Slashdot Mirror
Last Words On Service Pack 2
thejoelpatrol writes "So did Slashdotters call this one? Windows XP SP2 seems not to be so secure after all. A Register reporter goes in depth to find out just how safe a fresh install is. He provides a list of which dangerous ports are left open and which services are left on by default. I guess now we know why Microsoft's security timetable is 10 years." Reader ack154 writes "ZDNet is reporting that many Dell Inspiron users are reporting an extreme performance decrease since installing Windows XP SP2 - decreases as much as from 2.6ghz down to 300mhz. Dell claims no responsibility, claiming it is 'externally loaded software' and they don't support it. In the mean time there has been a fix posted on Dell's forums, which rolls back the processor driver." Finally, Marxist Hacker 42 writes "Amid complaints of too much XP Service Pack 2 coverage on ZD Net, David Berlind writes that Service Pack 2 deserved the scrutiny it got- and charges that it failed to live up to Gates' Trusted Computing Initiative." Finally, Microsoft warns that installing SP2 on a spyware-infested PC is a bad idea.
Finally, Microsoft warns that installing SP2 on a spyware-infested PC is a bad idea.
This should read, "Installing Microsoft Windows on *ANY* PC is a bad idea."
Sorry couldn't help myself.
The friendliest digital photography forums on the net!
I heard that SP2 enabled the Windows firewall. I don't know if it does or not.
I have a default install of WinXP on my work laptop. SP2 came out from automatic updates and was installed on my machine. Two days later IT sent out a memo not to install it until they had finished testing it. Oops. Oh well. I'll just not say anything.
A coworker and I were messing around at work and he was RDC'ing to a server upstairs. I asked him how often he used RDC and pattered on about my sshd on my home boxen but that I hadn't set up the remote X server. Eventually we both blinked and I asked him if he'd ever tried RDC'ing into another employees system. He shrugged and we decided that he should try to RDC to my computer across the office.
So he did. Now I had SP2 installed (sshhh!) but, amazingly, he was given a login box. When he entered his u/p combo, authenticating through our domain server so as not to deal with local accounts on my machine, he was presented with a box which warned (pph): "The user blahnameblah is currently logged in on system BLAHNAMEBLAH-CPU. If you continue that user will be logged out."
WTH? He's RDC'ing into *MY* system and HE gets the option to kick me out so that he can login? Well... we tested it, it worked. I was logged out and he happily logged in to browse my files. What's more, his account was magically created on my system and the default policy was to allow him the access to modify all the files on MY HD.
Some security... thanks SP2... or whatever.
+++ATHZ 99:5:80
I asked for holes in 98SE, not in Internet Explorer. I know better than to let IE connect to the internet.
"They redundantly repeated themselves over and over again incessantly without end ad infinitum" -- ibid.
That's the biggest security hole as far as I'm concerned. It magnifies the potential danger of any remote exploits substantially.
But if there are no remote exploits, what danger is there to magnify?
"They redundantly repeated themselves over and over again incessantly without end ad infinitum" -- ibid.
You get what you pay for. Dell's mix and match construction almost always means SOME piece of software isn't going to work with your system. Worst researched, worst designed PC products on the market IMHO. They are as cheap as their roots. What a suprose that they have some bug that doesn't work with SP2!
If you want to get a real laptop, buy IMB, or go for Alienware. I've never had a problem with either since I dumped my Dells, and I will never go back.
"Curiosity killed the cat, but for a while I was a suspect."- Steven Wright