Windows XP SP2 Impressions

A roundup of concerns and problems with Windows XP SP2 from the early adopters: Many, many users are reporting problems with SP2 limiting outbound TCP/IP connections. This appears to be nailing anyone who makes heavy network use of their machine, including especially users running P2P applications. A Microsoft blog rounds up some reports, as does SANS. Microsoft has objected to people helping them distribute SP2.

Impressions? Or bad reviews?

[FortKnox]

Your list of 'impressions' is nothing but bad things people are saying. Any links to the other views?

If not, simply change the title to "Bad things popping up with SP2" or something to that effect.

Works well for me thanks

[rainman_bc]

I've had no problems yet to report; the only thing that pissed me off is it reinstalled windows messenger after I had already uninstalled it.

Other than that it's fine; I turned off the firewall; I'm already NAT'd and have limited ports of entry anyway.

Re:Works well for me thanks

Other than that it's fine; I turned off the firewall; I'm already NAT'd and have limited ports of entry anyway.

The nice thing about the firewall is that every program that isn't signed that wants to become a server (listen on a port) has to get your permission first. That makes it more likely that you'll catch a malicious program like spyware before it starts sending your browsing activities off to the deep dark jungle of the internet.

Your standard off-the-shelf router from BestBuy won't do that for you.

Unless you run something equivalent like ZoneAlarm, I would suggest you turn it back on.

Re:Works well for me thanks

[stratjakt]

Nothing wrong with running messenger if it isn't listening on your public interface. It's useful to send out broadcast messages on the local lan (NET SEND * "SERVER WILL REBOOT IN 5 MINUTES")

Re:Works well for me thanks

[chumpieboy]

Messenger Service (NET SEND) isn't the same thing as Windows Messenger (IM Utility).

It's confusing, I'll grant you, but they're not the same.

Re:Works well for me thanks

[rainman_bc]

Windows Messenger -> the chat client There's an uninstall command for it: RunDll32 advpack.dll,LaunchINFSection %windir%\INF\msmsgs.inf,BLC.Remove You're referring to the Messenger Service. Two different things.

Re:Works well for me thanks

[Nephilium]

I know that NTBugTraq had an article about removing the Windows Messenger after it got re-installed. Quoted below is the command to remove it:

RunDll32 advpack.dll,LaunchINFSection %windir%\INF\msmsgs.inf,BLC.Remove

This will only remove the Windows Messenger 4.7.x that is installed with XP SP2.
(Insert warning about me not testing this here... Using Win 2000 for my W32 needs)

Nephilium
"'Chapter Fifteen, Elementary Necromancy'", she read out loud. "'Lesson One: Correct Use of Shovel...'" -- (Terry Pratchett, Jingo)

Re:Works well for me thanks

[stratjakt]

I thought it was:

Windows Messenger = the Messenger Service

MSN Messenger = the chat client

Re:Works well for me thanks

Actually, stopping programs from listening won't do anything to stop spyware sending out your data - that just needs an outbound connection, which I understand the SP2 firewall does nothing to stop.
It will help stop listening backdoors and the like, but so will "your standard off-the-shelf router from BestBuy", since by default it won't forward incoming connections to your machine.

Re:Works well for me thanks

Well, if your running Firefox you don't need to. Let's face it, IE is totally broken, and M$ is now relying on the firewall to negate the problems with IE, instead of truely fixing the bugs they've known for over 1 1/2 years.

Re:Works well for me thanks

hate to say it dude, but your fiancee is a cow. Don't do it, man. I'm not contributing a *thing* toward your wedding except a prayer that you survive the torture of having to actually touch that bitch.

Re:Works well for me thanks

"Other than that it's fine; I turned off the firewall; [I] ... have limited ports of entry anyway."

That's not what _I_ heard!

Re:Works well for me thanks

[sharkey]

Nope. Windows Messenger and MSN Messenger are both chat clients (both the same program with different branding maybe?). The Messenger service is what handles "Net Send" messages. In fact, WinXP states "This service is not related to Windows Messenger" when you look at it in the Services list.

Re:Works well for me thanks

[1010011010]

Use the "set program access and defaults" thing to disable messenger --- and IE while you're at it (it's still there for windows update, just not available to the user or as a default browser that pops up when you click and href somewhere).

Re:Works well for me thanks

Second that notion. Yikes. They're both in the running for a 4-H blue ribbon, that's for sure.

Re:Works well for me thanks

[rainman_bc]

That only disables messenger. The command i posted earlier actually uninstalls it.

Re:Works well for me thanks

[cshuttle]

Thank you!!! Mod this up, hardcore...

Re:Works well for me thanks

[rainman_bc]

But I'm nat'd. So unless it's listening on an exposed port, it's pretty useless isn't it?

I mean, I only leave 3389 open -> terminal services, and an offending program would need to hijack that port. I'd know about it if that port was hijacked.

The only thing that sucks is when something calls home. I can take care of that crap. I don't let spyware be installed on my computer. And I run adaware constantly. Only thing it finds is tracking cookies.

Re:Works well for me thanks

[c0ol]

And they say Linux is complicated :)

Re:Works well for me thanks

[ILikeRed]

You expect a firewall to protect you from malware?

Re:Works well for me thanks

[superyooser]

Works well for me, but there a couple of annoyances.

How do you make the LAN icon in the tasktray disappear? I have a NIC for my DSL connection. The DSL connection has its own icon. I don't need another icon. What's especially annoying is that it's animated. It says "Acquiring network address." I unchecked "Notify me when this connection has limited or no connectivity" to no avail.

I worked around the second "annoyance," which, I must confess, is a good defense against viruses. I use a Notepad replacement because I don't like the official one. It actually replaces notepad.exe in the System32 directory. But SP2 overwrote the replacement and put the official Notepad.exe back. I tried to install the alternative notepad, but it wouldn't work. Windows would let the new notepad.exe stay for a few seconds, and then automagically it would rename the new notepad.exe to OLDxx.tmp and make the old notepad come back to life. I couldn't understand this because I was logged in as Administrator. I finally figured out that I had to disable the "Cryptographic Services" service before I could overwrite Notepad. Then, I could turn the service back on, and the new notepad.exe would remain.

Re:Works well for me thanks

[krack]

The SP2 firewall won't alert you to programs *sending* data. It will alert you to programs trying to open a port to *recieve* data. This means the firewall doesn't protect you from the Russian keylogger sending your cc#'s to the communists. It *will* protect you from server-style trojans, a la NetBus, PCAnywhere, BackOriface, etc.

Since the grandparent indicated he was natted, the real internet can't get to his box even if he had a backdoor open on it because of no static nat mapping. (Would *you* map port 37337 to your main box?) Your standard off-the-shelf router from BestBuy *will* do NAT for you.

I leave the SP2 firewall on simply because the cpu hit is negligible and worth the notification that an app is trying to *listen* from my box.

Re:Works well for me thanks

[rainman_bc]

Start -> Control Panel -> Network

right click on network connection. hit properties

look at the bottom -> there's a checkbox to show/hide the status on the taskbar.

Re:Works well for me thanks

[wfberg]

Windows Messenger is a slightly different beast from MSN Messenger.

Windows Messenger is used in Outlook (not express) to show if your contacts are online. Apart from the MSN Messenger service, it can also use an Exchange server as an IM server, by way of using SIP.
Windows Messenger also supports SIP to do VoIP, it can be used with pulver's freeworlddialup for example (it does not support STUN).
Windows Messenger hasn't been updated since XP came out, while MSN Messenger is at version 6.2 - it's been deprecated along the lines of NetMeeting (which is in XP by default, and handy if you need an H.263 VoIP client, it's already on your hard drive, called conf.exe).

MSN Messenger offers more features, like webcam, shared games, message history, custom emoticons, and of course lots of clutter and ads. It can be quite refreshing to switch back to Windows Messenger. However MSN Messenger will not do SIP (or H.263).

The Messenger Service is the one that simply puts a window on your screen with an OK button, meant for sending messages on a LAN, like "the server is on fire" etc.

I'm waiting for the day that Internet Explorer is rebranded as Messenger Explorer (MSN Explorer is halfway there!).

Re:Works well for me thanks

[superyooser]

There are two options in the LAN connection properties. The first one says to show the icon when there is a connection. The second one says to show the icon where is not a connection. Both of them are unchecked, but the icon stays there all the time.

Re:Works well for me thanks

[glitch23]

Windows Messenger -> the chat client There's an uninstall command for it: RunDll32 advpack.dll,LaunchINFSection %windir%\INF\msmsgs.inf,BLC.

Gee, why didn't I think of that? That's so simple and intuitive. I would have guessed something like "cd c:\messenger; make uninstall".

Re:Works well for me thanks

[rainman_bc]

Not everything's as easy as FreeBSD (My unix flavour of choice) =D Besides, if you're lazy and don't feel like changing directories -> pkg_delete messenger

Makes Sense

[Luigi30]

Who knows how people mess with SP2 before distributing it?

Re:Makes Sense

[ron_ivi]

You'd know if you check the MD5 sum. ('course you have to get the MD5 sum from a trusted location, and it's unclear if there was one in this instance)

Re:Makes Sense

The Authenticode signature embedded in the file doesn't lie.

Re:Makes Sense

[sdgr800]

This made the rounds on NTBugTraq.

http://www.ntbugtraq.com/default.asp?pid=36&sid= 1& A2=ind0408&L=ntbugtraq&F=P&S=&P=28 86

Re:Makes Sense

[Luigi30]

Not if they generate a new one and say they have the right one.

Re:Makes Sense

Which is why the parent poster said that the MD5-hash/signature "has to come from a trusted source".

If the digital signature matches, even a file from an untrusted source will be valid.

Re:Makes Sense

[jrockway]

How hard would it have been to enclose that URL with the ?

http://www.ntbugtraq.com/default.asp?pid=36&sid=1& A2=ind0408&L=ntbugtraq&F=P&S=&P=28 86

Limited outbound connections

[joeblakethesnake]

Just so there isn't a bunch of FUD being spread, the limit is on INCOMPLETE outbound connections. There is no limit on COMPLETED connections. This should only affect network scanners such as nmap.

Re:Limited outbound connections

I wish I had some mod points.
To mod you up.

Re:Limited outbound connections

[deathazre]

nmap's toast anyways, from what I hear, they axed TCP sends over raw sockets because "[they] surveyed applications and found the only apps using this on XP were people writing attack tools."

Re:Limited outbound connections

[marco0009]

I subscribe to the NMap newsletter and here is what they had to say regarding this: This is just a heads-up that most Nmap functionality will not work on the just-released Microsoft Windows SP2. Why? Microsoft apparently broke it on purpose! When an Nmap user asked MS why security tools such as Nmap broke, MS responded[1]: "We have removed support for TCP sends over RAW sockets in SP2. We surveyed applications and found the only apps using this on XP were people writing attack tools." I don't know why they consider Nmap an "attack tool", particularly when they recommend it on some of their own pages[2]. Shrug. Removing SP2 re-enables the functionality and causes Nmap to work again. Many problems unrelated to Nmap have been found with SP2 as well[3], though it does some welcome security improvements for people stuck on that platform. I will work on this if I get time, but am currently busy rewriting the core port scanning engine for the next version of Nmap. It is much faster, offers much better multiple-host parallelization, and provides other long-desired features such as completion time estimates. If someone finds a solution to this SP2 problem, please send a patch. It may not be too hard, as Nmap supports operating systems such as Win95 that didn't have raw socket support in the first place. Cheers, Fyodor [1] http://seclists.org/lists/nmap-dev/2004/Apr-Jun/00 77.html [2] http://www.microsoft.com/serviceproviders/security /tools.asp [3] http://www.crn.com/sections/breakingnews/breakingn ews.jhtml?articleId=23905071

Re:Limited outbound connections

Not just nmap et al. -- it hoses bittorrent as well. I had to uninstall SP2 last night because I found that I could now use either bittorrent or a web browser, but not both at once...and my bittorrent downloads were pitifully slow, to boot.

The odd thing is that SP2 RC2 did nothing of the sort. Everything worked beautifully under it; I'm tempted to see if I can dig up a copy somewhere and reinstall it.

Re:Limited outbound connections

[Nasarius]

Just so there isn't a bunch of FUD being spread, the limit is on INCOMPLETE outbound connections.

What's the limit? If it's too low (less than a couple hundred), it could slow down eMule pretty badly.

Re:Limited outbound connections

[Nasarius]

Holy crap, the limit is ten. Ten pending SYNs! Yeah, I'd say that would be pretty effective at killing almost all P2P.
Makes me glad I use Linux 95% of the time.

Re:Limited outbound connections

"I don't know why they consider Nmap an "attack tool"

Oh come on, no one is that stupid. So it must just be denial.

Could it be because probably every serious "attacker" out there has it and uses it for one reason or another? Its legitimate uses are heavily outnumbered by the mischievious or downright nefarious.

Hmm, break "Nmap", a program that the vast majority of our users don't even know exist, or cut down on the viruses, trojans, scanning, etc.? Wow, what a tough choice for MS.

Re:Limited outbound connections

[stratjakt]

Boo hoo.

Now anyone who needs to use nmap will have to run it from linux. Which shouldn't be a problem for anyone who uses it legitimately (hell, they probably aready are using linux).

Hell, run it from coLinux, it'll take all of 10 minutes to install.

It also means the script kiddies will need to learn linux, which eliminates 99% of them right there. Woohoo.

They didn't actually eliminate raw sockets, they just changed the rules. No raw TCP, and no raw UDP with a source address that isn't currently bound to an interface on your machine.

Hmm, someone as smart as fyodor could easily put his spoofed IP onto a virtual TAP adapter, and the API should let him use that address. Something to play with.

What versions of windows supported raw sockets, anyways? Anyone know? I thought it was introduced in 2000, but I'm not sure.

Re:Limited outbound connections

[SilentChris]

Well, think about it: who uses Nmap more? Corporate administrators or script kiddies? None of the companies I know use it (we use tools we pay for with actual support). Microsoft has every right to block whatever they want.

Re:Limited outbound connections

[sharkey]

Microsoft has every right to block whatever they want.

Absolutely. On their own computers. Why should they be blocking MY tools on MY computers?

Re:Limited outbound connections

[SilentChris]

That's what registry hacks are for. OR, get a machine with Linux/FreeBSD. Your choice.

Re:Limited outbound connections

[Dogun]

Having been network administrator at my living group in college, I have to mention the merits of fyodor's rather awesome tool. nmap has saved my ass a number of times, locating owned boxes, spotting shitty firewall setups, etc.

On some occasions, I've used ARP poisoning on an owned box to figure out who's responsible. More often than not, it's a box at another university that was owned as well. Which is usually pretty obvious, thanks to nmap.

And now that nmap picks up versioning information, I can scan my entire living group and make note of anyone who's running something abysmally old, too. Quite frankly, it kicks ass, because it allows me to address problems that I would have had a bitch hard time figuring out without it.

As far as nefarious uses go... if people want to use the tool for bad, they're going to do so anyhow. From a *nix box at their disposal. Like any normal person. Also, if they're using the tool for bad, unless they're using the zombie scan feature, it's not all that anonymous, so... it's not something you want to do from your personal box, then.

All in all, I think this was a poor move by msft, nerfing raw sockets like this. They've trashed one of the good features in WinXP, and I think people are going to care.

As for those of you who think you know what the tools is for, I urge you to think a bit harder.

Sure, you can scan the entire internet doing version scanning on port 80 looking for vulnerable IIS boxes, but there is still fallout from the last virus epidemic doing that. Or you can use nmap to assess your own vulnerabilities and help prevent dozens of hours dealing with idiots who don't read security related emails.

Re:Limited outbound connections

[LordPixie]

What versions of windows supported raw sockets, anyways? Anyone know? I thought it was introduced in 2000, but I'm not sure.

I believe that 2K had raw sockets support only for applications running as administrator. XP runs everything with administrator privileges, so everything has access to full raw sockets.

Full Disclosure: I'm taking this info from GRC.


--LordPixie

Re:Limited outbound connections

[biffnix]

Steve Gibson at GRC (Gibson Research), the SpinRite guy, has warned about the exploitability of raw sockets for YEARS!

Here's a link to his article on the topic of raw sockets: Raw Sockets Article.

So check that out, and see why Winders finally locked it down.

Joe Griego
Bishop, CA

Re:Limited outbound connections

[andreyw]

Makes me glad I run Linux/x86 and Linux/PPC *100%* of the time.

And for all those who think "Macs are gay" or "Linux isn't cool" - Have fun using your toy, buggy, 5cr1pt k1ddi3's delight OS with its crippled TCP/IP stack.

Re:Limited outbound connections

[ostiguy]

I want be be able to run nmap while connected to a vpn, that may or may not already use a virtual adapter, in order to test client and server firewall policies. This is not feasible to test on linux or any other os.

ostiguy

Re:Limited outbound connections

[wolrahnaes]

The problem is they fixed it the wrong way.

Raw sockets have always only been available to users with admin priveledges. Apps running as regular users can not use raw sockets. The problem is Windows has a broken security model due to a need for backwards compatibility with pre-NT applications. Everyone not in a domain is by default an administrator.

This is what Mr. Gibson was complaining about. Raw sockets are not necessarily a bad thing. Every decent OS has support for them. The problem was that in the Windows implementation, every single home user, and thus the trojans and spyware that they inevitably infect themselves with, had access to them. Only system admins and power users should have access, not Joe Idiot who clicks on the attachment or says yes to the purple monkey.

Re:Limited outbound connections

I had to uninstall SP2 last night because I found that I could now use either bittorrent or a web browser, but not both at once...and my bittorrent downloads were pitifully slow, to boot.

I have tried both SP2 RC1, RC2, and Final. With all of these SP2 builds, I never encountered any of the problems you are having. My web browser works fine while doing BitTorrent, Kazaa, Direct Connect, or any other P2P app at the same time (I have had all 3 running and still no problem browsing the web). Maybe there is another source for your frustrations? BTW I am talking about having like 5 or more torrents going at once. And while the speeds may not be the greatest at times (20-30KB/s), I have found torrents that still go 500-800KB/s. This is all while having SP2 installed.

I think your problem lies elsewhere.

Re:Limited outbound connections

[js3]

"XP runs everything with administrator privileges" that statement is retarded.

You also need administrator privilages to use raw sockets on XP.

Re:Limited outbound connections

[MrBlue+VT]

Just because you don't use it doesn't mean that a vast number of people have "legitimate" uses for it. I use it everytime I set up a machine to ensure the firewall is doing what I expect it to.

Besides, in and of itself, it isn't an "attack" tool, it just gives information.

Re:Limited outbound connections

[Selfbain]

When I installed it the other day, I couldn't get anything to work at all (except for the first few minutes after booting). Aim would remain connected but no other internet connections would work. I had no problems connecting to my LAN however.

Re:Limited outbound connections

[civilizedINTENSITY]

Its also no more outbound raw IP sockets,

"Various UNIX utilities use raw sockets, among them are: traceroute, ping, arp. Also, a lot of Internet security tools make use of raw sockets."

Re:Limited outbound connections

[gbjbaanb]

I recall the controversary over Raw sockets when they first appeared in XP - many people said they would be a security risk, and it sounds like they were right.

So now MS removes this feature that shouldn;t have been there in the first place, and everyone is up in arms about it. Maybe that's a little exaggerated..

Remember this?

Re:Limited outbound connections

[aonopko]

The solution (first link in the article) :

Windows Firewall Exceptions List

Detailed description

Some applications act as both network clients and servers. When they act as servers, they need to allow unsolicited inbound traffic to come in, because they do not know who the peer will be ahead of time.

...

In Windows XP Service Pack 2, an application that needs to listen to the network can be added to the Windows Firewall exceptions list.

Re:Limited outbound connections

[NaDrew]

Well, think about it: who uses Nmap more?

Well, Trinity, for one.

Re:Limited outbound connections

[NaDrew]

Remember this?

Referencing Gibson's rants is not necessarily the best way to enhance credibility.

oops.

[sulli]

so all these guys using bittorrent to distribute SP2 ... can't do it anymore once they install it.

Yet another reason to BUY A FUCKING MAC. Jay-zus.

Re:oops.

[linzeal]

Shareaza has found some solutions and are discussing them.

Re:oops.

[ParticleMan911]

You're kidding right? Macs don't need an SP2 equivalent because the limitations are built right in! I have been forced to use macs on and off for some time now and the "simple" interface is nothing more than a way to frustrate the intermediate to advanced computer user. I'd rather use Windows ME than be forced to operate on a Mac machine. Don't even get me started on how everything at Apple is marked up at least 25% for their cutsie marketing campaigns, and the fact that you can't by Mac systems from anyone but Apple. I guess if you don't care about money, or being able to use more than 10% of the applications that exist, then go ahead and make the Switch!

Re:oops.

[slughead]

Before the parent gets marked as troll..

Macs don't need an SP2 equivalent because the limitations are built right in!

What limitations?

Re:oops.

[VitaminB52]

Yet another reason to BUY A FUCKING MAC.

... or install Linux (in it's SuSE, Red Hat or whatever flavour) on your PC, that's lots cheaper than buying Mac hw + sw.

Oh yeah, and mod the parent to 'funny troll' please... :)

limiting outbound TCP/IP connections

[Short+Circuit]

I was wondering when they'd do that. It really bites into their sales if someone buys a 5-user license of XP Pro, and runs, e.g. Samba on it to serve to more than five people.

This is just one way to get around that.

Re:limiting outbound TCP/IP connections

Damn, they're ahead of Linux again. When will Linux come out with a version that only supports 5 TCP/IP connections?

Re:limiting outbound TCP/IP connections

[Utopia]

The limit is enfored if a previous connection attempt to a host has failed.
There is no limit if connection if the connection attempt was sucessful.

Licences have no effect.
There is no limit on the number of connections.
You will probably reach the memory limit of your system before you reach the maximum number of connections that XP can support.

Re:limiting outbound TCP/IP connections

[Short+Circuit]

doh. See above.

Re:limiting outbound TCP/IP connections

Are you serious?

1. The limit is for uncompleted connections (like network scanning).

2. What are they going to do running Samba on XP??? You run Samba to serve to XP Machines... so it will serve to 5 machines/users. 1 BSD etc fileserver w/ Samba, 5 XP machines. What does this have to do with biting sales, other than sales of licences for fileservers which matters little (consider the ration of users to fileservers)...

Re:limiting outbound TCP/IP connections

[operagost]

You don't have to buy 5 licenses of XP to serve five other clients! Windows XP is limited to 10 network connections. This requires only one license for the machine. It's Windows server products that require CALs for the clients to (legally) access them over the network.

Re:limiting outbound TCP/IP connections

[Short+Circuit]

I didn't mean to suggest that five licenses of XP were required...

Re:limiting outbound TCP/IP connections

and 640k should be enough memory for anyone, right?

Re:limiting outbound TCP/IP connections

hahaha!!! Funny little man...P2P apps lockup the connection in under 20min for me. The max even after screwing with settings is 50 now!!! What a bunch a bull I'm bout ready to reformat my machine this has me rather pissed.

Re:limiting outbound TCP/IP connections

With periods of high latency, I've already run into the 10 half-open connection limit, just on DNS.

Re:limiting outbound TCP/IP connections

[TheNetAvenger]

and 640k should be enough memory for anyone, right?

Cool quote, but it is an internet tale, Gates never said it.

Limit tcp connections

[Davak]

XP SP2: Are P2P, Port Scanning, and Port-Opening Programs Slower?

Check for the error code!

By design SP2 limits the number of simultaneous incomplete outbound TCP connection attempts. Who cares? This mostly stops trojans.

Run the event checker as described in the article above. You'll prove to yourself that you don't have a problem.

Re:Limit tcp connections

I ran into TCP connection limit very quickly on a workstation at work just by doing normal (non-network related) development.

I don't run any P2P apps or instant messaging programs. They goofed up this magic throttling value, this setting is just way too low.

Re:Limit tcp connections

[BarryNorton]

They goofed up this magic throttling value, this setting is just way too low.

If my limited (so far) understanding is correct, it's also a case of Windows being made to do things automatically (and uncontrollably?) that might be alright for brainless users in an office, but don't suit most of us. (And I don't say this as a Linux user who likes to spend all their time 'under the hood', just someone who doesn't like things being outside my control should I so chose...)

If you don't want XP SP2 deployed by auto-update..

[Meostro]

... you can disable it with this.

Of Course

[La_Boca]

Of course Microsoft does not want people to distribute sp2. Any number of backdoors or things of the like may be added at any step along the way. The safe way is obviously straight from Microsoft.

Re:Of Course

[cakefool]

the only safe way is straight from microsoft

Did you just say that?

Re:Of Course

The safe way is obviously straight from Microsoft

I know you were just trying to be funny (and cost MSFT bandwidth, heh); but for people who didn't get the joke, note that you only need to get the MD5-checksum from a trusted source, not an entire download.

Re:Of Course

No idiot, the file is digitally signed.

Re:Of Course

Of course Microsoft does not want people to distribute sp2. Any number of backdoors or things of the like may be removed at any step along the way.

Re:Of Course

[La_Boca]

Well, No.

Re:Of Course

[ewhac]

The safe way is obviously straight from Microsoft.

I guess Microsoft never heard of MD5 sums? Or digital signatures?

Wait, they must have heard of digital signatures; otherwise, how could they frighten uneducated people by throwing up that misleading dialog reading, "WARNING! DANGEROUS UNAPPROVED SOFTWARE!" every time you try to install a third-party driver.

Schwab

Yet another...

[wschalle]

This is just another shining example of how Microsoft shoots themselves in the foot on every rollout. My college isn't even deploying SP2 on their new faculty/staff desktop builds.

Re:Yet another...

[garcia]

I would say that a lot of OS distributors shoot themselves in the foot on a rollout. At least this upgrade is free and basically transparent for most people.

I remember when most people would wait for a RedHat build after a X.0 rollout. I remember when MacOS X would require you to pay for upgrades, and I remember when IT departments were deploying patches for known exploits and got burned in the ass when a worm was released.

Just another example of how the world works in different ways.

Re:Yet another...

[RatBastard]

Please elaborate on how, exactly, are they shooting themselves in the foot?

As for not rolling out SP2 on the desktops that's the only smart way for large organizations to handle large updates like this. My employer isn't rolling SP2 out anytime soon. Why? Because we need to test it to make sure that the applications we can not do our jobs without still work, and so that the IT staff has time to learn what changes SP2 has that they are going to have to support.

I don't like Windows, and I dispise Microsoft as a corporation, but blanket "they fucked themselves this time" without anything to back it up is pointless and useless FUD.

Re:Yet another...

[Bill_Royle]

It shouldn't be surprising that any enterprise-level organization would wait for some period of time before deploying something like this - that's been going on forever.

For example, we found on Win2k SP4 that Hummingbird was failing to make a constant connection on some installs with a VIA chipset. As a result, we delayed the rollout until we had a solid solution to the issue.

Any company that chooses to apply patches and service packs without relying on outside experience and independent testing - they're just begging for trouble. It's hard to sympathize with that...

Re:Yet another...

[wschalle]

Their distribution scheme is extremely restricted. Educational institutions can get cds for free in a 1:50 (1 cd per 50 students) deal, but they can't dupe the cds or redistribute the SP in any other manner. No site is allowed to mirror the update, so there is a huge bottleneck in distribution. Institutions are already timid about the SP, why not make it really, really easy to download? How much would it cost to allow people to mirror the SP and disclaim liability for service packs obtained from sources other than MS? $0.

Re:Yet another...

[JAD+lifter]

My college isn't even deploying SP2 on their new faculty/staff desktop builds.

Good for them! They would be idiots to deploy it on production machines before it has had a little bit of burn in time to find out what software it breaks, what bugs it introduces, etc.

Re:Yet another...

[TheAwfulTruth]

Actually, "bad for them".

Whay do people wait until final rollout before testing? This service pack has been available for months for large corps and software companies to test with.

Any software company that did not have a patch for their software or a roll out plan the day the SP was released is being criminally lazy.

But then the main reason that so many serious security holes exist is because of the amount of people that are too lazy to patch. If EVERYONE kept up to dat on ALL OSes, the amount of virii damage would be almost non-existant.

It is the universities responsibility to roll out this (or any other Windows or Linux) patch as quickly as possible. Ad in the case of SP2, given the months of prep time, that should have been THIS WEEK.

Re:Impressions? Or bad reviews?

[garcia]

I read through some of the "reviews" linked through a MS employee's? blog. They were mostly people saying that the install went well but they have minor issues with it (ie slow downs).

Personally I have installed it and have been using it since I learned of its release on Slashdot a couple weeks ago. It's nothing impressive for me but I didn't notice any slow downs.

I griped about my personal issues with the updated "features" and the nagging it causes.

YMMV.

Re:Impressions? Or bad reviews?

this is slashdot after all, the place where biased reporting has been invented

this place should be called sheepdot

No Problems Here

[ArchAngel21x]

I have had no problems since RC 1. I for one applaud Microsoft for turning the firewall on by default and creating a central security control panel for all users to use and understand.

Re:No Problems Here

[richdun]

Same here, no probs whatsoever since even before RC1 (beta build 21-something). Of course, I been staying in Fedora Core 2 and haven't booted into Windows in two weeks, so many that has something to do with it. :)

Re:No Problems Here

[richdun]

Of course, I still can't seem to make any sense when I'm half-asleep and try to post something...

Re:No Problems Here

[bandar8338]

Ditto here...installed RC2 a while ago, just installed the RTM on my computer (home built Shuttle) as well as the girlfriend's VAIO laptop and desktop...works fine.

If you're using a 3rd party firewall

[Markvs]

Such as Norton or whatever, be aware that if XP's firewall is turned on (as it gets turned on by default in SP2) you won't be able to hit the 'net on that PC.

-Markvs

Re:If you're using a 3rd party firewall

Crap. I don't know about Norton, but at least Zone Alarm was detected by Windows, and it made it default (automagically, and instead of its own firewall). I _did_ update ZA after installing SP 2. It also nicely detected that I had the free AntiVir installed, even though it wasn't listed on MS's page.

Re:If you're using a 3rd party firewall

[Six+Nines]

If it's Norton 2004, the Windows Firewall will let Norton take over. Earlier versions, no dice. Should be the same - big names OK, little guys like Kerio, uh-uh. To me, this says MSFT is at least trying to accomodate third-party software.

But I'm futzing with my first XPSP2 crisis - a broken wireless hookup - right now.

I've put SP2 RTM onto a couple of machines in my lab with no ill effects, but this notebook is the first unwired machine to get it. I'm not terribly surprised that even with WF and NIS disabled, I'm still unable to ping my NAT box. With WF off and NIS on, I couldn't even ping my wireless NIC. However, the laptop -- an old Sony Z505 -- is getting an address from NAT through the AP, so figuring this out is going to be fun.

This is all par for the course, and why I love my work, even when I'm totally frustrated and looking frantically for the DWIM button.

Re:If you're using a 3rd party firewall

[darkmeridian]

That's not true. I have both Norton Internet Security 2003 running along with the Windows Firewall behind a stateful, NAT-ing Smoothwall hard firewall box.

Yea. I'm a little paranoid.

Raw sockets

[ikewillis]

There are numerous unconfirmed reports coming primarily from the nmap mailing list that SP2 has removed support for raw sockets. However the ping and tracert utilities, both of which use raw sockets, still seem to function correctly. Perhaps only signed executables can use the raw sockets interface?

Re:Raw sockets

[plover]

From the Microsoft doc mentioned in the article:

What new functionality is added to this feature in Windows XP Service Pack 2?
Restricted traffic over raw sockets

Detailed description

A very small number of Windows applications make use of raw IP sockets, which provide an industry-standard way for applications to create TCP/IP packets with fewer integrity and security checks by the TCP/IP stack. The Windows implementation of TCP/IP still supports receiving traffic on raw IP sockets. However, the ability to send traffic over raw sockets has been restricted in two ways:

TCP data cannot be sent over raw sockets.

UDP datagrams with invalid source addresses cannot be sent over raw sockets. The IP source address for any outgoing UDP datagram must exist on a network interface or the datagram is dropped.

Why is this change important? What threats does it help mitigate?

This change limits the ability of malicious code to create distributed denial-of-service attacks and limits the ability to send spoofed packets, which are TCP/IP packets with a forged source IP address.

Re:Raw sockets

I'm not a windows person, but i assume ping and traceroute on windows still uses UDP?

If so, RTFA - UDP is allowed over raw sockets as long as it has a valid source address.

if not, then ignore this. :)

Re:Raw sockets

[Utopia]

Ping & tracert use the ICMP interface in icmp.dll
You don't need to sign applications to use this dll.

Re:Raw sockets

I'm not a windows person, but i assume ping and traceroute on windows still uses UDP?

They've always used ICMP, just like every other implementation, dipshit.

Re:Raw sockets

[aonaran]

Anyone know if they will provide a seperate download to enable Raw sockets like they did in the old days via MSDN or something? it is still important to have RAW sockets available for some types of development work. ...or will all new protocols have to be developed on non-MS boxes in the future?

Re:Raw sockets

[bedessen]

Looks like someone rushed to make a post and get a high rating without reading the story links. "unconfirmed reports" are confirmed in the damn article by MS, with complete details. Reading is FUNdamental.

SP2Torrent

[b0lt]

Any idea when Microsoft will be file an injunction to stop SP2Torrent from distributing SP2? Its probably not possible, due to the system of BitTorrent unless they take down all trackers, and there are bound to be some underground.

Re:SP2Torrent

[mdfst13]

According to http://sp2torrent.com/index.php Microsoft already has stopped them (at least from publishing the torrent link at that site).

New Windows Icon

[VividU]

Slashdot Editors,

Sooner or later you guys need to grow up. Suggestions:

1) Replace the broken windows icons with something more professional.
2) Create a Windows catagory.

Seriously, its getting tiresome.

Re:New Windows Icon

[SirModem]

I second this. It's really childish. Not to mention Microsoft/Windows should get their own category... afterall, half the news here mentions them.

Re:New Windows Icon

The windows icom does represent the Windows / Microsoft category. And if that looks like 'broken' to you, get your glasses checked buddy. They look like stained glass to me.

Re:New Windows Icon

Sorry, Bill. Don't take it so personally.

-- Michael

Re:New Windows Icon

[sielwolf]

Slashdot Editors,

Sooner or later you guys need to grow up.

You must be new here. ;p

(if so, you've probably already heard this joke)

Re:New Windows Icon

[kmmatthews]

"That's mean, I don't like, they're making fun of software I use, mommy make them stop!"

It's fucking SOFTWARE, okay? Try not to get your panties in a bunch over a damn icon.

Re:New Windows Icon

[bogie]

Um no. Its cleary a broken window complete with cracks and holes. Perhaps you are the one who needs to have your glasses checked? On the topic at hand I see no reason to change it. Since when has Slashdot been considered a "professional" website? Popular yes. Professional? No.

Re:New Windows Icon

[0racle]

Something about a guy calling himself 'RatBastard' talking about professionalism makes it loose all meaning.

Re:New Windows Icon

[TheAwfulTruth]

I would also vote for giving Windows or Microsoft their own category. Windows articles take up a larger percentage of space than any other category, if anything deserves to be categorized, it should be Windows/Microsft content.

Re:New Windows Icon

[mobby_6kl]

Agree. If they don't want to change the MS or Windows icon, maybe they could change the Linux (or BSD) icon to this? If it's ok to make fun of others, it should also be ok to make fun of ourselves.

Re:New Windows Icon

[djfray]

This is hardly flamebait. It's an open issue, presented in a polite manner, opposed to something like "blah blah change the fucking icon you morons blah blah." I completely agree with his point. And one of the replies that, if it stays this way, the linux and bsd icons should also be modified to the same level.

Re:New Windows Icon

WHWHAHAAHAHAWWWWAHAHAHAA

try this one vivid:

http://images.google.nl/imgres?imgurl=http://sue sc ornerweb.com/news/news-old/020105/apen.jpg&imgrefu rl=http://www.prownet.nl/profiel.php%3FprofielID%3 D3386&h=351&w=468&sz=45&tbnid=yb_D8U7Ng9AJ:&tbnh=9 2&tbnw=123&start=2&prev=/images%3Fq%3Dwindows%2Bsh it%26hl%3Dnl%26lr%3D%26ie%3DUTF-8%26sa%3DG

Read the reason-

[baudilus]

From the note:

Limited number of simultaneous incomplete outbound TCP connection attempts
Detailed description

The TCP/IP stack now limits the number of simultaneous incomplete outbound TCP connection attempts. After the limit has been reached, subsequent connection attempts are put in a queue and will be resolved at a fixed rate. Under normal operation, when applications are connecting to available hosts at valid IP addresses, no connection rate-limiting will occur. When it does occur, a new event, with ID 4226, appears in the system's event log.

Why is this change important? What threats does it help mitigate?

This change helps to limit the speed at which malicious programs, such as viruses and worms, spread to uninfected computers. Malicious programs often attempt to reach uninfected computers by opening simultaneous connections to random IP addresses. Most of these random addresses result in a failed connection, so a burst of such activity on a computer is a signal that it may have been infected by a malicious program.

While the reason is valid, I don't see anything about if/how this is user configurable. It would be nice if you could actively turn this off, and/or grant certain programs (doom3, kazaa lite, iTunes, etc.) to have "unlimited" access.

Then again, this is all conjecture, because I haven't installed it yet and don't know if this actually is possible. Someone care to comment?

Re:Read the reason-

Here you go

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Ser vi ces\Tcpip\Parameters]
"TcpNumConnections"=dword:0 0fffffe

Re:Read the reason-

If you can turn it off, then wouldn't the worms be able to turn it off too? Seems like that would defeat the purpose of this "feature"...

Re:Read the reason-

[flanksteak]

Normally I wouldn't expect MS to allow you to configure something like this, but if you think about it, if there were a user option to turn it off, then it probably wouldn't be that difficult for a trojan to turn it off. Especially since so many people run with admin privs.

Re:Read the reason-

[MikeBabcock]

This message details how to shut it off.

Re:Read the reason-

[harrkev]

If it is possible for YOU to make this change, then it is possible for an exploit to make this same change. In other words, if they allow it, then it only means a couple more lines of code for the latest trojan/worm/virus/spyware.

Re:Read the reason-

yeah, if people wouldnt be running as root the trojan cant do jack

and it can be disabled via a reg setting

Re:Read the reason-

[mastagee]

That doesnt work with the SP2 rtm. Presumably because then any virus could just set the registry key to overcome the tcp connection limit of 10.

http://www.lvllord.de/4226fix/4226fix.htm

Re:Read the reason-

[civilizedINTENSITY]

But that also means that, if its possible for YOU to run code, then it is possible for an exploit to run code. In other words, allowing you to run your own code on your own machine means the latest trojan/worm/virus/spyware...

Somewhere the insanity has to stop. Why not here?

Re:Impressions? Or bad reviews?

[kristofme]

The BBC has a pretty good article about it, entitled "Concerns over key Windows update". Seems like there are plenty of things going wrong..

wait a minute

[Nuttles]

I hope no one that reads /. is applying SP2 to any critical systems at the moment. At least without adequate backup. I thought it was just what tech people did, especially with windows updates, was to wait at least a couple of weeks before applying it. Why bother with the headaches if someone else can deal with issues so you don't have to.

Nuttles
Christian and proud of it

Re:wait a minute

[rainman_bc]

And pray tell what critical systems do YOU have running Windows XP, a user desktop?

Re:wait a minute

[Nuttles]

And pray tell what critical systems do YOU have running Windows XP, a user desktop?

lol, maybe I should reword that to work computers that you don't want to go down because it will either piss you or your coworkers off and make for a bad day

Re:wait a minute

. I thought it was just what tech people did, especially with windows updates, was to wait at least a couple of weeks before applying it.

I thought what ...windows...people did... was wait for a couple years til their machine got 0wn3d.

Re:wait a minute

Well, all MY windows systems are either in critical or serious condition. Does that count?

Re:wait a minute

[phats+garage]

Like the payroll officer's desktop PC. That one is particularily critical.

Re:wait a minute

[rainman_bc]

And hopefully you either store the data somewhere on the network or payroll is smart enough to make backups, and have an image of the hard drive.

Recovery is a matter of restoring a ghost image and restoring the data.

Desktop PC's are never as critical as servers are.

Re:wait a minute

[phats+garage]

Well of course the database is on a server.

I'm still not going to hose payroll's pc no matter how backed up it is, if theres a way I can avoid it. Down time is down time.

Re:wait a minute

[Heywood+Yabuzof]

Laptop user, sales guy, out in the field. I'd say that's pretty critical, as it would be difficult to help him if SP2 royally screws things up. Sure, not as critical as your servers, but still a huge pain in the ass if something goes so wrong that he can't even boot his laptop.

Re:wait a minute

[rainman_bc]

I'd say then your disaster recovery plan for desktops is flawed. I'd keep a ghost image of every peecee, and you set a company policy for every user to backup to the network. (Or automate it using software)

You should be able to recover a pc in less than an hour. And it's only a matter of inserting a CD.

Re:wait a minute

[magarity]

hopefully you either store the data somewhere on the network or payroll is smart enough to make backups

Don't know about you, but I'd love it if payroll lost their data and started (paying) all over again.

Anybody concerned about "download logging"?

[GillBates0]

BBC ran this article a few days back about DownHillBattle.org offering a bittorrent. They summarize the new features offered by the SP as follows:

CHANGES DUE IN SP2
Pop-up ads blocked
Revamped firewall on by default
Outlook Express, Internet Explorer and Windows Messenger warn about attachments
Origins of downloaded files logged
Web graphics in e-mail no longer loaded by default Some spyware blocked
Users regularly reminded about Windows Updates
Security Center brings together information about anti-virus, updates and firewall
Protection against buffer over-runs
Windows Messenger Service turned off by default
The "Origins of downloaded files logged" feature troubles me a little. What do they mean by "downloaded files"? Do HTML files count as "downloaded files"? What do they want to keep track of and log my downloaded files? How will they know if I use another browser and download files using that instead of IE? What about the other files I download through File sharing applications?

What log "origins of downloaded files" at all? Does it improve security in any way? If they were logging keys/certificates of software updates (to AV software for example), it would make a little sense (but not a whole lot, it shouldn't concern the OS at all), but this feature sounds a heck lot more like a Big Brother OS thing, something like IE tracking all websites visited in a hidden+undeletable folder for the suits.

Re:Anybody concerned about "download logging"?

One more reason to use an alternative browser such as Opera or Firefox (no I'm not gonna make the links, simply use Google. And no I'm not gonna put up a link for Google either ).

Re:Anybody concerned about "download logging"?

[proj_2501]

You know, one of the handiest things is when IE5 on the Mac would put a download's URL in its comments field, so when I show someone the latest dumb Flash meme that's spread throughout the universe, I can show them where to get it.

Re:Anybody concerned about "download logging"?

[SilentChris]

You're overreacting. The only thing it logs is the fact that the file was downloaded off the internet (and, presumably, only does this for IE). It doesn't know where in particular it came from. The goal is to say to the user "Hey, this file may be unsafe", but not for local executables that have always been local.

Re:Anybody concerned about "download logging"?

[kilocomp]

While this feature could be used by that famous "malicious user" or evil company (or more likely your tech savvy wife using it to see you downloaded nude pictures of CmdrTaco) I believe they are trying to stop the infestation of spyware. If you have been infected with spyware you will be able to see where it was downloaded from (avoid that site in the future or stop hitting yes to everything that pops up). You will also have the ability to uninstall it from IE somewhat similar to the plugin system of FireFox (though I am not sure if it would uninstall completely or just remove the IE integration).

Re:Anybody concerned about "download logging"?

[JoeBuck]

I can't belive that people modded this guy up to 5. Do people think that Microsoft is logging every file you download? That's simply not feasible; the traffic would overwhelm even Microsoft's bandwidth.

It appears that the idea is to record a log on your machine about the origins of each download, for easier tracking if someone tricks you into installing malware. I have no idea if they've taken any measures to make it harder for malware to just erase the log.

I would presume that if you use another app to do downloads, you won't get logging if you bypass whatever DLL IE uses to do the download.

Re:Anybody concerned about "download logging"?

[His+name+cannot+be+s]

Origins of downloaded files logged

It's not a sinister as you seem to think.

IE simply straps another NTFS stream onto the file so that the shell can warn you that you are running a file that came from a particular source.

It doesn't log it anywere else (like a log file).

So, it's more like an origin-stamp on the file, rather than logging.

Re:Anybody concerned about "download logging"?

Yes, and this log is then uploaded to M$ when you do a Windows Update. M$ is checking to see whether or not you are downloading OSS.

Re:Anybody concerned about "download logging"?

[fzammett]

I've already experienced this "logging" (much to my surprise)... Downloaded an EXE the other day (yes, from a known good source) and clicked it to run... The thing popped up a dialog asking if I wanted to run the file because it's source is not known and might not be trusted, or some verbiage to that effect.

Wah? I thought?

So I clicked a couple more EXE's that were already on my system. Nope, no warning. Copied one over from another machine on my local network. Nope, no warning. Downloaded another EXE. Yep, warning.

I think it could get a tad bit annoying to someone like me that knows what I'm doing, but (a) I think I saw an option to turn it off on the dialog, and (b) it's I think a great idea for someone like my mom, or even the so-called "power users" who just THINK they know what they are doing.

I don't know if that's the logging that's referred to, I haven't done the requisite research to find out. But I suspect it is, and if it is, it strikes me as a good, non-sinister thing.

Re:Anybody concerned about "download logging"?

[nmos]

I like the logging but I'm not crazy about the warning being turned on by default. One of the problems I run into when supporting others is that Windows spits out so many warnings for trivial things that people get into the habit of just clicking OK without reading the warning at all and as a result they tend to miss the rare important ones. I can't help but think this is going to make the problem worse.

Re:Anybody concerned about "download logging"?

[shird]

That is the logging it is referring to Id imagine. And although quite useful, it could be much better.

For example, downloading a zip, opening it and running the contained .exe issues no warning. And thats how most exes are downloaded, but I guess its good to stop spyware from downloading and running through an exploit - as the OS will stop it natively rather than relying on the browser only for security.

Itd be good if it did prompt for things like zip files too, its handy knowing whether what youve downloaded has been AV scanned yet or whatever. And itd be good once more programs make use of this, eg p2p programs marking downloaded files. Perhaps theres a market for a program that monitors applications and marks all newly created .exes as 'dangerous'. Then you could just tack it on to any ftp/p2p/mozilla app.

Heh

[Hanna's+Goblin+Toys]

So they added a firewall which asks you if a program can access the Internet, but allows all the Microsoft ET-Phone-Home software to bypass its own firewall, thereby giving all non-Microsoft software a built-in disadvantage to not being released by the monopoly.

Interestingly, this means that worms and malware authors need only make themselves appear to be Microsoft software (if Microsoft can bypass its own firewall, the credentials will be reverse engineered) in order to continue to spam from zombie boxes without informing the user.

Secure Computing, yay!

Re:Heh

[piquadratCH]

this means that worms and malware authors need only make themselves appear to be Microsoft software

Hell, why even pretend being from Microsoft when Microsoft provides such a nice little API?

And since virtually every Windows User out there works with administrator rights, worms/spyware/whatever can simply deactivate the firewall with a simple API call.

Secure by Design my ass, Microsoft!

Re:Heh

[YU+Nicks+NE+Way]

Want to point to the "ET-Phone-Home" software that is in the box?

Re:Heh

[Jarnis]

It only asks permission to LISTEN (open ports for listening). So all phone-home applications are ignored by the firewall.

So, while the builtin is WAY better than nothing, everyone should really install a third party one that controls all access on application basis.

Re:Heh

[IDIIAMOTS]

And since virtually every Windows User out there works with administrator rights, worms/spyware/whatever can simply deactivate the firewall with a simple API call.As opposed to stopping/uninstalling the 3rd party firewall since the worm is running with admin priviliges and can do whatever it pleases on the box? Let's face it, once the malicious code gets admin rights on the box, nothing on that machine can stop it.

Re:Heh

[dave420]

Damned if they do, damned if they don't. Slashdot is as fair and balanced as fox news.

Re:Possibly not a bug?

[SunPin]

um... paranoia perhaps?

Great solution!

[bcarl314]

So let me get this straight. Microsoft determines that virii / worms / (insert other bad stuff here) use the internet to infect other computers. So, to make Windows more secure they shut down TCP/IP? Isn't that overkill? I mean really, I don't shoot my kids when they get a cold just because he might infect someone else!

Re:Great solution!

[ribond]

They're not shooting the kids -- they're keeping them in bed.

As soon as they're over the cold they can go play again.

Re:Great solution!

Where are you getting that from? They're not "shutting down TCP/IP" at all.

Oh, wait. This is Slashdot.

Re:Great solution!

You're a dumbass, over years past people have bitterly complained how open Windows was by default. A common way to clamp down on rogue network activity is to close off ports, MS doing this is what many have wanted for quite some time. Saying that they 'shut down TCP/IP' just shows your ugly stupidity.

Re:Great solution!

[Cynikal]

shooting your kids? come on isn't that just a little bit over exagerated?

its more like breaking their legs so that they don't accidently/unknowingly go out and infect someone else :)

Windows Security Alerts Icon

[siliconsnaked]

Is there a wayto kill the tray icon? the wcn??.exe gets killed by me, and relaunces itself. This is one of the few times google has let me down :(

Re:Windows Security Alerts Icon

[Utopia]

Goto Control Panel->Admin Tools->Service and set the security service to manual.

Re:Windows Security Alerts Icon

[bandar8338]

Just open up the security console and tell it that you'll monitor your own firewall or virus program or whatever, and it'll disappear.

Re:Windows Security Alerts Icon

[Keltan]

1. Open up the Windows Security Center 2. Click "Change the way Security Center alerts me" 3. Uncheck ALL of the Alert settings 4. Click OK 5. Close the Security Center window (tray icon should now be gone)

Re:Windows Security Alerts Icon

[Jarnis]

Just go and disable the alerts in the security center. You know - read the new windows, select the options that suit you most. It'll stop bugging you when you choose how you want to handle auto updates/firewall/antivirus. One option basically being 'stop bugging me'.

Re:Impressions? Or bad reviews?

Perhaps you should read further before replying. I saw many positive 'impressions' on the linked sites.

Ah. I've been trolled.

Move along. Nothing to see here.

I wonder if Steve Gibson is cackling?

[peacefinder]

What new functionality is added to this feature in Windows XP Service Pack 2?

Restricted traffic over raw sockets

A very small number of Windows applications make use of raw IP sockets, which provide an industry- standard way for applications to create TCP/IP packets with fewer integrity and security checks by the TCP/IP stack. The Windows implementation of TCP/IP still supports receiving traffic on raw IP sockets. However, the ability to send traffic over raw sockets has been restricted in two ways:

TCP data cannot be sent over raw sockets.

UDP datagrams with invalid source addresses cannot be sent over raw sockets. The IP source address for any outgoing UDP datagram must exist on a network interface or the datagram is dropped.

I bet his "I told you so" rant will be entertaining.

Re:I wonder if Steve Gibson is cackling?

[baudilus]

Sorry, but I don't see your point. So outgoing raw socket data must be UDP, and the source address must be your NIC real IP, not spoofed.

If you really want to get around this, it's not hard. This just makes it hard to automate from within Windows which is the whole point, now isn't it?

Re:I wonder if Steve Gibson is cackling?

[Lieutenant_Dan]

God, that's funny. How thinking of our crazy guy Steve-o would react to the news.

He probably will be so overwhelmed that MS did something he wanted, he'll set himself on fire and hold a press conference.

Shields Up indeed!

Re:I wonder if Steve Gibson is cackling?

[stratjakt]

This guy drives me nuts. I can't stand FUD and lies.

I'm talking about the "shields up" thing. It claims if you're in "stealth mode" then your machine is invisible. This is idiotic.

Dropping incoming packets doesnt make you "invisible". If you were "invisible" and I tried to ping you, I'd get a "destination unreachable" error. If I get timeouts, I know you're there and dropping my packets. If you replied to my pings with "destination unreahables" you might trick me, unless I noticed that the destination unreachable messages were coming from the IP I was pinging (duh!).

It's as false as the "your machine is broadcasting an IP!" popups.

Fuck him and his crusade to break the internet by trying to convince people there's something to be gained by dropping incoming packets, instead of responding with a proper RST packet or ICMP message.

Linux folks, set your default firewall properties to DENY, and not DROP. It doesn't make you vulnerable, it doesn't allow SYN floods (which attack by spawning multiple server threads on a local port - an application vulnerability not a TCP/IP one).

It doesn't "hide" you from scanners, as he claims.

It doesn't prevent DDoS attacks, if I have enough bandwidth to clog your downstream, it doesnt matter what you do with all the crap I flood you with.

Actually, heh, he is doing a spin on the old "your machine is broadcasting an IP address" scam:

Many Internet connection IP addresses are associated with a DNS machine name. (But yours is not.) The presence of "Reverse DNS", which allows the machine name to be retrieved from the IP address, can represent a privacy and possible security concern for Internet consumers since it may uniquely and persistently identify your Internet account -- and therefore you -- and may disclose other information, such as your geographic location.

Uhhh, I can get that from the numeric IP, who cares about the reverse DNS. Do the RIAA do reverse DNS lookups when they launch all those suits against IPs?

This machine does have a static IP and proper DNS, so I dont know why his tool says it doesnt. Though, I don't really care.

Re:I wonder if Steve Gibson is cackling?

[peacefinder]

You're right, you missed my point.

It's non-technical, and not about whether this change is good or bad. Instead my post is about a certain pundit who claimed the sky would fall (more or less) when XP was released due to its raw socket support. He was so strident that he was dismissed as a bit of a crackpot.

It turns out that now, a couple years later, Microsoft actually addressed his concern. It is anticipated that the pundit will have something entertaining to say about it.

Re:I wonder if Steve Gibson is cackling?

[pyrrhonist]

Sorry, but I don't see your point. So outgoing raw socket data must be UDP, and the source address must be your NIC real IP, not spoofed.

Steve Gibson went to talk to Microsoft when they decided to put full raw socket support into XP. When they refused to take it out or limit it to Administrator only, Steve put a rant on his web page predicting total collapse of the Internet. The point is that now that Microsoft has made changes to raw sockets in SP2, we're wondering what Mr. Gibson is going to say.

Re:I wonder if Steve Gibson is cackling?

[peacefinder]

This guy drives me nuts. I can't stand FUD and lies.

Not supporting him. I'm just observing that there's some entertainment value in the situation. :-)

Re:I wonder if Steve Gibson is cackling?

[doon]

Uhhh, I can get that from the numeric IP, who cares about the reverse DNS. Do the RIAA do reverse DNS lookups when they launch all those suits against IPs?

Based on the crap we get here, I would say they just look up the IP in an outdated copy of Whois Information since they are still sending reports to addresses that change 2+years ago..

Re:I wonder if Steve Gibson is cackling?

You could do this on Windows 2000 pro which is 4 years old. What user had Win2k pro installed without admin rights as a home user? None.

So his "I told you so" about XP home is no different than every install of Win2k pro for the home user. Let's think a little before praising morons.

Re:I wonder if Steve Gibson is cackling?

Its been in Windows 2000 for 4 years now...

Re:I wonder if Steve Gibson is cackling?

[pyrrhonist]

Its been in Windows 2000 for 4 years now...

What the changes made to raw socket support in SP2? Uh, no.

Re:I wonder if Steve Gibson is cackling?

[repvik]

Dropping incoming packets doesnt make you "invisible". If you were "invisible" and I tried to ping you, I'd get a "destination unreachable" error. If I get timeouts, I know you're there and dropping my packets. If you replied to my pings with "destination unreahables" you might trick me, unless I noticed that the destination unreachable messages were coming from the IP I was pinging (duh!).

Duh! yourself. The router behind my PC has no way of knowing whether my PC is actually up and running with an ip or not. How does it decide whether to return a destunreach?

Re:I wonder if Steve Gibson is cackling?

[Cynikal]

actually i do wonder what he's gonna say, as he did predict way back when xp wasn't even released yet that the raw sockets ability in xp was a bad idea, and no one really listened to what he had to say. now years later, MS realized it, dissables it, and breaks a bunch of legit programs that depended on it. had the functionality never been there in the first place, this part of sp 2 wouldn't even be an issue.

so yea, i think i'll go on over to grc.com and wait for him to post an "i told you so" on his front page.

Re:I wonder if Steve Gibson is cackling?

[Calvinhood]

Your information is a little wrong.

While you will see destination unreachable every once in a while, for the most part all you'll see when you try to ping a host that doesn't exist is a timeout. Remember that IP is not connection oriented, it just fires packets onto the wire and hopes someone's there to pick them up. If there's not, well, too bad. There's no way for the router, or for the originating host to know if there's a machine there.

So no, stealth mode isn't a lie. It's not perfect, and it's useless if you have even one port that doesn't drop packets, but it isn't a lie.

Re:I wonder if Steve Gibson is cackling?

Linux ping will return a Destination Unreachable, Windows ping just says "Request timed out" for anything it does not get a response from.

Re:I wonder if Steve Gibson is cackling?

[Qzukk]

No, i just ran ping on an IP that I know has nothing on it, and linux just reports the packet was lost, not that the destination is unreachable.

Re:I wonder if Steve Gibson is cackling?

[ad0gg]

Dropping incoming packets doesnt make you "invisible". If you were "invisible" and I tried to ping you, I'd get a "destination unreachable" error. If I get timeouts, I know you're there and dropping my packets. If you replied to my pings with "destination unreahables" you might trick me, unless I noticed that the destination unreachable messages were coming from the IP I was pinging (duh!).

I just moved into a new colo and I do have my boxes designed not to reply to ICMP messages. So did your test, on them and got "Requested Timed out". I also have a couple IPs that have no boxes connected to them and did the same thing. And got the same result, "Request Timed Out".

Re:I wonder if Steve Gibson is cackling?

[drsmithy]

He was so strident that he was dismissed as a bit of a crackpot.

Steve Gibson *is* a crackpot. He's a ranting, raving twit who knows just enough to stir up needless fear but nowhere near enough to actually do something useful. He's much like the typical environmental protestor.

It turns out that now, a couple years later, Microsoft actually addressed his concern.

Unfortunately they addressed it the wrong way.

Re:I wonder if Steve Gibson is cackling?

[The+Bean]

The router behind your PC needs a bit more than IP to get the packet to your PC, it needs the hardware address which it gets with ARP. I suppose if it fails that step, it could return a destination unreachable error.

Re:I wonder if Steve Gibson is cackling?

needless fear... that explains all those DDoS attacks and high-speed Worms of the recent years!

If you don't like their solution you can _VERY SIMPLY_ fix it on your own machine. But the fact that it's now restricted on 99.9% of the luser PCs _IS_ good! Ma and Pa Joe don't need RAW IP!

0.01% of the PCs having RAW IP is no problem at all. 99.9% of the PCs having RAW IP is a _big_ problem!

Re:I wonder if Steve Gibson is cackling?

[pmw57]

Linux folks, set your default firewall properties to DENY, and not DROP. It doesn't make you vulnerable, it doesn't allow SYN floods (which attack by spawning multiple server threads on a local port - an application vulnerability not a TCP/IP one).

It doesn't "hide" you from scanners, as he claims.

It doesn't prevent DDoS attacks, if I have enough bandwidth to clog your downstream, it doesnt matter what you do with all the crap I flood you with.

Actually, heh, he is doing a spin on the old "your machine is broadcasting an IP address" scam:

This may get me in trouble, but please mod parent down, or as flamebait, for it's not a fair assessment of Shield's Up and what its purpose is for.

Steve's stuff about things of a DoS nature are unrelated to Shield's Up. Instead, the Dos stuff comes from his own personal experience of being attacked, and provides information about how it was achieved by the other party, and protected against.

On the DROP/DENY issue, the major purpose is just to slow them down.

If the packets are denied then they will get that response instantaneously, allowing them to scan thousands of ports per second.

If the packets are dropped then they get no reponse. They have to wait 2 or 3 seconds and try that port again, then another wait, and perhaps a third try at that same port.

It is this slowdown effect that is intended and achieved when you DROP the packets.

--
Paul Wilkins

Re:I wonder if Steve Gibson is cackling?

You are correct in that the Windows XP SP2 firewall does not make the machine completely invisible if configured to block everything. nmap with -P0 shows such a machine as "filtered" and a non existent IP as "down".

Dropping incoming packets doesnt make you "invisible". If you were "invisible" and I tried to ping you, I'd get a "destination unreachable" error. If I get timeouts, I know you're there and dropping my packets.

You have it around the wrong way.

Dropping packets, causes timeouts, since no reply packet is ever sent. Which is the same effect as pinging something that does not exist.

Blocking them "politely" causes unreachable errors.

Here, I will ping an internal IP on my network, which does not exist...

C:\Documents and Settings\Owner>ping 10.0.0.15

Pinging 10.0.0.15 with 32 bytes of data:

Request timed out.
Request timed out.
Request timed out.
Request timed out.

That, was a WinXP Home SP2 machine pinging an address which cannot respond because no device on my network is assigned with it.

However, specifically with regard with the firewall with WinXP SP2, from my OpenBSD server, my Windows XP Home SP2 machine, appears to be switched off if I run nmap with just ICMP, however it shows "filtered" for the -P0 option.

Fuck him and his crusade to break the internet by trying to convince people there's something to be gained by dropping incoming packets, instead of responding with a proper RST packet or ICMP message.

It does not break the internet. If you expect to find a web server at www.google.com, then port 80 and perhaps 443 should not be blocked to that server. There is nothing wrong with dropping packets on ports that you do not wish to serve through.

Linux folks, set your default firewall properties to DENY, and not DROP. It doesn't make you vulnerable, it doesn't allow SYN floods (which attack by spawning multiple server threads on a local port - an application vulnerability not a TCP/IP one).

SYN floods are specifically a TCP/IP issue. A SYN flood is done by sending lots of "please allow me to connect" SYN packets, but then ignoring all replies to those requests, causing the queue of initiating connections to quickly fill, preventing legitimate connections from being able to occur.

It doesn't "hide" you from scanners, as he claims.

WinXP SP2 firewall does not hide from an nmap v3.00 using -P0 at least from IP's on the same private subnet.

It doesn't prevent DDoS attacks, if I have enough bandwidth to clog your downstream, it doesnt matter what you do with all the crap I flood you with.

If you saturate my downstream, then there will be nothing left for me to use. But I can't stop you from doing that and no firewall at my end of that pipe can. However, if I also politely respond to all that crap, it is going to hurt me more and it might cause me a further DoS of some sort. Like my machine crashing.

Uhhh, I can get that from the numeric IP, who cares about the reverse DNS. Do the RIAA do reverse DNS lookups when they launch all those suits against IPs?

I can't speak on behalf of the RIAA, however, the answer to this in general, with respect to identifying people on the net due to legal action, is YES, reverse DNS does get done to aid identifying ISP accounts being used for the illegal activities. I have worked within net law enforcement and "they" get all the data they can, including reverse DNS.

Many, many users are reporting problems...

[Osrin]

... yet the articles that are linked are mainly positive.

Odd.

Re:Many, many users are reporting problems...

You must not be wearing your Slashdot goggles. They'll help you see, erm, more clearly.

Re:Many, many users are reporting problems...

[stratjakt]

Your slashdot reality distortion field is broken. Noone ever says anything positive about MSFT, evar!!!!11!1!

Read SANS page first

Read the SANS page mentioned in the article. Well, unless you opt for the RedHat/Suse/Debian patch. The experiences on that page are probably the most comprehensive collection of possible issues. As always, the ISC managed to stay to the point without much hype and crap.

NTBugTraq Impressions

[sp00]

This was from the HTBugTraq mailing list a few days ago.

To: NTBUGTRAQ at LISTSERV.NTBUGTRAQ.COM
Subject: XP SP2 - Statement of the NTBugtraq list

Ok, so I feel like I need to do this, hopefully its understandable.
1. XP SP2 is the most significant security effort Microsoft has ever produced. Granted, it may not be a "silver bullet", or solve all problems, but it is significant in so many ways that we as a security community cannot fail to acknowledge it. I admire "discoverers" as much as the next, but before XP SP2 can be written off it will take many, many, vulnerability announcements.
a) IMO, this is the first time that Microsoft has put security over existing, and frequently used, features.
b) IMO, this is the first time that Microsoft has accepted the fact that their choice is going to lead to "some" incompatibilities.
c) IMO, this is the first time that Microsoft has taken a stand against ISV who are definitely making money out of some features they (MS) made available to them.
2. I, at least, as NTBugtraq Editor, believe we, as the NTBugtraq community, need to stand behind Microsoft's efforts. That means we need to continue to endorse XP SP2 despite what problems have arisen or may arise (within obvious reason.) The media is only going to state the problems. They cannot appreciate, nor do they believe their customers are willing to pay for, stories about XP SP2 successes.
So, I want to hear from you, every one of you, regarding XP SP2 success or failure. Obviously, I want those stories in as much detail as you can provide.
There are, no doubt, some (many?) applications which will not be compatible with XP SP2. I say they represent Vendors who are not prepared to accept the responsibilities we've always felt they should have as reasonably security-minded Vendors. They've had lots of time to figure out how to make their apps compatible, and have *chosen* not to.
I offer any Vendor who feels Microsoft left them "in the lurch", regarding their problems with XP SP2. a forum to express their problems.
Equally, I offer all NTBugtraq subscribers a place to state the problems they are encountering with an ISV application.
It is extremely important for corporate environments to get XP SP2 deployed to all home systems running XP. Let's make sure the media has the right information.
Cheers, Russ - NTBugtraq Editor

Re:NTBugTraq Impressions

c) IMO, this is the first time that Microsoft has taken a stand against ISV who are definitely making money out of some features they (MS) made available to them.

Of course that's not true. Consider media player software, browsers, etc. It's just that this is the first time it might affect the antivirus guys, not any ISV.

Here's a fix for the EventID 4226 bug

[An+Onimous+Cow+Herd]

Check Here for a fix.
There's both a downloadable patch as well as manual instructions for patching by hand for the ultra-paranoid.

Re:Here's a fix for the EventID 4226 bug

MOO!

No Problems Yet

[Godboy_g]

I just installed SP2! N....o........P....r....o....b....l....e....m....s ........H....e....y........E....v....e....r....y.. ..t....h....i....n....g........i....s........g.... o....i....n....g........s....o........s....l....o. ...w.......-Connection Refused-

Re:No Problems Yet

[leperkuhn]

The question really is, did you type out all that, or write a perl script to do it for you?

System rebuilds

[Jugalator]

According to SANS (link above), only 6% has been forced to rebuild their system after install. Not too shabby!

Re:System rebuilds

[N3Z]

6% is horrible!
The SANS (informal) survey currently shows 20% had a nasty time of it (big problems, failure, or rebuild). oh.. wait.. this is good for an MS patch.

Re:System rebuilds

[stratjakt]

Not only that, the majority of those boxes borked because of a preexisting trojan that tries to disable firewalls/antivirus/etc.

Great, all those grandmas can take their machines back to Best Buy who will reformat and reinstall for them.

Remember, we dont like those infected machines on our internet.

The instructions say to do your virus scanning and make sure your box is clean before proceeding, and it warns you to make a backup before starting, so I have no tears to shed for the lazy folks who didn't.

Re:Impressions? Or bad reviews?

[stratjakt]

I have a view. It hasnt caused a problem on any machine in my office, and I can only say that my personal machine at least "feels" more responsive.

Look, this is slashdot. They aren't going to be objective. For years the whine has been "MSFT default security is teh suck". MS releases a service pack that locks the boxes down reasonably well. Now that's something to complain about: "my kazaa is teh broked!"

Limiting outbound TCP connections to something sane make sense. Let the extreme P2P kiddies relax the rules manually. On the majority of desktops (not SERVERS) out there, an inordinate amount of outbound traffic is a sign of something bad, like a backdoored spam relay or the machine has been taken over as a DDoS drone.

SP2 crashed a lot of machines that were already exploited. Good. They were already broken. Now those guys can go to Best Buy, who will format and reinstall for them, juice them up with SP2, and there's one less source of SPAM/DDoS/Worms/stupidness.

IMO, SP2 was a huge step in the right direction, and confirmation to me that MSFT is doing more than paying lip service to security.

Of course, this is slashdot, and everything they do is wrong.

It's worth noting that I've never borked a windows box installing a service pack, all the way back to win 95. On the other hand, I've lost track of how much time I've spent cleaning up after typing "emerge -uD world". I thought I'd mention that so I can ensure I'll be modded troll. It's true, though, I swear it.

Re:Impressions? Or bad reviews?

Said article mentions that "..But the overall reports about SP2 were broadly positive." How is it that there are plenty of things going wrong?

I've done the XP SP2 upgrade myself just fine.

TCP Connections

SP2 limits to 10 concurrent TCP connections ! A patch exists to break this f*cking feature: http://www.neowin.net/forum/index.php?showtopic=20 0828 A have another problem with the SP2: sometimes, after a new reboot, it says my computer is not safe because the Windows firewall is not activated although I have checked the box to say that I use another firewall...

Anything to Smear Microsoft

[goldspider]

...even if it isn't true.

Ya'll complain that Microsoft doesn't care about security, but when they release a MASSIVE security patch, you try to find (and if that fails, fabricate) any and all tiny inconveniences it causes.

As others here have pointed out, it doesn't block ALL outbound TCP connections, just incomplete ones. Would it kill an editor to come out and say for once that "Microsoft did a pretty good job here."?

And no, I'm not new here.

Re:Anything to Smear Microsoft

Um you do know that P2P programs use WAY more connections than are allowed. I've been trieing to figure out for months WHY THE HELL my connection on my XP machine was locking up after launching any P2P program with verry many connections needed and I'm sorry. P2P apps can't bring down the # of connections needed. It's not possible. Next time pay attention.

Re:Anything to Smear Microsoft

[borgdows]

Would it kill an editor to come out and say for once that "Microsoft did a pretty good job here."?

no, but it would kill a kitten!!

Re:Anything to Smear Microsoft

[Ignignot]

Clearly you have not even read the comments. Numerous replies say that all raw TCP packets are blocked, and incomplete raw UDP packets are blocked. This breaks things like nmap, kazaa, and current DDoS programs. Saying that they have fabricated evidence is a bold, unsubstatiated claim - so far it looks like most of the comments are positive and the limitations are being discussed rationally. Yes the article summary is a little lopsided, but if you're not new here, quit your whining. You should be used to this.

Re:Anything to Smear Microsoft

[djrogers]

Would it kill an editor to come out and say for once that "Microsoft did a pretty good job here."?

We're not really sure, but it's not a chance that we're willing to take...

Re:Anything to Smear Microsoft

This breaks things like nmap, kazaa, and current DDoS programs.

Thats funny, I'm downloading about 200 porn files through Kazaa right now (SP2 Final installed). How exactly does it break Kazaa? Do you mean that some transfers within the program might not work? Because the statement you make seems to imply that the application is broken completely.

Also I never saw any of these problems with Kazaa being broken on Release Candidate 1 or 2 either.

Re:Anything to Smear Microsoft

I find it amusing that you picked 'you must be new here' as the cliche as opposed to 'this isn't a Borg Collective, different people will have different opinions' - especially as the latter is more likely to explain the symptoms you seem to be lashing out at.

Re:Anything to Smear Microsoft

You forgot 'BSD is dead' :)

The quality of moderators is astounding though .. 'Troll?' someone didn't get the joke...

Re:Anything to Smear Microsoft

michael is just a dumbass... nothing new...

No problems to report here either

But congrats anyway Slashdot, on your unwavering anti-MS FUD machine and for always prominently displaying only bad reports about certain products, and only good reports about others. Does your bias know no bounds?

A User's Impressions Of XP SP2

[BRock97]

The good:

• Things truely do seem to be snappy. I am not sure where to attribute this, but it is welcome.
• My notebook has wireless which had the annoying habit of showing that there wasn't a wireless connection (the disconnected red x) coming out of hibernation even though it was fully operational. That appears to be fixed.
• I was afraid that the firewall would prove to be annoying, but it actually works pretty well. When I load ICQ, Activestate Komodo, or other applications that try and used blocked ports, it pops up asking if I want to unblock things. The old SP1 firewall didn't do this.
• IE's popup blocker is pretty slick. It will show a little dropdown area above the current page asking about the popup, if it should be displayed, etc. Neat. I do wish Firefox would do this instead of the small icon in the lower right of Firefox's window. It isn't enough to make me stop using Firefox, though.

Now, for the stuff I find annoying.

• Their Windows Security Alerts interface isn't compatible with my corporate Norton I have from my work place. It isn't a big whoop, but I am surprised they don't work together.
• Some of my folder settings have changed. I am not sure why, but Microsoft feels the status bar shouldn't be on by default. To hit this point home, it changed it back to disabled after the install. Come on.....
• Along those lines, they decided to mess with my sound scheme. I normally turn all of that off, but sure enough after reboot it is back in all its glory!
• A lot of the wireless stuff has been funneled into wizards, need to find a way to turn that stuff off.
• IE and PNG is still pretty broken. Alpha doesn't work, and that problem where the colors are slightly off of what they actually are is still there. You would have thought that they would have addressed some of that stuff!

There you go, a user's point of view. Take it for what it's worth....

Re:A User's Impressions Of XP SP2

[twbecker]

IE's popup blocker is pretty slick. It will show a little dropdown area above the current page asking about the popup, if it should be displayed, etc. Neat. I do wish Firefox would do this instead of the small icon in the lower right of Firefox's window. It isn't enough to make me stop using Firefox, though.

Recent Firefox nightlies have this exact feature. Blatantly copied from IE yes, but hey if it's nice then what the hell. The icon on the status bar is still there as well.

Re:A User's Impressions Of XP SP2

[Keltan]

The fact that Norton Corporate Edition isn't supported in the Security Center is a GOOD thing. Norton Corporate Edition is often used as a managed program, which means that the server at the office running Norton Corp. can push virus definitions out when it chooses to. I assume that if you integrated the client versions of Norton Corp. with the Windows Security Center this would "break", or cause other problems, and probably piss off quite a few sys admins out there who want to be able to control when virus definitions are pushed to all the workstations. :)

Re:A User's Impressions Of XP SP2

I do wish Firefox would do this instead of the small icon in the lower right of Firefox's window. It isn't enough to make me stop using Firefox, though.

If you take a look at the recent nightly builds of firefox you would see that it does in fact have this same notification bar for pop-up (among other things).

Re:A User's Impressions Of XP SP2

[BRock97]

The fact that Norton Corporate Edition isn't supported in the Security Center is a GOOD thing.<snip>

I hear what you are saying and I totally agree, but Microsoft's security screen reporting the status as red, which will probably bring pause to other, less informed users in the house. Thankfully, I just found that the setting on the right "Change the way Security Center alerts me" allows me to turn off this warning. I would imagine it is by design, but that setting wasn't all together obvious.

Re:A User's Impressions Of XP SP2

[jawtheshark]

Personally I prefer the non-intrusive icon. It is very very rare that I want popups, and I know pretty well which sites I want to allow (only my ebanking and my webmail). All the rest are probably ads, and I couldn't care less.

So, showing me a line that there is a popup that wanted to show is slightly intrusive. Not as intrusive as the real popup. Yes, I used IE6 with SP2, but I usually use Firefox, but I don't have the latest nightly build. I just hope you can turn that thing of in Firefox.

Re:A User's Impressions Of XP SP2

[clontzman]

The fix for Norton should be released very soon via LiveUpdate. Apparently Norton doesn't advertise its status to any processes to prevent tampering. My university has a new corporate installer already that works fine with SP2 and it's supposed to be publicly available any day now.

Re:A User's Impressions Of XP SP2

Their Windows Security Alerts interface isn't compatible with my corporate Norton I have from my work place. It isn't a big whoop, but I am surprised they don't work together

I encountered the same issue with my F-Secure, and so did my friend with his Antivir. To be precise, I haven't heard of anyone who's actually had the new security center to identify their virus scanner. So that's a minus there.

However, despite the security center's apparent inability to detect active virus scanners, the package seems to be rather good (at least a step in the right direction). This time I actually got the network share configured right off the bat (unlike the SP1 days with at least 5 runs with absolutely same settings until the bastard agreed to start working).

In addition, I've got more or less rid of the annoying WinExplorer hangups I used to experience before, not to forget that any games haven't crashed the whole system anymore. However, I can't comment on the general stability since I boot into Windows for approximately 5% of the time, otherwise I'm running my good old trustworthy Debian or coding on my iBook's Mac OS X. So as you can see, I'm definitely not a fanboy, but I'll have to admit that with my current experience, MS did rather good job here. I hope the security features really work in the long run as well, since some Windows worms plague also the other platforms by spawning out spam and slowing down the network. Well, only time will show whether this update will live up to its promises. Someone else will have to comment on the IE improvements, since I'm not allowing it to any other site than Windows Update. For after all, I have a real web browser installed for surfing, so I'm not going to use a misleadingly named update client for that.

Re:A User's Impressions Of XP SP2

[delus10n0]

Check out Symantec's FAQ on SP2.

Re:A User's Impressions Of XP SP2

[Qzukk]

For what its worth if patent considerations come up, I can dig up places where I've discussed this kind of feature for mozilla/firefox (I've thought about it ever since seeing that icon for the first time, since this is what I expected it to DO, though unfortunately I kept it to myself), for the purpose of being able to use sites who decide to make navigation or login a popup in order to attempt to force users to turn off popup blocking. My idea would have shown a list of all popups currently blocked from the current site and allow the user to select one to show. Could even have a "preview" mode where only the html was downloaded and rendered without images, and the user can decide if its just a popup banner ad, or if it might be useful.

It was dismissed because people decided that if everyone blocked popups, the sites would quit using them, rather than forcing users to quit blocking.

Re:A User's Impressions Of XP SP2

[Maul]

The Norton WMI Update was released Tuesday night, IIRC. I don't know if that update also applies to the corp versions of Symantec's AntiVirus software, though. It is also my understanding that if you have NIS or NPF and SP2 is already installed, it will ask you to let it shut off the XP firewall.

Re:A User's Impressions Of XP SP2

[PsychoSlashDot]

Their Windows Security Alerts interface isn't compatible with my corporate Norton I have from my work place. It isn't a big whoop, but I am surprised they don't work together.

As per

http://www.symantec.com/techsupp/enterprise/sp2/co mpatibility.html

Symantec Client Security 2.0 DOWNLOAD NOW
Symantec Client Security 2.0 Business Packs DOWNLOAD NOW
Symantec AntiVirus Corporate Edition 9.0 DOWNLOAD NOW
Symantec AntiVirus 9.0 Business Packs DOWNLOAD NOW

Symantec Client Security 1.1.1 August 18 - 31, 2004
Symantec Client Security 1.1.1 Small Business September 1 - 15, 2004
Symantec AntiVirus Corporate Edition 8.1.1 August 18 - 31, 2004
Symantec AntiVirus 8.1.1 Small Business September 1 - 15, 2004
Symantec Client Security 1.0.1 August 23 - September 6, 2004
Symantec AntiVirus Corporate Edition 8.0.1 August 23 - September 6, 2004
Norton AntiVirus Corporate Edition 7.61 September 7 - 21, 2004

So, current products are supported already. Older versions, Symantec will roll out patches for in the upcoming weeks. Sounds reasonable. Feel free to point this out to your administrator in case they're not aware of this patch requirement.

Firewall slowdown solution...

[mR+SlIcK]

I noticed a moderate slowdown (of about 5-10k/sec) with the built in firewall enabled... sure enough when I disabled it and just relied on my NAT'd network with a firewall built into the router, my BitTorrent sped right back up!

I can see how this firewall would be extremely useful for the computer illiterate person just using Windows for minimal usage, but I'm also very glad that I could turn off the firewall very easily and get Windows to stop bothering me about it being off with a simple check in a checkbox.

Best Technical solution ever

[PhilippeT]

How do I resolve these issues?

Stop the application that is responsible for the failing connection attempts.

Dont both trying to fix it just tell them to close down what evers cauzing the problem who cares if you know an operating system is their to let the users run programs

SP2 killed my puter

I installed SP2 on a warez copy of winxp and had no troubles, but installing it on a legit copy caused it to freeze at the boot screen requiring me to scrub windows and start again. Well done M$.

Re:SP2 killed my puter

[stratjakt]

Chances are extremely high that machine was already exploited, and deserved to die, IMO.

Re:SP2 killed my puter

DESPIT popular opinion of some people here, MOST warez copies are NOT compromised by trojans, warez file servers, spyware, etc.

Re:SP2 killed my puter

[mAineAc]

actually there is an issue that I came across that will cause this to happen when upgrading to sp1. the solution was to reinstall system restore. It will either lock it up or send it into an eternal reboot.

IR and Bluetooth Changes

[FU_Fish]

Since installing SP2 I can not longer send to or receive from my phone via IR. I'm also no longer able to sync over bluetooth b/c it messed w/ the widcomm bluetooth software, but I think I've found a fix for that...we'll see.

Re:IR and Bluetooth Changes

[Jarnis]

The bluetooth fix is; UNINSTALL the stupid widcomm crap and let XP just detect your bluetooth hardware. It'll Just Work with the new bluetooth stack.

Remember the intended market...

[n9mdh]

XP, even the pro release, is designed for the home and small business user, at most. It's not a robust server solution, Billy G's bangers have other products for those uses. If you're 1337 enough to max out the SPI algorithm, changing the security settings won't be but a thang.

Aside from a hardlock issues (whose problems ultimately point to the authorization/security software, not the OS), I haven't seen anything more than a little grumbling for the small business types I've upgraded. The sense of security (pun intended) I get from a more real firewall being in place for them more than outweighs the costs.

If you're one of the 30 or so Tablet PC users out there, the Lonestar package in the upgrade (just for the T crowd) makes the upgrade a no brainer-- almost a Win 3.11 to Win 95 kind of experience, moving the look and feel away from a Palm experience and off into its own realm.

Re:Remember the intended market...

[jawtheshark]

XP, even the pro release, is designed for the home and small business user,

True... but then you really have to tell me what OS big corporations use on the desktop. As far as I can see it ranges from NT4 over W2K to WinXP. Nothing else... Meaning, that WinXP is also for big corporations. (But then they roll their own installs on corporate machines, and are mostly well-tested and well-protected)

Re:Remember the intended market...

[n9mdh]

My bad. What I was thinking (and apparently didn't have the sense to write down) was that XP as a network "server" is intended only in a smallish network environment, such as a small business or typical home user. I didn't mean to offer the flamebait that XP can't be found in a corp environment-- it is certainly on many desktops, either in home-rolled or stock releases.

Re:Remember the intended market...

[jawtheshark]

I didn't take it as flamebait. I just tried to make a bit of a sarcastic comment. However, you'd be really surprised how much "servers" running Windows are in use. Okay, probably NT4, 2000 or 2003 server, not XP... but I know many places where they migrated from perfectly fine Unix mailservers to Exchange.

Same thing with fileservers... especially in corporations that have more money that is good for them (I work in banking... don't even ask how much money they waste!)

Re:Impressions? Or bad reviews?

[RatBastard]

Of course. But Microsoft warned everyone that SP2 was more concerned with security than it was with compatibility. The fact that some custome written software breaks should not be a surprise to anyone.

Re:Impressions? Or bad reviews?

I'll give you my impression, because mine is positive. I've not noticed the limited tcp connection problem, the firewall works and doesn't completely suck (as basic as it may be), and overall stability is pretty good. The anti-virus reminder thing is obnoxious, which is probably good for the average user. The wireless network stuff screwed up my wep settings, but the wireless config tool is a huge improvement. I haven't used IE on that machine yet, but I didn't use it before, so I wouldn't know what to say is improved. I am planning on stress testing it this weekend before setting it up on a few other machines. I've seen one sp1-related crash not happen in sp2, so something is different. It has not broken any of my applications and I do use p2p programs daily (though only shareaza, bittorrent, and direct connect). I've criticized MS many times before regarding Windows XP, but I do believe they've made some steps in the right direction, and despite the SP2 problems, MS did specifically warn that SP2 will break programs.

Re:If you don't want XP SP2 deployed by auto-updat

[fugas]

And you can still get secure, by running this tiny app.

Colors

[Dolly_Llama]

SP2 has been fine for me, but it's turned slashdot puke yellow!

It must be a Microsoft conspiracy.

Re:Colors

[wraith0x29a]

Nah, you're OK, it's puke yellow in Konqueror too.

Re:Colors

Yeah, anything on it.slashdot.org is blindingly ugly. Just change the url to anythingelse.slashdot.org for readability, like so: http://screwit.slashdot.org/article.pl?sid=04/08/1 2/169252&tid=201&tid=164

Re:Colors

nope, slashdot is 101% pure puke

Re:Colors

[n9mdh]

That's not puke yellow. It's called tubgirl yellow.

Re:Colors

[scruffy]

This bug is in Mozilla, too!

Re:Colors

[Kippesoep]

Why is everybody so upset about this? Although it won't win a colour-scheme-beauty-pageant, it's not nearly the worst I've seen. Then again, what does beige have to do with IT? This particular colour doesn't look like the standard beige every computer case seemed to come in until a while ago (that would be truly unreadable) and I can't think of any other reference.

SP2 beta

[Edax+Rarem]

I got the beta version about a month ago and have been using it for some time. Since then I have noted that that "ikernel.exe" has been corrupted and I can't install anything. [been all over the MS help pages as well as 'installshield's', to no avail]. Also, I can't seam to search my hard drive [right click (C drive) > search > nothing happens ]
Highly annoying, and even our sysadmin couldn't get it going. Anyone else experiencing this?

Re:Impressions? Or bad reviews?

[Doc+Ruby]

When 49% of installers have problems, the bad reviews tend to crop up. I submitted a story about how 30% of installers reported "minor problems", like non-Microsoft browser incompatibility (the other 20% presumaably had major problems). So this story is actually spinning the SP2 problems more blandly than half its users would say themselves.

REAL workaround for P2P networking

[slashdevslashtty]

The limit is apparently embedded in the tcpip.sys file. Mircrosoft's resolution:

How do I resolve these issues?

Stop the application that is responsible for the failing connection attempts.

Suprnova has a real solution. It replaces the driver, apparently.

works fine so far

[hb253]

I installed XP SP2 earlier this week. As far as I can perceive, the PC is running the same as before. Of course, I disabled the firewall, antivirus nag feature, and auto Windows update.

I'm definitely not a pro-MS guy, but this anti-MS stuff gets to be a bit extreme sometimes.

My preferred OS's? Netware at the server, XP or Linux at the desktop.

Security limits functionality

[ceswiedler]

Security by definition must limit functionality. The best you can hope for is that the functionality limited is less valuable than the security gained.

Microsoft management has finally realized that in order to avoid the gigantic fiascos of the past year's worms, they have to limit some functionality. My guess is Microsoft engineers have been telling their management this for a long time, and finally, they were heard.

M: Is our product secure?
E: The only way to improve security is at the expense of features.
M: No way. Features sell the product.

M: We need to patch this security hole.
E: The only way to improve security is at the expense of features.
M: I still can't accept this.

M: Please, dear god, do ANYTHING to fix these security problems!
E: The only way to improve security is at the expense of features.
M: All right, all right! Do it!

Re:Security limits functionality

[Dread_ed]

Actually I can see them saying that they need to focus explicitly on ease of use, interoperability, and feature content to solidify their market position as the easiest to use OS. This position allows them to gather as many people into the fold as they can. They sacrifice security because it dosen't sell to grandma and grandpa or Sixpack Joe who think spam is for breakgfast, a worm goes inside of a trojan, and "rooting your box" is a dirty expression.

Then, once everyone is using the MS product they start to notice the annoyances of lack of security. Then at the opportune time they sell (not for money but in the marketing sense) them the security that they didn't think they needed until they started using our product.

This way the consumer will be able to see the value in the safety upgrade. In the future they will look for this in the next product upgrade they buy in addition to the original ease of use and feature content that brought them into the fold.

Sounds like a fantastic long term plan to maintain your stranglehold on the OS market if you ask me. A little dastardly, but they are marketing to people who do not have the same concerns as the /. crowd and are not near as savvy. Kind of like cattle you have to tell them what they want and why they want it.

Re:Security limits functionality

Security by definition must limit functionality.

*cough*bullshit*cough*

Making something secure does not *always* have to make it less functional. In many cases, making something (more) secure can make it *more* functional (as in the case of biometric ID - a properly designed biometric ID will be more functional than a password-based system, as well as more secure.)

OpenGL tooltip bug fixed, Blue tooth concerns

[MrEntropy]

Well the OpenGL tooltip bug is fixed. That makes me very happy. Prior to SP2, if you had an OpenGL app open, tooltips did not refresh correctly, often displaying a previous tip. A fix apparently exsited for a while but MS wasn't distributing it easily until SP2.

Bluetooth seems more reliable than the implemention that was shipped from Belkin with my USB bluetooth device. It does seem to have fewer services though. For instance, there is no way to send a contact to Outlook from my phone or vice versa.

Re:OpenGL tooltip bug fixed, Blue tooth concerns

[hsoft]

Hey! I thought that it was only my computer that had that tooltip bug...

As well they should

[SuiteSisterMary]

Microsoft has objected to people helping them distribute SP2.

Can you blame them? Untrusted sources and all that?

Re:As well they should

[Jarnis]

The packages were digitally signed by MS. Unless they were afraid of faked MS signatures (should be impossible, no?), it shouldn't matter.

Re:As well they should

[SuiteSisterMary]

Assuming people who download are technically literate enough to check the signature, or verify an MD5 sum, or aren't going to trust content from MICROS0FT INC. or whatever.

Re:Impressions? Or bad reviews?

i'Ve installed it on 3 pcs so far and it seems subjectively speaking (no i dont waste my time doing benchmarks to jerk off to) its gotten faster.

Nailing?

[callipygian-showsyst]

This appears to be nailing anyone who makes heavy network use of their machine, including especially users running P2P applications.

I'd hardly call having to go to a control panel and explicitly opening an (incoming) port "nailing" anyone. It's the right thing to do.

Microsoft did this well. The firewall has some nice options (like the ability to open ports only for the local network) and is very easy to use. Nobody got "nailed."

Re:Nailing?

That sentence isn't in regards to the firewall blocking ports. It is referencing the fact that the TCP/IP stack *limits* the number of simultaneous outbound connections, something you can't override!

The new differentiating factor

[kilocomp]

SP2 will make Windows more secure. SP2 is a huge improvement in the security arena for Windows. Despite what many poster have said about the TCP/IP outbound limit, it is a good thing. When a new worm tries to propagate it tries tons and tons of IPs in a short period of time which most of them won't be work either because the node is not on, firewalled, nothing assigned to that IP, etc. but Windows recognizes these fast attempts to "broken" IPs and then enforces a limit on them. This would truly slow down past worms.

Now this is the new differentiating factor. Windows has improved security enough to where it is a smaller comparison point when comparing it to Linux/BSD. The new big comparison point (besides price) is the ability to turn things off such as outbound limit rates and such. If Linux had widespread worms as Windows does it would be a good thing for the TCP/IP stack to limit "broken" outbound connections by default, but the key here is you would be able to turn it off.

Re:The new differentiating factor

[hsoft]

Maybe that I'll sound completely stupid here, but here I go: If MS would give the ability to turn outbound limit off, wouldn't a worm, to spead faster, only have to set the flag TCPIP_OUTBOUND_LIMIT = false ? It would make the whole security improvement *useless*

Re:The new differentiating factor

[foobsr]

QUOTE
# PURPOSE
# To deploy Data Control requirements for a Honeynet deployment.
# This script uses IPTables to create a gateway that counts inbound
# and outbound connections and blocks connections once a limit
# has been met. Also has the capability to work with Snort-Inline.
# Script can work in either GenI(routing) or GenII(bridging) mode.
# For more about Honeynets, refer to
#
# http://www.honeynet.org/papers/honeynet/
UNQUOTE
link

More than just a switch :)

CC.

Re:The new differentiating factor

[kilocomp]

That is a good point, but this where you need good user security i.e. only admin access can change the flag. Though it is entirely different story about Windows users always running with root. I just installed a test system with slipstreamed SP2 and it still creates a default user with no login and admin access.

XP Lite

[danZenie]

if sp2 presents such limitations, just imagine what this xp lite edition is like. "No son you can do http, pop3, and p2p all at once".

do youself a favor: don't turn around

[tiltowait]

/ points at Microsoft icon....

Good reviews of SP2?

[Doomie]

I have not experienced absolutely any problem with SP2, perhaps with the exception of the terribly long install time -- it took 1-2 hours on my relatively fast machine (the backing up of files is not fast at all).

For the normal "Joe Average" user there won't be too much of a difference -- a simple reboot and the system looks just the same. IE has the pop-up blocker, which has a semi-intuitive way of adding a sites to the white-list and is a bit imperfect, IMHO (if the pop-up displays a page which has a different URL than the originating page, then the "normal" user will be confused why adding the URL of the originating site doesn't work and the pop-up still doesn't display... this is the case even for subdomains of the same principal domain).

The firewall is pretty nice, the default being to ask when some program is trying to access "the internet". BitTorrent works very fine with me and I haven't had any problems with IM programs.

So, overall, after 2 days of SP2 experience, I can only recommend it to people who still use XP.

Re:Good reviews of SP2?

[twbecker]

Do you have a choice of whether or not to backup your files? If not, do they provide a facility to delete the backup afterwards?

Re:Good reviews of SP2?

[radish]

I think the backup is mandatory, so it can backout if it fails during the install. But you can certainly delete it afterwards.

As for time, for comparison it took about 15mins on my box (athlon xp & regular ide drives).

Re:Good reviews of SP2?

[civilizedINTENSITY]

the default being to ask when some program is trying to access "the internet"

Um...actually isn't it that the firewall only cares if some program is *listening* to a port? If some program (spyware) wants to access the internet, no problem. Its default open. Can you change that? Or do you have to disable MS Firewall and install Norten Internet Security (apparently both can not run).

Re:Good reviews of SP2?

[Webz]

So, overall, after 2 days of SP2 experience, I can only recommend it to people who still use XP.

Umm, what? You're making it sound like SP2 was released at a moment where all the XP users are critically thinking of whether or not to switch away from XP... I mean, yeah, some people do it, but... I know I use XP. And am still. using. it.

Re:Impressions? Or bad reviews?

> When 49% of installers have problems, the bad reviews tend to crop up.
its fun pulling numbers out of your ass?
i installed it on 3 (non trojaned pcs. I'm a poweruser after all) pcs and not a single problem.
it even seems faster than before

Oh for God's sake...

[Theatetus]

Now they're just marking every article "IT" to piss off the color-scheme whiners...

Annoyingly enough, the "it" subdomain sticks with you if you click on any link in the sidebar that doesn't specify another section.

Re:Oh for God's sake...

[petabyte]

What someone needs to do is write the firefox extension that simply converts any it.slashdot.org url to slashdot.org and hence kills what is possibly the worst color scheme in history (next to the games.slashdot.org color scheme).

Top impressionists.

[Mateito]

I'd like to see these guys do an Windows XP impression.

I thought the problem was my telecom line?

Im not getting event log message with ID 4226, as I'm on router,with mac and PC sharing DSL,but I still get errors, and slowed down,as use bit torrent 24hrs/day(where I downloaded SP2 from)
I thought the problem was my telecom line?

That can't be good

[zippo01]

I thought about upgraded to sp2 and my windows stuff stopped working, Wine did a really bad job of installing it... :-p

Re:Impressions? Or bad reviews?

Look, this is slashdot. They aren't going to be objective. For years the whine has been "MSFT default security is teh suck". MS releases a service pack that locks the boxes down reasonably well. Now that's something to complain about: "my kazaa is teh broked!"

No, no, no, you've got that wrong!
It's

"MSFT default security si teh suck"

and

"my kazaa si teh broked!".

JEFFK won't be proud of you.

Re:Wonder how many....

Her name was Karen, and we first met in Psych 101.

She was gnarled young thing; wheelchair-bound, head cocked permanently to her left, crusty fingers twisted into half-knots, long, atrophied legs, a seemingly endless trickle of spittle running from the corner of her mouth.

Despite her physical curse (MD, compounded by palsy), she was intelligent and very funny, and always added lively, in-sightful input to class discussions.

One might say she stood out from the crowd, in more ways than one.

About the third week in, I began to notice Karen staring at me from across the room. Each time our eyes met, she'd shyly curl her thin, purple lips into a smile -- the sort of smile that said "I know I'm a hideous, drooling freak but, please, Dear God in Heaven, won't you please smile back?"

Out of pity, I smiled back.

By mid-semester, Karen and I had become friends. I'd wheel her into the quiet hallways of the student center and we'd talk for hours about life's injustices, about our radically different childhoods, about health, about disease -- about the future. I often found myself weaving whole-cloth tales of my "hard" childhood, if only to buffer the sting of her heart-wrenching tales of a little girl with a incurable, crippling disease; the brutal taunts of the other kids, the endless hours of tests, treatments and therapies -- all of which she'd recount without a hint of self-pity.

As the winter passed and spring approached, Karen and I became exceedingly close, despite the suspicious leers of her roommate (a particularly bitter cripple named Jen) and the barbed guffaws of my beer-soaked buddies, who couldn't understand why I -- the most selfish, wretched womanizer on campus, would spend so much time with this diseased, rotting husk of a woman.

We started studying and shopping together. I helped her pick out her clothes and try them on, cooked for her, even helped her in and out of the bathhtub and scrubbed her back. And, although she consistently referred to me as the "big brother she'd never had," I could see, very clearly, that she was pining for more.

Needless to say, the thought of making love to Karen had crossed my shallow, polluted little mind on occasion, but was each time snuffed by the inescapable mental image of her pale, twisted limbs, her labored breathing, the stringy, clouded saliva running from her mouth... the image of fucking a sideshow attraction.

There were times when we were together that she charmed me to the point I wanted to take her in my arms and ravage her -- let her feel my hot, pounding heart against hers -- but the Images would flood as if through a shattered dam and submerge me in guilt-ridden disgust.

One hot night in July, my roommate, Captain Forehead, and I were hosting a keg party at our mobile home -- a gigantic, aluminum monstrosity we'd dubbed "Phi Kappa Trailer." The festivities were in full swing when I found myself, quite inexplicibly, thinking about Karen, undoubtedly sitting alone in her dorm room.

With a few drinks under my belt, I put on my Good Samaritan mask and decided that she might enjoy herself, so I picked up the phone and invited her to come to the party as my "date."

She giggled like a child, accepted, and I hopped into the old Dodge Charger to pick her up.

Once back, she asked Cappy (who, by now, had also grown quite fond of her -- tho' he stilled privately referred to her as "tire tread" -- don't ask me why) for a glass of beer from the keg -- the first time I had seen her show an interest in booze. After assuring Cappy that the alcohol wouldn't cross-fuck the effects of her meds, he tapped her a tall, frothy one.

It would be the first of quite a few, much to my surprise.

As the party went on and the drugs and booze flowed, the usual antics abound -- a fistfight out front, a visit from the Carbondale PD, a complete stranger taking his squeeze into Cappy's bedroom for a quick shag, some drunken chinese guy going into our medicine cabinet in search

My SP2 problems...

[deathcow]

I installed XP SP2 on a 16 month old XP installation which was at SP1.

I have a Intel Seattle motherboard with Yamaha sound and a SB Live!. After SP2, both sound systems were disabled and "No audio devices" shown on sound control panel. Device manager showed all devices present. I had to uninstall all sound devices (in the device manager), and then add a single sound system. Had to do it again after rebooting, again "No audio devices" found.

Also, after first boots with SP2, time-to-desktop and time-to-shutdown was horrrrible. Event log showed a bizarre COM+ error, after which I found one of the two COM+ services was disabled. After enabling the service, I've had no furthur problems.

Also, I uninstalled ZoneAlarm since the XP Firewall seems to do what I need.

I'm not sure what the rush is...

[Anita+Coney]

I hadn't had a virus on my computer since 1995. Checks for spyware come up empty, probably because I used Mozilla and now Firefox.

I don't run XP but feel pretty safe running W2k. I'm not sure why ANYONE would be willing to jump onto the SP2 bandwagon this soon. Wait for everything to settle down. Wait for MS or 3rd parties to fix everything, then install it.

Re:I'm not sure what the rush is...

Baahhh!

A True Geek Wud Install every new piece of
shiny software!!

Whoa wots that "Optimize Your Internet Connection"
"dialogue" Box

GTG True Geek to the Rescue(Install?)

Re:I'm not sure what the rush is...

Its Fun u should try it!!

Re:I'm not sure what the rush is...

[Anita+Coney]

Actually, I think newbies are like that, not geeks. My father-in-law, who is about as computer illiterate as can be, clicked and installed every piece of crap he could get his mouse on. I eventually had to set up a user account on his computer to keep him from downloading or installing anything.

Well almost right

[SmallFurryCreature]

You don't wait, you install it right away. On your test systems. Then you try it, the lenght depends. unix/linux patches a few hours/days depending on how critical, windows a week or so at least. MS sadly has a really bad history not all MSes fault. It just seems that more things go wrong with 3rd party software as well. Also MS doesn't really do patches but it does updates. The difference? Well take the SSH/SSL bugs that have occured, the fixes for this were patches to the bugs. You could look at it and see what was changed. So unless your setup used the bug for some reason patching it should be no worry. The only thing that can happen is that either the bug is patched, it ain't patched or the patch opens another bug.

But with MS updates you are guessing. Sure an update may fix a bug but what else have they done?

It is not that I fear patches being badly done, the SSH/SSL stuff had recently 2 patches right behind each other, but that I fear the "features" they added.

Remember this update really gives you a different product that behaves differently.

So a simple rule is to always first test a patch/update on a test setup. Then you test it for a length of time in scale with the size/complexity of the patch/update. I would suggest that SP2 is somewhere between a version upgrade and an OS rollout.

All I can say about SP2 is, thank god I am a unix guy. Yeehaw!

Re:Impressions? Or bad reviews?

[JoeBuck]

Don't forget that the people sending in reports are self-selecting. People who had problems are far more motivated to write a report on those problems that people who had no problems.

Let's wait until we have some real data, as in definitive reports that particular applications break.

M$

[5m477m4n]

I think for the next few months, maybe even years anything M$ does in the way of security will not be right in the eyes of many since they have such a bad rep. People will either complain about it being too loose, too tight, too leafy, too lumpy... But hey, give them a break, after all they're new to this security thing.

Perhaps you can't read

[A+nonymous+Coward]

Grandparent said I turned off the firewall

You said They turned the firewall off????

I hope you don't read code like you read slashdot posts!

I'm glad I read this now

[AvantLegion]

I'll hold off updating to SP2 until after I finish downloading all that pr0n I have queued on my P2P clients.

Re:I'm glad I read this now

[toddestan]

I'll hold off updating to SP2 until after I finish downloading all that pr0n I have queued on my P2P clients.

Or in other words, you're going to run SP1 forever?

Re:I'm glad I read this now

[AvantLegion]

>> Or in other words, you're going to run SP1 forever?

I do so love videos of naked women.

He was right after all...

[Erwos]

Steve Gibson must be feeling pretty damn good right now, seeing as his whole "raw sockets are the end of the world" issue seems to actually have been fixed in SP2.

Guess the doomsayers really are right once in a while...

-Erwos

This guy can say, "I told you so"

[kkith]

Apparently the dangers of allowing applications to access the raw sockets have been addressed to Microsoft in that past.

According to Steve Gibson (Gibson Research Corporation), he had pleaded with Microsoft in the past and was completely blown off.

Read about it

I think he deserves to say, "I f***ing told you so!\n"

Re:Impressions? Or bad reviews?

[swordboy]

IMO, SP2 was a huge step in the right direction

I almost feel exactly as you do with one exception: this puts open-source alternatives further behind.

Yes - I've tried linux. I install it about once or twice a year to check up on the status. I'm eager to move beyond Windows. However, after installing SP2, I don't think that is realistic in the foreseeable future. Good job to Microsoft (as much as that pains me)!

Re:Impressions? Or bad reviews?

[ribond]

That this is still a "5" says something interesting about Slashdot today.. :)

Maybe once the sp2 migration is complete we should fix a pane in that broken-windows icon?

He who sacrifices functionality...

[goldspider]

...for security deserves neither!

Or something like that, right?

TeamSpeak Overlay

[jagee]

TeamSpeak Overlay no longer works with SP2. http://forum.qbnut.com/viewtopic.php?t=210 Planetside seems to crash a lot more too.

Re:Impressions? Or bad reviews?

49%...please. Make up some more FUD, boy.
I bet the higher the number you make up, the better your chance of a +5. Oh wait, you already got that. Mission accomplished!

SP2

[mchawi]

I made an SMS package for it and pushed it out to all of our Network Admins that have XP. Opened the needed ports using the adm in the GPO.

Install, about 30 minutes (I probably should have put in a warning before the reboot, oops) - zero problems on any of our PCs.

I had to apply two hotfixes for the SMS Advanced client (832860 and 832862). SMS works fine.

I so far haven't found anything that 'breaks' that wouldn't break due to a 'regular' firewall - so it's been fairly easy to open the right ports.

I guess I'm just lucky I don't have the certain applications (like CRM) running here, but I've tested everything I use daily and no problems so far.

Devil's Advocate

[Cheesewhiz]

"Microsoft has objected to people helping them distribute SP2."

I hate to play Devil's Advocate, but DUH... look at this from Microsoft's perspective. Having non-Microsoft sources distributing SP2 has two huge negative aspects for them:

1) Unthrottled Rollout

Having P2P'ers flooding the patch to "everyone-and-their-monkey's-uncle" destroys any potential throttle control that Microsoft might have had. Microsoft's initial plan was to trickle the rollout of SP2 out at only 25,000 downloads a day, exclusively via Windows Update. This is extremely practical due to the scope of the patch -- it makes a lot of sense for them to control the release in case a catastrophic show-stopper pops up, and also to allow developers some extra update time.

2) P2P Security Liability

Let's face it, Microsoft has a right to have their skivvies in a knot over people downloading any Windows patches from 3rd party sources. The infamous "Average Joe" (they guy who opens email viruses twice a week) isn't going to do an MD5 checksum comparison on a patch from a P2P net before running it -- who's to prevent someone from hacking up their own little "SP2" cocktail exe and distributing it? Ultimately the shit would hit the fan and Microsoft would take it in the face.

Even those who do check MD5 digits on a P2P-downloaded patch need a trusted source for the correct checksum... again, Microsoft doesn't want to be liable. Sure, it could be argued that Microsoft could provide the MD5 checksum themselves, but then "Average Joe XP User" would never check it anyway because "Microsoft says it's ok, so it must be safe!"

Re:Devil's Advocate

[Zocalo]

Actually, Microsoft has published an MD5 sum for SP2 (or one version of it anyway), although they do not seem to be advertising the fact and I only stumbled across it. You can find it in the last paragraph of the article Top 10 Reasons to Deploy Windows XP Service Pack 2, and maybe elsewhere on Microsoft's site.

Any sites that are doing more than linking to the official download sources are probably going to be getting nastygrams though; check out the second to last paragarph. There are some pretty useful links for those involved in largescale rollouts at the very bottom as well.

Re:Devil's Advocate

[ratpack91]

but if you right click on the .exe and click on the digital signature tab it will check the file and verisign will tell you if the microsoft siganture is good.
not that 'average joe' is gonna do this, but it isn't hard if he wants to.

Re:Devil's Advocate

Microsoft's initial plan was to trickle the rollout of SP2 out at only 25,000 downloads a day, exclusively via Windows Update. This is extremely practical due to the scope of the patch -- it makes a lot of sense for them to control the release in case a catastrophic show-stopper pops up, and also to allow developers some extra update time.

Sounds like they want beta testers.

I mean, considering how many copies of Windows XP there are out there, that download rate was going to have to speed up significantly at some point. If they released SP2 to maybe 5% of XP systems out there every day, then maybe I'd believe that they're just worried about bandwidth consumption. But 0.01% a day? You're right, they do want a few people to check to see whether anything breaks.

Now, the question is, how to they pick those 25,000 people a day? MS has (properly) tried to convince everyone to turn on Automatic Updates. Are the "lucky few" who get SP2 aware that they're beta testers?

Re:Devil's Advocate

[jesser]

P2P apps let you include the MD5 hash in the link or .torrent, so there's no need for users to check the MD5 after downloading.

Re:Devil's Advocate

[radish]

1) If microsoft wanted to only allow downloads via Windows Update, why did they post the download link on their public webpage? I wanted to download the file, I went there first, and got a whopping 5k/sec. So I gave up, went to BT, and got the file in 10 minutes.

Lesson - if you don't want people to download something, don't post it on your site.

2) This would be an issue if it were not the fact that the SP file (in common with all microsoft downloads) includes built in integrity checking. You get the properties page up and it verifies the signature for you. I did that with the file I got from BT and it was fine.

Re:Devil's Advocate

[http]

...in case a catastrophic show-stopper pops up,
Helloo, McFly... can you say beta ? Microsoft deserves to be roasted, crisped, nay, charcoaled if this is how they treat their customers. Microsoft should be objecting to this software being distributed by Microsoft.

Re:Devil's Advocate

The only reason for the throttled rollout is they can't support million of people downloading a file that large all at once. Rather than fight P2P, they should be supporting it. If they are worried about legitimacy, they should host a tracker and the first seed. Better yet, make windows update use BitTorrent seamlessly.

Now, to the important matter. In several places they state that SP2 is only licensed for distribution by them. The download page itself has no license to agree to, so I can get the file without obligation. What I do with that free download from there is up to me. If I run it, there's a license to agree to, which may limit its distribution. However, merely redistributing that file that was provided to me without limit is not illegal. Claims of piracy in doing so are baseless.

So, to summarize, sp2torrent.com was issued a takedown notice for providing the metadata description (.torrent) for how to download from elsewhere a file provided freely without any license terms. Excuse me while I retch in disgust of the abuse enabled by the DMCA.

Is this copy of Windows legal?

[paddbear]

I had a general slowdown for the first few hours, but then theings went pretty much back to normal. Oh. And that damned Windows Messenger came back. I did notice something new (and odd).
If you open up a folder after installing SP2, there's a new command on the Help menu, "Is this copy of Windows legal?" that takes you to a MSFT website that runs you through a Q&A to determine if your copy of Windows is "legal".

Invalid source addresses

[Sloppy]

UDP datagrams with invalid source addresses cannot be sent over raw sockets. The IP source address for any outgoing UDP datagram must exist on a network interface or the datagram is dropped.

On one hand, this kind of filtering is good for the 'Net overall, so this seems like a good mod.

OTOH, sometimes don't you need to be able to break this rule? I think my boss uses some sort of satellite connection to the internet, though I don't remember if it uses asymmetric routing or not (not really my problem -- yet.). Will this "feature" turn out to be a disaster for him?

Re:Impressions? Or bad reviews?

its fun pulling numbers out of your ass?
i installed it on 3 (non trojaned pcs. I'm a poweruser after all) pcs and not a single problem.
it even seems faster than before

3 out of what? 15? 20?

Here is a number out of my ass... you only have 3 working. Oh and this is slashdot. Microsoft can't do anything write.

STFU .... You obviously are new here.

Dumbass.

Fancy that...

[Vexler]

You put out a story as big as XP SP2, and suddenly all the Windows users in /. come out of the woodworks.

Re:Fancy that...

[smash]

You're assuming that Windows users are a mutually exclusive group to Linux/BSD/etc users.

Fact is, thats not always the case.

I use the most convenient tool for the job...

Mail serving? FreeBSD. Firewalling? FreeBSD. Desktop? Windows XP. Remote applications? Win2k terminal services + citrix. Etcetera...

Blindly limiting yourself to once choice of OS seriously compromises your options - diversity in the server room is a good thing... both from a security/operational standpoing, and also for resume building :)

smash.

Re:Impressions? Or bad reviews?

[Gr8Apes]

RTFA:

Although 43% said the SP2 installation had gone without a hitch, 49% of those contributing had problems ranging from minor to severe.

Re:Impressions? Or bad reviews?

[mr_z_beeblebrox]

It's worth noting that I've never borked a windows box installing a service pack, all the way back to win 95.

It's been a while so I might have the numbers wrong...NT 4 SP4 was issued to fix NTFS which was horribly crippled by NT 4 SP3. I suffered through that. What did I learn from it...test ALL patches, just like they tell you in any network class. I have been using XPSP2 since pre RC1 and have liked it thus far. I put it on the internal boxes in one department yesterday and have had no complaints yet. I will continue a slow and steady roll out over the next couple of weeks. But yes the bad thing can happen but having adminned MS and Unix since 96 I have only seen it once.

How clever of you! :)

[C0deM0nkey]

I thought I'd mention that so I can ensure I'll be modded troll.

Or, better yet, I thought I'd mention that mentioning that I would be modded "troll" would actually ensure that I would be modded "+5, Insightful". :)

How clever of you! :)

Re:How clever of you! :)

Given your diatribe, I see there being little chance of anyone casting you in the light of a geek.

Ranting asshole is more like it.

Robert Cringely

How about his "I told you so"?

Cringely

Re:Impressions? Or bad reviews?

[TheGrayArea]

One of my old friends from when I used to work at MS said to me, and I quote "With SP2 DCOM apps are fucked". The whole outgoing TCP connections limitation is going to cause a lot of issues w/ distributed apps using DCOM and other such things.

I've been using it for several days now

I installed it on my laptop.

So far, no problems, though startup is a little slower.

I'm running 3 P2P programs at the same time without issues. I also ran a MMORPG at the same time. I got a single warning about an outgoing connection, just clicked on allow, and it all worked fine.

Complaints, people complain alot, especially here, especially regarding microsoft. So take the whining with a grain or two of salt.

>^_^

This was far more interesting...

Restricted traffic over raw sockets

Detailed description

A very small number of Windows applications make use of raw IP sockets, which provide an industry-standard way for applications to create TCP/IP packets with fewer integrity and security checks by the TCP/IP stack. The Windows implementation of TCP/IP still supports receiving traffic on raw IP sockets. However, the ability to send traffic over raw sockets has been restricted in two ways:
TCP data cannot be sent over raw sockets.

UDP datagrams with invalid source addresses cannot be sent over raw sockets. The IP source address for any outgoing UDP datagram must exist on a network interface or the datagram is dropped.

Why is this change important? What threats does it help mitigate?

This change limits the ability of malicious code to create distributed denial-of-service attacks and limits the ability to send spoofed packets, which are TCP/IP packets with a forged source IP address.

Many people told them this was a bad idea before they released it, but they went ahead and did it anyway. Now they have undone it. Does anyone know what Windows apps needed this soooo bad that it justified allowing script-kiddies to do DDoS's more easily?

Re:Impressions? Or bad reviews?

[ifwm]

"Microsoft can't do anything write.

STFU .... You obviously are new here.

Dumbass."

That would be "Microsoft can't do anything RIGHT." Truth be told I bet the can spell ok.

Dumbass

That's not new...

[kcb93x]

...It's been there for some time.

At least all of XP has had it...I do believe it's been there for maybe 98 and or 2000?

Re:That's not new...

[paddbear]

Huh....I never noticed it before, pre-SP2.

IIRC, just keeps track that a file was downloaded

[kcurtis]

as compared to originating from a floppy/cd/network. This way it warns you that it may not be from a trusted source. I think I've seen this elsewhere - Win 2003 maybe?

I don't think it is so much of a tinfoil-hat thing, as one more layer of warnings against installing applications off the internet.

Most slashdotters know about the safety, or lack therof, of things on the internet. Grandmama may not.

Which programs are broken by XP SP2 ?

[VitaminB52]

Since the Dutch language version will be out in september 2004, I've some time to prepare for installing XP SP2.
Does anybody have (link to) a list of programs that are broken by XP SP2 ? It's better to get replacement programs now than to wait and see which programs fail at XP SP2 install.

Re:Impressions? Or bad reviews?

[kristofme]

> How is it that there are plenty of things going wrong?

From the article: "Although 43% said the SP2 installation had gone without a hitch, 49% of those contributing had problems ranging from minor to severe. A few contributors said they had to completely rebuild a system before they could get the update to work."

Re:Impressions? Or bad reviews?

[ndecker]

Let the extreme P2P kiddies relax the rules manually. On the majority of desktops (not SERVERS) out there, an inordinate amount of outbound traffic is a sign of something bad, like a backdoored spam relay or the machine has been taken over as a DDoS drone.

What is stopping the DDos software from relaxing the rules itself?

Service pack 2 Final helps the linux migration

[siropel]

Service pack 2 Final helps the linux migration Now it may be considered as a joke, but regarding SP2 final and it`s bugs, the only thing windows fans can say in it`s defence is "it may crash alot, but IE has a really cool pop-up blocker, it might not let you install other software and trash the sistem while tryang ...but atleast the pop-up blocker works" SP2 final will be asociated with expresions like "whoop ...it all happend so fast, guess i`ll reinstall or something..." and "it was working a minute ago...". We will probabely write a manual "The windows dependent guy guide to linux migration" I`m certenely migrating. It started with the browser migration ...now M$ has a bigger problem. Windows crashes [direct reset] when i try to install the mouse software, and when it comes back the setting are all ...spooked up, resolution, quiq launch, etc, it doesn`t let me install firefox 0.9.3 so i installed 0.9, a friend after installing it discovered he has no login screen to log on to windows, how can he work ? he had to format:) and these are only a few ...

Re:Impressions? Or bad reviews?

[Phragmen-Lindelof]

I hope you are correct about improved Windows security. I agree that Gentoo (and Linux in general) gives you much more control over your computer and a greater opportunity to mess things up. Portage is not the same package manager as that used by Red Hat, for example, and you could "screw things up." If you let a five year old drive your car, he/she could also "screw things up."

Your opinions are suspect, however, and the validity of your information is uncertain. As I mentioned on a previous occasion, I wonder if you are a MS employee working to offer favorable comments about MS and unfavorable comments about FOOS. Who knows?

Re:The problem with Open Source

[agraupe]

Have you ever heard "If it ain't broke, don't fix it"? Sure it might improve some things, but my Windows box hasn't had a problem since it was on a dialup connection, and that was a while back.

Now that it's behind a router, it's working fine. I don't see any reason to install something that might have a small benefit, but a large risk.

My Windows box is running fine, so I'm not gonna change anything.

Re:Impressions? Or bad reviews?

[Amenic]

Sure there is a great site will you can hear the biased other side of the story: http://www.microsoft.com/windows You'll find nothing but sunshine and good luck with it!

XP SP2 does impressions?

Ooh, can it do an impression of a real operating system? No?

Well, then how about Nixon? Everyone can do an impression of Nixon :)

Re:Impressions? Or bad reviews?

[Bull999999]

MS was aware of that problem and did put out a guide titled "Deploying Windows Firewall Settings for MS Windows XP with Service Pack 2". One option for the computers connected in a Windows domain setup is to implement a group policy to disable or modify the new firewall settings across the domain.

why they consider Nmap an "attack tool",

[dpilot]

Could it be because nmap IS an attack tool?

A gun in the hands of a policeman generally helps our society be a safer place. The gun in the hands of a criminal generally does the opposite.

It's simple, nmap is just like a gun. One key difference - the Geek Lobby is nowhere near as organized or influential as the NRA.

Re:why they consider Nmap an "attack tool",

[stratjakt]

Install coLinux, bridged mode.

Install nmap on colinux. Run nmap.

Heck, isntall cygwin X server, and run the fancy GUI nmap.

It just raises the bar a little bit. Over the heads of a lot of the script kiddies out there, I'd bet.

Re:why they consider Nmap an "attack tool",

[jeffasselin]

And you would ban tools just because they are also weapons? We should ban hammers, you can kill someone with a hammer! That way lies madness.

And one significant difference between a gun and nmap: a gun requires little training or knowledge. Nmap requires computer skills and knowledge of networking. Basic for us, maybe, but not for everyone. It's also only a computer tool, hard to kill someone with nmap.

In the end, though, restricting tools (whether they are to kill or hack) is a lost cause. You should instead try to provide wisdom in their use.

Re:why they consider Nmap an "attack tool",

[Dread_ed]

You just unwittingly reminded me to update my sig to reflect my drunken ravings last night.

Re:why they consider Nmap an "attack tool",

[Barlo_Mung_42]

The welfare of the many outweighs the needs of the few. Your hammer analogy is flawed because any ban should be based on what the tools are used for not what they could be used for. So if it has been determined that this tool is used for bad more than good and there are other tools that can be used for the good that are harder for kiddies to get then it should be hobbled.

Re:why they consider Nmap an "attack tool",

To some extent I support welfare. I think socialized medicine is the way to go, after all, I can't take the $100/month or so I'd be saving in taxes, roll the bills up, and use them as nose plugs to save myself from the TB being spread by the panhandler outside my office. People who can't afford funeral arrangements deserve to have a simple burial or something to take care of their corpse, if only for the reason that their corpses will smell the place up for the rest of us. Likewise, public school and after school programs (which are woefully underfunded and probably more important than school itself) help to keep young wannabe hooligans off the streets.

But I draw the line at socialized stupidity. If some people are unable to figure out that you cannot, in fact, eat superglue, the rest of us should not be hobbled by the increases in the cost of products due to their lawsuits, or to have the product hobbled to match the lowest intelligence level. Likewise, hobbling or outlawing nmap because people are too stupid to patch their machines is ridiculous. If the fact is that a majority of people do not know how to operate the machinery they have purchased and attempt to use, then perhaps we need to either reasses whether these people actually need to have this equipment, or provide training and licensing programs akin to driver's ed.

Re:why they consider Nmap an "attack tool",

It's simple, nmap is just like a gun. One key difference

One more differents. One of the two is a Constitutionally protected Right, being the second-most-important part of the Bill of Ammendments and vital to the protection of America. The other is a script-kiddie tool.

Re:why they consider Nmap an "attack tool",

I agree with you, mostly. But Windows is mostly aimed at the stupid, or at least people who have better things to do than learn all about how to patch their machines.

There's nothing to stop you using Nmap or other (white hat) hacking tools. You just need to install a different OS. Think of that as the "training and licensing program" you need to use Nmap.

Re:why they consider Nmap an "attack tool",

[dave420]

Hammers aren't specifically designed to kill someone, whereas guns are. (I'm still keeping the analogy, not an anti-gun rant, less some crazed republican nazi wants to start a flaming session).

Restricting tools that have a specific purpose which is extremely detremental to any member of the public it's used on is good, as who gives the user the right to wield such power over others? Certainly not those it's going to be used against. If people who wanted to use such tools took tests and were strictly vetted to ensure proficiency (as police are), then that would be cool. As it is, any nutter can go grab one of these tools and go fuck someone over. Actually, this is exactly the same with guns. Fucking NRA.

Re:why they consider Nmap an "attack tool",

[dpilot]

I didn't say that at all. My position on gun control is somewhere between gun control advocates and the NRA - somewhere in the middle.

Same for nmap. I happen to have nmap and Nessus installed on my laptop, specifically for security scanning for home and friends.

I don't believe in banning tools just because they might be dangerous - I believe in granting them heightened respect. A gun and nmap are both powerful and dangerous tools, and their good or evil lie with the intent of the wielder. To pretend nmap is just a garden-variety tool is unwise, IMHO.

Re:why they consider Nmap an "attack tool",

[dpilot]

It's a tool. Period. You're right, in that it's useful for script-kiddies. But it's also useful for security and networking.

Comparing nmap to grep is like comparing a chainsaw to a gardening trowel. In each category, both are tools, both are useful, the former is dangerous.

Re:why they consider Nmap an "attack tool",

[plover]

You're deliberately missing the point.

A gun in the hands of a peace officer is usually a good thing.

A gun in the hands of a lawful owner is usually a good thing, as well.

But, in the case of Windows and the umpteen thousands of clueless users all allowing their wide-open windows machines to run zombies that DOS everyone from Yahoo to Google to Microsoft, the ability to write to raw sockets is a bad thing.

To apply the gun analogy to this situation, I'd say giving raw socket access to the hordes of WINDOWS COMPUTAR USARS would be similar to leaving a box of loaded guns in the toybin of a daycare center.

Yes, it'd be nice to leave a way for the people who want it to still have access to raw socket writing, but how would you provide that access to some without making it accessable to all? Anything the user can install, a zombie or worm can download and install. By cutting off the main flow at the source, it's done. If you need raw sockets (nmap, SATAN, whatever) you can run a different OS. Microsoft wisely recognized there's no way to "sort-of" secure it, and decided their customer base would be just as well off without it.

Re:why they consider Nmap an "attack tool",

[plover]

But there's a huge difference between nmap and the problem at hand: nmap is just a tool. Raw sockets are the "dangerous" system level resource that nmap relies upon to perform its task.

The problem Microsoft is trying to solve doesn't lie within nmap, or any particular tool. It's in the widespread distribution of this dangerous resource. To beat this tired gun analogy to death, nmap isn't the gun. nmap is a just one bullet, which requires a gun or it's pretty useless. To make nmap work, you are saying that they have to hand out the dangerous resource (guns) to everyone who may potentially want to run nmap (fire a bullet). And with zombie clients, that means unseen skript kiddeez or unscrupulous spammers (actually, I know of no scrupulous spammers) get to remotely control all those unwatched, unprotected guns.

You mentioned nmap is a tool that should command respect. Raw sockets are the real feature that deserve that respect, not just nmap. And believe me, there are precious few computer owners who have any idea what they've got installed, other than "hey, it's got Microsoft XP AND Doom 3! I am soo kewl!" They will never have respect for their tools, since they don't even recognize what they have. They will also never need nmap, and therefore they don't need raw sockets.

I still think Microsoft will come out with a "Network Admin SDK" which will contain replacement network drivers that will once again allow unfettered raw socket access. That way someone who needs the tools will have them available, while not distributing them to the hands of everyone who doesn't. They'd be useless to the skript kiddeez because the ordinary zombie victim won't have them installed, and the only reason these attacks are viable is because the worms can launch hundreds of thousands of simultaneous attacks. One or two clients isn't a big problem, and would much more easily be traceable to the perpetrator. (Of course anything installable could be distributable as well, so they may only offer "tagged and licensed" copies of these drivers, or even a complete cut of the OS: "Windows XP, Network Admin Edition", at the low, low price of $899 per seat.)

Re:why they consider Nmap an "attack tool",

[jeffasselin]

Of course, dangerous tools may have to be restricted. A gun is a weapon, whose main purpose is to kill. Nmap can be used to scan for defensive and attack purposes.

What restrictions are necessary? Totally block its use or restrict it? And why does Linux, UNIX or OS X don't need to block raw sockets completely? Because on those systems, they're restricted to the root account, while on Windows any admin can use them. And the usual way of running Windows is as an admin, while on UNIX you don't.

Its whole security model is what's wrong with Windows. It's not about raw sockets and stupid restrictions on the types of connections.

Re:Impressions? Or bad reviews?

i might add I'm running firefox and mozilla 2 of those 3

Re:Impressions? Or bad reviews?

[TheAntiCrust]

Of course they can spell ok! They have clippy the spell checker!

Read it carefully

He never said logging on *their* site. Logging it on your harddrive is enough. I don't know where you got that logging-on-their-server from.

I also find it interesting that you seem to find logging on your machine okay, even if they're hidden/inaccessible.

Re:Impressions? Or bad reviews?

[Doc+Ruby]

Might as well wait - more data should also be corrected for the undercounts, people who don't realize they have problems, or don't realize yet. If there were a 3rd party (not Microsoft) that offered remote service and insurance, we'd have more accurate numbers.

How can I turn the firewall back on?

My place of work implemented a group policy that turns the firewall in SP2 off when you connect to the network. I'd really like to be able to turn it back on. Are there any ways around this????

My Impression

It's a 250 MByte OS replacement, not a patch, deserves a new name like XQ or YP.

For those saying 'it works on my machine', let me say thanks for the info, maybe after I hear from a few more of you I'll considering allowing our Tech Support people to recommend it to our hundreds of thousands of retail customers...

Haha...

[PhraudulentOne]

How do I resolve these issues?

Stop the application that is responsible for the failing connection attempts.

Translation

User: My software doesn't work after I install SP2. Microsoft, please tell me how to fix this!

MS: Oh, well if you don't use that sofware any more, you'll be fine. Does that help?

User: Sweet, thanks for placing limitations on my software so that I can only use programs that you specifically let me use! I love you Microsoft!

Maybe I'm missing something here, but if this just places restrictions on outbound connections, does this mean that now if I become infected with one of these malicious programs, it will not only spread (more slowly, of course), but now it will also stop me from using some of my network software? Does this actually help?

It would be cool if there were "signatures" of malicious software that you could download from MS and insert in your Firewall settings. That way, your firewall could do packet inspection and close down the source of the evil packets instead of just shutting down/limiting the entire stack because one thing goes wrong.

Oh, and let me guess, in a few months we will hear of some new worm that goes out and makes some huge amount of outbound TCP connections (not actually doing any harm, but just a shitload of outbound TCP connections) across a LAN to halt activity for all users. If that doesn't work, perhaps the queue itself can become so large as to bring the machine down? I imagine this has been tested, but with MS, you never know...

Re:Haha...

[smash]

Maybe I'm missing something here, but if this just places restrictions on outbound connections, does this mean that now if I become infected with one of these malicious programs, it will not only spread (more slowly, of course), but now it will also stop me from using some of my network software? Does this actually help?

It would be cool if there were "signatures" of malicious software that you could download from MS and insert in your Firewall settings. That way, your firewall could do packet inspection and close down the source of the evil packets instead of just shutting down/limiting the entire stack because one thing goes wrong.

Yes, it does help. You're pretty certain something is wrong with the PC when it no longer enables you to do your work - and you'll likely do something to fix it.

As to the second idea - thats going back to the "insecure by default" design that microsoft has been slammed for so many times in the past.

The "correct" way to firewall is to deny anything you are not sure of - not the other way around.

The solution as I see it is to increase the max connections to a more reasonable figure, or enable increasing the limit for certain applications (so yes, you can enable your p2p software to open up as many as it likes) in a similar way to how the "Exceptions" list currently works in Windows Firewall.

I wouldn't be surprised if there's an "sp2a" released in the next couple of months that fix a few minor issues (from the coding a fix point of view)...

I hate microsoft as much as most people here - but at least in SP2 they're making an effort to secure things, even if they don't totally hit the mark.

As I see it, SP2 is closer to what XP should have been upon release...

smash.

Re:Haha...

Did anyone see this?
-----
SP2 destroyed my midget porn collection and made me so gay I moved to San Francisco.

Posted by: phil kaplan at August 12, 2004 12:07 PM
-----
Keepin' it professional, eh Phil?

IE Freeze until page loaded...

[malfunct]

The worst thing that I noticed once I switched to SP2 (also updates to IE for win2k3 cause the same issue so its an IE change that did it) is that IE will freeze up until it loads the page and often until it loads the images from that page. I've got the bug reports in so hopefully it gets fixed, annoys the heck out of me.

Re:IE Freeze until page loaded...

[Kredal]

As a possible fix, try going to Tools -> Internet Options -> Advanced, then scroll down to "Multimedia", and check the box for "Show Image Download Placeholders"

Funny guy

[didde]

I enjoyed this comment posted way down on the linked page.

--
SP2 destroyed my midget porn collection and made me so gay I moved to San Francisco.
Posted by: phil kaplan at August 12, 2004 12:07 PM
--

I'm sure we'll be seeing a lot more people moving to SF now as everyone installs SP2.

LOL!

Not informative.

The parent post was inquiring as to how ping and tracert can still work if RAW socket sending is disabled.

Re:Not informative.

Because ping and traceroute use ICMP and not TCP or UDP? Read the post again. This limitation is TCP/UDP only.

Not true

[bogie]

I have kerio running and accessed the net fine with XP's new firewall on. You might run into the situation where your personal firewall had rules which allowed incoming connections which no longer works if you have MS's firewall on. But you should be able to access the Internet fine with SP2's Firewall and a 3rd party Firewall both running.

Here's an idea, cite your sources

[rd_syringe]

You know, instead of magically pulling absolutely random numbers out your ass like "49% of installers have problems." I'd particularly like to hear about this mysterious "non-Microsoft browser incompability."

Hey, it got you modded up at any rate.

Re:Here's an idea, cite your sources

[Anonymous+Brave+Guy]

If you'd bothered to read the links -- which apparently I was far from the only person to find and submit earlier -- you'd have found plenty of hard information supporting those statistics. Ignore the BBC link and go straight to SANS to start with.

Re:Here's an idea, cite your sources

YHBT. YHL. HAND.

Love,
rd_syringe (aka Overly Critical Guy aka bonch)

Re:Here's an idea, cite your sources

You mean that way that you do (and by that I mean pulling numbers out of your ass)?

Why don't you go back to antislash and troll over there for a while you obtuse pile of feces!

Re:Impressions? Or bad reviews?

[0racle]

Exactly what about SP2 makes moving to Linux unrealistic? SP2 is a needed up date to an already good OS but its not some sort of revolution, and not something that I can see that would prevent someone from using Linux if indeed they really wanted to 'move beyond Windows.' Incidentally, when I wanted to try something new, I built a machine out of used parts and ran linux and windows, and I still do, so once again, what about SP2 precludes using Linux?

Re:Impressions? Or bad reviews?

[Kyosuke77]

I bet most of that can be chalked up to simple carelessness in installation. Simple things that people should do, but may often not, is closing all applications, temporarily disabling the on-access scanning of their anti-virus software, and also temporarily turning off a 3rd-party software firewall if possible. Worst of all is the crazy people who try to install it over an SP2 beta. They should have the good sense to uninstall the beta service pack first and go back to the SP1 they had before, then install SP2.

Re:Impressions? Or bad reviews?

[gnawph]

SP2 has worked out fine for my office. The only problem, one that effects everybody in the office is that our mice pointers will ghost away in a random direction. Nothing serious, just annoying.

idiot

[Doc+Ruby]

Anonymous idiot Coward, you already look like an idiot, but in another subthread. I'll dump *your* FUD by quoting the BBC again, here:

"Although 43% said the SP2 installation had gone without a hitch, 49% of those contributing had problems ranging from minor to severe."

That's how reasonable people get recognized as Insightful. Not by kneejerk attacks accusing others of their own misdeeds.

I upgraded...

[kcb93x]

I have an eMachines M6805.

Athlon64 3000+ laptop.

I Ghosted my machine, running XP Pro w/SP1.
Slipstreamed SP2 into my XP Pro Upgrade CD.
Restored from OEM CDs.
Upgraded to XP Pro SP2, and then the problems started.

-Star Wars Galaxies locks up when I launch it.
-Only the FN+F1 and FN+F2 keys work, the rest lock up the system.
-Unplugging USB devices (other than thumbdrives when I stop them) or the power supply lock up the system.
-On shutdown or hibernate, it stops at the end, right where it should power off, and hangs.

The kicker - I emailed eMachines tech support.

I apologize but we can only support the original software that was preloaded on the system. Upgrading the Operating System is already considered as third party software so any type of support will have to come from Microsoft. There is a possibility that the hardware is causing conflicts with the new Operating System and that you may need updated drivers for the devices installed on the computer.

Re:I upgraded...

[IDIIAMOTS]

I have the same laptop. Check what BIOS you have on the machine. If the version is 0F02.P00, then you need to update it to at least 0F05.P00. The older BIOS was incompatible with the NX bit on the Athlon64 chip. You can get the BIOS unofficially from here. Personally I'd suggest going the BIOS route.

Alternately you can remove "/noexecute" option from your boot.ini.

More like,

He who tries to show wit on /. only makes it half way......

Re:Impressions? Or bad reviews?

[Lothsahn]

Here's a good impression:

I installed SP2 on three systems, and it worked flawlessly on all three. On my main system before SP2, XP would not allow me to install my SATA driver. I installed the SATA driver when I installed the OS, but once the OS was loaded, it referred to my SATA device as an "unknown device". Attempts to load the correct driver only caused the system to not boot.

I've been living with no driver officially installed for the device, which basically means that all the caching and performance increases that one would normally have (DMA, write caching, etc) for their hard drive were not activated on mine. Now with SP2, it let me install the driver and it booted fine without any problems. As a result, my computer runs twice as fast on almost every application and about 20 times faster when using virtual disk drivers (www.jetico.com) for container file encryption.

Their security center which monitors antivirus, firewalls, and automatic updates, as well as their HUGE automatic update selection box on startup are all good things too. I worked at a helpdesk for 6 months and 90% of the problems were users who had automatic updates turned off or set to install on notification (which they never selected).

Overall I've been very happy with it.

also

[bogie]

I meant to add that SP2's Firewall is incoming only. From what I understand there is nothing in the software to even block any outgoing connection.

Yeah, it's a little odd...

[rd_syringe]

All these people are supposed to be reporting major problems, yet the links point to sites with mostly positive reviews. Not to mention, I've been running SP2 since RC2 with not a single problem whatsoever.

Slashdot and its juvenile broken window graphic just wanted a FUD article to meet the daily quota for the garish-looking IT section. :)

Re:Yeah, it's a little odd...

[ChadAmberg]

Lots of software developers are reporting issues, but with the RTM version only. Software works fine with the betas, and the RCs.
So was I suprised when the RTM comes out and you can no longer bind anything to 127.0.0.2 anymore. Everything times out. This is really bad for those who use SSH tunneling extensively.
Saying that the RC works fine doesn't mean much when it all changes in full release.

Re:Impressions? Or bad reviews?

[NivenHuH]

It's worth noting that I've never borked a windows box installing a service pack, all the way back to win 95. On the other hand, I've lost track of how much time I've spent cleaning up after typing "emerge -uD world". I thought I'd mention that so I can ensure I'll be modded troll. It's true, though, I swear it.

Perhaps your sysadmin skills are lacking. I've never had an issue with using 'emerge --pretend -uD world' to see what will be changed, looking at the release notes for the new versions, and emerging the things I should upgrade. Not only that, but I imagine you're one of those people who like to auto-merge the /etc files. If you make any config changes, that's a big no-no..

The fact that a M$ service pack (which replaces M$ only software) can blow up some systems up here and there (one of the reasons why they added system restore points to service pack installations) just gives you an idea of how hard it is to maintain the Windows operating environment. I feel sorry for the M$ developers that have to deal with dll hell and have to worry about retaining ancient compatability with old libraries..

They should allow an 'expert' SP install that lets you pick and choose what portions of the service pack you'd like to install. *shrug* I'm just a control freak .. =)

Re:Impressions? Or bad reviews?

[hazem]

You really only hear on the news about the cars that crashed the people who were injured and killed. You rarely hear about the thousands or millions who managed to drive to and from work safely.

I think it's the same here. Sure there might be people who think SP2 did the best thing for their computer ever. But I imagine it's either... "it didn't break anything", or the range from "slowed me down" to "crashed everything".

Sure, I'm interested to know how many people had more problems, but I'm much more interested to hear what problems there were.

My SP2 Experience

I have but it on 34 machines so far and it seems to be working fine. Only on one machine has it caused problems. Its an AMS eCube EG65 that came with our 3D FaceCam. The problem is after install, XP totally freezes during the boot process. All drivers are current and BIOS is latest (as of Monday). Even from a clean install it did that. Who do I blame? Microsoft, The Motherboard, Canada?

Zonealarm starts up slower

[techstar25]

Since applying SP2 (and disabling the built in firewall), it seems that Zonealarm (free edition) takes longer to start up when I initially boot up the machine. It's very strange. XP seems to boot faster but then I'm waiting longer for Zonelarm to finish loading. Could it be that Zonealarm is taking the same amount of time as before but before it loaded in the background?

Re:Zonealarm starts up slower

[Maul]

Have you tried disabling the XP firewall, or disabling the service entirely? There may be timing issues between any other software firewall and the new XP firewall.

Single distribute location

[FilterCash]

Microsoft has objected to people helping them distribute SP2.

Isn't this a good thing??

Re:Impressions? Or bad reviews?

[drinkypoo]

You really only hear on the news about the cars that crashed the people who were injured and killed. You rarely hear about the thousands or millions who managed to drive to and from work safely.

I have (somewhere) a newspaper whose front page talks about the lack of fatalities on highway 17 one year. Well, on the Santa Cruz county side of the hill, anyway. The worst turn on the whole hill has always been on northbound 17 before the summit, and even after they upgraded the road considerably it's still pretty bad.

Highway 17 is known for its fatalities, so this is a particularly appropriate comparison. If XPSP2 had gone off without a hitch, we would be hearing about it, trust me.

Looking forward to it

I am looking forward to XP service pack 2 and Longhorn as well. Good job Microsoft! I am glad there is a Linux movement too, that keeps Microsoft on it's toes innovating really cool products because they should, because they run this home pc maket. And most corporate offices to boot!

Re:Looking forward to it

what up, astroturf?

Re:Impressions? Or bad reviews?

[VitaminB52]

Don't forget that the people sending in reports are self-selecting.

And don't forget that people who can't send in reports after applying XP SP2 are too, to some extend, self-selecting.

I would download SP2 but...

[donbrock]

my linux box wouldn't know what to do with it.

Re:I would download SP2 but...

/dev/null ?

Re:Impressions? Or bad reviews?

[Stevyn]

Exactly. In linux that would require a root password to let the user know something like that is being altered. So far, I don't see how these measures will protect the user from malicious software they download.

Before SP2, windows was a broken door. Now it's a broken door with a "do not enter" sign.

Unprofessional?

[kajoob]

You mean unprofesional like spelling Microsoft with a dollar sign (M$) like you did in this post?

Let ye without sin cast the first stone....you might end up breaking a window or something. ;-)

Re:Unprofessional?

[kawika]

Did you look at the parent of the post you referenced, or at the cartoon it linked to? Perhaps he was too laconic for you but I think he was trying to make the point that "M$" is an unprofessional low blow. Seems consistent with his comment here.

security point of view

[neoThoth]

As someone who helps corporations find flaws in their networks I had the following setup:
XP as base OS with multiple VM images for "serious work".
This worked well since XP had RAW_SOCK support and all my corp applications (read Exchange Outlook) worked fine. My images didn't mind the overhead since we had 1GB of RAM and all the packets went out without problem (think SYN scanning).
that was then, this is the new crappy future.
Now I have error 4226 ALL over my system event log and any types of scans from my images are limited to 10 connections. thanks guys.
I've been contemplating moving to a linux base OS with MS vmware images that would hold my corp applications (again read outlook/exchange) but haven't because of the time it would take to build all these things. Now it looks like I may not have a choice.. MS has essentially shut me out of it's OS. Not that I represent a large section of users but thanks all the same. Just goes to show that the MS operating systems should be considered Tinker Toy quality only. Not for serious work. If you need something that will not purposely limit your network connections out of fear then skip the MS area all together.

XP SP2 breaks nmap

[anandpur]

XP SP2 breaks nmap

Re:XP SP2 breaks nmap

[Westech]

That's fine. I'll just end up doing what I always do anyway when I need to do some serious network configuration: turn my Windows box off in frustration and fire up a *nix box.

Re:Impressions? Or bad reviews?

[rben]

Your opinions are suspect, however, and the validity of your information is uncertain. As I mentioned on a previous occasion, I wonder if you are a MS employee working to offer favorable comments about MS and unfavorable comments about FOOS. Who knows?

Not everyone who says something good about Microsoft if some kind of schill or plant. Microsoft is a big company. They do some things right, they do some things wrong. Personally, I believe that the harm they do greatly outweighs the good, but others are entitled to their own opinions without being insulted because they express them.

Occasional system freezes

[ugen]

First, let me say that I had an extremely stable XP Pro system that was running for weeks and months without a crash.

After installing SP2 the following things have changed:

1) Minor - wireless connection icon in a tray appears regardless of the setting telling it not to.

2) The wireless wizard keeps the WPA shared password and when you re-run it, you can click "unmask" and read it in plain text. Horrible for security - anyone with 5 seconds near your keyboard will get unrestricted network access very soon if you have WPA. (Fortunately, the wizard was unable to configure my wireless network and I happily returned to the Funk client that worked flawlessly for a long time. I would feel bad using it if native support was any good)

3) And this one is the kicker - system now freezes up randomly from time to time. This has never happened before. If anyone has experienced this and has an idea as to how to fix this - let me know. I will wait a short while and then try to uninstall SP2 if problems persist (mind you, I don't have any need in the "security fixes" that they have applied - I just like feeling up to date :)

Re:Impressions? Or bad reviews?

[Stevyn]

Typical linux user response, "you're an idiot." Blaming the user for running this command which the handbook (as in RTFM) says to do is hypocritical. Blame microsoft when some fucktard installs gator, but blame the user when portage screws things up.

I use emerge -p for doing this too, and I'm very cautious because I've read how this command can bork your system. And unless I've manually changed one of those config files myself, I don't know what they all mean or what the differences will make when etc-update changes them. I've heard dispatchconf takes care of this though. But my point is that he did what the manual said, and it borked the system.

IEBlog

[pajama]

Taken from the IEBlog:

"Basically, consider this real world analogy: we have improved the fences and doors that separate your yard from the street and your yard to your house. If someone manages to get through the barriers, s/he will find your valuables locked in a safe inside the house. We have made it harder to break in and less interesting if you do."

Very funny!

Ricardo

Re:IEBlog

[argent]

On the other hand, it was Microsoft who forced you to leave the key under the mat. And they still want you to leave the key under the mat. Sorry, Microsoft, I'll use Firefox instead of IE, which keeps people from coming in through the backdoor. I'll use anything but Outlook, which keeps people from coming in through the mail slot. I'll use Real Player and Quicktime lest they beam themselves in through my TV. That way I can actually *watch* my expensive TV instead of keeping it locked up in that safe to keep people from stealing it!

Re:Impressions? Or bad reviews?

[_Sprocket_]

How is it that there are plenty of things going wrong?

Something can be overall workable even with a slew of minor issues. Windows has a history of this.

A better example is my Linux (Debian and SuSE) environments. I am very happy with them even though there are plenty of bits and pieces I'd like to see improved / fixed.

Bump your resolution...

I thought it was stained glass, too, or some semiprecious stones... thought it looked nice, actually, like some old jewelry.

But after reading the comment, I popped it into photoshop and blew it up... it's definitely broken glass. Probably if you were surfing at 800x600 or less, or on a mac where the screen is brighter, it'd be pretty obvious.

Dupe???

[Java+Pimp]

Isn't this a dupe of a previous article?

Great idea, actually.

[MtViewGuy]

The fact that Windows XP Service Pack 2 puts limits on outbound incomplete TCP connections means the spread of viruses will be dramatically reduced, especially working in conjunction with WinXP SP2-compliant versions of commercial antivirus programs out there.

People are so used to be the "loose" security of Windows XP SP1 and earlier that when Microsoft did tighten down security with SP2, they're all complaining for all the wrong reasons.

Re:Great idea, actually.

[Dehumanizer]

Right. Yet, Linux can be secure without imposing stupid artificial limits on TCP/IP.

What MS is doing is like: "to prevent you from getting killed in a traffic accident, we're not allowing you to leave your house. Now thank us for protecting you."

Re:Great idea, actually.

[MtViewGuy]

That's because we haven't seen a plethora of damaging exploits against Linux-based systems yet.

Once Linux becomes more popular you KNOW somebody out there is going to wreak havoc on Linux-based systems by using the vulnerabilities of various Linux-based programs.

Re:Great idea, actually.

[gbjbaanb]

yeah, Linux is secure in this regard only because it limits raw socket connections to root. If XP Home had such a concept (don't forget this is for home users), then they could restrict it in the same way.

As it happens, this only applies to "puts limits on outbound incomplete TCP connections" which is like preventing you from getting killed in a traffic accident by ensuring you can only drive 1 car at a time.

Re:Great idea, actually.

[RzUpAnmsCwrds]

"As it happens, this only applies to "puts limits on outbound incomplete TCP connections" which is like preventing you from getting killed in a traffic accident by ensuring you can only drive 1 car at a time."

Actually, it's an excellent idea. Worms spread by scanning addresses, meaning that they make tons of incomplete TCP connections (if you go after random IP addresses, many are going to be invalid). By limiting the rate of outgoing incomplete TCP connections and limiting raw sockets, SP2 signifigantly decreases the efficancy of a worm.

Re:Impressions? Or bad reviews?

[EpsCylonB]

Many, many users are reporting problems with SP2 limiting outbound TCP/IP connections. This appears to be nailing anyone who makes heavy network use of their machine, including especially users running P2P applications.

This is what is supposed to happen, the firewall is turned on now by default, and from a security standpoint this is a good thing.

Microsoft famously get criticised for slack security and when they try to do something about it they get it even worse.

I wouldn't mind so much but this is a tech website yet the poster wrote this up in a way that made the concept of a firewall as something alien.

People may well be having problems I don't know but it sounds like what is happening is that the less clueful are running an app, getting asked if they want to unblock it and don't know waht to do. Pretty soon they will learn what it all means and life will continue pretty much as normal.

Re:Wonder how many....

Beautiful ... Only, you should follow through with the "The Images" capitalization scheme ... Right before "Instead, I found my face flushed" you dropped it to "The images". The capital "I" really spells the horror.

Re:Impressions? Or bad reviews?

[maximilln]

On my main system before SP2, XP would not allow me to install my SATA driver

So this really isn't a compatibility or security issue. This only shows that the manufacturer of your motherboard, the manufacturer of the chip which drives the SATA, or the hard drive manufacturer finally paid their tithe to Redmond.

Re:Impressions? Or bad reviews?

[mantera]

I second this question. I have installed SP2 and I can't say that I noticed much difference to my machine. It seems more responsive but I honestly don't see much difference at all. Certainly nothing that's a linux Killer.

Anyone have issues with Perl & Net::FTP?

[dze]

I installed SP2 on my machine at work but it seems to have broken a Perl script using Net::FTP. I get these connection timeout errors. FTP works fine through a GUI client (I'm using Filezilla).

Anyone else have this problem or know how to fix it?

Other than that, it seems fine. Some good new options (and by new I mean newly copied from Mozilla) in Internet Explorer.

Re:Anyone have issues with Perl & Net::FTP?

[dave420]

Which features? The pop-up drop-down? That was in IE first... :)

I just installed a slipstreamed XP SP2 system

[CdBee]

Slipstreaming is a way of integrating the service pack into the Windows CD to get a one-stop install.

Good things:
Windows Media and DirectX 9.x installed by default (no need to patch/upgrade older versions)
Various services disabled which weren't in SP1
Security Centre not as anoying as expected.
system seems quite fast - possibly faster than SP1 slipstream

Bad things:
STILL no driver for nForce 2chipset
STILL has out of date nVidia graphics driver installed

Re:I just installed a slipstreamed XP SP2 system

[CdBee]

And FYI: Instructions for slipstreaming SP2 into a Windows XP CD

A slipstream disk and fresh install is always the most reliable way to install and run Windows.

Re:I just installed a slipstreamed XP SP2 system

[aderusha]

you can add those drivers to the installation CD yourself. i've written a guide for this process here

Re:Impressions? Or bad reviews?

[EvilBudMan]

FWIW,

SP2 breaks Aladdin hardlock drivers on AMD64 machines but not Athlon XP. It has to do with Hardware DEP in the AMD64 chips. I changed /noexecute to /execute in boot.ini. Problem solved.

http://www.ealaddin.com/hardlock/default.asp

http://www.microsoft.com/technet/prodtechnol/win xp pro/maintain/sp2mempr.mspx

Re:Impressions? Or bad reviews?

[NatasRevol]

How about M$ spending some money to develop an installer that does that for you?

If you're shooting for the lowest common denominator like Windows does, you need to understand that 'mom & pop' are your 'lowest' and don't have a clue how to turn a firewall or virus checker off. Do it for them to prevent problems.

Seems like something they should have figured out about a decade ago...

Re:Impressions? Or bad reviews?

[NivenHuH]

I'm not saying he's an idiot.. I'm saying his sysadmin skills are lacking. Any knowledgable admin will know what packages they're upgrading before actually doing it. (The same thing goes for Windows.. I don't install a service pack without knowing what changes are going to be made.) The handbook even tells you how to do that right below the update command:
Again, if you want to see what emerge wants to update, use the --pretend option together with the --update option: (Gentoo.org portage howto)

etc-update gives you an option to see the diff between the original and wanna-be merged config file. Check it out next time you need to etc-update..

I Love It

[SlipJig]

From the article:

How do I resolve these issues?
Stop the application that is responsible for the failing connection attempts.

Me: "Mr. Goodwrench, my car makes this horrible knocking noise and it will only go 40 miles per hour. What do I do?"
Mr. Goodwrench: "Stop driving the car."

Re:I Love It

[fishbowl]

>Me: "Mr. Goodwrench, my car makes this horrible
>knocking noise and it will only go 40 miles per
>hour. What do I do?"

>Mr. Goodwrench: "Stop driving the car."

The only problem with that advice, of course, is there is no "Step 2."

Mr. Goodwrench can give you Step 2: We can send a tow truck.

What does Microsoft offer for Step 2?

Re:I Love It

[Wile_E_Peyote]

Actually it's more like this: Me: "My Radar Detector is draining my battery!" Mechanic: "Get a better Radar Detector."

Re:I Love It

Ok, I have to reply because I just can't stand bad analogies. To fix this, it would have to go:

Me: "Mr. Goodwrench, I installed a tin gadget on my car some guy in a trench coat sold me for $19.95 and now it makes a knocking noise and will only go 40 mile per hour".
Mr. Goodwrench: "Um, how about taking off the doodad to see if it helps?"
Me: "OMG U SuXXOrs, can't you evn b1d a car that works!?! OMG OMG hahaha".

Ten sockets is a problem

[fishbowl]

I have had problems already with the 10 socket limitation. Is there a way to disable this limitation, or must I revert back to SP1?

Re:Ten sockets is a problem

use the new XP Starter Edition - you can only run 3 programs so 10 sockets is plenty!

Re:Ten sockets is a problem

[fishbowl]

Replying to my own post to point out the 4226fix.
That seems to work but I will never be able to get
a binary patch from "lvllord.de" into my shop!

>http://www.lvllord.de/4226fix/4226fix.htm

Re:Impressions? Or bad reviews?

[ostiguy]

I am peeved that the elimination of tcp data over raw sockets is not unchangeable with a registry edit. I want to be able to run nmap on windows xp now, not when the port maintainers find a workaround.

ostiguy

FIX for Limited outbound connections

[mastagee]

http://www.lvllord.de/4226fix/4226fix-en.htm That link won't work directly with the slashdot referrer, but click on a few links to take you to a patcher that will patch tcpip.sys to whatever amount of connections you want (use /l= on commandline).

Re:FIX for Limited outbound connections

[MrBlue+VT]

Nice. Now I wonder if something similar can be done with the RAW sockets.

Don't fall for the troll!

If this isn't a troll, well, than I'll be damned!

How the fscking hell is this +5 insightful? Windows made its OS a bit more secure, whoop-dee-doo.

We're not talking about a deal-sealing situation here folks! The amount of gain with SP2 is very marginal at best.

Please mod this crap back where it belongs.

zos

Re:Impressions? Or bad reviews?

[jamesivie]

> SP2 crashed a lot of machines that were already exploited. Good. They were already broken. It worked fine on all my home machines (3), and my tablet pc, but it crashed my main work machine, which was in perfect working order before the install. After installing, windows will not boot at all. Even safe mode hangs. The last file it lists is agp440.sys. After some searching it looks like many other people are having the same problem, and they all have newer Intel processors with hyperthreading, and nobody as yet has posted any kind of solution other than reinstalling windows from scratch. At least when you get a virus you can usually still use most of your system!

Re:Impressions? Or bad reviews?

[Phragmen-Lindelof]

I have mod points right now. I could have just modded him down. I would prefer some insight as to why his posts are usually pro-Microsoft and anti-Linux. I assume my comments give him an opportunity to prove me wrong and, more importantly, to explain his position. I certainly do not think Linux is perfect and I find problems with Linux occasionally. However, as a Math Professor I find that so many good programs are available (e.g. there is a Debian package for Ken Brakke's Surface Evolver program) that I would never return to Windows. I was using xfig yesterday to prepare figures for a new paper. My coauthor in Australia has limited bandwidth; I used ps2pdf to turn the postscript file to a pdf file for her. Things (e.g. tools) are so easy under Linux that the minor bugs (e.g. really minor KDE problems) are not a big deal to me.

Re:Impressions? Or bad reviews?

49% of REPORTERS!

That could in reality be 2% of the entire installed base.

Saying "49% of the people that installed it are have troubles" is the biggest piece of FUD evar.

MS has NOTHING on you guys in the lies, lies and more lies dept.

Here is a workaround

[fv]

I hope to have a patch restoring functionality within a couple days, but a workaround is available now. Try adding the --win_norawsock option to your Nmap command-line. That tells Nmap to avoid raw sockets and use the workaround that Nmap uses for systems like Win98 that never supported raw sockets in the first place. Several people have confirmed that Nmap works again for them now, as long as they use that option.

While I commend Microsoft for some of the real security improvements in SP2, limiting raw sockets like this is misguided and harmful. As this workaround shows, there are still plenty of loopholes for sending packets. If that continues, worms and virii will simply use the same techniques. Alternatively, if MS continues to cripple Windows until security scanners can't function, Windows users lose as well. While they won't be able to scan their own systems and networks for vulnerabilities, attackers on superior systems will suffer from no such limitations.

MS should focus on security the system against compromise in the first place (through more timely patching, limiting services available by default, code auditing, privilege separation, etc.) rather than crippling the system for legitimate users. Linux and *BSD offer full raw sockets, and yet they haven't become the haven for viruses and worm propagation that Windows has.

-Fyodor
Concerned about your network security? Try the free Nmap Security Scanner

Re:Here is a workaround

[MrBlue+VT]

Hey Fyodor, thanks for the response. Am I also correct in assuming that their "Limited number of simultaneous incomplete outbound TCP connection attempts" change will slow down scanning as well? Especially with a high latency target I'd imagine.

Re:Here is a workaround

[mentatchris]

Fyodor,

Thanks for your comments. I've been holding off on installing XP SP2 until I could guarantee that I can still run Nmap. It's the one tool I can't live without.

And while I'm at it, thanks for providing such a great tool to the community. I've been using Nmap for years, and it's helped me tremendously with both my programming and my system administration. I personally really, really appreciate the work you have done.

Re:Here is a workaround

As this workaround shows, there are still plenty of loopholes for sending packets. If that continues, worms and virii will simply use the same techniques.

That doesn't make much sense. Just because nmap can do it's job an alternative way, doesn't mean the "attack tools" they might be referring to, can. If a good tool can workaround this, and the bad tools can't, seems they've done some good. Dunno if I think it's a good or bad thing what MS has done, but your reason for saying it is a bad thing is flawed

Re:Here is a workaround

[shird]

Isnt it possible to use something like the winpcap library to get around all these restrictions? If so, it seems like an ok compromise, as only machines that you willfully install this driver on will have this functionality.

If not.. then damn you Steve Gibson for bitching until this got in. You have no bloody idea.

Re:Here is a workaround

[Dogun]

I disagree with your opinion that Fyodor's statement is flawed.

Remember that raw socket support is new, but network aware virsuses are not.

Viruses are brutally space efficient, so even if the oldschool windows socket API is all that is available, the change in size of the virus and it's effectiveness hardly seem likely to be effected in a significant extent at all. Recalling just how quickly the internet was infected last time there was a big 'sploit out there, slowing the scanning rate by 75% would still results in nearly complete infection faster than you can say 'gesundheit,' given that this stuff works on an exponential scale until it gets somewhat close to saturation.

Now, given that information, which is more allong the lines of what *I* interpretted Fyodor's statement as meaning, it doesn't seem so unreasonable, does it?

Amen

[Phragmen-Lindelof]

"auto-merge the /etc files. If you make any config changes, that's a big no-no."
I could not agree more.

Re:Impressions? Or bad reviews?

[UnknowingFool]

You are forgetting SP6 which wreaked havoc. You had to uninstall it and run SP6a. Sometimes it's not just the service packs. The regular paches can cause issues.

Re:IIRC, just keeps track that a file was download

one more layer of warnings against installing applications off the internet.

Whew! Lucky for us we can trust floppies and CDs!

P2P issue

[weave]

Control Panel -> Add/Remove Programs -> Windows Components -> Networking Services -> Peer-to-Peer "Enable Peer-to-Peer Networking Services."

Re:P2P issue

[Jugalator]

Care to elaborate? :-)

What's that setting all about?

Re:P2P issue

[civilizedINTENSITY]

Which only changes the firewall and not the TCP/IP stack, where the simultaneous connection attempt limit occurs. You can't adjust this.

Re:P2P issue

[weave]

Didn't know what it's about when I posted, but it looks like it's only about the firewall. Oh well.

Photoshop 5.5 stopped working

[akac]

Photoshop 5.5 won't work with SP2 - at least not for me. Just sits there on the startup screen.

FINALLY!!

I've been waiting for this feature for months. "Downloaded" flag for executables.

Still... does it apply to files created by scripts/applets/whateverlets downloaded from the internet?

Anyway, I'd like more on how this info is stored. If it's kept as an index to filenames / url, then it COULD be used later to invade your privacy.

However, maybe one could turn on an option called "use 1-way encrypted indexes" for privacy. That way, who knows, cookies and other files could still work - yet it would be impossible to know where they came from. Hmmm now that's good or bad?

Just a thought.

Re:FINALLY!!

it is simply stored in an alternate stream. get streams.exe from sysinterl.com to see it:
c:\Download>streams XSDObjectGen.msi

NTFS Streams Enumerator v1.02
Copyright (C) 1999 Mark Russinovich
Systems Internals - http://www.sysinternals.com

XSDObjectGen.msi: :Zone.Identifier:$DATA 26

Re:Impressions? Or bad reviews?

Try OS X and move beyond Windows and Linux at the same time.

Neoteris SSL-VPN

[masonbrown]

The Juniper Netscreen Neoteris IVE SSL-VPN application manager is incompatible with Windows XP SP2. The tech-doc on their support site says they maintained compatability through the beta process, but it was broken upon final release. Of course this functionality does wacky things to the TCP/IP stack, so all the network changes were likely to interfere somehow.....

Re:Neoteris SSL-VPN

[altamira]

Neoteris are not the only SSL VPN vendor affected. Microsoft, in all its glory, has decided to limit connections to "localnet" listeners to the address 127.0.0.1, which will prevent SSL VPNs from functioning correctly. In addition, more advanced SSL VPNs using LSP/NSP functionality to provide access seem to be broken as well.

I'm sure this will be worked around soon though.

Has anyone tried the new Firewall API?

[callipygian-showsyst]

Microsoft has on their website a new Firewall API

Many of these functions are new for SP2, for example the InetFWAuthorizedApplications interrface has a method to add a new application as "Authorized." Similar APIs allow the opening of ports, etc. (And most of these say Client: Requires Windows XP SP2. which indicates they were newly added.

Here's my question: What's to prevent programs from simply adding themselves as authorized and opening the ports they need? After all, if the Firewall control panel applet can do it, can't any other program? And since many, many XP users run all the time in the "Adminstrator" group, can this somehow be blocked?

Is it time for Microsoft to make a new "Super Administrator" level and start putting certain critical things (like changing the firewall) as needing that security level?

Now I need to write a program to see if my XP box won't indicate if I authorized myself and open up a port....

Re:Has anyone tried the new Firewall API?

[hsoft]

Now I need to write a program to see if my XP box won't indicate if I authorized myself and open up a port....

And I would really want to know what the result is...

Re:Has anyone tried the new Firewall API?

[TheNetAvenger]

Here's my question: What's to prevent programs from simply adding themselves as authorized and opening the ports they need? After all, if the Firewall control panel applet can do it, can't any other program? And since many, many XP users run all the time in the "Adminstrator" group, can this somehow be blocked

There are a couple of things that circumvent this, even if a program did allow itself to be added, it still would not be allowed to hit massive amounts of connectionless outbound requets.

Secondly, with the new security measures, even morons will have to click through several warnings to get a malicious application installed on a system to do this. (i.e. the additional NTFS log attachment to any foreign EXE or component that is ran on the system)

I have yet to fully explore the API or talk with some of our other techs that have been working on it, so I can't give you a full answer, but I do know the above is a great step in preventing a application on a system from even getting installed in the first place.

Microsoft even nerfed Active X in IE to the point, that he user has to specicifially unblock a new ActiveX control, and then get an additionaly security warning.

Re:Impressions? Or bad reviews?

go back to ars technica

Wrong end of the stick!

[argent]

Microsoft has the wrong end of the stick here. Rather than trying to reduce the number of ways that PCs can become infected, they're trying to reduce the damage that malicious software can cause. They've done this before, and tripped up... they modified Outlook so that programs couldn't as easily get to the Outlook address book... and what happened? Well, what happens when you want to sync your PDA?

Before they spend ONE MORE DAY on this kind of kludge to limit the utility of the OS, they need to deal with the FIRST stage of the infection. They need to remove the dangerous coupling between programs through the Microsoft HTML control, so that you don't have every program that registers a handler... even for *local* file access... suddenly becoming a potential attack point.

Re:Impressions? Or bad reviews?

[josiebauer]

The problem is - Windows doesn't need to be a Linux killer, it just needs to be "good enough" to keep people from looking for a new solution. I look forward to Linux having a much greated share of the desktop market, and I'm sure that one day it will. It just feels better to run. But in the mean time, if people have fewer compelling reasons to switch, they're not going to switch just for the hell of it. Linux needs to be a Windows killer.

Why on earth

[thegrommit]

Microsoft has objected to people helping them distribute SP2

Why on earth don't they post their own tracker and BT client? It'll be just as small (if not smaller) than their custom installer, yet take advantage of everyone elses bandwidth. Post some md5 checksums if people are worried about integrity of the downloaded file.

The only people who won't be pleased about this would be Akamai.

You don't need raw sockets for ICMP

[freeweed]

As another poster mentioned, MS themselves confirm this support being removed. I've been chuckling about this all week, because I've been waiting for this day for 3+ years now. Steve Gibson may be a blowhard, but he was 100% dead-on correct on this one.

As to why ping and tracert still work - well, they work for the same reason they worked in Windows pre-2000. Check out that link, it has nice pretty pictures, but here's the dirt (and everyone can correct me on the technical details I get wrong):

Raw sockets allow you to write data directly to the network layer. You can bypass the TCP and IP layers this way, and put whatever the heck you want into your packets. This gives you the ability to do fun things like forge your source address (good for UDP flooding or TCP SYN floods), and pretty much send anything you want. A lot of older attacks used to send malformed packets (bad TCP or IP headers) which would cause the receiving machine to choke on them (see: WinNuke).

Now, if you're forced to go through the appropriate layers (TCP and/or IP), the protocol stack handles the headers for you. Things like your source IP address, for instance, are assigned for you. You cannot change this, and therefore cannot spoof this. In the Win9x (and NT4) days, Windows only allowed you to write to the TCP layer. To accomodate "raw" sockets for use in ICMP, you could write to the IP layer (because ICMP doesn't use the concept of ports or sequencing or any of the TCP goodness).

In 2000 and XP, Microsoft inexplicably allowed FULL raw socket access, something which had only been seen in the Unix world before - hence why most DoS attacks came from *nix boxes. This is one reason shell accounts used to be a BIG DEAL for script kiddies to get (the other reason of course is that anyone can install Linux or a BSD these days). Folks like Gibson warned them that Windows would now become zombie heaven, and hey! they were right.

Microsoft has finally admitted to the mistake, realized that almost nothing other than attack tools use full raw sockets, and has closed this up. I suspect they're allowing only IP layer access again (for TCP), and transport layer access (one above this) for UDP, to prevent IP spoofing. Notice that this still allows you to spoof your source IP address on a TCP connection - this is why outbound un-ACK'd TCP connections are being limited. We don't want SYN flooding :)

ICMP works because you still have IP layer access. It's sort of like a pseudo-raw socket. This makes me wonder: has anyone seen any limitation on ICMP traffic? Because a ping flood with spoofed source IP addresses should still be possible from what I can tell.

Re:Impressions? Or bad reviews?

[CyberTech]

There is no (known, atm) way to do so, without patching tcpip.sys. There is a site which gives instructions on how to do so here http://www.lvllord.de/ - an automated tool to patch, and the offsets and values for those who prefer to do it themselves.

MS needs a lesson from Apple (and everyone else)

[teridon]

When apple puts out a security update, they send a PGP-signed email to their mailing list, security-announce@lists.apple.com. The mail has download URLs, and SHA-digests for each. e.g., here's an excerpt from the last email I got from them:

For Mac OS X v10.3.4 "Panther" and Mac OS X Server v10.3.4
===
http://www.apple.com/support/downloa ds/
Click on: Security Update 2004-06-07 (10.3.4)
The download file is named: "SecUpd2004-06-07Pan.dmg"
Its SHA-1 digest is: 182745485d8db3ea29ec67cb603cc5668a4f60d9

MS should have done something similar. They already have an existing mechanism (a mailing list for security-related announcments), they just need to add the PGP-signing and checksum. (MD5 or other)

Re:Impressions? Or bad reviews?

[WuphonsReach]

It's been a while so I might have the numbers wrong...NT 4 SP4 was issued to fix NTFS which was horribly crippled by NT 4 SP3.

Yep, some of the NT service packs were horrid.

Personally, I'm holding off for a few weeks to see if XP SP2A shows up. I'm in no rush to break systems, and I have other things on my plate to play beta-test monkey this week.

Mysql ODBC "bug" still there...

[FyRE666]

Well, we've only tried installing the upgrade on 3 machines at work: 2 failed to boot afterward; the third is ok though, we suspect it's something to do with Office, but being Windows you're never sure what the hell's going on under the hood!

It's also failed to fix the performance "bug" with MySQL via ODBC. I'm sure others saw this after SP1 - reports from Access using MySQL suddenly became 40-50 times slower. One of my rolls is to rewrite slow Access reports using perl on the server, and I've always managed to decrease the run-time by 80-90%. Now with new XP SP2, my perl version of access reports are about 99% faster!!! Well done MS!

Re:Impressions? Or bad reviews?

[aminorex]

I have no use for windows firewall, being offline,
but sp2 turned my whole network into bubblegum with its rate-limiting tcpip.sys bug. A lot of expensive paperweights, here.

About the outbound sockets

How do I resolve these issues?

Stop the application that is responsible for the failing connection attempts.

You heard it from the horses mouth, M$ says the cure is not to use windows.

You're surprised Norton has a conflict?

[CatOne]

How preciously naieve of you!

Re:You're surprised Norton has a conflict?

It's spelled naive.

Re:You're surprised Norton has a conflict?

the i is actually has an umlaut on top (two dots). The ie is the correct representation in absence of the umlaut.

Re:Impressions? Or bad reviews?

[osobear]

We've gotten to the point where you need to post AC if you want to say something nice about Microsoft.

Re:Impressions? Or bad reviews?

[B.Hoover]

My SP2 RC2 downloaded the official SP2 through its automatic updates and then installed it with absolutely no problem whatsoever. Dunno what these people are running.

Re:Impressions? Or bad reviews?

[Kyosuke77]

This seems to me like "automate it because lusers don't know better" dogma. While that does apply in situations such as applying periodical security patches or updating anti-virus software, which should be automated, it can't be applied in this case.

Find me 3rd party firewall or anti-virus software that can be turned off by an installer program, and I'll bet you it could be turned off just as easily by a virus. It would defeat the purpose of having such software. Many applications will bring up a "do you want to save changes" when there's a modified document open. Would it be better for the installer to force the app to close and lose unsaved changes? I think not.

I would agree that the installer should include an on-screen warning to close all programs, turn of AV and firewalls, and not to install over a beta version. Such a warning would probably get a lot more people to do it right, and if they didn't know how to do some of those things, to hold off installing until they figure out how. Doing it for them, however, wouldn't work, and if attempted, would probably create many more problems than it would prevent.

Re:Impressions? Or bad reviews?

[elfarto]

What a twisted point of view you have! "It's worth noting that I've never borked a windows box installing a service pack, all the way back to win 95" Yeah, you can bork it in 1000000 different ways, In linux you at least get to recover it without reinstalling the OS, and if you didn't RTFM before the emerge -uD world don't blame the OS, blame yourself, of course, you won't blame Windoze when the latest spyware takes over your browser, is not MS fault.. yeah, sure

Re:Impressions? Or bad reviews?

[prisoner-of-enigma]

It's been a while so I might have the numbers wrong...NT 4 SP4 was issued to fix NTFS which was horribly crippled by NT 4 SP3. I suffered through that.

Um, I got news for you: NT4 was released around 1996. The service pack in question was released prior to the year 2000. The product you're speaking of isn't available for sale, isn't current, and isn't even officially supported any longer. We're more than halfway through the year 2004. Isn't it time people quit judging the quality of Microsoft software by what happened almost ten years ago? Would it be fair if I judged Linux's fitness for a particular task based upon a bad experience I had with the 1.x kernel back in 1997? No, but I constantly hear Slashdotters harp about how awful Win95/NT4 was and how nice Linux kernel 2.4/2.6 is when Linux clearly has the benefit of several more years of development under its belt. If you're going to castigate Microsoft for something, castigate current products by comparing them with current alternatives. Doing anything else is comparing apples to oranges.

If such stuff came from Microsoft, it'd be called FUD, but since it comes from Linux lovers on Slashdot, it gets modded +1 Insightful. What a way to be fair and unbiased, huh?

Re:Impressions? Or bad reviews?

[BlackSol]

I installed it on two machines this week. Installed smoothly, and no adverse affects so far. Seems slick.

All hell will break loose on Monday.

[Westech]

I can't wait to see what happens once SP2 is pushed to all of the malware infested PC's out there in userland. When the new firewall starts throwing hundreds of warnings per minute about attempted outbound connections while Jane Luddite is trying to email her grandson these users are going to freak right out.

On the other hand, I guess that most of the malware infested computers are the ones that DON'T automatically run Windows Update and thus won't get the service pack. Either way, I can't wait to see what happens. I'm covered at work because we have SUS setup to skip SP2 until we can finish our testing.

As for all the home users, I feel another Y2K coming on. Maybe this one won't be such a letdown!

Awards Dept.

[FlyingOrca]

"The fact that a M$ service pack (which replaces M$ only software) can blow up some systems up here and there..."

...and finally, NivenHuH gets this week's "Paul McCartney Memorial Throw-In-An-Extra-Preposition-And-Call-It-Artistic " award. Take it away, Paul: "In this ever-changing world in which we live in..." (Live And Let Die)

(Please note: all in fun, I'm really not a grammar Nazi!)

Re:Awards Dept.

lol.. I knew I proof-read that too quickly.. =)

Re:Awards Dept.

[kalidasa]

Funny, I always thought it was "but if this ever-changing world in which we're living makes you give in and cry". But I looked at a couple of lyrics pages, and they've all got what you've got.

Re:Awards Dept.

[FlyingOrca]

You know, that could well be McCartney's original, and it makes more sense that way. Maybe it's a reverse Mondegreen, though - where you hear something that makes no sense and your brain ("The horror! The grammatical horror! Must... find... sensible... interpretation...") comes up with something that actually works.

Huh. A reverse Mondegreen. I've never really contemplated the notion before, but I think I may have actually done this. Cheers!

sp2 fails with Intel p4 prescott

Install will fail 100% of the time with prescott.

Re:Here is my completely honest impression....

I actually TRIED installing Linux but after a few hours of wrestling with it to get it to work I gave up and installed XP. It had a nice GUI that walked me through it (yes, it IS important) and it all went fine and I didn't have to worry about anything not working. The first time I booted up, sound worked, it recognized my internet connection, and all my programs installed perfectly. They really need to work on the usability part of Linux if they want it to take off. Keep the end user far, FAR, FAR away from any of that command line nonsense, you're trying to convert Windows users, when was the last time they had to use a command line? How many of them even KNOW WHAT ONE IS!?

I do use Knoppix on my laptop though, now THAT'S a distro that got it right.

Re:Impressions? Or bad reviews?

[Gr8Apes]

Ah, a trolling AC. Should have known...

From your post:

> When 49% of installers have problems, the bad reviews tend to crop up.
its fun pulling numbers out of your ass?

The numbers came directly from the article, no pulling out of Donkeys necessary.

Re:Impressions? Or bad reviews?

Try OS X and move beyond Windows and Linux at the same time.

Yeah from an OS monopoly to a hardware one too! yay!

Re:Impressions? Or bad reviews?

[repvik]

Then you had SP4a, which fixed a few critical errors with SP4. Like breaking Intel's EtherExpress-cards (of which there were *many* users).

Re:Impressions? Or bad reviews?

[realdpk]

Heh, that'll go over well, Microsoft writing software that disables other manufacturers software - even temporarily - just to get their stuff installed.

Re:Impressions? Or bad reviews? Or didn't read?

[civilizedINTENSITY]

Nope. Didn't read the article? Its not even about blocking or unblocking a port at your firewall.

Its about two things, raw sockets go bye-bye, and TCP/IP stack based limits to simultaneous outbound connections:

"The Windows implementation of TCP/IP still supports receiving traffic on raw IP sockets. However, the ability to send traffic over raw sockets has been restricted in two ways:
*TCP data cannot be sent over raw sockets.
*UDP datagrams with invalid source addresses cannot be sent over raw sockets. The IP source address for any outgoing UDP datagram must exist on a network interface or the datagram is dropped."

Also, "The TCP/IP stack now limits the number of simultaneous incomplete outbound TCP connection attempts."

Please note that this last is *not* the firewall, but the TCP/IP stack.

Re:Impressions? Or bad reviews?

[rikkards]

I haven't had a problem either. However a guy I work with can't do it. He has a P4P800 based motherboard and he is getting a BSOD with AGP400.sys file everytime he boots. He even rebuilt from scratch and was still getting it. Sounds like others are having this as well.

ask politely or look like a bigger fool

[Doc+Ruby]

Ha, ha, obnoxious Microsoft apologist. When *your* software starts failing under your spiffy new Microsoft patch, come back and tell us all about it, OK?

Re:ask politely or look like a bigger fool

[prisoner-of-enigma]

Nope, I'm going to gripe to the software vendor who wrote the buggy, shitty, non-compliant software that's being broken by SP2, because if the vendor had written it according to published Best Practices documents, SP2 wouldn't break it. Yes, this includes certain Microsoft apps as well, but if SP2 breaks it, it needed fixing anyway. I'm all for it, as SP2 is finally going to make app vendors start paying attention to security when writing their apps.

But then again, you're on my Foe list because you've shown your Linux zealot colors in the past, so I can be assured you're leave no good Microsoft initiative unpunished. If SP2 didn't break anything, you'd have complained it was too weak. If it breaks lots of things, you complain it's too invasive. That's why you're irrelevant to this issue -- because no matter what was going to happen, your mind was already made up. There's a phrase for that, it's called "narrow minded."

Re:ask politely or look like a bigger fool

[Doc+Ruby]

Until something changes at Microsoft, nothing will be different. Their anticompetitive crusades lead me to expect that they will use Service Packs to compete with other vendors. You might consider that Microsoft has no reason not to use this opportunity to make changes during the long SP2 gestation, notify only MS divisions that would be adversely affected, let them issue patches, and leave their app competition twisting in the wind when they release the SP. Their own problems would be a testament to their incompetence at managing software change cycles, despite their advantage. Sure, that scenario is only speculation, but it's based on Microsoft's long history of leveraging its monolithic OS/app/development monopoly against its competitors, in every possible avenue.

I'm no Linux zealot, but I was zealous about the remedy phase at the DoJ after it pronounced Microsoft a monopoly. I expected a competitive remedy to split Microsoft into separate OS, app, development and media companies, which would have to compete with each other, and partner with previous competitors, just like everyone else. When they received nothing but a slap on the wrist, I prophecied that they would continue to use their monopoly in the same ways. News that other browsers suffer under SP2 merely confirms that prophecy. When *you* ignore these crimes, at your expense, it is *your* mind that is demonstrably narrow.

Re:ask politely or look like a bigger fool

[prisoner-of-enigma]

Until something changes at Microsoft, nothing will be different.

So, the fact that for the first time in history, Microsoft is pushing a service pack that emphasized security over functionality means nothing to you, I guess. Yep, nothing ever changes at Microsoft, does it? I swear, if Bill Gates himself came out tomorrow and said Linux was the best thing since sliced bread, you'd still find a reason to hate him and his company. The change is right in front of you, you just don't want to see it.

Their anticompetitive crusades lead me to expect that they will use Service Packs to compete with other vendors.

Oh, so it makes you upset that Microsoft is actually improving its products and making them more competitive against your sacred cow? My heart bleeds for you. Microsoft needed Linux to get it busy improving its product again, just like Linux needs Microsoft as a competitor. You love it when Linux makes forward strides, but hate it when Microsoft does the same thing. Back home we call that a hypocrite.

You might consider that Microsoft has no reason not to use this opportunity to make changes during the long SP2 gestation, notify only MS divisions that would be adversely affected, let them issue patches, and leave their app competition twisting in the wind when they release the SP.

The days when Microsoft can blithely get away with SP's that break things like Lotus Notes are long gone, you just don't want to see it. Whether you're willing to admit it or not, Microsoft is afraid of the DOJ right now and has dampened much of their former bullying mentality. Microsoft hasn't released a service pack that breaks a major competitor's application since NT4. Get with the program, Doc. You're still living in 1996.

I expected a competitive remedy to split Microsoft into separate OS, app, development and media companies, which would have to compete with each other, and partner with previous competitors, just like everyone else.

I don't suppose the fact that this issue was examined and found wanting by the DOJ matters in the slightest to you, does it? I'm not naive enough to ignore the political dimension here, but you must admit Microsoft is far more timid these days than they were a decade ago. They may have received a "slap on the wrist" legally speaking, but the implicit message was "we're letting you off, but you'd better behave from this point forward."

News that other browsers suffer under SP2 merely confirms that prophecy.

How odd you say that, because I've heard nothing of the sort. Both Firefox and Mozilla work fine under SP2. But please, by all means, make stuff up to support your case. It's not true, but it does make this whole argument more entertaining.

When *you* ignore these crimes, at your expense, it is *your* mind that is demonstrably narrow.

When *you* ignore the good in your opponent simply because he is your opponent, it is *your* mind that is demonstrably narrow. Even Hitler painted roses. Microsoft is not an evil tribe of baby killers, it is a capitalistic company functioning in a capitalistic society. It is by definition ruthless and aggressive, and our economic system encourages such behavior. You are too quick to demonize their actions simply because you disagree with them. To qoute the Godfather, "It's not personal, it's just business." Would it kill you to admit that, by issuing SP2, Microsoft is making long-overdue strides towards actually producing a secure OS? Or must everything be a conspiracy?

Re:ask politely or look like a bigger fool

[Doc+Ruby]

Your claptrap falls apart when confronted with the truth. Microsoft was found guilty of illegal competition by bundling in the *early 1990s*, and a court applied a consent decree to keep them from doing it again. They did it again. A court found them a monopoly, and then a change in presidential administrations let them off the hook, despite the message that your apologist ears heard of "don't do it again". Now, with SP2 interfering with non-MS browsers, it looks like they're doing it again. Of course you haven't heard about it - there are none so blind as those who will not see.You launched into this subthread by replying to a short post in which I linked to the BBC article that cited the 30% of SP2 installers with problems like interference with non-MS browsers. Instead of reading that, you ignored it in favor of spewing venom without basis. I'm merely holding onto the reasonable view that MS is using SP2 as a competitive weapon, at least through benign neglect of testing it with competitors software as well as they do with their own. But your rabid belligerence won't accept that, even though you're shooting your mouth off defending the predator working against your better interests. You're very proud of setting yourself as my "freak" - you'd do better to choose your enemies more wisely, based on their actual threat to your actual interests.

Re:ask politely or look like a bigger fool

[prisoner-of-enigma]

I'll quote the BBC article you're so proud of:

Many others, 30% of those responding, said they had minor problems such as clashes with non-Microsoft browsers or applications.

You're spinning that into some kind of conspiracy that Microsoft is out to break third-party browsers. The category of "non-Microsoft browsers or applications" is extremely broad and includes every piece of software not made by Microsoft. You're artificially constraining that to "Now, with SP2 interfering with non-MS browsers, it looks like they're doing it again" just to make a point. Ah, the sweet smell of a flaw in your argument...

Again, I'm going to posit that any apps broken by SP2 were broken to begin with, but you seem incapable of grasping this fact. Microsoft closed a lot of holes in their OS in an attempt to make it more secure, but some organizations (including Microsoft) were playing fast and loose with these holes either because (a) it gave them a competitive advantage or (b) they were sloppy. I find it extremely interesting that you seem to think Microsoft is using this patch to further its plans for world domination, yet the very article you quote shows it breaks some of Microsoft's own software. The CRM market is where Microsoft is making a big push...please explain to me how breaking that app furthers Microsoft's ability to compete against the competition? Oops, sorry, I think I broke your argument there, Doc. Hope you kept the receipt.

Instead of reading that, you ignored it in favor of spewing venom without basis.

Coming from someone who started their reply charges of "claptrap" and "rabid belligerence," I'd like to introduce you to your good pal Kettle. He knows you by your nickname "Pot." You two seem to know each other well.

You're very proud of setting yourself as my "freak"

No, I'm not proud. You've earned it, so you should take all the credit.

do better to choose your enemies more wisely

You mean I should choose enemies that can actually think and develop non-conflicting, internally-consistent arguments? But that would exclude you, and it's such a joy to consider someone of your caliber a Foe.

based on their actual threat to your actual interests.

You are a threat to my interests, because of your inability to view Microsoft in an objective light. No matter what they do, you consider it bad, even when the outcome is of a benefit to Windows users. You view it this way because of your baseless, irrational hatred of the company, the platform, the owner, or some combination of all three. Since you are unable to separate your emotions from your decision-making capabilities, your judgement cannot be trusted. To you, the software isn't just some tool, it's an ideology, a sort of religion for you. Don't deny it, your reputation precedes you, which is how you earned a spot on my Foe list to begin with.

Where we differ is in the fact that I don't have a preference for Windows, Linux, or any other OS. I use and recommend whatever's best for our own internal use and for the clients we serve. If the client is best served with Linux desktops and servers running Samba, that's what we recommend. If they're best served with Windows desktops, Microsoft Office, and Windows Server, that's what we recommend. If the client prefers Mac's, we're likely to suggest a Mac solution to any new expansion. You, on the other hand, would rule out Windows to begin with simply because of your emotional bias. In doing this, you become a disgrace to the technological community, as you have denied your clients or your users a potentially superior solution simply because you have a bone to pick with the manufacturer -- a personal bone, not a business-case bone. If you can't separate your personal feelings from your technological decisions, I certainly hope you're in a job position that vests you with as little responsibility and decision-making opportunity as possible.

Re:Impressions? Or bad reviews?

[doshell]

What does that have to do with the firewall? AFAIK, a firewall isn't supposed to limit the number of connections, just allow/disallow them at all on a per-application basis.

I can understand the point of limiting outbound connections -- I just hope it can be turned off, and that turning it off is not deliberately made hard (burying it in the system registry, anyone?).

Re:Impressions? Or bad reviews?

[prisoner-of-enigma]

Contrast the following two comments from your response:

Perhaps your sysadmin skills are lacking. I've never had an issue with using 'emerge --pretend -uD world' to see what will be changed,

and

The fact that a M$ service pack (which replaces M$ only software) can blow up some systems up here and there (one of the reasons why they added system restore points to service pack installations) just gives you an idea of how hard it is to maintain the Windows operating environment.

So, if someone messes up a Linux "service pack" application, they're an idiot and Linux shares no blame, but if they muck up a Windows box, Microsoft is totally to blame. Yup, that makes all the sense in the world...if you're a Linux zealot.

I feel sorry for the M$ developers that have to deal with dll hell and have to worry about retaining ancient compatability with old libraries..

I'll remember that next time I can't get an RPM to install due to dependency hell. That's just so much more fun than DLL hell, isn't it? Sure, I can mitigate that with apt-get and Synaptic package manager, but likewise Windows DLL hell hasn't existed in a long, long time due to built-in Windows DLL version control. Again, you're judging current Microsoft products based upon what they were producing almost ten years ago. Clearly have no idea whatsoever about how much improved Microsoft's current product line is. Perhaps you should research the things you're criticizing before you criticize them.

Re:Impressions? Or bad reviews?

[rikkards]

Sure there is get the evil app to run and then have it check for existing window asking if said application is allowed to access the network and say yes. If the user blinks he'll never know.

pk4

[smashtheqube]

packetfour has an article about this as well: http://packetfour.com/?id=26_0_1_0_M

Re:pk4

[smashtheqube]

I submitted the article in and they summarized it and threw it up... even stole one of my links! :\ at least the site didn't go down though. (woulda been crazy!)

Re:Impressions? Or bad reviews?

[prisoner-of-enigma]

Umm...ever heard of registry key permissions? These keep malware from altering system-critical stuff. SP2 includes tweaks in that direction as well, in addition to the permission restrictions already applied to non-admin WinXP users. You need Power User or Administrator rights to modify the registry in almost all cases. Those keys that any old user can modify are not critical to the system.

Look, the situation here is no different than Linux. If you're running as root and something decides to fsck with your config files, you're just as screwed as if you were running with admin rights on a Windows box and something fscked with your registry. If Windows is a broken door in this respect, so is Linux -- in the hands of a stupid user, that is.

Takedown notice

[danila]

Microsoft has objected to people helping them distribute SP2.
That's why the eDonkey2000 network is great. If they decided to distribute it there, it would be impossible to shut down, because you only need to know the size and the MD5 checksum to download it.

Is Microsoft Ramping Up to Offer TCP/MS?

[dave+at+hostwerks]

About 3 years ago, Bob Cringely wrote in his PBS.org column about Microsoft purposely putting Windows in peril by making a number of changes to the TCP/IP stack. The goal? According to Cringely, Microsoft wants to offer it's own 'secure' version of TCP/IP.

An excerpt:

Now to the other approach, the one some people attribute to Microsoft. I am not making this up. The story came to me from people I have come to trust, and I have looked into it closely enough to think it might have some validity. But for the sake of keeping lawyers off my back, let's just call it a rumor, and only use it as a basis for discussion. To be perfectly clear, I am not claiming that the following is true--just that I have heard it from more than one source,and think it accurately characterizes some past behaviors of Microsoft. Perhaps by bringing it into the light, we can insure that Redmond takes a more thoughtful course. I certainly hope it is wrong.

Programmers who ought to be familiar with Microsoft's plans have suggested that the real motive for raw socket support is for Microsoft to use Windows XP to exploit a bad situation, to deliberately make things worse.

According to these programmers, Microsoft wants to replace TCP/IP with a proprietary protocol--a protocol owned by Microsoft--that it will tout as being more secure. Actually, the new protocol would likely be TCP/IP with some of the reserved fields used as pointers to proprietary extensions, quite similar to Vines IP, if you remember that product from Banyan Systems. I'll call it TCP/MS.

How do you push for the acceptance of a new protocol? First, make the old one unworkable by placing millions of exploitable TCP/IP stacks out on the Net, ready-to-use by any teenage sociopath. When the Net slows or crashes, the blame would not be assigned to Microsoft. Then ship the new protocol with every new copy of Windows, and install it with every Windows Update over the Internet. Zero to 100 million copies could happen in less than a year, and that year could be prior to the new protocol even being announced. It could be shipping right now.

Suppose you are a typical firm that also has some non-Microsoft servers. You will want to use this new protocol between your Microsoft and non-Microsoft servers. Microsoft could charge Sun millions to put TCP/MS on their systems. Microsoft can promise open support, but make it financially impractical. Then use it in a marketing attack against competitors. Zero-Footprint network drivers, ODBC, and MAPI are examples of Microsoft "open" standards that took years for non-Microsoft firms to use. Almost anyone who would have wanted to use these open standards has been driven out of business.

The full article can be found here.

I leave you to discuss this amongst yourselves.

sp2 sucks

it ate my baby and then ran over my dog. i hate windows...going back to my PET now...

Re:Impressions? Or bad reviews?

[thedillybar]

>Let the extreme P2P kiddies relax the rules manually.

Agreed, but, how can you relax the rules? Is there a registry key somewhere? This really sucks if there's not. Will nMap still work?

Re:Impressions? Or bad reviews?

[Cobalt+Jacket]

Heh. I recall under NT3.51 that when you installed a service pack on an SMP machine, you had to go move the MP version of the NT kernel into place before rebooting, or else you'd get a blue screen when the system tried to start up. The service pack installer didn't have the brains to autodetect SMP systems.

Re:Nailing? Ah yep.

[civilizedINTENSITY]

I'd hardly call having to go to a control panel and explicitly opening an (incoming) port "nailing" anyone. It's the right thing to do.

Its not the firewall, its the TCP/IP stack. So actually, yeah, *everybody* gets nailed.

Funny?...

[T0t0r0_fan]

...not at all, it's not like everybody has more than one working machine in case one of them is screwed(and I can hardly see them going to the nearest cafe for the report; most likely they'll have their system restored, curse loudly, but it'll be too late for them to want to do anything). Judging by previous articles, that can be quite a few...

Re:Funny?...

I don't understand people who don't have a backup installation on a different partition or another drive. It makes it so much easier to recover a system and get help. Also good for testing new setups and software.

Re:Funny?...

[VitaminB52]

I don't understand people who don't have a backup installation on a different partition or another drive. It makes it so much easier to recover a system and get help.

Having your backup on another partition or drive doesn't help that much if the problem is caused by virii or worms, they often spread to other partitions / drives after infecting the first partition / drive.
Always have your backup on removable media / another machine (that's only connected to your production machine when performing backup and recovery).

Backups shouldn't be as easy as possible, but as secure as possible.

Sorry mister A.C., I'm not going to hire you to backup my machines :).

Re:Impressions? Or bad reviews?

[thedillybar]

>I am peeved that the elimination of tcp data over raw sockets is not unchangeable with a registry edit.

Are you sure it's not changeable w/ a registry edit? Maybe it is but Microsoft is hiding it from us? I wouldn't put it past them.

How to get around the connection limits.

[ultranova]

Many, many users are reporting problems with SP2 limiting outbound TCP/IP connections. This appears to be nailing anyone who makes heavy network use of their machine, including especially users running P2P applications.

Psst. File Traders. Yes, you. Get some old Pentium machines (you can get these for free, since people can't run new games on them and are throwing them away - Pentium2 300 works fine), take memory from several of these, and concentrate it all on one machine so it has some 128MB of it. Then install a silent power source and a big, silent hard disk, install Debian GNU/Linux, VNC, xterm, all the fonts and sshd.

Now you have a silent server machine, which can run several P2P clients at once (Gtk-Gnutella (for Gnutella) and Lopster (for OpenNap) in the VNC, Mldonkey (for eDonkey) from console (use nohup) with the Web Interface, and BitTorrent (btlaunchmany.py) in a "screen" session), Leafnode for newsgroups caching (so you don't need to keep on checking your news server daily), and if you install Samba you can mount your download dirs as network shares from Windows.

There's even a program which automatically downloads pictures from Usenet News and shows them in a web gallery (automatically parsing the original messages to add initial keywords, of course) but that's still in early alpha and not publicly available (it can't handle multipart binaries yet, and yenc decoding in pure Python is pretty slow - but it's getting there).

Just remember to firewall the machine from the Internet to keep out uninvited guests, and only open those ports that you actually need.

And you never need to worry about connection limits again ;).

The only thing it can't really run is Freenet - that darn bunny eats memory more than Ryo-Ohki eats carrots :(.

Re:Impressions? Or bad reviews?

[TheGrayArea]

Been there, read that. Documentation doesn't make it any less a PIA. We're gonna disable the thing for now and prevent the download till the dust clears.

Re:If you don't want XP SP2 deployed by auto-updat

[delus10n0]

Yes, I like to run software from poorly designed and non-informational webpages that could potentially hose my system. Sign me up!

XP SP2

Ive installed sp2 and this is what ive seen:
1. Pop ups are nonexistant.
2. MS CRM doesnt work unless patched.
3. Emule is dead. Even after opening ports on the PC, it still will not begin any downloading.
4. Yahoo messenger is very buggy post SP2. I get discoed about once every 5 minutes.
5. AIM runs ok
6. ICQ runs ok
7. Of course MSN Msngr is fine.
8. Doom 3 took a 10% performance hit for some odd reason.
9. Audigy2 works fine.
10. Winamp and the other audio players are all good.
11. Player ping is a touch higher via LAN matches on doom3, UT2004, and Painkiller. I am not sure why, but 5 PC's on a p4 server that had been getting 10-15 ping are now at 60-90.
12. Works fine for office setting where high network traffic isnt an issue.
13. Sucks for p2p/filesharing/mirc/newsgroup users.

Re:Impressions? Or bad reviews?

[Wile_E_Peyote]

Maybe because he prefers Windows? You could just as easily ask why so many on here have Pro-Linux and Anti-Microsoft posts?

Saying someone's ideas are suspect (they are hiding something) because their ideas do not agree with yours is the whole problem with us humans as a group...

We don't converse or exchange ideas, we just spout our rhetoric until one side or the other gives up...

Re:Impressions? Or bad reviews?

[Anonymous+Brave+Guy]

I bet most of that can be chalked up to simple carelessness in installation.

I'll take that bet... But then I actually read the comments at the SANS site before submitting this story. :-)

Re:Impressions? Or bad reviews?

[Richy_T]

The problem is, Linux doesn't need to be a Windows killer. It just needs to do what it does for the people who write it.

Rich

Re:Impressions? Or bad reviews?

[Anonymous+Brave+Guy]

I was using xfig yesterday to prepare figures for a new paper. My coauthor in Australia has limited bandwidth; I used ps2pdf to turn the postscript file to a pdf file for her.

That's funny, I was using the same tools on Windows XP just the other day.

Re:Impressions? Or bad reviews?

[Bugmaster]

Just out of curiosity, how do I adjust the limit on the outbound connections ? Microsoft doesn't say.

"Minor Problems" ?

[Bugmaster]

From the article:

Many others, 30% of those responding, said they had minor problems such as clashes with non-Microsoft browsers or applications.

Sorry MS, those problems are actually major for me. The only MS apps that I use are explorer.exe and msconfig.

Does anyone have an idea of what still works ? Cygwin ? Opera ? Mozilla ? SharpReader ? ReGet ? WinAmp ? mplayerc ? vlc ? What ?

Re:"Minor Problems" ?

[smash]

Mozilla, winamp, mplayer all work for me.

I have had ZERO issues with SP2, been running it since RC1....

Either way - its a good idea to upgrade in any case, simply for the firewall during bootup... and sooner or later you know that things are going to require SP2 to run/install... may as well sort things out now.

smash.

Re:Impressions? Or bad reviews?

[Kyosuke77]

I know, I read them too. Those are mostly technical folks who know what they're talking about. I also read the ones on Microsoft Blog, though. Here's a good example:

Have been running sp2 (beta( for 2 months no problems, thought it was a dream come true. Alas, Microsoft downloaded final sp2 to me today, thank heaven I have GoBack installed. My msn messenger wouldn't work, Norton messenger protect wouldn't work, not that it made much difference. No matter how many times i clicked my desktop icons nothing would start., although in all fairness some programs did initialize after about 3 minutes, good grief.. and restart the computer, a lost cause without a complete power down. Restored system back to before sp2 installed and everything working beautifully with sp2 (beta), as usual Microsoft is going to use the public as a test bed, for their failure to sufficiently test their products.

I think this just proves that idiots and beta software don't mix. =)

Re:Impressions? Or bad reviews?

[NivenHuH]

So, if someone messes up a Linux "service pack" application, they're an idiot and Linux shares no blame, but if they muck up a Windows box, Microsoft is totally to blame. Yup, that makes all the sense in the world...if you're a Linux zealot.

Way to quote me out of context.. The parent was complaining about 'emerge -uD world' killing his system. I said he was a lousy sys admin for not checking what he was installing; a precautious (good) sys admin will only upgrade what is needed reguardless of what platform you're administrating.

Microsoft should be blamed for faulty service pack installations as they don't allow you to pick and choose (as far as I know) which portions of the service pack you'd like to use. (If they do, then.. I'll bite my tongue and retract that statement.) If I don't want to cap my incomplete TCP sessions (for whatever reason), then I won't install that particular update.

If you're worried about RPM dependency hell, go download rpmfind (or use the two other solutions you suggested in your post). My statements are based off of the general bloaty-ness of the OS. Do we really need progman.exe, mplay32.exe, grpconv.exe, etc.. in the latest releases of Windows XP? Do we really need Windows 95 compatability 9 years later? Like I said, if I were a OS developer at Microsoft, I'd be pissed off that I have to keep all of that stuff from 10+ years ago in my final product. Hopefully Longhorn will have most of that stuff trimmed down...

Compatibility with existing security software?

[x4A6D74]

I was wondering if anyone who runs a firewall (e.g. ZoneAlarm, among others) already would care to comment on their experience with upgrading to SP2. All of my machines (the Windows boxen, anyway) run ZoneAlarm and Norton AntiVirus (home edition on my parent's home machines, Corporate on my laptop since my university provides it for free :). I'm just curious if anyone can testify as to how this software cooperates with SP2.

Obviously, I'd prefer to use ZoneAlarm unless it and SP2 totally butt heads -- ZA has both out- and in-bound protection, and has demonstrably withstood minor script kiddie attacks and can theoretically handle much more (once a friend, just for fun, had Nessus run at maximum strength against my machine with ZA -- all ports were blocked, but by the way one service [RPC, I think] was denied Nessus was able to determine the system as Windows. This out of ~1200 scans and probes.) The only benefit I see to the XP firewall would be that it's loaded right after boot, so it starts protecting earlier.

Comments, anyone?

Re:Compatibility with existing security software?

[kcb93x]

Norton's released an update to it's AV software to make itself integrate just fine into the Security Center. I've got it running.

I'm currently running Kerio Personal Firewall, but I've heard ZA integrates just fine, which is good, as that is what we've put on the rest of my family's machines.

Kerio: Geek's firewall (advanced monitoring)
ZoneAlarm: Normal user's firewall (ease of use, simplicity)

Just make sure after you install ZA (if reinstalling) that you disable the integrated firewall.

Re:Compatibility with existing security software?

[x4A6D74]

Thanks.

While I do consider myself a "geek," at this point I have not learned much about networking and so ZA works better for me. This is due largely to choice; while I could easily pick up a book or take a class on it I have found myself more inclined towards compsci theory and so have taken classes more on that aspect.

However, I will look into Kerio, and I appreciate the information.

Re:Impressions? Or bad reviews?

[Phragmen-Lindelof]

"You could just as easily ask why so many on here have Pro-Linux and Anti-Microsoft posts?"
I believe (perhaps incorrectly) that people understand that Linux is technically superior (e.g. better security, more stable). This is not to say that Linux has the same features as Windows or that Linux is better in every respect than Windows but that, overall, it is superior. Since "life" consists of special cases, this does not make Linux superior for any particular individual. A reasonable answer to your question is that people have less desire to criticize the superior product. (Of course, another might be to say that it recognizes a bias against MS held by many /. readers.)

"Maybe because he prefers Windows?"
I have no doubt that he (or she?) prefers Windows. Why is this? Perhaps s/he works for Microsoft? Perhaps Windows just works better for him/her?

"We don't converse or exchange ideas, we just spout our rhetoric until one side or the other gives up..."
This is an easy way to dismiss a serious issue. Is the only reason people prefer Windows that they have to use it and have just accepted it? Are there good points to Windows worth the security concerns and other issues (e.g. new features must wait for MS while any of us can start a Linux project to create the tool we want)? This is an opportunity for education and you settle for a trite phrase. Impressive (Quake3 voice).

Mozilla broken

[KuNgFo0]

I've noticed that since I installed SP2, if I open up a large number of tabs quickly in Mozilla (like I've always done without any problem at all) it now hangs the program to the point it's unusable for a VERY long time. Even if I load only 3 or so tabs quickly, I notice a large slowdown in the UI's responsiveness. I had no idea what was causing it until I saw this mention on TCP/IP limitting, I'm sure it's probably the cause.

P.S. Windows firewall is totally disabled

Re:Impressions? Or bad reviews?

They should allow an 'expert' SP install that lets you pick and choose what portions of the service pack you'd like to install. *shrug* I'm just a control freak .. =)

exactly my thoughts

but then again I can't install this SP at all. It refuses to back up a few drivers, "can not save..." maybe good luck for me?

As for those getting upset that yet again microsoft is being pounced on, they're the big fish in the pond, they're an easy target. i'm sure if the roles were reversed and Linux was the big dog - we would be complaining about that ... it's human nature to bitch and gripe. And these guys ... oh so deserve what is being sent their way especially when they start to ignore previous user settings like re-installing outlook express and messenger. Most problems I have seen security wise are ones they created in the first place .... UNPP, remote assistant, tightly integrating IE into the OS, DCOM etc. Many thing I have installed are to protect myself against microsoft's "friendly computing" motto

Re:Impressions? Or bad reviews?

[Phragmen-Lindelof]

I was in CompUSA a few days ago and saw a (software) product one could buy which would convert postscript files (and possibly other file formats) to pdf files. I am not surprised that GPLed software is appearing on Windows machines; this is good. I presume xfig and ps2pdf on Windows are free and open source. (A question: Who owns the "name" xfig? Could MS create a nonFOSS Windows program named xfig which performs like xfig?) Your comment "I was using the same tools on Windows XP just the other day" makes me wonder why companies are selling products like the one I saw at CompUSA if the same functionality is available for free already? Usually products which do not sell do not last very long; I suspect people are buying this conversion program. Why?

Re:Impressions? Or bad reviews?

[fishbowl]

"This is what is supposed to happen, the firewall is turned on now by default, and from a security standpoint this is a good thing."

It looks to me like the 10 socket limit applies even when the firewall is turned off.

Re:Impressions? Or bad reviews?

[Anonymous+Brave+Guy]

While it may be true that idiots and beta software don't mix, Microsoft has actively adjusted the meaning of the term "beta" well beyond a last round of testing before release. Sending beta software out the door, even charging for it, is now their standard MO.

Now, that's a business decision, and if their customers are prepared to accept it, fair enough. However, if you're going to treat betas as real products like that, you have to support them as such as well. For a start, that means not sending something out via auto-update that isn't compatible with a beta but tries to install itself anyway and screws a system up as a result.

What's happening at present is that MS is just releasing everything as a beta, which is a cheap excuse for shipping sub-standard, unsupported software and then passing the buck if anything goes wrong. You can't do that and then not expect to take a PR hit when, inevitably, something does.

Just to let you know...

[CygnusXII]

I know alot of the features that are enabled by default, are annoying. Here's how to turn them off.
(simple way first... Hold power button in for 10 Seconds, machine Powers down, no more annoying features.)

Seriously though, Here's they Registry Keys to Turn off.
Hkey_Local_Machine/Software/Microsoft/Securi ty Center/
You will find initially Several Keys Here, change the Dword Value of the Keys to 1 instead of 0.
This worked for me.

I hate that aggrevating crap. Somehow I think it will end up turning itself back on. You never know with MS, they pull that sneaky shit on ya, when you least expect it.

Kudos

[macdaddy]

Thanks for a great tool.

Re:Impressions? Or bad reviews?

[Phragmen-Lindelof]

"If such stuff came from Microsoft, it'd be called FUD,"
If this stuff came from Microsoft, it would be advertised throughout the US, Europe, etc. and it would be FUD.
"since it comes from Linux lovers on Slashdot, it gets modded +1 Insightful."
People who read Slashdot quickly learn to filter the comments in one way or another. The comments might not always be unbiased but are not FUD.

Re:Impressions? Or bad reviews?

Dude, you are high. Windows XP comes with 2 free support incidents and unlimited free installation support.

Re:Impressions? Or bad reviews?

[Skuld-Chan]

I don't get this - I have three machines (one of them has the original XP installed on it the day it came out - and its never been formatted) and all three of them installed XP SP2 just fine - that a 100% sucess rate.

Plus if you don't like its firewall - turn it off. Simple as that.

Why can't we talk about redhat or debian upgrades that have hosed machines past the point of salvagability? It does happen!

Re:Impressions? Or bad reviews?

I feel like making some stupid, snide remark like, "Wha firewall?"... but I will not. Instead, let me tell you about Gunbound and SP2.

I installed SP2, checked the nifty new firewall features out, and then launched Gunbound. I immediately get a dialog asking me if I want to let Gunbound access the internet... Gunbound finished updating iteself before I could even click 'Yes'.

It would seem as though the firewall does not work as it should. Why bother having it on by default if it will let apps connect outbound by default? I don' see security being taken seriously by Microsoft with this kind of behaviour from their software. I might add, I have noticed that my computer seems a bit slower now too.

strike

Nothing here..

[bmantz65]

No problems or performance hits here. Disabled the built-in firewall and virus scan since I maintain my own.

Re:Impressions? Or bad reviews?

[qbwiz]

Age of Microsoft: 29 years
7 years as a percentage of Microsoft's age: 24%

Age of Linux: 13 years
7 years as a percentage of Linux's age: 54%

Re:Impressions? Or bad reviews?

I think you totally missed the point of that post.

FedEx

[TerminalEcho]

Here we got all kinds of issues with this stuff. SP2 breaks alot of our apps and the local users machines have all kinds of missing DLL errors. We decided to hold off on sp2 deployment until we can review this patch and possibly make our own custom SP2. Just like M$, releasing code before it's ready.

Re:Impressions? Or bad reviews? Or didn't read?

[NickRuisi]

Isn't the way the proto handles issues like this defined in the RFC? If so, is M$ releasing a non-standards IP stack?

Re:Impressions? Or bad reviews?

You're never going to understand the value of Windows by booting up a computer and playing with it. That is what most of the Linux vs. Windows arguments boil down to, but that is useless argument made by geek who's been locked up in the server room for too long. People need to realize that computers are a tool for communication. That's primarily what they are used for in a fundamental sense and that's what drives the economics behind them. It has nothing to do with whether program A is spiffier than program B. Just look at the number of AOL users and that will give you an indication of how many people give a shit.

Re:Wonder how many....

Great stuff, by far the best off-topic post (I hesitate to call it a troll..) I've read on /.

Re:Impressions? Or bad reviews?

Do you really want MS automatically turning off your firewall and anti-virus programs to install an update? Especially with automatic update turned on? Please think before you type.

Re:Impressions? Or bad reviews?

[mr_z_beeblebrox]

We're more than halfway through the year 2004. Isn't it time people quit judging the quality of Microsoft software by what happened almost ten years ago?

Don't peruse the post...read for comprehension. The person posted that they were holding off on applying the service pack because it might break stuff and I said I had been doing this for ten years and could only produce one example and all I took from it was that you should test first. I did not say "don't apply the service pack" read the post you will also notice I have been running XPSP2 since its' beta. Don't call me Linux lover either I use the tools for which I am paid Linux is only one.

Re:Impressions? Or bad reviews?

[mr_z_beeblebrox]

Thank you, I believe you are correct.

All The Pretty Pop-Ups

[Parinioa]

Has anyone considered how the large number of popups from things like the firewall and other new security reminders is going to effect the apathy that most people feel about reading things that pop up and not just clicking OK on everything?

big frikkin OOPS.

[darkonc]

I hope you don't read code like you read slashdot posts! "I", "It" -- What's the difference (besides the meaning of the whole sentence)?

Upgrade versus point release

[LionMage]

I remember when MacOS X would require you to pay for upgrades

Nice troll. You only pay for major releases of OS X; minor point releases are free updates. Apple's still providing security updates for older versions of OS X (e.g., Jaguar) even though their focus is on the current release (i.e., Panther) and the next major release (Tiger).

This is the way it's been, and the way it will be for the foreseeable future. Of course, I'm sure you're one of those people who whined about Apple charging money to go from OS X 10.0 to OS X 10.1, but they gave a discount to early adopters, and even made the update CD freely available for a limited time in various stores such as CompUSA.

To use your parlance, and to bring this back to the discussion at hand, SP2 is not an "upgrade" the way you mean "upgrade" in the context of other OSes (such as MacOS X). Rather, SP2 is more analogous to a point release. An "upgrade" would be moving from, say, Windows 2000 to Windows XP. (Similarly, moving from MacOS X 10.2 "Jaguar" to 10.3 "Panther" is an upgrade.) SP2 for Windows XP is thus more analogous to, say, moving from MacOS 10.3.4 to the newly released 10.3.5. Which was free, and didn't break nearly as many apps as SP2 apparently did for some XP users.

Re:Impressions? Or bad reviews?

[Mr+Guy]

Except in Windows you run BY DEFAULT as a power user. I don't think I've ever personally seen a home user NOT run as Admin in a Windows environment.

Forged IP Stack

[nurb432]

Soooo, the next worm/virus just installs its own IP stack..

Restriction problem 'solved'.

Re:Wonder how many....

[Skrekkur]

Although rather strange and offtopic material you seem to be able to write and perhaps write something ontopic here(equally as detailed) and fiction/lifestories elsewhere ;)

And you're not helpful.

[plover]

I answered his question with Microsoft's own words. If you bothered to read them, Microsoft only said:

• XP SP2 will not send TCP packets over raw sockets.
• XP SP2 will not send UDP packets unless their source address matches one of your network interfaces.

Microsoft did not say raw socket sending was disabled. As a matter of fact, they implied it's still allowed with this line: "the ability to send traffic over raw sockets has been restricted in two ways" [emphasis mine]. Not "disabled", but "restricted". They just said that now they won't allow you to send certain flavors of packets over a raw socket.

As others have already pointed out, ping and tracert use ICMP, which are not on the "bad list." Both are stateless, and require nothing more than a reply from a host, so they don't require those hosts to allocate lots of expensive resources (a la SYN flooding.)

The only (semi-)legitimate use of raw TCP packets is for specialized networking tools, such as nmap. Apparently, Microsoft has ceded that business to the Unix world. Either that, or perhaps they'll offer a "Network Admin SDK" containing replacement drivers that will restore the ability to send raw TCP packets. At least they won't be present on the average home user's machine, which will be enough to deter the zombies.

You need the right privs to change ICF settings

[0xF1D0]

>> What is stopping the DDos software from
>> relaxing the rules itself?

The firewall (ICF) settings require a privileged account to change them.

MBSA 1.2 not compatible with SP2?

[scupper]

I read a post on ntbugtraq list about MBSA 1.2 not functioning properly with SP2. I checked out the TechNet MBSA site and found this notice:

New version, MBSA 1.2.1, needed for Windows XP SP2 compatibility:
Users of Windows XP Service Pack 2 will need to update their MBSA to version 1.2.1 for compatibility and deeper integration with SP2 security improvements. When MBSA version 1.2.1 is available later this month, Windows XP SP2 users who are running MBSA 1.2 will be automatically notified when they run the tool from the Start menu with an Internet connection.

I find this rather peculiar that Microsoft would release a security baseline analyzer AFTER they release a service pack like SP2.
The "Windows Security Center" installed with SP2 hasn't rendered the need MBSA analysis on the desktop obsolete. There are several features of MBSA for desktops that the "Windows Security Center" doesn't address. The MSBA 1.2 FAQ lists them all.

According to the "Manage Your Computer's Security Settings in One Place: Introduction" page on the SP2 site, the "Windows Security Center"...

...checks to make sure you have:

• A software firewall.
• An up-to-date antivirus program.
• Automatic Updates set to download and install updates automatically.

The MS Knowledgebase Article #883792 "Frequently asked questions about Windows Security Center" lists the same functions. Wouldn't it have been more useful to have issued the analyzer with the service pack, thus helping desktop home users ensure the correct configuration of the new security features they may inadvertently disable in attempting to resolve program network access issues arising from the installation of SP2?

I also wonder why MBSA 1.2.1 wasn't integrated in the "Windows Security Center". It seems an like obvious component to include in any "Security Center".

wscntfy.exe

Incidently, you can get rid of that stupid popup reminder to "update now, and save big $$!!" if you want.

Hit "F8", when you boot, before the Windows XP loading screen shows up. This will give you the boot menu. Select "Safe mode with Command Prompt".

Delete the offending file, "C:\WINDOWS\system32\wscntfy.exe".

Also, be sure to delete it's BACKUP, "C:\WINDOWS\ServicePackFiles\i386\wscntfy.exe".

No popup. No warnings that there's no popup. No warning that there's no warning that there's no popup. Just one less icon in the taskbar, and one less process running in the background. You can still use automatic update if you want, or do things manually.

Uh...it's broken

[rd_syringe]

It's quite clearly broken. You can see the jagged pieces and cracks. If it's stained glass, it's the worst stained glass ever and must have been made to conveniently look like broken glass...

You've got to be joking

[rd_syringe]

Did you check the Penny Arcade cartoon he was linking to? It's about the term "M$"--hence his use of the term "M$" to link to it.

Sigh.

Re:Impressions? Or bad reviews?

[cristofer8]

My experience with 3 computers has actually been a general speedup, especially for boot time.

Re:Impressions? Or bad reviews?

[devbobo]

Limiting outgoing TCP connections via the Windows Firewall is the smallest of problems relating to DCOM with XP SP2.

Security changes including new computer-wide DCOM restrictions and the blocking of anonymous DCOM connections with callbacks ( by default), means that DCOM apps that never really bothered to look at a proper security during design, will now need rework into order to operate with XP SP2. In some cases this will mean patches or new exes, and in some probably faqs to customers on how to setup permissions properly in dcomcnfg.

Re:Impressions? Or bad reviews?

[taycalmac]

Unbelievable as it sounds to ./ers my 5 years of service packing Windows boxes has resulted in 0 failures. Nothing. ...and yes, I run Mandrake, Fedora and Netbsd boxes as well.

Re:Impressions? Or bad reviews?

[Anonymous+Brave+Guy]

Windows XP comes with 2 free support incidents and unlimited free installation support.

And how much of that is valid where beta products are concerned?

The firewall is like, soooo secure.

[AllNicksWereTaken]

Yeah man, it's like sooooooo secure, so secure 3 lines of code can bring it down. --- Set objFirewall = CreateObject("HNetCfg.FwMgr") Set objPolicy = objFirewall.LocalPolicy.CurrentProfile objPolicy.FirewallEnabled = FALSE --- "secure Microsoft", what an oxymoron!

Wow, positive comments?

[MoeLassus]

I'm not at all surprised at those that whine about the problems with SP2 but I'm refreshingly surprised at the number of positive comments! Highly unusual for this bunch. =)

MOD PARENT DOWN. Re:Read the reason-

[shird]

That does not solve the problem. That is the number of connections, not number of incomplete connections, completely different. Please mod parent down.

Re:Impressions? Or bad reviews?

Problem solved except for the fact that you just disabled the NX (no execute) feature of your AMD64 chip which means code can execute from any memory page not just the ones marked execute. A better solution is to turn it off on a per process basis. I don't remember where that is done in SP2 but a search on google will probably turn up the solution. I think it uses the ImageFileExecution options reg key but don't quote me on that.

Secure firewall, right...

[AllNicksWereTaken]

Gee, Microsoft's firewall is so secure you (and any virus) can disable it with no longer than 3 short lines of VBScript code...

Set objFirewall = CreateObject("HNetCfg.FwMgr")
Set objPolicy = objFirewall.LocalPolicy.CurrentProfile
objPolicy.FirewallEnabled = FALSE

Re:Impressions? Or bad reviews?

[zors]

I was curious about that too, i can't get any bitTorrents to work, or is that an unrelated problem that i'm having?

Re:Impressions? Or bad reviews?

[Tzarius]

From The Onion:

Black Guy Doesn't Talk About All The Times He Didn't Get Discriminated Against

DETROIT, MI - Renald Boyd, 27, of course doesn't mention all the times he wasn't discriminated against, sources reported Tuesday. "I had the lease all set up through an agent," Boyd said. "But then, when I went in to sign it, the landlord suddenly started acting all weird and said he had to run out for a minute. We sat there for an hour before the agent got him on the phone, at which point the landlord said he was looking for a 'quieter type.' This country is insane." Boyd naturally failed to mention that the real-estate agent worked with him with no hesitation, and that the taxi he took away from the real-estate agency was only the second one that he'd attempted to hail.

This is the direct link, but it'll expire when this weeks issue moves into the paid archives.

I borked your mother.

True story.

Re:Impressions? Or bad reviews?

[king-manic]

From the article: "Although 43% said the SP2 installation had gone without a hitch, 49% of those contributing had problems ranging from minor to severe. A few contributors said they had to completely rebuild a system before they could get the update to work."

equivilent to saying . 43% went perfectly and the other 49% had problems varying from some minor trouble to getting shot in the face. tells us nothing. Most people had semi-broken systems to begin with so "rebuilding" xp to put the service pack isn't a huge deal. they would have had to eventually anyway.

Re:Impressions? Or bad reviews?

[prisoner-of-enigma]

And who's fault is that? Oh, I forget, if a Windows user is stupid, it's Microsoft's fault. If a Linux user is stupid, it's the user's fault. I'm so glad we got that cleared up.

Re:Impressions? Or bad reviews? Or didn't read?

[TeraCo]

Does that matter? MS can abandon the spec when it pleases them.

Maybe someone else will write a TCP/IP stack for windows, but it will be hard.

Re:Impressions? Or bad reviews?

[king-manic]

Age of Microsoft: 29 years
7 years as a percentage of Microsoft's age: 24%

Age of Linux: 13 years
7 years as a percentage of Linux's age: 54%

Age of Unix: 34 years (officially)
7 years as a percentage of Unix's Age: 21%

relevance: 0

XP is not NT or 95/98 or DOS. Linux is Linux. If yrou gonna put out a pithy graph then put this one out:

Age of Linux: 13 years
7 years as a percentage of Linux's age: 54%

Age of Windows XP: 3 years
7 years as a percentage of Windows XP's age: 233%

and you'd have a much more relavant table.

Re:Impressions? Or bad reviews?

[king-manic]

Perhaps your sysadmin skills are lacking. I've never had an issue with using 'emerge --pretend -uD world' to see what will be changed, looking at the release notes for the new versions, and emerging the things I should upgrade. Not only that, but I imagine you're one of those people who like to auto-merge the /etc files. If you make any config changes, that's a big no-no..

I'm a novice linux/unix user. it takes me 2 hours to install emacs. 3 if the box lacks gcc. Most of this is due to having to read docs, tryign to compile, reading more docs and tryign again. The problem is, being a linux admin is not my job so why should I have to go through that to install a friggin text editor ( and I will not use hand crippling VI). Sys admin skills are uniform either and you know nothing about his problems. Refering the the release note only help if you have experience with them. If you don't it's like reading up on how to do brain surgery in hebrew upside down while operating on yourself.

Re:Impressions? Or bad reviews?

[jamesivie]

OK. I solved my problem. Not exactly pleasant. It turns out that my BIOS wasn't the latest, even though my computer is only 2 months old. The latest BIOS solved the problem, and I didn't even lose any data! Given that they are expecting everyone to use automatic updates, seems like they should have done more testing to avoid situations like this. If I'd waited for the automatic update to install it, I'd have come in one morning and had a dead machine with no idea as to why. Not cool.

Re:Impressions? Or bad reviews?

[Feanturi]

From the article: "Although 43% said the SP2 installation had gone without a hitch, 49% of those contributing had problems ranging from minor to severe. A few contributors said they had to completely rebuild a system before they could get the update to work."

I've had SP2 installed for a few days and everything's been just fine. Doesn't seem any faster or anything, but everything's still working. It makes me wonder what kinds of junk might be in someone's computer that would cause such horrible problems as needing a rebuild to get working again. Actually, there's a clue there: It is implied that, after problems with the update, a fresh install was performed, and then the update worked. If SP2 works good on a fresh install of XP (and we're talking the same machine here, that had problems on a polluted OS), then the problems were most likely caused by some crap that was on the system before, that shouldn't have been there in the first place. That probably also means that SP2 is working properly on machines that haven't been all crapped up with junk.

Which would also mean that Microsoft isn't at fault for those trashed machines. There I said it.

Moderation? Or bad extremism?

[Doc+Ruby]

I defend myself from comments about my ass, with facts and citations. So my post is Flamebait, and a Troll:

Starting Score: 1 point
Moderation -2
50% Flamebait
50% Troll
Extra 'Flamebait' Modifier 0 (Edit)
Total Score: -1

but the AC post which baited my flame with a troll is unmodded.

Re:Moderation? Or bad extremism?

[CountBrass]

More fool you for feeding the trolls. But, hey it's only Karma: I have loads and I'd ship you a couple of points if it was possible ;-)

Re:Moderation? Or bad extremism?

[Doc+Ruby]

I'll get your karma points when I'm you, further downstream, Count Brass ;).

Re:Impressions? Or bad reviews?

[murdocj]

A reasonable answer to your question is that people have less desire to criticize the superior product.

This sounds an awful lot like "I'm right, therefore I'm right".

Re:Impressions? Or bad reviews?

[qbwiz]

Microsoft has been headed by Billy G. (generally) for the last 29 years. Linux has been headed by Linus (generally) for the last 13 years. That's the relevance: within one organization you would expect to see continuity of character and action. The organizations have their own cultures that give them continuity.

Linux's culture does not exactly date back to the beginning of Unix - many people that were involved in early Unix (Ritchie, Thompson) are not involved in Linux. Many (though not all) of the people who were involved in the beginning of Microsoft are still involved.

XP was put out by the same people that put out NT, 95/98 and DOS. Remember that we weren't comparing DOS and XP patch strategies, we were comparing XP and NT 4.0 patch strategies. Are you willing to claim that Microsoft has changed completely since the days of that NT patch, and that their past actions are completely unrelated to and have no bearing upon their current actions? With Linux, that's plausible - it's had a lot more time, relatively, to develop, whereas Microsoft has had relatively less. Microsoft was already getting fixed in its ways; Linux has been more dynamic.

Are you willing to say that Linux 0.0.1 (terminal emulator/os) is as similar in design, concept, and completeness to Linux 2.6.7 (full-fledged Unix work-alike, server and possibly desktop kernel) as Windows 3.0 (GUI system running on DOS) is to Windows XP (GUI system replacing DOS)?

Re:Impressions? Or bad reviews?

[Draknor]

Many mass-market users don't really know about the wonderful software available online. If they don't see it on the shelves of Best Buy and CompUSA, it doesn't exist in their reality.

Somewhat related example - I was working on a database extract with someone today. He was trying to count columns and ensure the fields were lining up in this ASCII extract file - in *NOTEPAD*. He called me up because he was having so much trouble - apparently Notepad breaks lines at 1024 characters, whether you've got word wrap on or not. Since this format is 1670 characters / line, he was having serious trouble trying to figure out if things were lining up.

The first thing I told him to do was download Crimson Editor, a great freeware text editor (one of many), and his job all of a sudden got an order of magnitude easier!

He's an intelligent guy, knows his stuff (moreso than your average grandmother), but just didn't realize the plethora of tools available online, for absolutely free. There's a lot of people like that.

Registry entry for stopping SP2 auto-update

[extra88]

I downloaded the XPSP2BlockerTools.EXE and there are a number of different ways of deploying it but it's simply a new value in the registry. Save the following in a text file ending in .reg and merge it into your registry. In case Slash inserts spaces, there are *no* spaces in these lines.

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\ Microsoft\Windows\WindowsUpdate]
"DoNotAllowXPSP2 "=dword:00000001

Re:Impressions? Or bad reviews?

[Frizzle+Fry]

I have installed SP2 and I can't say that I noticed much difference to my machine

What difference do you expect to instantly see? It's a security release. Not only does it fix existing security holes (like any patch or service pack would do), but it attacks the root causes of the security problems. I have been running it since the beta and every single time there has been a "New IE Exploit" story on slashdot, I have tried it on my xp sp2 machine and the exploit hasn't worked. Not because the specific hole had been patched, but because of broad security measures. The reason it's a "linux killer" is that security had previously been one area where people saw windows as weak, but with its secuirty on par with linux (although not with something like open bsd) and it already fairly stable (admittedly, not quite as stable as the linux kernel), there would be much less reason for anyone to bother switching.

Re:Impressions? Or bad reviews?

[jaybird144]

I have seen plenty of Linux users run everything as root. Technically, by default, all you need is root on a Linux platform. What's the difference, except for the knowledge not to do that (which does seem to be more prevalent among Linux users, but that could easily be attributed to the higher learning curve).

Re:Impressions? Or bad reviews?

"This is what is supposed to happen, the firewall is turned on now by default, and from a security standpoint this is a good thing."

I don't think you understand that the problem is NOT the firewall, but the TCP/IP stack. You *can't* turn this off, and it will break anything that needs more than 10 half-open sockets, not just P2P apps.

Re:Impressions? Or bad reviews?

[rtb61]

Linux dosen't need to be a windows killer, windows is a windows killer. Switching operating systems in terms of a global market does not heppen overnight, it takes years.

No company can ever escape from it's past abuses of it's customers, just because microsoft are attempting to finally improve the software as a result of the threat of Linux does not make them an acceptable choice over the short, medium or long term.

We know what they are like with out effective competition. With out Linux they would still be the same abusive company with a disgusting OS and the internet would be virtually unusable, email would be a dying joke and everybody on the planet would understand what BSOD means.

Re:Impressions? Or bad reviews?

[Shanep]

I bet most of that can be chalked up to simple carelessness in installation.

Would not surprise me.

I am no MS fan, however I went ahead with installing SP2 onto my XP Home install, which had Kerio Personal Firewall running, Norton Antivirus 2003 running and Spybot S&D Resident running. I keep Ghost images and have been meaning to move back to my latest clean image, which is why I was so reckless (I wanted to preview it first).

I had to click a gazillion times to appease Kerio and S&D but it eventually finished, seemingly without any issues once it was all done.

Re:Impressions? Or bad reviews?

[BobTheAtheist]

I installed SP2 on a tablet pc and the first thing I noticed was the pen input and handwriting recognition etc was much improved. So there were some improvements there, although most people will never them.

Re:Impressions? Or bad reviews?

[flonker]

By hacking the DLL

Re:Impressions? Or bad reviews?

[jedrek]

Actually, it's often the application writers fault. For example, Flash MX 2004 will not run with a level lower than power user. So everybody at an interactive design firm that needs to run FMX will be doing so as an Admin or Power User - and MS has nothing to do with it.

Re:Impressions? Or bad reviews?

I do not understand your comment. Either Linux has less severe security problems, greater reliability, etc. or it doesn't. Someone unbiased third party could compare Linux and XP and see which is better.

Just one question...

[ZxCv]

A gun in the hands of a policeman generally helps our society be a safer place. The gun in the hands of a criminal generally does the opposite.

And what about the vast majority of people that want to own a gun--those that are neither a policeman, nor a criminal?

Oops, make it two questions... Have you ever even used nmap?

Re:Just one question...

[dpilot]

I'm one of those in the middle - I have nmap and Nessus installed on my laptop. I use it to do security scanning at home and for friends.

Nor do I have any problem with target shooting or hunting. (as long as you eat what you kill) I'm a little queasy about people who own a gun for home protection, but only because the (admittedly anecdotal) evidence I've heard indicates that those people can be more dangerous to themselves and innocents than to criminals. By the way, I neither hunt nor shoot now, but I did get the rifle and shotgun merit badge, decades ago.

Re:Impressions? Or bad reviews?

[dave420]

It works fine installing over SP2 beta. The update recognises it, and makes the changes for you. Though I agree whole-heartedly with everything else you said. Plus, that broken window is just immature beyond belief. Would slashdot like it if windows sites had logos of Tux being gang-raped by polar bears, or smoking a crack pipe?

(and yes, I know polar bears are from the artic, and penguins the antarctic)

Re:Impressions? Or bad reviews?

[dave420]

Slashdot - the Fox News of IT

Re:Impressions? Or bad reviews? Or didn't read?

[dave420]

The same TCP stack which can be replaced in 3 seconds with a patched version off the net. I think it's a great idea. If you're pounding P2P, you're going to know about getting patches off the net. If you know that, you're also going to know about keeping your system non-zombified. It's a great way to ensure stupid users aren't making zombie boxes everywhere, yet let more experienced users keep the performance they want. Of course, it's microsoft, so to not be a troll, here's a little something - "boo! m$ sucks! linux rules! go tux!"

Microsoft p2p network technology

[TrippyZ]

I the update directory of the unpacked download there is a file named spnpinst.exe. Its properties state "Peer-to-peer Custom Setup".

Anybody know what this is about? I notice that group policy now has entries cover p2p and clouds.

Re:Impressions? Or bad reviews?

[antin]

I like it. It was extremely easy to install (a few 'next' buttons and a 'finish') and is giving me no problems at all.

Although I never really experienced a problem with Windows XP before SP2 (no viruses, worms, etc...) so it isn't like it has changed anything drastically, but the few littles things I have seen are nice.

Plus the new firewall seems to be a huge improvement over the old one (features-wise; regarding the actual security level of it I am not sure). It seems to do everything Norton Internet Security does - individual settings per program, open specific ports, subnets, ip addresses etc... And a minor thing that impressed me is that they seem to be playing fair with the default settings. The first time Microsoft ActiveSync (for my Pocket PC) tried to access the internet it got stopped - however Firefox and IE had no problems so I am guessing they have pre-allowed some recognized programs (either that or it doesn't care about port 80).

Anyway it is all very easy to use, and considering that it provides the firewall and monitors the status of your virus scanner (prompting you to install or update things), I am guessing most semi or non computer literate people will experience much greater protection than before.

As to slowdown, I have actually noticed the opposite. Before installing the service pack my computer was sometimes running a little bit slowly (as seems to happen with computers the longer you go between clean installs) but after the service pack everything runs more smoothly. I don't know if that is just a coincidence or if during the process of updating and replacing a lot of files things got cleaned up or orginized better.

SP2 vs. TrendMicro's Officescan 6.5 Firewall????

[BrianstormOC]

Does anyone have experience with Trend's firewall included with Neatsuite's Officescan 6.5? Specifically wondering how it stacks up compared to SP2. Haven't implemented Trend's firewall yet to my clients (mostly XP at this point on a 2003 domain)and am testing SP2. Thoughts or rants?

Re:Impressions? Or bad reviews?

"Your list of 'impressions' is nothing but bad things people are saying."

Well, since "SP2 works perfectly as everyone expected" is neither an interesting headline or a true one, and these aren't benchmark tests but the opinion of users, then the bad things people are saying ARE impressions.

Frankly, given the MS philosophy of "release now, fix later", I would be deeply suspicious of positively glowing reports...yeah, I'm biased, but as the saying goes: "Fool me six times, shame on me, fool me seven or more, shame on you".

MS Official: Slipstream SP2 into Windows XP.

[Futurepower(R)]

Download the new Sysprep: Windows XP Service Pack 2 Deployment Tools. See these instructions in the Readme.txt file, which has the usual sloppy, uncaring Microsoft writing and editing:

* You cannot run Update.exe within an I386 directory to update a Windows XP installation to Windows XP SP2. You must run Update.exe against the entire contents of a Windows CD. If the entire contents of a Windows CD is not present in your installation share, Update.exe fails to complete the installation process.

1. Download Windows XP Service Pack 2.

2. At the command prompt, go to the folder where you downloaded the XPSP2.EXE file, and then type this command:

xpsp2.exe -x

3. When prompted, type the path from which you want the service pack to be expanded. For example, type:

C:\XPSP2

4. Create a temporary directory on your system and copy the entire Windows XP product CD to this directory. For example, type:

MD C:\INTSP2 XCopy CDROM Drive Letter:\*.* C:\INTSP2 /e

[Probably should be:]

MD C:\INTSP2

XCopy [CDROM Drive Letter]:\*.* C:\INTSP2 /e

5. After the previous step is completed, change to the directory that contains the Windows XP SP2 files. For example, type:

CD C:\xpsp2\update

6. To update the Windows XP files to include SP2, type:

update.exe -s c:\INTSP2

This procedure results in an I386 directory updated to Windows XP SP2.

Alternatively, see How to slipstream SP2 into your XP CD.

Re:Impressions? Or bad reviews?

[horza]

I use emerge -p for doing this too, and I'm very cautious because I've read how this command can bork your system.

I use emerge -p to check what dependencies are being dragged in. It won't help to see if an upgrade will bork your system. If you do an emerge -u world and it borks your machine then don't try and fix it. The chances are it's borked a lot of machines and the first person to fix it will contribute it back to the maintainer who will put the patch back into portage. I've had an emerge -u world bork my machine a couple of times; I waited a couple of hours and then "emerge sync; emerge -u world" and it then worked fine.

Phillip.

We are on NT4 SP6 mostly

[midgley]

With a move to W2k for machines that need USB kit plugged into them, and I quite like it, and one machine - this one running XP. I keep thinking of putting W2k on this one, but so far it has escaped.

The other working machines have Linux on them, but one DOS application requires we continue with some sort of MS OS for a while longer.

We are small, but in no othr way unusual in being on those older versions.

Re:Impressions? Or bad reviews?

[Robert+The+Coward]

1st I believe he was talking about uninstalling the beta or making an install that would install over the beta. I don't think he was talking about the AV or Firewall.

Re:Impressions? Or bad reviews?

[Cyberdog00]

Because this story is about Windows.

Re:Impressions? Or bad reviews?

How about Tux being eaten by a seal, as often happens in the Antarctic.

Re:Impressions? Or bad reviews?

[dave420]

Not nearly childish enough ;)

Re:Impressions? Or bad reviews?

[aonaran]

I like Gentoo, I used it for quite a while, but people have to stop using Gentoo just because they think it will make their computer faster.

Gentoo is what I'd term an "Extreme OS" (Linux from scratch and Slackware also fit this bill) It compiles the whole system from scratch and allows you to configure everything. This is a good thing, but only if you actually understand how everything works, or are willing to make a fair number of sacrifices of your time to learn how it all works *when* (not if) things go wrong.

Gentoo is great for teaching average sysadmins to be great sysadmins, and it is good for developers in the community, but it is not the ricer system that it's often promoted as. It makes no difference if you save a few CPU cycles opening OO.o if you wasted thousands compiling it from scratch and bogging down your system for 1/2 an hour.

It also doesn't save you space like some would imagine, because even though you only install what you want you also install all the source for it. Sure you can remove the sources from the system once it is installed, but I'd venture that most people don't. My Gentoo system took 12GB of disk space when I removed it, the Debian system with the same software installed takes 3GB.

I'm not saying Gentoo is bad, Debian is good. For me and I imagine many others Gentoo is good for learning, but for stability you want something else. By stability I mean not so many huge critical changes that can potentially break the system if you aren't paying attention, and a good system of testing BEFORE release to the general populus. Gentoo is getting there, but other distros are still way ahead in this respect.

I started off where most people do with Red Hat, then Mandrake for more up to date packages, I moved to Gentoo to learn more and try to make my system more mine, but in the end I settled on Debian as being somewhere in the middle between Mandrake's simplicity and Gentoo's cusomizability.

I would never recommend that someone without a degree in CS or heavy programming experience jump straight into Gentoo. Good as it is it is just too much to deal with for even your average admin.

I certainly wouldn't recommend it for production servers in any type of business environment, but for development systems it kicks butt.

Anyway, that's my 2 cents on the issue. Back to work.

Re:Impressions? Or bad reviews?

[Frizzle+Fry]

You're right. I was saying that most of the important stuff is security improvements that won't be obvious from running it for a few hours. But as a service pack, I'm sure it also contains plenty of bugfixes like the ones you describe, and fixes for some crashes and memory leaks and the like. I shouldn't have implied that it is only a security update.

Re:Impressions? Or bad reviews?

[NatasRevol]

Yes...see my sig.

Re:Impressions? Or bad reviews?

[Wile_E_Peyote]

I think both Linux and Windows have their strengths and weaknesses, but my point wasn't to get into which is better. I use each for different reasons.

My point was, every time one of these discussions comes up, just as with politics; people start spouting their beliefs without listening.

Which is better, MS or Linux? I don't think that question will ever be answered, not to everyone's satisfaction.

Re:Impressions? Or bad reviews?

[TheGrayArea]

dcomcnfg -- ugh -- welcome to my nightmare. Been there, done that with some really crappy apps and components. Total ugliness.

Real Solution

[jcarle]

Anyone who's interested in a REAL solution that eliminates the changes to TCP/IP connection limits by Service Pack 2 should go to this site:

http://www.lvllord.de/index2.htm

This patch DOES work and fixes the REAL issue which is a change to the TCPIP.SYS file.

NOTE: If you ever re-install or repair your TCP/IP protocol or your network system/drivers/files, then you will need to re-run this patch since windows will replace the TCPIP.SYS file with the one on your CD.

SUGGESTION: If you want to modify your XP CD to include a patched TCPIP.SYS after you slipstream the CD with Service Pack 2, you can follow the guide below: http://unattended.msfn.org/xp/hacked_files.htm Cheers

MOD PARENT UP( was:Re:Impressions? Or bad reviews?

[Mhtsos]

Amen! Windows is plagued by application wanting to be "Administrator" for no good reason. That, and the absense of a convinient su command.

Re:Impressions? Or bad reviews? Or didn't read?

[Mhtsos]

This can be accomplished by Microsoft offering alternative uncapped versions of the TCP/IP stack. These restrictions are good Ideas for the average user. What is wrong is the user's inability to deactivate them if he sees fit.

YOU ARE AN IDIOT--THAT IS ALL

Re:Impressions? Or bad reviews?

[Mr+Guy]

Which part of the word "default" do you have trouble understanding?

sp2

see me i think sp2 is a good update

it did not slow down my ie downloads

Apache

[mgcarley]

I (as a web developer/web application developer) had on my laptop an slightly unusual Apache 1.3.29 install (W32, of course) so that I could faux-navigate a customers website without actually plugging in to anything (Often got "wow, how'd you do that" from them ;))

Anyway, what I had was an abnormal set of IP addresses for the sites I was working on - 127.0.0.1 being like, the main/root site, 127.0.0.2 being my own site, 127.0.0.3 - 127.0.0.10 being sites I updated/tinkered with often, 127.0.0.11-127.0.0.x being other customer sites.

After I installed XP SP2 on the laptop, (even with the firewall turned off), all those lovely IP addresses (except 127.0.0.1 and 127.0.0.1/sitename) stopped working.

:(

So far, though, thats the only problem. I s'pose I could buy a Mac... or install Linux on it. Heh.

Re:Impressions? Or bad reviews?

They should have the good sense to uninstall the beta service pack first and go back to the SP1 they had before, then install SP2.

Or follow the examples of others who have successfully installed SP 2 RTM over the top of SP 2 RC 2. That's what I did on one PC when SP 2 RTM came out. No problems, just smooth operation...

Updated a 2nd PC today. No problems, just smooth operation, including the Linksys USB Wireless network interface...

slow transfer rates

after installing sp2, It's impossible for me to upgrade any of my software due to insanely slow transfer rates through IE and Mozilla (~2kb/s) is this because of the incomplete TCP thing? I just wish I could get my drivers and such up to snuff. Its that time of the month :/