Evaluating Windows XP Service Pack 2 RC2

dncsky1530 writes "Information Week has a good evaluation of Windows XP SP2, excerpt: "The code for release candidate 2 finally looks like a real release candidate. And sure enough, it will help you big-time with security. But what sorts of headaches will the eventual final version mean for IT shops? We'll take it piece by piece... Remember when Microsoft said service packs wouldn't deliver any new functionality? That lasted for about six months back in 1997. Windows XP Service Pack 2 is jammed-packed with both invisible and visible improvements to Windows XP. The biggest boon is that the free update, which will probably ship some time in September, does in fact make Windows XP far more secure""

New features, yes.

[CmdrNullo]

But there's been quite a bit of reporting that there will be compatibility problems because of the security enhancements. Nonetheless, I'm looking forward to spending less time cleaning up spyware infections on relatives' machines.

Re:New features, yes.

[Flyinace2000]

Amen to that! I work at a computer shop and 90% of the repairs we do end with us giving a lecture about spyware.......Our record is 1300 infected spyware files.

Re:New features, yes.

[OzeBuddha]

Ah, but will it take more time to acquire and install the service pack than it will to install windows itself, as has been the case with certain windows security packs in the past?

Re:New features, yes.

[Gilesx]

Unfortunately, it doesn't really do a lot to protect against spyware. It's mostly a pretty front end to remind you to a) install a virus checker, b) install a firewall (or enable the default Windows firewall - and given the Microsoft security track record, who in their right mind would rely on that?!) and c) reboot your machine after you've installed an update. This last reminder is particularly annoying as it pops up from the system tray approximately every 10 minutes, with the default dialog option set to reboot. In the middle of typing something? Just hit enter right at the moment that the reboot reminder box pops up? Tough - you're rebooting whether you relike it or not! Poor poor POOR UI design there, Bill...

Re:New features, yes.

[Threni]

In the middle of typing something? Just hit enter right at the moment that the reboot reminder box pops up? Tough - you're rebooting whether you relike it or not! Poor poor POOR UI design there, Bill...

This happens quite often with Windows. Not just in this case, or with dialogue boxes, but just generally with windows containing an error message. I'm not that excited about a task completing or a page not being found that I'm interested in stopping writing my email or entering a URL or whatever to click on an OK on a box with no other options. Is there a registry setting anywhere for Windows as a whole - something to the effect of a `Take focus away from user to report an error` boolean or something? Do other operating systems handle this problem another way?

Re:New features, yes.

Absolutely. TweakUI used to allow turning on 'don't move focus', but I'm not where the associated registry key is located.

Re:New features, yes.

[Tobias+Luetke]

Unfortuantly you are totally wrong about poor ui design.

When a unasked for popup comes up the first reaction of the average user is to get rid of it. There are statistics which proove that 75% of all users will hit enter to any dialog box without reading it in your average run the mill office.

Don't take this lightly. This is the very reason for most of the problems we have in the internet today. Norton antivirus used to default to "read anyways" when it detected a email virus.

This was realized by microsoft a while ago and now all dialog boxes default to the secure option instead of the least intrusive. Since windows only wants you to restart if it couldn't apply the patch to the machine during installation ( e.g. applications which were to be patched were running / files were in use ) it makes perfect sense to default to reboot. If there is a big exploit in IE it needs to be fixed as fast as possible. Who really tourns off their pc nowadays ? Even after receiving the patch you might run your unpatched ie for a week.

Re:New features, yes.

[1010011010]

You're missing the point. It is poor UI design. Really crappy UI design -- Windows (an other software) should never steal focus to ask you a question! If something has to steal focus, it should not have focus on any control -- not text input, not a button -- nothing. It should flash and/or beep to let the user know that they have been interrupted ("This important message brought to you by Error -128346324!").

Re:New features, yes.

[Kenshin]

That is my single BIGGEST gigantic annoyance with Windows: focus-stealing.

You're busy reading a webpage, and another web window open in the background decides it wants attention. BAM! It's there, right in your face.

Any sorta dialog box any program launches, and BAM! It's right there in your face.

Why can't it just simply blink in the tray? That's what the fucking tray is there for, isn't it?

Re:New features, yes.

[Zone-MR]

Ummm, if TweakUI can change the setting, it means there MUST be a registry setting for it.

In this case it's:

HKEY_CURRENT_USER\Control Panel\desktop\ForegroundLockTimeout

The value, in milliseconds, is the amount of time after any user input which programs will not be allowed to steal focus for.

In fact with Windows 2000 and later it's set to 20000, which means that programs cannot steal the focus while you are using the computer.

XP SP2 is still annoying. The reboot reminders don't actually pop up in front, so hitting enter at the wrong time won't cause you to accidentally reboot. However since they keep popping up in the background, sooner or later you will see the message and click the default button before even realising that it's "reboot" and not "bugger off".

Re:New features, yes.

[jesser]

That's not just annoying; it's also a security hole. All a malicious site has to do to own your system is convince you to type a word containing the letter 'y' and try to install software when you type the previous letter.

Won't matter, they won't install it.

[garcia]

Mainstream Web sites that employ unsigned ActiveX applets, downloads, pop-up windows, browser helper objects, and other code- or scripting-based functions may encounter difficulty with SP2 version IE 6. Most of these activities are prevented by default, and until thousands of Web sites and Web-based applications are upgraded to more gracefully deal with the new IE's many security precautions, a lot of Web stuff is going to be broken--or, at least, temporarily halted.

While a lot of people here are going to say, "wow, everyone is going to go to Mozilla/FireFox." I have serious doubts that we will see that. All we are going to see is a bunch of broken websites and people complaining. The solution is going to be to turn off the default security options and go back to browsing like they did before.

Microsoft just isn't that interested in upgrading Internet Explorer's feature set. As a result, it's unlikely we'll see tabbed browsing before Longhorn, and it's not even guaranteed for that release. No wonder so many people are jumping ship for Mozilla Firefox and Opera.

Nah, I really doubt that the single reason people are moving to Mozilla FF and Opera are for tabbed browsing. I surf daily and probably at greater lengths than the average person and I don't find tabbed browsing to be my #1 concern.

I found it particularly interesting that the "Windows Security Center (WSC)" didn't detect NAV or ZA for virus or firewall... While they assured the author that they would be detected by the time that XP SP2 comes out I just have to wonder why MS would force them to rewrite their software to work w/WSC. If MS was so concerned w/third parties being able to protect Windows users you would think that they would work with the companies to get it to work, not the other way around.

Microsoft also is working on the 5.0 version of Windows Update, its Windows-updating Web site, which handles a lot more than just critical updates. It's primarily a user-interface update, but one of the underlying improvements is that you'll no longer be required to restart your computer so often after applying updates.

Honestly, most of my most recent XP updates have been installed without a restart. It's really not a huge deal to *ME* and I am sure it's not a huge deal to most other non-technical users as they probably restart their computer almost daily because of various unknown reasons.

All in all, I look forward to it but I wonder how many will install it. Will it make a difference when it comes out? Will 100% of the XP users out there upgrade and stop the vunerabilities from spreading? I doubt it. We are going to suffer through this same shit because Windows users aren't the smartest bunch out there.

Re:Won't matter, they won't install it.

[natd]

Honestly, most of my most recent XP updates have been installed without a restart. It's really not a huge deal to *ME* and I am sure it's not a huge deal to most other non-technical users as they probably restart their computer almost daily because of various unknown reasons.

Those non-technical users probably hang out in an office between 9-5 and when the non-non-technical people there have to reboot, it means a call to the missus "I'll be home late tonight, gotta wait till the last person leaves and cheak this thing comes back up".

That's how it is. In my last job we used NetWare and Solaris - it wasn't like that then..*sigh*. 9 years of bliss.

Re:Won't matter, they won't install it.

[ObsessiveMathsFreak]

Happily however, windows XP searches for and installs the latest updates without any user input whatsoever, a situation I agree with completely.I know that most home users will rarely go into control panel and almost never run windows update. I don't expect them too, neither does MS.However, I'm not sure if automatic updating applies to service packs. I sure hope it does.

Your right about the websites though. If the SP 'breaks' web sites, people will turn the security off. I've also seen people who've tried firefox recently, go back to IE as javascript,PDF and flash either don't work or don't work 'properly'. They liked tabbed browsing, but that wasn't enough to wean them off IE's integrated plugins unfortunatly. Couldn't mozilla offer a complete install with all the plugins as standard?

Re:Won't matter, they won't install it.

[DrEldarion]

The solution is going to be to turn off the default security options and go back to browsing like they did before.

You're assuming that people actually know how to turn off the security settings. I'd say that most of the people who don't know any better will have no clue how to turn them off, and the people who do know better will, well, know better than to turn them off. Sure, there are a few people who know just enough to be dangerous, but they're a huge minority compared to the amount of people who don't even know what "right-click" means.

Any sites who actually care about having their users stay will fix their site instead of telling their users to "fix" their browser. People are REALLY lazy - if the site they're on doesn't work, they'll just say "screw it" and go to one of the other 5,000 sites on the web that can give them the same content rather than putting any effort towards changing settings.

Plus, I'd hope that people wouldn't trust any website that tells them to change their security settings, but that's probably putting too much faith in them.

Re:Won't matter, they won't install it.

[IgnoramusMaximus]

Oh for Christ's sake, it's a reboot, it doesn't take hours. It takes about two minutes.

What he means is that on a production server you cant just pull the plug to reboot (even if it took 1 second flat) until the last workaholic leaves his beancounting or whatnot at 7pm. IT is an internal service within a company and you dance around others who do earn the actual revenue which you are blowing from the company's gazoo in general direction of Billy Gates.

That is still the part Microsoft doesnt get, insisting that IT is a princeling of corporate departaments which can at its whim bring the company up and down and spend all of its money on bullshit. Apparently you are also under this impression.

Re:Won't matter, they won't install it.

[inquisitor]

This is Adobe's fault; the PDF Netscape plugin sucks in ways that the PDF ActiveX control does not.

Best way around it? Stop Firefox's plugin infrastructure from handling .PDF, and open PDF files in the real Acrobat Reader instead. Tools/Options/Downloads/Plug-Ins, uncheck PDF. Then when you next click on a PDF file, you'll get a box from which you can select to open directly with Acrobat or save to disk. Choose whichever you prefer.

Roll-Out

[Davak]

Alas, I'll install this on my little test network before rolling it out throughout the hospital. I gotta feeling that this update is not going to be quite as smooth as the recent few.

Am I the only one that has a little series of computers that I roll out updates before I roll them out enterprise-wide? I know some people have a test system... but for my network (and the sake of the hospital's uptime) I have a small testing network.

Three months to go?

I must check for companies that are now posting jobs asking for two years experience in WinXP SP 2. (It goes nicely with the five years .NET experience.)

Cleaning?

[Biogenesis]

You actually worry about cleaning it? I just recommend reformatting :p. It's got 2 big advantages:

1) It's easier to do (even if it takes longer there's no guesswork/trudging through the registery)
2) It tends to be such a big deal for the relative (backing up etc) that I tend to get asked less :).

Then again, doesn't Adaware do a good enough job as it is?

Re:Cleaning?

[poofmeisterp]

No.

It misses a lot. It gets a lot. It should be used with other applications, but in the end, only a trained eye can figure out based on the case of letters in a process name, the path to the executable in the registry's run section, and the dates on files, what is spyware and what's a legit process/file. You also gotta know how to kick the butt of those redundant BHO/registry, dual-running-process bastards that replace keys and objects as you try to remove them. No software will ever be good enough, in my opinion, to do that automatically.

Will this kill ZoneAlarm?

[fishdan]

I've been using XP Windows XP Service Pack 2 RC2 for abnout 2 weeks now. The most striking thing about it is the security stuff. It has a built in functionality that is identical to ZoneAlarm in that it block outgoing traffic from programs it does not know/trust, and asks the user to authenticate these programs.

My problem with this is that it didn't ask me to autheticate IE, or other MSFT services. While I agree that this is better for Joe User, and does indeed make the average computer *somewhat* less vulnerable to becoming zombies I actually think that overall it compromises security, because it has the idea of "pre-trusted" programs. So now all a malware has to do to succeed is become trusted, and then it's BEYOND reproof? I'm not sure that that is exactly how this new system works, but more than anything I'm disputing the notion that this is a panacea.

I'm also concerned about companies that make firewall type products. Are they done? Is MSFT going to claim to have all that functionality in the OS? A FALSE sense of security is worse than being unsure. I'd rather people lock down their machines themselves rather than assuming that MSFT has done it for them.

Still, I do think that this is better than nothing.

Re:Will this kill ZoneAlarm?

[Sancho]

Out of curiousity, what stops the malware/spyware from clicking the "Yes, let this program access the Internet." button when it pops up? If you have to type a password, what stops it from waiting until you type it for another program, sniffing it, then typing it in automatically when it tries to run?

Re:Will this kill ZoneAlarm?

[kawika]

You got that wrong. XP's firewall blocks programs from listening on ports--incoming traffic. XP SP2 does not block outgoing traffic, for example a web browser that establishes an outgoing TCP connection will get through just fine, no special configuration required. There is no special whitelist entry for IE, as you'll notice that Firefox or Opera get through fine as well.

ZoneAlarm does much more in that it can block outgoing traffic on a program-by-program basis. But ZoneAlarm also asks questions that are impossible for most users to answer without a course in Windows XP internals, like "Do you want to allow SVCHOST.EXE to access the Internet?" I can see why Microsoft decided to leave this functionality out.

The best outcome would be if programs like ZoneAlarm coordinate their work with the built-in firewall and extend its functionality. I don't think they are in danger of becoming obsolete. Similarly, Windows has bundled a defragger since Win95 but that hasn't stopped a half-dozen companies from writing better ones.

Re:Will this kill ZoneAlarm?

[philbert26]

My problem with this is that it didn't ask me to autheticate IE, or other MSFT services. While I agree that this is better for Joe User, and does indeed make the average computer *somewhat* less vulnerable to becoming zombies [grc.com] I actually think that overall it compromises security, because it has the idea of "pre-trusted" programs.

It does, but you can choose to disable that at install time and enable everything yourself. I think it's a good feature for people who don't know what they're doing, because otherwise they will get used to seeing the authorisation window for every innocent program and will start giving permission without really thinking about it. My brother gave MSBlaster Internet Access this way...if permission popups were a less frequent occurence, he might have been more suspicious.

Re:Will this kill ZoneAlarm?

[Zone-MR]

"Out of curiousity, what stops the malware/spyware from clicking the "Yes, let this program access the Internet." button when it pops up?"

Nothing whatsoever. It's a security problem inherent to ANY software firewall.

I wrote a little trojan a while back, and I knew that the guy I wanted to send it to was using zonealarm. I just grabbed that version of ZA, used Spy++ to find the right hWnds for the "Accept" and "Always repeat this choice" buttons, sent it a WM_CLICK event, and ZA was worthless.

Yeah, good for those with broadband

[Stevyn]

This is only good for those with broadband. No one on a modem is going to download this. Service packs are great until you factor in the time to download and install. People who were too lazy to update once a week aren't going to install this service pack for the same reason. Windows, if you patch and use antivirus and a hardware firewall, can be pretty stable and secure. However, without all that you're asking for trouble. I still think the majority of problems stem from ignorant users, not the horribly evil company itself. And why do they charge for mailing these service pack CDs? If you paid $300 retail or even the $40 or so from an oem, you should be entitled to a free update CD with no shipping cost. If AOL can afford to send out millions of those discs, Microsoft can do the same. Hell, they already do it for MSN.

Re:Yeah, good for those with broadband

[Gilesx]

An interesting point with the MSN CD thing. You'd think that if Microsoft were really using their noodles, they would include the service pack everywhere they could - if you make it a compulsory install when you install an MSN CD, Office CD or whatever - I'm sure you'd reach a hell of a lot more users than you would just by placing it up for download....

Re:Yeah, good for those with broadband

[fishdan]

Just because you don't have broadband in your house, doesn't mean you don't have access to broadband. Most public libraries haev broadbadn and CD burners, and sell CD's at $0.25 each, which is a nice way donate money to them.

I do wonder though if there might be any money to be made by MSFT shipping RC2 on a disk and charging you say $1.00, postage included....What am I saying...I'm sure if there's money to be made, they'll do it.

Re:Yeah, good for those with broadband

[kawika]

If you paid $300 retail or even the $40 or so from an oem, you should be entitled to a free update CD with no shipping cost.

Hmm, like this free CD available directly from Microsoft? You don't even need to show a proof of purchase.

Corporations will.

[Faust7]

All in all, I look forward to it but I wonder how many will install it. Will it make a difference when it comes out?

Corporate users, at the very least, will install it in droves. The article author said it himself: for businesses, the decision of whether or not to install it "should be a no-brainer":

No matter how annoying or substantively lacking in any real advantage other than increased security, there should be no debate in business or home circles about whether this one should be installed. Just do it. We have enough computer security problems without people getting stubborn about whether this upgrade takes away some of their computer liberties. It really doesn't.

Marketshare has meaning in security

[cyberlotnet]

I do all development and most of my day to day work on linux, I play games on my windows laptop just so all you flamers know I do use both.

Anyway is linux or mozilla more secure? YES.
Why is it more secure? Open Source means better peer review.
Are the "margins" of security between windows and linux really so large? I would have to say NO.

Why you say? The machines being hacked and sending out 80% of the spam in the world are home machines, Why? In general the average user fails to keep there machine up to date, opens up email attachments, or does some other stupid action that causes there pc to get infected. This makes home machines open to direct attack. If a majority of the home machines where linux then you would hear more about linux worms and viruses.

Now due to the way linux is they may not be as bad, patches may be releases faster but with the worlds virus and script kiddies focusing on linux instead of windows there would be problems.

Linux users try to place themselves in such high praise, But they can't, You can't praise yourself until you have truly been subject to the same level of attack and focus as windows.

Re:hmm

[AndroidCat]

The problem with Microsoft is that they have two camps slugging it out. The Raymond Chen Camp and The MSDN Magazine Camp. (This was already covered on Slashdot, but is worth a re-read.) MSDN gang always wants the latest and greatest jammed in the box ASAP--the trouble is, they seem to know squat about real security. And they've been in control for some time now.

And so they produce garbage like IE zones controlling ActiveX security and weak patches to ADO.Streams for years now.

Best Practices

[darkmeridian]

Am I the only one that has a little series of computers that I roll out updates before I roll them out enterprise-wide? I know some people have a test system... but for my network (and the sake of the hospital's uptime) I have a small testing network.

You are not the only one with a test network. I once updated my system and then the enterpriseware suddenly quit working. On all the production systems. Boss was angry. I spent the whole night regressing the software until I realized that the software was incompatible with the ICF in WinXP. I announced that to the company's CS and they updated their website Knowledge Base with that tidbit.

From then on, I ran all upgrades through a three system network with one masquerading as the "server". In addition to software status, all configuration data is recorded as well. I wonder if I'm violating my licensing agreement this way. Oh, well.

I think it's very positive...

[danielrm26]

Three things strike me about the release:

1. The firewall's on by default. This is a huge shift for Microsoft and I am glad to see it happen. This alone will stop a ton of worm infections.

2. Browser security. From what I can tell, these enhancements are going to go a long way toward stopping the problems that CERT and everyone have been complaining about.

3. Email security. OE is getting hardened in a way similar to IE, and this also is a very much welcomed move.

Between worm propogation and the two most common ways for a user to infect themselves, if they were to even modestly improve in all three of these areas it would make a significant impact on the security posture of people running the update.

I applaud them in advance for even trying.

Indeed I am.

[Faust7]

I don't know if you work in Corporate IT but I have heard here (and in my own personal experience) that Corporate users don't like upgrades.

As a matter of fact, I do work in corporate IT--I'm a sysadmin for a large telco. We dislike having to do upgrades, but we will do them, because we would rather disrupt operations for a little while rather than risk a longer disruption later down the road because we were obstinate about installing something.

SP2 and Windows update

[StarHeart]

There is a very important change to version five of Windows update. If you have a corporate product key it compares it to Microsoft's list of keys that have been sold. It won't let you update without a valid key. It makes the key generator worthless, and will create a black market in legitimate corporate keys.

The service pack itself doesn't seem to care, and there will still be other methods like Windows update catalog, but they are closing the big loophole.

Re:"Deny" for certificate?

[dzym]

At last check, that functionality is present. There is a "never trust" option in a drop-down on the ActiveX plugin download dialog box. Although most (unsigned?) BHOs and plugins are already silently blocked.

Re:The word on IRC..

[gkuz]

I doubt that many people will install it

Except for the 99% of the population who doesn't know what the hell IRC is and has never heard a word of, or about, this "reaction".

Users do switch MozFF/Opera for tabbed browsing

[vaderhelmet]

I'm one of a handful of people in my company who are even aware of OSS, Linux, and the like. My boss (System Administrator of my building) is afraid of anything that doesn't have Bill's seal of approval. But when my boss saw how much more efficiently I could research something on the web using tabbed browsing, and the built-in (customizable) search bar, he did a double-take. He installed it and started using it about 25% of the time. After the CERT warning came out, he dumped IE and issued a warning to the building that they need to be using Opera, Firefox or similar non-MS browser.

Another Firewall Issue

[pgrst]

In addition to the issues already raised by other posters, there is another problem that the article does allude to but doesn't explain: The firewall keeps turning itself on!

I have run SP2 since the first release candidate. I don't use the windows firewall since I already have hardware + software firewalls. XP SP2 detects the software firewall correctly (mcafee). But at least once every other day Windows turns on the damn XP SP2 firewall. It's a pain in the ass and the real problem is that you don't know it's on. You only realize it's turned itself back on when it announces that it has blocked a connection.

How foresightful.

[twitter]

...that the first few posts, as well as several posts afterward, will be easily-swallowable generalizations about how Service Pack 2 (not even RC2)...

Gosh, you mean that Microsoft's past is no indicator of current or future offerings? You are right about reading the article though. When we do, we see each of your points proved in detail. I'll take the trouble to pick through the five individual advert burdened pages for you. Let's watch!

• "isn't good enough" Article says: Windows Firewall may be the largest feature in Windows XP Service Pack 2, but from an enterprise perspective, it's pretty small potatoes. ... For my money, either ZoneAlarm 4.5 or 5.0 Pro or Symantec's Personal Firewall 2004 would be better bets for protecting road warriors out in the wild. ... WSC does sense protection levels for the worst threats out there, but it offers no help for adware, spyware, trojans, privacy invasion, and spam. So it's no panacea.
• "actually worsens security" Article says: The desktop security products of vendors that have the largest installed base of users, Symantec and Zone Labs, aren't properly detected by the RC2 version of SP2. So, this might defeat your properly tuned Zone Alarm, which was determined to be superior.
• "is just another ploy" OK, I won't find anything like this in an article that enthusiastically but without any basis in fact proclaims Windoze only has a problem because it's the only "interesting" target but that things will get much better in five years. In other words, despite the seaming criticism, the author is a major fanboy.
• "is way behind what Linux already has" Guarddog is my favorite but see the previous point.
• "is too risky to download" Not exactly: Download RC2 now and test all your internal applications, as well as your intranet and your public Web site. That's the only way to be sure that you won't have significant problems... Testing is prudent, but a joke for Joe Average with his single Windoze PC or a small office where there's no "spare".
• "is another sign of bad programming" Article says: Mainstream Web [that use nonstandard M$ junk] may encounter difficulty with SP2 version IE 6. ... a lot of Web stuff is going to be broken--or, at least, temporarily halted. ... That doesn't mean nothing works properly ... in my tests of SP2 RC1, I found that it could take more than half an hour for your computer to turn off because of this feature. Wow, something worked? What could indicate better planning or programming than a service pack that turns off your dinky, second rate services? What could be a better practice than updating a computer when it's being turned off? How is the user going to know the differnece between that and the good old shutdown hangs they are used to?

Looks like more of the same from M$ to me. More heartache with no real result or benefit for the end user.

A non-techie's dream

[maximilln]

All those people who b__ch and moan about getting Grandmother to use Linux must really love this one

"One of the best new features of SP2's Internet Explorer is the Add-On Manager, available from the Internet Control Panel's Programs tab. It gives you a way to enable, disable, and configure ActiveX controls, browser help objects, and browser extensions. The primary purpose of this tool is to provide a user interface for controlling things that have already been added to your Internet Explorer installation. When, for example, you have already said yes to an ActiveX program Information Bar query and later decide you don't want that program on your computer, the Add-On Manager is the tool that solves that problem."

Yeah... Grandma's gonna be thrilled to keep track of unsigned ActiveX controls, browser help objects, and browser extensions. I can see this being turned into an "ACCEPT ALL" policy real quick.

Just flat out...

[maximilln]

From a design standpoint this is just flat-out stupid:

It's designed to check whether an antivirus program is installed, whether that program is running, and whether it's updated with the latest antivirus definitions. When any of the security checks for antivirus, firewall, or critical Windows updates aren't met, Windows Security Center alerts you with system tray pop-up notifications that open the large WSC Control Panel

How long before proper functionality with a core OS component is leveraged against vendors? From a business standpoint it's pretty shrewd. But from the OS design standpoint it's flat out stupid. The OS provides a platform for userspace apps. The OS is not supposed to wrap around userspace apps.

"You don't have MS approved anti-virus checker installed. Please enter a credit card number for the $129.95 fee, the #39.95 yearly maintenance agreement, or we will disable your Windows update key within 2 days."

Personal experience

[DarkMantle]

I decided to try out SP2 RC2 on my computer, boy... was that a mistake

Here's the hardware i have to give u a heads up... AMD 3200+, DFI NFII Ultra Infinity Motherboard (nForce 2 chipset) nVidia FX 5700, 1GB RAM, DVD+-RW, and 2 hard drives....

Here's what happened...

• Random re-boots: claiming my video drivers where at fault, so i installed older drivers... same thing.. hacked/leaked drivers... same thing
• Random re-boots: claiming some other drivers where causing the problem, but M$ couldn't tell which ones
• I used my Linux computer to nmap (and otherwise attack) the windows new firewall... took 8 minutes to break in (good thing i'm behind a HW firewall)
• Unreal Tournament 2004 was drawing textures funny alerting me to an upcomming re-boot

After removing SP2 RC2... everything works fine....

"Virus warning!"

[ohad_l]

I think that's the only way we can start to generate some user-awareness to spyware. Every time a site tries to install any software or run a script with any elevated priveleges, the screen should go absolutely blank and stall for 2 seconds, then flash a giant VIRUS WARNING message in blinking red text, and sound a klaxon on the speakers. Then the "do you want to install?" message should appear in a size 6 font, followed by two buttons: A 5x5 pixel dark-gray (remember, the background is black) button for "Yes", and a 200x200 green button for "Yes". And maybe then people will hesitate to install spyware. I don't know how much good that will do either.

Increased DVD playback restrictions?

[StonyUK]

I've not seen it mentioned anywhere, so maybe it's just a drive incompatibility issue, but when I installed SP2 RC1, I could no longer play DVDs - I would receive an error telling me that the TV OUT on my card must be disabled first.

I rolled back to SP1 and bingo, everything would play fine again.

Re:Cisco VPN Client

[Barlo_Mung_42]

You might try RC2. I had the same problem with my Intel VPN client. Works fine under RC2 though.