Windows XP SP2 Still Rough Around the Edges

Megor1 writes "According to crn.com when they tried upgrading various computers to Windows XP SP2 RC2 3 out of 5 of the machines failed to come back up, and had to have both SP1 and SP2 removed via various hacks supplied by Microsoft. Sounds like it might take a lot longer for Microsoft to release SP2 if RC2 is any sign of how far they are along."

One more for the anecdotes..

[Moridineas]

Installed a beta of SP2 maybe 2-3 months ago. Worked like a charm, and the new firewall is nice.

Installed fine for me

[raistphrk]

I've got FreeBSD and Windows XP SP 2 running side-by-side. I installed various incarnations of SP 2, from the original technical preview, to the current release candidate. I just installed the newest private build from Microsoft yesterday. When I was using the technical preview, a lot of software - especially CD and DVD burning software - was completely borked. Now things seem to be working better.

The improvements to Internet Explorer are really the main thing that caught my attention. Microsoft finally wisened up and started turning features like ActiveX off by default, and now has permissions completely locked down for the local computer. All I can say is, THANK GOD.

I normally have a lot of criticism for Microsoft, but this service pack is one of the few Windows builds I have to compliment them on. They've made a lot of steps forward in terms of security. However, as long as they rely on a complex, feature-filled package by default, we're going to see security holes in the default installations of Windows.

The real test is going to be when we roll this out hardcore at the office. Since the company has a lot of DCOM applications, I suspect many of them will break. This isn't really anything new to Linux and Unix users; when you install new libraries, you often have to recompile binaries for compatibility. However, in Windows enterprises, this is going to amount to absolute chaos - especially given that most businesses don't have access to source code to recompile.

This service pack is a good baby step in a long journey. In the meantime, I'm going to be busy dealing with broken applications.

Re:Expee esspeetoo

[dabraun]

Microsoft releases all of the actual security patches for Win2K as well ... XPSP2 is not just a set of security patches though. Odds are that every *known* vulnerability that is fixed in XPSP2 has already had it's fix released publicly for both XP and Win2K.

SP2 also includes tons of fixes for 'possible' vulnerabilities (things like 'ok, here's a potential buffer overrun - can't find a specific path for an outsider to get in and exploit it but we're going to fix it anyway.)

Most importantly SP2 includes 'security features' within the OS - like new auto update functionality (pushing it to be on by default, nagging you repeatedly if you apply an update that requires a reboot and opt to reboot later), a way better firewall including firewall protection from the moment the system comes on to the net at boot time (previously there was a short window where the firewall wasn't on), popup blocking but more importantly a very strong effort to help users NOT install activex controls unless they really want them (you have to see it to understand what I mean ...) - lots of measures there surrounding avoiding spyware.

These are all product features, not security patches - you really can't expect to get them in Win2K - they just aren't part of the product. That's not to say that some of these things might not get ported anyway - but you can't really complain if they don't ... as long as you get the actual patches for vulnerabilities.

Trojans/worms now know how to uninstall SP1

[RobertB-DC]

Very interesting how (relatively) easy it is to uninstall all service packs from Win XP:

* Execute whatever DOS commands are in spuninst.txt
* Set a registry key to "LocalSystem"
* Execute spuninst\spuninst.exe
* Reboot to restore (most) drivers

Once this is done, the article says, all service packs are gone without a trace. This leaves the Win XP box in the state it would have been in on October 14, 2003, with all these vulnerabilities.

So much for security patches!

SP2 Breaks BestCrypt

[karmatic]

I use bestcrypt (kind of like a crypto loopback device, only for windows), and SP2 hosed it. The device driver won't load, and I still can't access any of my encrypted data.

I wonder what SP2 did that broke it?

Re:Amazing

[slashjames]

What are you doing wrong??? I'm a network admin for about 100 Windows 2000 Pro workstations. I've NEVER had any problems loading them with SP4. Here's how I upgrade them to SP4:

1. Backup ALL pertinent information to a file server/other computer.
2. Use a Win2000 disk to format and install Win2000 by itself. Install any SCSI/RAID drivers here if you have to.
3. Install SP4 BEFORE you install anything else (including drivers).
4. Install all of the Windows Updates that are part of your Standard Operating Environment (SOE).
5. Install your hardware drivers.
6. Install the applications that are part of your SOE.
7. Copy the information that was backed up in step 1 back to this machine.

You now have a Win2000 SP4 box ready for use.

Redirect to /dev/null

[prisoner-of-enigma]

The parent article is just plain ridiculous. I'm the I.T. Director for a large organization, and practically the entire I.T. department is running SP2 RC2, busily finding out what it breaks (not as much as you'd think, actually). The idea that 3 out of 5 machines "didn't come back up" is either due to (a) really funky, odd hardware or (b) a really screwy WinXP core install. We've had a 100% upgrade success rate and no reason to complain thus far, and we've got way more than 5 systems done.

But it wouldn't matter if we had 100 systems that worked right because it's a statistically insignificant sample of the overall whole. Hey, I had a Linux box not come back up once because I updated the kernel 2.4 kernel package with a 2.5 development release package! I guess the 2.6 kernel needed to go back to testing big time, eh? Do you see the idiocy of the parent article's claim and further assumption?

But then again this is Slashdot, where no good bashing of Microsoft goes unheralded.

Re:Amazing

[wfberg]

The idea of a servicepack is that you can use it to upgrade a live installation, just like with windows update. Reinstalling and then restoring data from a backup.. That's just.. wrong..

For one thing, what happens to stuff in the registry in odd places (HKLM)? Why isn't data already on a separate partition, if not a network (NAS/SAN) drive? Not using roaming profiles - are you mad? Why not using a slipstreamed install, or even better using ghost to duplicate disk images if you're using a "standard operating environment"?

You sound like some one who feels the need to format his hard drive every once in a while, "just in case".

4 for 4 successes for me

[cookd]

I work at Microsoft. They asked us to upgrade our SP1 machines to the latest build of SP2. I started with a test box (for which I have Ghost images), and that went quite well. I moved on to two other boxes that I use for parallel builds (no Ghost images, but nothing lost if they die), and they came back up just great. At that point I was confident enough to upgrade my main system. Again, no trouble. All of my updates were done via the "Windows Update" web site.

While the first 3 machines were VERY clean machines (essentially XP + patches + antivirus, no other software installed and no major configuration changes), the 4th machine was my work machine -- I've probably installed or uninstalled something from my box every day for the past year (but I'm still on the original install of Windows). While I know how to keep the machine operating well, it definitely isn't a clean box.

As with any upgrade or patch, there are risks. But I had absolutely no trouble with the upgrade on any of the 4 machines. The only difference is that the firewall pops up a message box every once in a while asking if I want to allow a connection. Oh, the "Settings and Preferences" link from the Antitrust settlement was "restored" (how many times do I have to delete that thing?).

Nothing is ever perfect, especially with software. But Microsoft has tried very hard to make sure this will work well for everybody. And as far as I can tell, they've done a good job. Yes, there will be some bugs. Yes, you'll want to be careful about applying this to production machines (make backups!). But I think the majority of people will upgrade and have no trouble.