Slashdot Mirror

← Back to Stories (view on slashdot.org)

Windows XP SP2 Impressions

Posted by michael on from the do-you-feel-lucky? dept.

A roundup of concerns and problems with Windows XP SP2 from the early adopters: Many, many users are reporting problems with SP2 limiting outbound TCP/IP connections. This appears to be nailing anyone who makes heavy network use of their machine, including especially users running P2P applications. A Microsoft blog rounds up some reports, as does SANS. Microsoft has objected to people helping them distribute SP2.

8 of 683 comments (clear)

  1. Raw sockets by ikewillis · · Score: 4, Interesting

    There are numerous unconfirmed reports coming primarily from the nmap mailing list that SP2 has removed support for raw sockets. However the ping and tracert utilities, both of which use raw sockets, still seem to function correctly. Perhaps only signed executables can use the raw sockets interface?

  2. Read the reason- by baudilus · · Score: 4, Interesting
    From the note:
    Limited number of simultaneous incomplete outbound TCP connection attempts
    Detailed description

    The TCP/IP stack now limits the number of simultaneous incomplete outbound TCP connection attempts. After the limit has been reached, subsequent connection attempts are put in a queue and will be resolved at a fixed rate. Under normal operation, when applications are connecting to available hosts at valid IP addresses, no connection rate-limiting will occur. When it does occur, a new event, with ID 4226, appears in the system's event log.

    Why is this change important? What threats does it help mitigate?

    This change helps to limit the speed at which malicious programs, such as viruses and worms, spread to uninfected computers. Malicious programs often attempt to reach uninfected computers by opening simultaneous connections to random IP addresses. Most of these random addresses result in a failed connection, so a burst of such activity on a computer is a signal that it may have been infected by a malicious program.

    While the reason is valid, I don't see anything about if/how this is user configurable. It would be nice if you could actively turn this off, and/or grant certain programs (doom3, kazaa lite, iTunes, etc.) to have "unlimited" access.

    Then again, this is all conjecture, because I haven't installed it yet and don't know if this actually is possible. Someone care to comment?
  3. Heh by Hanna's+Goblin+Toys · · Score: 4, Interesting

    So they added a firewall which asks you if a program can access the Internet, but allows all the Microsoft ET-Phone-Home software to bypass its own firewall, thereby giving all non-Microsoft software a built-in disadvantage to not being released by the monopoly.

    Interestingly, this means that worms and malware authors need only make themselves appear to be Microsoft software (if Microsoft can bypass its own firewall, the credentials will be reverse engineered) in order to continue to spam from zombie boxes without informing the user.

    Secure Computing, yay!

  4. Re:Impressions? Or bad reviews? by Doc+Ruby · · Score: 4, Interesting

    When 49% of installers have problems, the bad reviews tend to crop up. I submitted a story about how 30% of installers reported "minor problems", like non-Microsoft browser incompatibility (the other 20% presumaably had major problems). So this story is actually spinning the SP2 problems more blandly than half its users would say themselves.

    --

    --
    make install -not war

  5. Re:Impressions? Or bad reviews? by _Sprocket_ · · Score: 4, Interesting


    How is it that there are plenty of things going wrong?

    Something can be overall workable even with a slew of minor issues. Windows has a history of this.

    A better example is my Linux (Debian and SuSE) environments. I am very happy with them even though there are plenty of bits and pieces I'd like to see improved / fixed.
  6. P2P issue by weave · · Score: 5, Interesting

    Control Panel -> Add/Remove Programs -> Windows Components -> Networking Services -> Peer-to-Peer "Enable Peer-to-Peer Networking Services."

  7. Re:Anybody concerned about "download logging"? by fzammett · · Score: 4, Interesting

    I've already experienced this "logging" (much to my surprise)... Downloaded an EXE the other day (yes, from a known good source) and clicked it to run... The thing popped up a dialog asking if I wanted to run the file because it's source is not known and might not be trusted, or some verbiage to that effect.

    Wah? I thought?

    So I clicked a couple more EXE's that were already on my system. Nope, no warning. Copied one over from another machine on my local network. Nope, no warning. Downloaded another EXE. Yep, warning.

    I think it could get a tad bit annoying to someone like me that knows what I'm doing, but (a) I think I saw an option to turn it off on the dialog, and (b) it's I think a great idea for someone like my mom, or even the so-called "power users" who just THINK they know what they are doing.

    I don't know if that's the logging that's referred to, I haven't done the requisite research to find out. But I suspect it is, and if it is, it strikes me as a good, non-sinister thing.

    --
    If a pion (n-) collides with a proton in the woods & noone is there to hear it, does lamdba decay into the source pa
  8. Re:Impressions? Or bad reviews? by NivenHuH · · Score: 4, Interesting

    So, if someone messes up a Linux "service pack" application, they're an idiot and Linux shares no blame, but if they muck up a Windows box, Microsoft is totally to blame. Yup, that makes all the sense in the world...if you're a Linux zealot.

    Way to quote me out of context.. The parent was complaining about 'emerge -uD world' killing his system. I said he was a lousy sys admin for not checking what he was installing; a precautious (good) sys admin will only upgrade what is needed reguardless of what platform you're administrating.

    Microsoft should be blamed for faulty service pack installations as they don't allow you to pick and choose (as far as I know) which portions of the service pack you'd like to use. (If they do, then.. I'll bite my tongue and retract that statement.) If I don't want to cap my incomplete TCP sessions (for whatever reason), then I won't install that particular update.

    If you're worried about RPM dependency hell, go download rpmfind (or use the two other solutions you suggested in your post). My statements are based off of the general bloaty-ness of the OS. Do we really need progman.exe, mplay32.exe, grpconv.exe, etc.. in the latest releases of Windows XP? Do we really need Windows 95 compatability 9 years later? Like I said, if I were a OS developer at Microsoft, I'd be pissed off that I have to keep all of that stuff from 10+ years ago in my final product. Hopefully Longhorn will have most of that stuff trimmed down...

    --
    Just when you make it idiotproof, some idiot builds a better idiot.