Slashdot Mirror
Evaluating Windows XP Service Pack 2 RC2
dncsky1530 writes "Information Week has a good evaluation of Windows XP SP2, excerpt: "The code for release candidate 2 finally looks like a real release candidate. And sure enough, it will help you big-time with security. But what sorts of headaches will the eventual final version mean for IT shops? We'll take it piece by piece... Remember when Microsoft said service packs wouldn't deliver any new functionality? That lasted for about six months back in 1997. Windows XP Service Pack 2 is jammed-packed with both invisible and visible improvements to Windows XP. The biggest boon is that the free update, which will probably ship some time in September, does in fact make Windows XP far more secure""
But there's been quite a bit of reporting that there will be compatibility problems because of the security enhancements. Nonetheless, I'm looking forward to spending less time cleaning up spyware infections on relatives' machines.
So are we now supposed to congratulate the wealthiest company ever for doing what it should have been doing far better for a while longer and a lot cheaper?
Alas, I'll install this on my little test network before rolling it out throughout the hospital. I gotta feeling that this update is not going to be quite as smooth as the recent few.
Am I the only one that has a little series of computers that I roll out updates before I roll them out enterprise-wide? I know some people have a test system... but for my network (and the sake of the hospital's uptime) I have a small testing network.
Those non-technical users probably hang out in an office between 9-5 and when the non-non-technical people there have to reboot, it means a call to the missus "I'll be home late tonight, gotta wait till the last person leaves and cheak this thing comes back up".
That's how it is. In my last job we used NetWare and Solaris - it wasn't like that then..*sigh*. 9 years of bliss.
Only big ligs use sigs.
Happily however, windows XP searches for and installs the latest updates without any user input whatsoever, a situation I agree with completely.I know that most home users will rarely go into control panel and almost never run windows update. I don't expect them too, neither does MS.However, I'm not sure if automatic updating applies to service packs. I sure hope it does.
Your right about the websites though. If the SP 'breaks' web sites, people will turn the security off. I've also seen people who've tried firefox recently, go back to IE as javascript,PDF and flash either don't work or don't work 'properly'. They liked tabbed browsing, but that wasn't enough to wean them off IE's integrated plugins unfortunatly. Couldn't mozilla offer a complete install with all the plugins as standard?
May the Maths Be with you!
My problem with this is that it didn't ask me to autheticate IE, or other MSFT services. While I agree that this is better for Joe User, and does indeed make the average computer *somewhat* less vulnerable to becoming zombies I actually think that overall it compromises security, because it has the idea of "pre-trusted" programs. So now all a malware has to do to succeed is become trusted, and then it's BEYOND reproof? I'm not sure that that is exactly how this new system works, but more than anything I'm disputing the notion that this is a panacea.
I'm also concerned about companies that make firewall type products. Are they done? Is MSFT going to claim to have all that functionality in the OS? A FALSE sense of security is worse than being unsure. I'd rather people lock down their machines themselves rather than assuming that MSFT has done it for them.
Still, I do think that this is better than nothing.
Nothing great was ever achieved without enthusiasm
This is only good for those with broadband. No one on a modem is going to download this. Service packs are great until you factor in the time to download and install. People who were too lazy to update once a week aren't going to install this service pack for the same reason. Windows, if you patch and use antivirus and a hardware firewall, can be pretty stable and secure. However, without all that you're asking for trouble. I still think the majority of problems stem from ignorant users, not the horribly evil company itself. And why do they charge for mailing these service pack CDs? If you paid $300 retail or even the $40 or so from an oem, you should be entitled to a free update CD with no shipping cost. If AOL can afford to send out millions of those discs, Microsoft can do the same. Hell, they already do it for MSN.
All in all, I look forward to it but I wonder how many will install it. Will it make a difference when it comes out?
Corporate users, at the very least, will install it in droves. The article author said it himself: for businesses, the decision of whether or not to install it "should be a no-brainer":
No matter how annoying or substantively lacking in any real advantage other than increased security, there should be no debate in business or home circles about whether this one should be installed. Just do it. We have enough computer security problems without people getting stubborn about whether this upgrade takes away some of their computer liberties. It really doesn't.
The coolest voice ever.
I do all development and most of my day to day work on linux, I play games on my windows laptop just so all you flamers know I do use both.
Anyway is linux or mozilla more secure? YES.
Why is it more secure? Open Source means better peer review.
Are the "margins" of security between windows and linux really so large? I would have to say NO.
Why you say? The machines being hacked and sending out 80% of the spam in the world are home machines, Why? In general the average user fails to keep there machine up to date, opens up email attachments, or does some other stupid action that causes there pc to get infected. This makes home machines open to direct attack. If a majority of the home machines where linux then you would hear more about linux worms and viruses.
Now due to the way linux is they may not be as bad, patches may be releases faster but with the worlds virus and script kiddies focusing on linux instead of windows there would be problems.
Linux users try to place themselves in such high praise, But they can't, You can't praise yourself until you have truly been subject to the same level of attack and focus as windows.
Personal Website
>We are going to suffer through this same shit because Windows users aren't the smartest bunch out there.
Ok, right. Your choice of operating system determines how smart you are. If you use Windows you *have* to be less intelligent than someone who runs Linux, right? I get it now.
The solution is going to be to turn off the default security options and go back to browsing like they did before.
You're assuming that people actually know how to turn off the security settings. I'd say that most of the people who don't know any better will have no clue how to turn them off, and the people who do know better will, well, know better than to turn them off. Sure, there are a few people who know just enough to be dangerous, but they're a huge minority compared to the amount of people who don't even know what "right-click" means.
Any sites who actually care about having their users stay will fix their site instead of telling their users to "fix" their browser. People are REALLY lazy - if the site they're on doesn't work, they'll just say "screw it" and go to one of the other 5,000 sites on the web that can give them the same content rather than putting any effort towards changing settings.
Plus, I'd hope that people wouldn't trust any website that tells them to change their security settings, but that's probably putting too much faith in them.
A firewall that turns itself on without asking me and being forced to install patches prior to shutting down my computer. Smells like Microsoft to me.
who are those slashdot people? they swept over like Mongol-Tartars.
I don't know if you work in Corporate IT but I have heard here (and in my own personal experience) that Corporate users don't like upgrades.
As a matter of fact, I do work in corporate IT--I'm a sysadmin for a large telco. We dislike having to do upgrades, but we will do them, because we would rather disrupt operations for a little while rather than risk a longer disruption later down the road because we were obstinate about installing something.
The coolest voice ever.
We get paid to fix bugs, true enough. But when somebody else's lack of foresight makes our job so much harder do you expect us to just stand there and say "Thanks for giving me another job to do. That'll keep me busy till your next product comes out."?
If you really think that people are like that, I suggest you wander around with a bag full of rubbish until you find a street sweeper and scatter the bag around in fron of them. Then see if they thnk you profusely, or if the next thing you hear is your proctologist asking just how they fitted the entire broom head up there...
'Don't worry' said the trees when they saw the axe coming, 'The handle is one of us.'
Except for the 99% of the population who doesn't know what the hell IRC is and has never heard a word of, or about, this "reaction".
What he means is that on a production server you cant just pull the plug to reboot (even if it took 1 second flat) until the last workaholic leaves his beancounting or whatnot at 7pm. IT is an internal service within a company and you dance around others who do earn the actual revenue which you are blowing from the company's gazoo in general direction of Billy Gates.
That is still the part Microsoft doesnt get, insisting that IT is a princeling of corporate departaments which can at its whim bring the company up and down and spend all of its money on bullshit. Apparently you are also under this impression.
I'm surprised no one in this thread is talking about beta testing this on their network. I'm currently doing tests at my work, so that when SP2 does come out, we can do a 0-day rollout. This is a release candidate, meaning that if it's good, there won't be any changes.
For the vast majority of users, I don't think XP firewall is going to help. These are the same users how have 3000 adware/spyware items (my sister's record) on their machines. If they click yes to spyware/adware pop-ups, they'll probably just click allow on the dialogue boxes for XP firewall.
While a built-in firewall isn't a bad idea, it requires user education in order to be at all effective.
-- Political fascism requires a Fuhrer.
All those people who b__ch and moan about getting Grandmother to use Linux must really love this one
"One of the best new features of SP2's Internet Explorer is the Add-On Manager, available from the Internet Control Panel's Programs tab. It gives you a way to enable, disable, and configure ActiveX controls, browser help objects, and browser extensions. The primary purpose of this tool is to provide a user interface for controlling things that have already been added to your Internet Explorer installation. When, for example, you have already said yes to an ActiveX program Information Bar query and later decide you don't want that program on your computer, the Add-On Manager is the tool that solves that problem."
Yeah... Grandma's gonna be thrilled to keep track of unsigned ActiveX controls, browser help objects, and browser extensions. I can see this being turned into an "ACCEPT ALL" policy real quick.
+++ATHZ 99:5:80
How long before proper functionality with a core OS component is leveraged against vendors? From a business standpoint it's pretty shrewd. But from the OS design standpoint it's flat out stupid. The OS provides a platform for userspace apps. The OS is not supposed to wrap around userspace apps.
The line between pure OS-level stuff and userspace stuff in Windows is blurred. Aside from the firewall and security fixes, I doubt this antivirus-checking UI is a core OS component. Rather, it's probably just another service (daemon) or some type of autorunning application in userspace.
Have you reported all these faults to Microsoft?
If you run pre-release software; you have the responsibility to report bugs and problems with it.
What sort of 'break in' did you achieve against your machine? Did you manage to access a service that would otherwise have been blocked?
I'm not so sure they'll just turn off security features. I'd speculate that users would stop going to the website, thinking it's "screwed up" before they would think to turn security features off. Should some of those users start digging through support links at those broken websites (they are broken now, due to laziness or maliciousness), I'll bet that they'd uncover helpful instructions that lay them wide open to attack again. But I suspect most casual computer users will simply avoid "that terrible web site that doesn't work any more."
If they're like my parents, they're scarred from having to take their machine in for servicing after it got loaded up with spyware and viruses, and was ultimately compromised into a spam relay.
The net effect of increased support inqueries to broken web sites might actually be that some webmasters fix their site. Those that still require unsigned scripts and controls deserve to lose business, and/or pay a higher cost in support calls.
Both of my parents are now trained to use/run antivirus and antispyware software. My mother now knows to run a firewall, (still working on my Dad) and I've set them both up with Mozilla.
Getting them on to Linux will take a bit longer. Linux isn't quite there yet (show me a distro where they'll never have to touch a command line, and things are simple and consistent, and I'll considering flying out and installing it for them).