Latest SP2 News
Xformer writes "It seems that SP2 for Windows XP isn't as secure as Microsoft touts it to be. Heise Security has uncovered two flaws in SP2's bolstered security measures, both of which may be used to get around the new trusted/untrusted executable origin checks. Of course, who would be surprised by this?" Reader EtherNetFreak writes "Well it appears that at least one hotfix is already available to fix yet another bug in Windows XP, post SP2 application." Reader Finalnight writes "'Microsoft Corp. yesterday delayed yet again its oft-delayed Windows XP Service Pack 2, this time postponing the patch's distribution through the company's Automatic Update service.'"
*Shrugs*
My pics.
This makes me wonder how Microsoft, as well as many other large software corporations, manage security patches and quality assurance of their software. Is the problem with there being so many people working on different projects that they do not communicate and therefore things get overlooked, or is it due to the complexity of the software, or something else entirely? I couldn't imagine how someone could manage 'security' for Windows (or any similarly large project) and be 100% sure of what all the technical staff do. Does it come down to having more meticulous software engineers and rigorous testers? How would people recommend this be done? I'm sure the typical "make it open source!" answer will be given, but if that is not an option, how do companies who are more successful at this do it?
in SP2. They've gone through pretty much everything, re-hashed a lot of stuff, sometimes on a very deep level. Tons of bugs were fixed. There's not a software company in the world that could release something like this with zero bugs. Not even demi-god Linus Torvalds is capable of such a monumental technological feat as releasing code without bugs.
Having said that, it's all about risk management. If you're willing to postpone SP2 roll out in your org you've got to estimate the risks of not rolling it out, too. As I said it fixes a lot of issues, and if there's a bug or two the benefits still outweigh the risks by a wide margin.
How's sending .gif and asking to run cmd on Windows XP system is any different from sending .gif and asking to execute perl on Linux or BSD?
My other Beowulf cluster is... er...
From my perspective based on the size of SP2 I'd say it's a new OS. Two patches/flaws in a MS OS is darn good. Kudos to Redmond.
I just got a new 4th gen iPOD, which I can write to on Linux, but can't get to work on my XP-SP2 Windows dual boot machine.
Guess what I'll be uninstalling next...
..........FULL STOP.
No wonder Windows '95 was so nice and stable, huh? Happened long before the bad new days of outsourcing ...
I mean, let's be serious. I'm not defending Microsoft because let's face it, they have allowed some pretty serious security flaws to get into Windows in the past. But the article does mention "social engineering" and I ask you, isn't this at the root of many, many security issues? I'm not saying Microsoft is never to blame - not at all. But what I wonder is how much damage has to be done before the typical user just sits down and LEARNS a little about security. I am honestly appalled at the number of computers I see that are on the internet without ANY form of anti-virus protection - much less a firewall. Computers are certainly much more complex to operate than say, a car - and we make people go through a whole course and take a test before they're even legally allowed to drive one. Why? Because they can end up killing someone, or themselves, if they don't do it right. With a computer, it's not that severe, but you can still do some major damage (or have it done to you).
Put it this way. If the average user took the time to learn just a little more about this device that is a BIG part of their lives, and how to keep it and their private information secure, would security really be as massive of an issue as it is today? I will say this, though - I'm glad Microsoft has turned the firewall on by default in SP2. I know it's going to cause a lot of headaches, but think about it - a lot of people are hearing about a firewall for the first time thanks to SP2. Hearing about it, and being FORCED to deal with it, is a big step for the average user towards learning more about security.
I don't know about you, but just being Open Source fan unfortunately does not mean I can stay away from Windows.
:)
In the real world, we have jobs and PHBs and spouses who don't want to disrupt things or break working apps (Sims for the missus, god help me if I break that one!).
I think the SP2 stories are required reading at the moment, and at the same time, I am glad the comments are littered with cynical remarks and questions. We need to question the motives of these companies, and we need to test SP2 to breaking point.
We want Linux to "take over the desktop", but at this point, as a compromise I am happy running Firefox and OO.org.
I won't try and say I dual boot, I find the thought of having to reboot an entire computer just to run one program absolutely stupendous, but when I get my linux bug I always have a knoppix disk lying around
liqbase
That's a very interesting point. "Zones" in Windows seem to be a feature slightly too technical for your average user (the ones who might really benefit if it was implemented well) but completely useless and potentially burdensome to people with even a moderate level of computer knowledge. That makes it an almost worthless feature, in my book. The novices won't know how to use it, and the experts won't care to.
I run Intego netbarrier on OS X (yep, shoot me) and man, these days I am on 56k k (shoot again)... :)
Getting 3 kb/sec and continuous alert sounds, I wondered what the heck happened, checked logs.
A new stupid lamer virus checking my port 135. I am on OS X right? FreeBSD based? Got firewall? nothing helps. I am effected by STUPID windows and some jerks opening attachments.
So, I really hope SP2 will work as advertised, at least stopping viruses coding in VISUAL BASIC for Gods sake... I am not making any sarcasm. I hope it works and guess what? Only owning Macs, I watch all stories about SP2 with Yahoo alerts etc.
I'm one of those developers. I write OSS on Windows, because Windows does for me what I want. I'm not starting a windows vs. linux debate, but a maturity vs. immaturity debate. I can totally understand why people use linux. I really can. I even use it myself (tho not on my own desktop). I'd defend someone's right to use linux with all my might. Why do I get the feeling that sentiment wouldn't be reciprocated by the /. community? It's called objectivity, folks. If you want OSS to be respected, start respecting other operating sytems. Start respecting closed-source apps and developers, and they'll start respecting you more (they already respect you, but this cheap pot-shot name-calling only hurts that).
I find it increasingly difficult to talk to people who don't know about OSS and tell them how cool it is, because the community behind it is cheap. Really cheap. Are you all proud that you're bashing an operating system that your favourite OS is aspiring to replace? If linux had 95% of the desktop share, would you love it if people bashed it without any reason what-so-ever? Of course not. So don't do it to windows. Sure, pick up on the truly bad stuff, but also pick up the good stuff. Do the same for linux, as well. Be fair, that's all. Objectivity. It's your friend.
Anyway, I'll be called a troll for this. I don't care any more. I waste so much time wading through people talking out of their asses on here, it's hard to get to the actual stuff that matters.
But...
2) heavily biased towards linux.
So we are heavily biased towards linux, but still using windows. Right...
How are the two mutually exclusive ?
Linux is a very successful server operating system but so far it's desktop penetration is relatively low. Many people may be reading slashdot at work where they have no choice of what operating system is run on the desktop.
I personally run WinXP (cause I like games) but have used a Linux box as router in the past. So technically I use both windows and linux.
In fact there are many reasons to explain the windows desktop dominance even in a techie demographic like the slashdot readership.