows rant it would be modded as an obvious troll by now.
To have a right to do a thing is not at all the same as to be right in doing it
...wether popup ads from MSN will be blocked or not (not that I go there, or anything).
Will RC2 finally grant the ability for IE users to deny any ActiveX control signed with a certain certificate? It would be nice to be able to check "Never trust content from TheSpywareVendorFormerlyKnownAsGator." It's only fair, since the option to "always trust" is already there.
No need for "easily-swallowable" ("easy to swallow" maybe?) generalizations when the article's author provides first-hand analysis. My favourite:
"There are also some advantages of a firewall onboard. Windows Firewall offers solid basic protection; it's better than ICF (Internet Connection Firewall, the utility it replaces), and it's a lot better than nothing."
Windows. Better than Nothing.
I downloaded 240MBs three times, each time with errors. Finally I was told during the install that because my machine was dual-booting with SuSE Linuux, I could not install SP2.
I formatted the machine and have been windows free for a week.
There is a very important change to version five of Windows update. If you have a corporate product key it compares it to Microsoft's list of keys that have been sold. It won't let you update without a valid key. It makes the key generator worthless, and will create a black market in legitimate corporate keys.
The service pack itself doesn't seem to care, and there will still be other methods like Windows update catalog, but they are closing the big loophole.
Havoc Penington, the bane of my Linux desktop.
If knowing stuff like that is required to "secure" a Windoze box, you can imagine why it's impossible for the average user to do.
Compare to Gaurddog. It has a fine icon based GUI to manipulate IPTables. The GUI is well organized with a clear category based tree of services and even little icons. With programs like that, it's easy to turn on and off the services you want.
Friends don't help friends install M$ junk.
You know, I was fully enjoying reading this, that is, until this little tidbit came along:
But while you may have long since decided that Windows isn't very well engineered, I would have to disagree with you on that point. Windows is simply the only seriously interesting target for hackers, virus and word authors, and spammers.
I view that as one of the most uneducated opinions you can have in the IT world today. Though, I will finish reading this.
-- Note: If you don't agree with me, don't bother replying. I won't read it.
I ask this really simple question, Ma or Pa sees a pop-up that says 'this' program would like to access the internet, allow or deny. How many people are just going to say Allow to be done with the dialog. I have put a firewall on my XP box, for my neice, and she got sick and tired of all the pop-ups that came up, I got tired of always going over and looking to see if they were ok, In the 3 weeks of running the firewall, I never saw anything that was bad, I removed it. I bet most people will do the same thing. Now before anyone says anything, I am very strict on the XP box, no email, and I am behind a hardware firewall and with the latest monster hole I.E. is now replaced with FireFox. So I know I am a little safer. Also the trojen writers will just get better at naming their programs so the firewalls show some program that the user expects to access the internet. I mean they just could change the process table to always say I.E. So I think most people will turn off the firewall within 2 months. I don't think Microsoft turning on the firewall an hoping that will help stop the spread of viruses, tojens and other nasty things are going to help. To me they have a very bad security model in their product and I don't believe they can fix them without breaking most of the applications out there. They have invented a OS that is designed around one application (Virus) gaining control of another application and modifying it.
"... it's just like in the army, you know: the great prince issues commands, founds states, invests families with fiefs. Inferior people should not be employed."
-- Nick Danger, 3rd Eye
Yeah, right.
Spyware to me is no big deal thanks to two great and free tools. 1. Spywareblaster 2. Spybot Spywareblaster blocks spyware from ever being installed, spybot mops up anything left behind. I've been 100% spyware free for months thanks to this couple.
2. v5.windowsupdate.microsoft.com is the new windows update and i personally think it sucks. You have to have two services running (Automatic Updates & Background Intelligent Transfer Service) which i had turned off as unnecessary. Oh and Automatic Updates doesn't just need to be running, it needs to be set to Automatic, you can't just turn it on and off manually. My biggest problem is that they don't show you what you're installing by default! They hide it away behind small print that says "Details" with an inverted ^ to its left. Right below that is a nice wide button that says "download and install now". v5 looks prettier, but once again, MS is trying to hide the details away from you. Under v4 i have 13 not-so-critical updates that aren't installed because i bothered to browse through and see what i was getting into.
but thats all just me
[Fuck Beta]
o0t!
Who you kiddin.....???
The only thing that will ever help you bigtime
with security on a dozbox is fdisk/format lol !!
Windows. Better than nothing
I'll take nothing.....
I'm one of a handful of people in my company who are even aware of OSS, Linux, and the like. My boss (System Administrator of my building) is afraid of anything that doesn't have Bill's seal of approval. But when my boss saw how much more efficiently I could research something on the web using tabbed browsing, and the built-in (customizable) search bar, he did a double-take. He installed it and started using it about 25% of the time. After the CERT warning came out, he dumped IE and issued a warning to the building that they need to be using Opera, Firefox or similar non-MS browser.
Linux. Better than Nothing.
In addition to the issues already raised by other posters, there is another problem that the article does allude to but doesn't explain: The firewall keeps turning itself on!
I have run SP2 since the first release candidate. I don't use the windows firewall since I already have hardware + software firewalls. XP SP2 detects the software firewall correctly (mcafee). But at least once every other day Windows turns on the damn XP SP2 firewall. It's a pain in the ass and the real problem is that you don't know it's on. You only realize it's turned itself back on when it announces that it has blocked a connection.
Does anyone know yet what the official final stance is on pirated copies and their updateability?
I'd originally heard that in the interests of security, MS was going to allow illegal copies to be updated, so that there would be fewer Sassers etc out there.
However, more recently, I've heard ruminations that this was not the case, and they would block pirated copies. Does anyone have a definative answer (preferably with link, and even more preferably with a microsoft.com, straight-from-the-horse's-mouth link)?
"Reality is merely an illusion, albeit a very persistent one " -Albert Einstein
You're making a tired argument and using jargon like "FUD" doesn't make you any more right.
Windows 2003 and IIS 6 are fundamentally far more secure than their open source counterparts. They were designed by professionals being paid to make good software, not by amateur hobbyists.
Repeat after me, "I WILL NOT TRUST MS SOFTWARE FOR SECURITY."
Now go and keep your 3rd party hardware firewall + 3rd party software firewall (on EVERY box, of course) up and running.
HARDWARE:
- Cheap Linksys box: Ugg but better than nothing.
- Cheap Netgear box: Better.
- Expensive Nethear box: Very nice IMO, around $300 USD with 802.11g too.
- *BSD Box you build yourself: Awesome, but too geeky, if you have life+job and want somehting to plug in and forget, buy a firewall appliance.
- Very Expensive Cisco/Bay Networks: The one you stole from the NOC on your last job as any good BOFH would do: Best.
SOFTWARE
-Free Zone Alarm: Ugg but better than nothing.
-Sygate Personal Firewall Pro: VERY VERY nice IMO around $50
- *BSD/*nix s/w: Aso very geeky, better know your shit or else. Stick with vendor stuff to mostly install and forget.
The Mongrel Dogs Who Teach
that was in 1992
I COULD NEVER HAVE FOUND IT ON MY OWN BECUZ3 I'M FROM AOL AND I NEED MY FELLOW M0R0NS TO HELP ME.
Hello, I'm little Ricky's dad. I'll be spanking him for his rudeness shortly. I think it is sweet that you bothered to put in a link to the home page for Information Week. I'm sure it'll be clicked constantly by appreciative readers of this publication, at least 15 year olds like my Ricky who, frankly, would probably have much better socialization skills if he didn't constantly play D&D^H^H^Hvideo games^H^H^H^H^H^H^H^H^H^H^Hcomputer games.
Maybe I'm just a little bit paranoic, but... isn't all this a little bit too ``intrusive''?
...etc. Thank you Bill&Steve for delivering us a lot of new ways to send a Windows machine down the malware's privy.
I mean, that ``me windows, me download, me install''...
In short time we'll start to read strange messages from a infamous clip saying: ``who's your daddy?'' and ``my name's bredd, and i'm the law'' and windows will also tell you where you want to go today, tomorrow and all the other days of the week (including holidays).
Period.
A more serious note: WCS (or how it's called) isn't Yet Another Way to tie software makers to Microsoft? Companies will surely need a certificate from Redmond for their app if they want to be listed (or else, we would find ``p0rn critical updates'' there in no time). Does this brings in some more non-clear, non-disclosure, expensive and absurd agreements for developers?
And... do they really think all this will help security??? More features means more ways to hijack something, haven't they learnt? So now they should worry about worms that affect Internet Explorer AND that stupid security center AND their firewall AND
----
In the end: Call me stupid, but I won't get back from my tux world.
42.
I don't know about you but how does being a serious target for hackers, virus and word authors justify it as being "well engineered"? I would have thought that classified it as being poorly engineered??
It said "windows 98 or better" so I installed Linux
Now Joe Average has to download endless service packs, update his virus checker & scan his machine for worms & virii on a regular basis, run and configure a firewall, use a spam filter & run a spyware checker... when he's done all this, he can finally type his letter or play his game!
Are these the same people that say "Linux is too difficult to use" when all I do is keep an eye on logfiles, install the occasional security update and make sure I understand what access points there are into my systems?
Gentoo Linux - another day, another USE flag.
I'm surprised no one in this thread is talking about beta testing this on their network. I'm currently doing tests at my work, so that when SP2 does come out, we can do a 0-day rollout. This is a release candidate, meaning that if it's good, there won't be any changes.
For the vast majority of users, I don't think XP firewall is going to help. These are the same users how have 3000 adware/spyware items (my sister's record) on their machines. If they click yes to spyware/adware pop-ups, they'll probably just click allow on the dialogue boxes for XP firewall.
While a built-in firewall isn't a bad idea, it requires user education in order to be at all effective.
-- Political fascism requires a Fuhrer.
Gosh, you mean that Microsoft's past is no indicator of current or future offerings? You are right about reading the article though. When we do, we see each of your points proved in detail. I'll take the trouble to pick through the five individual advert burdened pages for you. Let's watch!
Looks like more of the same from M$ to me. More heartache with no real result or benefit for the end user.
Friends don't help friends install M$ junk.
FTA >>"For my money, either ZoneAlarm 4.5 or 5.0 Pro or Symantec's Personal Firewall 2004 would be better bets for protecting road warriors out in the wild. On the other hand, Windows Firewall is about to be onboard, and you already paid for it."
This is why Microsoft kills competition with bundling. In this case, though, its damned if you do don't.
Is the juice worth the sqeeze?
This may be slightly different from what everyone else posts about the evaluation, but the first thing that really made an impression on me was the author's direct observation of Microsoft's anti-competitive lock-in strategy:
"For my money, either ZoneAlarm 4.5 or 5.0 Pro or Symantec's Personal Firewall 2004 would be better bets for protecting road warriors out in the wild. On the other hand, Windows Firewall is about to be onboard, and you already paid for it."
Is Microsoft going to start muscling out the other security vendors like it did Netscape?
+++ATHZ 99:5:80
Sure, and Apache has a greater "marketshare" as far as servers go. Yet with IIS, Microsoft's "Enterprise" pride and joy, we still see thousands of well maintained machines hacked in a way that screws the end user. Apache is subject to the same kinds of attacks, but does much better.
That's why Apache is winning. In the no BS world of real business, where losers go broke, free software rocks. All praise to free software is earned.
Friends don't help friends install M$ junk.
I think it's funny how Microsoft have managed to steal into another market, the firewall market, with no complaints. Yes, their firewall may be poor compared to others, but how many people will continue to use it, rather than buy or download another one because they don't need to? I fear another war coming on - the firewall war! If not, why not?!
All those people who b__ch and moan about getting Grandmother to use Linux must really love this one
"One of the best new features of SP2's Internet Explorer is the Add-On Manager, available from the Internet Control Panel's Programs tab. It gives you a way to enable, disable, and configure ActiveX controls, browser help objects, and browser extensions. The primary purpose of this tool is to provide a user interface for controlling things that have already been added to your Internet Explorer installation. When, for example, you have already said yes to an ActiveX program Information Bar query and later decide you don't want that program on your computer, the Add-On Manager is the tool that solves that problem."
Yeah... Grandma's gonna be thrilled to keep track of unsigned ActiveX controls, browser help objects, and browser extensions. I can see this being turned into an "ACCEPT ALL" policy real quick.
+++ATHZ 99:5:80
Aha. Thank you. That page has been updated since I last looked (about 2 weeks ago).
That, in its current state, Service Pack 2 means a quite hard performance hit for City of Heroes. No SP2 for this baby until they fix that.
---- Take the Space Quiz!
Do any of these mean anything to you?
blaster, sasser, welchia, nachi etc etc etc.
The firewall will indeed be very helpful to prevent attacks. Out of all the big security problems we've heard about in the last year or so, how many were RPC exploits that would have been prevented if people had firewalls? I know I didn't get any of those worms, and I often don't install the patches until I'm sure they don't cause problems and I'm ready to reboot.
(Except when I'm at school, since all you need is one schmuck who goes home for the weekend, infects his laptop, and BAM infects half of resnet which happened with every one of the above)
From a design standpoint this is just flat-out stupid:
It's designed to check whether an antivirus program is installed, whether that program is running, and whether it's updated with the latest antivirus definitions. When any of the security checks for antivirus, firewall, or critical Windows updates aren't met, Windows Security Center alerts you with system tray pop-up notifications that open the large WSC Control Panel
How long before proper functionality with a core OS component is leveraged against vendors? From a business standpoint it's pretty shrewd. But from the OS design standpoint it's flat out stupid. The OS provides a platform for userspace apps. The OS is not supposed to wrap around userspace apps.
"You don't have MS approved anti-virus checker installed. Please enter a credit card number for the $129.95 fee, the #39.95 yearly maintenance agreement, or we will disable your Windows update key within 2 days."
+++ATHZ 99:5:80
I decided to try out SP2 RC2 on my computer, boy... was that a mistake
Here's the hardware i have to give u a heads up... AMD 3200+, DFI NFII Ultra Infinity Motherboard (nForce 2 chipset) nVidia FX 5700, 1GB RAM, DVD+-RW, and 2 hard drives....
Here's what happened...
After removing SP2 RC2... everything works fine....
DarkMantle I been bored, so I started a blog.
is that it's t3h suck5!
"Not to mention all the idiots who use words like boxen."
Anonymous Coward on Monday August 04, @06:49PM
My biggest problem with SP2 is that it is incompatible with the Cisco VPN Client. I need to use that to work from home or the road, and as such it was impossible for me to do work when I installed SP2RC1. Until Microsoft and Cisco work that out, I don't think many of the laptops and tablets at my workplace will get this update.
Lack of eloquence does not denote lack of intelligence, though they often coincide.
Linux...
Microsoft, ever sensitive to the concerns of the average consumer, has created a revolutionary, multi-patened technology to rectify just this very issue. With the new Microsoft "Leave It On OverNight" (LION)TM software, you can now install updates while you sleep. This groundbreaking software will revolutionize software will be installed in the future.
Ahem.
Back to your regularly scheduled programming.
And can I get some good mods, for once? It's insightful AND funny. Insightful AND funny. Look at my mod history, for Christ's sake.
A NYC lawyer blogs. http://www.chuangblog.com/
I think that's the only way we can start to generate some user-awareness to spyware. Every time a site tries to install any software or run a script with any elevated priveleges, the screen should go absolutely blank and stall for 2 seconds, then flash a giant VIRUS WARNING message in blinking red text, and sound a klaxon on the speakers. Then the "do you want to install?" message should appear in a size 6 font, followed by two buttons: A 5x5 pixel dark-gray (remember, the background is black) button for "Yes", and a 200x200 green button for "Yes". And maybe then people will hesitate to install spyware. I don't know how much good that will do either.
If it weren't for fog, the world would run at a really crappy framerate.
I've not seen it mentioned anywhere, so maybe it's just a drive incompatibility issue, but when I installed SP2 RC1, I could no longer play DVDs - I would receive an error telling me that the TV OUT on my card must be disabled first.
I rolled back to SP1 and bingo, everything would play fine again.
Spyware will have no problem with the outbound access on the new firewall. Before you try to send outbound traffic on a Windows XP SP2 installation, just run this command: "netsh firewall set allowedprogram program = c:\%programname% name = %friendlyname% mode = ENABLE scope = ALL profile = ALL" and the firewall will let your app access the internet as easily as pre-SP2 firewall.
Pubcrawler.ca
.
SP2 sounds like a good thing for Linux. With Linux I don't have to worry about spyware, or crap. Ahh.... :) Linux is catching on big time with the college crowd and SP2 might give it a big boost.
I mean, "OK" "Cancel?" What does that mean? Give the dialog boxes informative *buttons* "Save" and "Don't Save" come to mind. Usually I can accurately discover what the entire dialog box is about just by reading the buttons.
"True dat with a wiffle ball bat." -- kabrakan
I see nothing special in SP2 really. The firewall is a little better maybe, and IE has a popup blocker.
The rest is Social Engineering. Basically, they've changed around a lot of dialogue boxes and made it more difficult for people to ignore updating their systems.
I don't know how much this is actually going to help anything - we'll see.
- It's not the Macs I hate. It's Digg users. -
If you want to use a hardware firewall with dialup, expect to spend at least $300, $200 for a hardware firewall with a serial port, and $100 for an external modem. Using an old 486 with the hard drive set to spin down after say, 3 minutes of no activity is much cheaper (don't use a monitor, and remove all unnecessary cards like video and sound cards to save on power).
The only app I can think of that does that is IE. Why would you be using IE anyway?
Every other application flashes the taskbar. This has been the default behavior since Windows 98. If your app is forcing itself to the top somehow, blame it on the application developer.
You also can't forget that once SP2 is released, any new machines people buy will have Windows XP SP2 already installed.
MSDN has always allowed you to order a CD with SP2 on it. Or, you could easily get a friend to do it for you, or find a university. It's not like there aren't ways. I'm on dialup and have installed every XP update without problems.
At the end of it this statement is made.
"Finally, Microsoft is throwing updates for a series of its products and platforms, including DirectX 9.0b, Windows Media Player 9, Windows XP Media Edition 2004, and Windows XP Tablet PC Edition 2004 into Windows XP Service Pack 2. This is just a case of Microsoft taking advantage of an opportunity to widely distribute some recent changes to satellite applications. Most of the updates have little to do with security."
So all the non-critical crap I've avoided downloading up until now is going to be forced upon me irregardless of whether I want it or not.
Enhanced DRM (yippeeee), DirectX updates that break older games, and all that other crap I don't want or have previously manually ripped out of the system.
Probably because the built-in CD burning is pretty crappy, and tended to conflict (or at least did on initial release, I imagine they must have had to fix these issues by now) with the Roxio retail software, because they were based on the same (but slightly tweaked) engine. You know, sometimes it really is better to not have something than have something crappy. That said, I use Nero for all my Windows-based burning needs.
IT's only in Beta, so be warned. Don't upgrade a critical machine. http://v5.windowsupdate.microsoft.com/ to upgrade a windows box (remember to go there in IE)
Nothing great was ever achieved without enthusiasm
I've been on the web since 1995. I switch my browser whenever I feel it's necessary. IE is still working fine for me at the moment, and Firefox does nothing to pull me over yet.
Also, if Firefox *IS* "ready for everyone", why haven't the developers gone and called it "1.0" yet? I do recall them calling their releases "preview releases".
Does it make you happy you're so strange?
I'm gonna trust something that says "February 2004", "Updated Date: April 16, 2004", and "through October 2003" within four lines of each other.
Incidentally, this page has been fucked for some time. If Microsoft gave a rat's ass, you wouldn't see things like this crap.
I'm not saying the CD is totally useless - I'm saying the end user has NO WAY of knowing what they are getting.
You never see any bad traffic, because you have a firewall already - others aren't so fortunate.
smash.
I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
I think it is kind of a good thing, it is making inroads for .
.
.
.
.
.
.
.
.
.
.
open source products by showing all the preplanned back doors
into the OS that are wide open
Bill meant it to be used for businesses to track customers, etc etc
Motivation being greed, but it has been perverted like alot of
other back doors and has become an anethma
Talk about shooting yourself in the foot
My standard practice is now, to remove all I can with Adaware,
Spybot, and manually removal
reboot, go another round with it
After google searches, registry searches, and looking at active
processes and using a live registry trace tool, I get it all
removed EVENTUALLY
It does take longer on some machines than a reinstall which is sad.
After I do all of this I essentially remove EVERY like to IE and
tie all automatic browsers launches to Mozilla
Then I tell them to never ever use IE again as long as they live
After the hours of weeding thru the muck they respect my wishes
M$ has shot itself on the foot with all these spyware/malware/adware
back door holes and all they are doing is promoting open source
God Bless Them !!! LOL
Peace,
Ex-MislTech
google "32 trillion offshore needs IRS attention"
If you have to type a password, what stops it from waiting until you type it for another program, sniffing it, then typing it in automatically when it tries to run?
A program should not be able to do ANYTHING before the installation process is invoked by the user. So if spyware can keystroke log BEFORE the actual install process can be taken place, then obviously there is an issue with the OS to even alow that to happen with (durring the time) an unknown process/program.
Life is not for the lazy.
I can answer those. I do turn off the dog using TweakUI, and I turn off CD burning as well, using gpedit.msc (you gotta admit the CD burning is superflous and pretty poor). You cannot turn off thumbnails (unlike in 2000 where you can unregister the thumbnail dll to prevent them showing at all). Inevitably XP will forget your folder view settings at some stage, plus I use samba which doesn't deal too well with Thumbs.db.
Et cetera. XP sucks and SP2 is the catalyst to go.