Slashdot Mirror
Last Words On Service Pack 2
thejoelpatrol writes "So did Slashdotters call this one? Windows XP SP2 seems not to be so secure after all. A Register reporter goes in depth to find out just how safe a fresh install is. He provides a list of which dangerous ports are left open and which services are left on by default. I guess now we know why Microsoft's security timetable is 10 years." Reader ack154 writes "ZDNet is reporting that many Dell Inspiron users are reporting an extreme performance decrease since installing Windows XP SP2 - decreases as much as from 2.6ghz down to 300mhz. Dell claims no responsibility, claiming it is 'externally loaded software' and they don't support it. In the mean time there has been a fix posted on Dell's forums, which rolls back the processor driver." Finally, Marxist Hacker 42 writes "Amid complaints of too much XP Service Pack 2 coverage on ZD Net, David Berlind writes that Service Pack 2 deserved the scrutiny it got- and charges that it failed to live up to Gates' Trusted Computing Initiative." Finally, Microsoft warns that installing SP2 on a spyware-infested PC is a bad idea.
...deserve some extra 'X's.
Somehow, I doubt that these are the last words we'll see on the subject....
I don't get them moaning that there is too much scrutiny being given to this. It is going to affect 90% + of all the computers in the world.
Well, just wait 'til Longhorn. It will be way better...in like 12 years, or maybe 14...
FoundNews.com - get paid to blog.,
ZDNet is reporting that many Dell Inspiron users are reporting an extreme performance decrease since installing Windows XP SP2 - decreases as much as from 2.6ghz down to 300mhz. Dell claims no responsibility, claiming it is 'externally loaded software' and they don't support it. In the mean time there has been a fix posted on Dell's forums, which rolls back the processor driver."
Aren't 99% of drivers 3rd party software? The only thing MS does is bundle them together, but I believe that AMD or Intel et al are the ones who actually WRITE the device drivers. And if the performance of a new driver sucks, I'd chock that up to being a shitty driver, versus a shitty Service Pack...
This is why I didn't bother. My XP Pro with SP1 is protected with a firewall, updated virus scanner and Spybot S&D's innoculator. Running Firefox and Thunderbird and anti-spam software doesn't hurt as well.
I might add that the free/OSS I have protecting my machine weighs in considerably less in terms of combined file size then does SP2.
You want to know who isn't running Firefox 2.x? They spell it "definately" and "rediculous".
Things that i have been disabling as a rule, just like a "normal" procedure after a windows install - are still out there active on default and still need to be disabled. As the article says they are simply not required for home machine (in a vast majority of cases anyway). So what is this major security improvement they speak of if basic things that have been attacked for so long are left open?
Because I wasn't expecting that it would, but apparently somebody is. Unrealistic expectations also lead to insecure implementation.
Try not. Do or do not, there is no try.
-- Dr. Spock, stardate 2822-3.
I don't get why Microsoft insists on leaving so many services enabled by default. So many of them the average home user will not need, and like the reporter from The Reg said, if a sys admin needs those services, it will be trivial for him to enable them.
"With sufficient thrust, pigs fly just fine." -- RFC 1925
These news sure struck like lightning from a clear sky!
*phew*
I think I must sit down to recover from the shock.
Beware: In C++, your friends can see your privates!
Now all I need to do is go down to the grocery store and buy my copy of the Inquiror and I'm all set for news.
Tell me again why people other than rabid Microsoft haters read that garbage?
Of course SP2 isn't completely secure...neither is *gasp* Linux *gasp*. Nothing plugged into the Internet ever will be.
...not added on afterward. As soon as Microsoft realises this, they can placate people with XP SE 2, and work on incorporating security into LongHorn. This isn't a troll, just a plan of action that would make the most sense for them, maximise their inward cashflow, and still keep them on track (somewhat) for a release of LongHorn in 2006.
Find out about the Lexus Rx400h Hybrid!
I haven't had ANY decrease in performance. I have had a lot more stability with wireless networking now though.
You Could say that if you disable and enable everything mentioned there, configure your machine so it is secure, you should be OK. But the problem with that is Windows is meant to be the option for the user who doesn't want to be dealing with configuration and settings to get their computer working.
David Berlind writes that Service Pack 2 deserved the scrutiny it got- and charges that it failed to live up to Gates' Trusted Computing Initiative.
Okay, Mr. Berlind, did you actually fall for that and now you're surprised?
Do you have ESP?
If for some reason you DID load SP2 on a spyware infested computer and it is no longer booting just boot with the "Last known good configuration" option in the F8 boot menu. Uninstall SP2 (you may have to use XP system restore before doing this), remove spyware, reinstall SP2.
Whats the big deal? Seems all they did was add Security Center. No other enhancements I can see.
Is the author correct from a 2.6ghz to a 300 mhz. That seems a bit extreme if not exagerrated.
Yes, perhaps there are things that could have been done better in SP2, but the simple act of filtering inbound connections is a massive step forward in security for Windows users.
I say it's a "massive step forward" because there are literally MILLIONS of windows machines which are never updated, don't run any firewall software, and which are directly connected to broadband ISPs. The people running these boxes truthfully don't know what they're doing in these matters.
Right now, those poeple have NOTHING. Now at least they will have something, albeit limited. This is a major improvement. Even the old XP internet connection firewall, if it had only been enabled by default, would have prevented Blaster from ever happening.
Of course there are some questionable exceptions in the new firewall default configuration, and no doubt the next generation of worms will take advantage of those - but at least the bar has been raised a little higher.
"Microsoft warns that installing SP2 on a spyware-infested PC is a bad idea."
One word. DUH. If you even install sP1 on a spyware infested computer it can render it unbootable. I've run into atleast 10 machines this week that have had this same problem. I work at a university which is forcing students to install service pack 1. there are a lot of machines that can't even take the service pack because of the spyware the installs just hang or destroy the install on the computer. I feel bad for the students because they have to either format or pay to get thier comptuer fixed. It not thier fault or the universities fault. who would have thought forcing college students to update thier microsoft patches would be a bad idea.
At the moment my PC has a faulty DIMM (random crashes). It passes memtest but it is still faulty and the new one hasn't arrived yet. After installing SP2 my system has become much more stable and noticeably faster. And I don't use Windows' firewall for security as I've used Outpost Firewall for a year now.
.... The MS mindset of making people need them has resulted in a widely integrated manifestation of the user frustration function in their software.
Its this same manifestation of the application of doing things in software to "make people need them" that is causing all the security problems.
This security problem is not fixable by this mindset that cause it.
Its like an alcoholic or drug abuser, their mind is geard towards supporting the continuation of its vise. What I call a "self supporting dependancy". And under such conditions, as those who have admitted it and sough help, you have to have external help in order to be lead out of the blindness of the self supporting mindset.
Whos helping MS??? If anyone can?
> [Performance] decreases as much as from 2.6ghz down to 300mhz.
I'm not going to place any faith in benchmarks generated by someone who thinks performance is measured in clock speed.
Chris Mattern
FTA,
We look to ZDNet as a beacon of light in IT journalism.
(pauses)
BWAAAHAHAHAHAHAHA!
All I can say to this person, is 'look out for the oncoming train...prolly complete with windows logo and named "longhorn".'
IT journalism, brought to you from the same folks of Military Intelligence.
Have you read the moderator guidelines? Well, have you, PUNK? (and I want a Karma: Gnarly option)
In reading the article it almost sounded as though RPC, NetBios, and friends were still accessible under the default configuration. Is this the case or am I misreading the article or is the article incorrect? I was under the impression that the default firewall configuration in XP SP 2 was "accept nothing"?
And if I may make myself expressly clear on this point, this post contains no statements of fact, only a QUESTION.
What has *science* done?!? -- Dr. Weird (ATHF)
Finally, Microsoft warns that installing SP2 on a spyware-infested PC is a bad idea.
So basically, you don't want to install it on any computer running a Microsoft operating system that has been using a Microsoft browser or a Microsoft e-mail client.
Huh..I think I'm starting to see a pattern.
"reporting an extreme performance decrease since installing Windows XP SP2 - decreases as much as from 2.6ghz down to 300mhz"
From the MS website regarding minimum requirements for running Windows XP:
PC with 300 megahertz or higher processor clock speed recommended (source)
which seems to be just enough to keep the system running. Coincidence? I think not....
This sig contains repetition and redundancy.
These days, that's pretty redundant
Do you actually believe an article that has:
"Microsofties say they were more worried about Linux a few years ago, when it was a truly free program, spreading on its own, from user to user, like a virus."
The author insists on comparing Linux support costs to Windows product costs:
"If the Linux camp simply manages to create an operating system that does roughly what Windows does for roughly the same price, what will be the point?"
The author says the difference between support and the product is "semantics":
"... Red Hat
The author also drank some of the SCO Koolaid:
"You might need to buy insurance to protect you against lawsuits over intellectual property rights. (One outfit hawks such policies for $150,000 year.)"
Some other excerpts:
" IBM and Novell are pumping millions of dollars and mountains of brainpower into development of a commodity operating system--they are re-inventing the wheel."
Actually, I could just quote the entire article. I hope Daniel Lyons (author) got paid for his time in writing this press release for Microsoft.
Microsoft at least got some things right in SP2. Personally I usually run Linux. If you don't like it stop fucking whining and install Linux.
The more you know, the less you understand.
"DHCP Client, automatic. Unnecessary on most home machines. Should be disabled by default."
Now, I'm no fan of Microsoft (Windows free for over 5 years now), but this is insane. Evey home user I have ever helped needs a DHCP client so that their computer can get an IP off the university LAN or off their brand-spankin'-new broadband router. To disable the DHCP client means to turn off the interweb for the majority of users. Greene went a little over the top it seems.
Please don't mod troll or funny. I'm serious.
I think it's about time that we come up with as a community name for this law:
All the Odd Star Trek movies and Odd Microsoft service packs suck.
In all seriousness, it's service pack TWO!! I didn't load it just because of that and I'm dead serious. One of the guys decided to load it and sure enough, he's reloading his system from scratch. It will take the release of service pack 3 before I consider moving from SP1 and the current crop of hotfixes.
Didn't anyone learn anything from the NT service pack 2 debacle? How about NT service pack 4?? Now I know you are going to say service pack 6a but we all know this is the first time Microsoft uses an "a" and it should have been SP7.
"What the hell is an aluminum falcon?"
Security by obesity.
-- "Makes Little Debbie look like a pile of puke!" - Moe Szyslak
Athlon 64 3000+ => fine
Dell Inspiron 8600 => fine
Shuttle SN41G2 => fine
Frankenstein P3-933 => fine
Shuttle SN41G2 => fine (yes, I have two of them)
...Is that much of SP2 is designed to help protect users from themselves. The average Windows user has no idea what a firewall is and thinks a "precision date/time manager" is a pretty neat idea. He might even fall for those popup ads that look like message boxes. In this case, the extra warnings, popup blocking, automatic firewall, etc in SP2 are definitely very helpful.
Also note that many of the "flaws" in SP2 still have to do with users' stupidity. "A program running with admin privileges can make the security center falsely report that the firewall is on" - well duh, but why did you download that program in the first place, and why are you running it as admin?
The article reporter wrote a good security book that I reviewed on /. here, so I know that he preaches shutting off services you're not using proactively, because if there's an exploit that comes out, you won't be affected by it. But this is too much: he says MS should disable DHCP and DNS clients. If you need them, you can turn them on. But I think a lot of Windows users won't know how to do that, and will get frustrated with that level of lockdown. Also he says javascript should be off, but it makes it hard to surf the Web. In his book he says it's safer to use Thunderbird or Mozilla with javascript, which makes more sense. He should have mentioned that in the article.
Anyway, it's a good article; SP-2 is obviously more security talk than reality and it's about time someone looked at it carefully. I just think he overdid the paranoia level a little bit.
Get a grip -- anyone reading this that has worked with a complex software product can tell you that these sorts of upgrades inevitably involve gitches -- even more so where the vendor (Microsoft) isn't able to test all possible operating scenarios (i.e. combinations of vendor hardware and software).
You'd be an idiot to think that with the size of SP2, that it would install on hundreds of millions of different computers without some gitches.
The fact that there is such an easy work around (i.e. driver rollback) says much to the credit of the O/S. How many Linux or other operating system upgrades would allow you to roll back discrete components (e.g. individual drivers, resource managers, etc)?
I do agree that Microsoft could be more aggressive with addressing security issues.
Take a balanced view folks!
Who'da thunk all the servers actually have all the articles...
I didn't know processors have drivers. I figured that driving the processor was, most fundamentally, what OSs are supposed to do.
"My girlfriend's got sodium laureth sulfate hair."
I didn't bother for the very same reasons you listed. I also didn't bother because SP2 doesn't play well with Athlon 64 CPU's. Microsoft even suggests bypassing the update completely.
Because it's trying to start a holy war for a few cheap laughs. "WINDOZE SUX!!11LOLOLOLRLR!WTF" Can we collectively get over that now?
I like The Register, I really do. And Thomas Greene's a smart chap. But this article doesn't look right to me at all.
I'll spare you all the effort of reading it with a simple summary: XP has a zillion security-related settings, and Microsoft has been terribly irresponsible by not making the default setting the most secure one in every case.
For example, highlighted issues include:
- many services are "manual" rather than "disabled" (the sky is hardly falling so long as the services aren't running)
- the DHCP and DNS-client services are enabled by default (in particular, the former is actually used by many people)
- the QoS Packet Scheduler is installed by default (...and...?)
- the Windows firewall doesn't do egress filtering (which is an anti-trust case waiting to happen if it did, and a totally inappropriate feature for the overwhelming majority of end-users in any case)
- IE enables meta-refresh and javascript by default
There are some great points in the article (does IE really need 7 settings to control ActiveX?), but they're lost in the hysteria of trying to build a mountain out of molehills.
classification called "Boring" "Obvious" or "we've read it a million times". Personally I'd have given it a "redundant". Believe it or not you don't have to make exactly the same 'joke' in every MS thread, some of us can remember things from the day before.
The writer of the article is full of it and obviously knows nothing about Windows.
He claims that WebClient, DCOM, TCP/IP NetBIOS Helper, Secondary Logon, Remote Desktop Help Session Manager, Remote Access Connection Manager, DNS Client are all on or set to manual and should be disabled. Thanks, but I'd like to be able to use WebDAV, COM/DCOM, share files with a roommate/family member, use remote desktop from work, VPN into work in the first place, and resolve DNS hostnames thanks.
I might also add that he rails on Microsoft not taking advantage of multiuser capability properly then recommends that Secondary Logon be disabled for home users! Without it, Windows can't popup when you try to install a program or run Control Panel and ask for an admin password to proceed... which makes using a non-admin account a pain in the ass.
He also whines about these network drivers being installed:
Client for Microsoft Networks, File and Print Sharing, and the QoS Packet Scheduler
But perhaps he assumes everyone has one and only one PC in their home and has no wish to share files between them (yeah right). Oh, and you'd like to take advantage of QoS for VOIP or bandwidth throttling? Forget it if the driver isn't available.
With "genius" insights like these I certainly wouldn't trust this yahoo to install a toaster oven, let alone an operating system.
Natural != (nontoxic || beneficial)
DHCP Client, automatic. Unnecessary on most home machines. Should be disabled by default.
DNS Client, automatic. Unnecessary on most home machines. Should be disabled by default.
---
WHAT? Thank god 51% of us aren't using broadband.
"The user blahnameblah is currently logged in on system BLAHNAMEBLAH-CPU. If you continue that user will be logged out."
WTH? He's RDC'ing into *MY* system and HE gets the option to kick me out so that he can login?
Some security... thanks SP2... or whatever.
Remote Desktop worked like this before SP2 came out, to the best of my knowledge. Only one user can be logged onto the box at a time.
You don't make it very clear whether he would still have been able to log into your box if it wasn't through Remote Desktop - if he could, I don't really see why you're so suprised.
A setting to make it so you have a "protected" login of sorts would be handy, so nobody can boot you off no matter what, I agree.
If your admins did what mine did- they set a group policy in Active Directory to shut off the firewall on any machine that some nimrod installs SP2 on accidentally.
That's one of the reasons why I have to use a test network for all of my SP2 testing.
SJW: a person who perceives an injustice, and while correcting it, commits a greater injustice.
Among this guy's rediculous suggestions, he says users at home have no need for DNS and DHCP client services to be running. How in holy hell are people supposed to get on the net??
I can't believe they published this bullshit.
Jeremy
While The Register claims it has done an indepth evaluation, they didn't actually test to see if the firewall was blocking non-local subnet access to all the ports used by the services they were complaining about.
If they had, then they would have realised that this is nowhere near the big terrible gaping hole that they are making it out to be.
They also claim that activating a DHCP client is unneeded by most home users. That might have been true 5 years ago, but these days anybody with any kind of home network even if it is just a simple cable or DSL modem will typically need DHCP running. I mean good grief, come on! Even so, I know full well that while you are installing XP it asks you if you want to have your IP settings automatically configured and then DHCP gets turned on.
As for all their complaints about the Zones in IE, speaking as someone who has had to deploy extranet applications to part time casual workers who use their own home PCs to access it, the ability to have a trusted and a non-trusted set of security policies is a blessing.
All in all, I think this article has been poorly researched and written by people who fail to appreciate the bigger picture of what home users may need to do.
YOU'RE A TROLL! Longhorn will be out next year.
http://www.apple.com/macosx/tiger/
Oh, you meant Microsoft's version. Yeah, 12 or 14 is about right.
You don't make it very clear whether he would still have been able to log into your box if it wasn't through Remote Desktop - if he could, I don't really see why you're so suprised.
I'm not surprised that he could authenticate with out domain server. I'm surprised that RDC is enabled by default. I'm surprised that a remote login has the ability to kick a console login. That's just not security smart by any stretch of the imagination.
+++ATHZ 99:5:80
I'm currently running on a Toshiba Tecra 8100 (500Mhz, 192MB RAM), and after slipstreaming SP2 on to my Windows CD and doing a clean install it's running faster than ever. On SP1 I had to turn off all of the visual options (drop shadows, ClearType, Themes, etc...) or the thing would run at a crawl. Now I can have everything on and use custom themes without any slowdown.
I'll repost something I've written today:
:P~ - this means only good things for Linux, bad things for Micro$oft and sadly bad things for me (us) as we live in a M$ world - consider getting even more probes
#v+
well SP2 is IMHO funny they really haven't added anything useful to it
1] popup blocker - but hey I've got popup blocker in MSIE for like one yer thanks to - http://toolbar.google.com/ - and it comes with google search feture which is uber-cool. I install it on every XP client I touch so OK - popup blocker. how innovative...
2] hardened MSIE - well it is a myth. it is still the same MSIE, nothng changed beneath. still to deeply integrated in system, still with unsecure features like ActiveX - it is just they are turned off by defaut so first thing you will do is reebable thise features since without them nothing works. nice patch... really.
3] NX technology - well it is something but right now it makes no difference as it requires modern hardware and only few chips support that. and I'am (and I'am not alone here) probably not going to change (meaning networks I administer) hardware till it dies... so few more years to go without NX... and also to mention Linux has similar options (executable stack protection) for ages - aviable as patches f.e. PaX. (for kernel) and also few options (like pro-police-gcc) to glibc... and if you need you can recompile everything against those features as it is Open Source... again MS - innovative... really
4] new firewall - well good to see it but it has it's flaws. like it runs in user space, it is worse than other offerings. but still - this is feature I find nice.
what other things left? lets see...
5] new Windows Update - new but it sucks ass like ever. why can't make a decent patching service. it only requires a server and decent GUI for client. I mean jesus I can make such thing myself, just give me specs and some time and I could make it. options I would include:
* decent GUI for configuration with Active Direvtory support tu push configuration to domain
* setup proxy server for updates (f.e. local proxy server to limit bandwith use)
* free local proxy server software for updates. it even could be only on Windows. to have one machine cacheing updates in LAN - jesus it's being done in Linux so easly, I can set up my own updates proxy with Linux in like 3 minutes...
* option to choose which connection can be used for automatic downloads (f.e. I wouldn't like my system to pull updates when I am connected via GPRS mobile modem, but I wouldn't mind when it does when I am on corporate LAN)
* some better handling of applying those patches. maybe just downloading them and waiting (I mean waiting not bothering me to reboot manually) for next boot to apply patches while booting (no files locked)...
what else left "new"... oh the funniest thing! new Security Center applet in Control Panel - a place where you can se that you are "secured" (not to mention that you still can be 0wned) - weeeeeeelll in one thing Micro$oft is brilliant - marketing: people wan't secure Windows, tell them they are secure, show them nice icons telling them that they are secure - people can actually belive it that is in some way brilliant isn't it? too bad it does not work better security for me (and you)...
and also this hype with Longhorn delays due to shifting literally everybody to develop SP2 - what they actually developed? few icons? changed default settings? this requires whole resources of multibilion software gigant? that is pathetic for me... Fedora community alone (backed by Red Hat but still it is different scale than M$) can do amazing things like incorporating advanced MAC security with SELinux in months, and software giant can't make a basic security level with all theirs resources (oh and they do leave things unpatched, or issue things like disable login from URL as a patch, oh and update breaks like every 1 of 10 setups)? and still they say open source model is not superior? mehehehahhwhw...
Jon.
some nimrod
What's with the name-calling?
If your admins did what mine did- they set a group policy in Active Directory to shut off the firewall
That may be the case. Did I mention that ITs response, when everyone in the office scratched their heads over this insecurity, was to "turn on the firewall"? Is there any good reason to allow RDC on a default installation for an office machine? Is there any good reason why a remote login should have the authority to kick out a console login?
Sure, we can make up excuses like,"Maybe I left my session logged on at the office and now I need to login from home." Is that like not locking your doors because you might have left the keys in the house? It's just not bright.
+++ATHZ 99:5:80
So let me get this straight.
Many Slashdotters spends a good portion bashing Microsoft for security. What does Microsoft do? Take a good period of time to try to turn things around and release a secure product (SP2).
Now a few people are saying security problems may still exist or that a few isolated people have had bad experiences with SP2 and people here bash SP2 as a failure?
ARE YOU KIDDING ME? What planet are you guys from? Of course it's not PERFECT you idiots - no OS and application is, no matter how secure you design from the start or whatever overused bullshit line of rhetoric you want to use. mistakes will always be there and improvements will need to be made as the product grows.
Saying slashdotters called it just shows that very few here WANT Microsoft to be secure because then it would take away your favorite hobby of nonsensically bashing an alternative to your OS of choice. You can't ignore the fact that SP2 did make MASSIVE improvements for many millions of people to make them more security aware and that is not a bad thing, even if it is a start.
Sometimes I feel when I read this crap that most people want Windows to remain insecure only for their own selfish reasons and forget there are people on the other end of those machines. Why not praise Microsoft for at least making a step in the right direction? It's this attitude that doesn't help things one bit and only comes off as childish.
And BTW, the Register article had nothing really incriminating against SP2 other than they disagreed with some of the services and firewall features. Yes the WMI hole is there but it requires more than just sitting the box on the internet. Yet many dotheads will assume this means that SP2 is just sitting open like Windows XP was straight out of the box.
Here's a fact:
Put a Windows XP box on the internet and it will get infected with spyware and other crap.
Put an XPSP2 box on the internet and at least you're protected from that crap. Hell people, that's a MAJOR step!
Anyhow, the Register is hardly a worthy news source for unbiased reporting. And the ZDNet guy even said "While this is not a complete list of what makes SP2 worthwhile, SP2 is worthwhile for the majority of Windows XP users". But again, let's be honest here - he's just a guy writing an opinion column, more heart than fact.
This is normal. This is another in a long line of articles that does little more than say:
...get this... ...MANUAL. Manual is another word for "not on unless I need it," which is a nice long way of saying "OFF" -- you damned chowderheads.
L0LZ@Micro$0ft!111!!11oneeleven1!! because your firewall choices and services defaults aren't what I would have picked.
There's still service bloat in XP. There's little doubt about that, but suggesting that you turn off DHCP when 51% of us use broadband? I mean, DHCP only has an effect for people that actually, you know - HAVE A FRICKIN NETWORK CABLE PLUGGED INTO THEM! Can we make an assumption that a pretty fair percentage of people who have network cables plugged into their computer use DHCP? Good lord almighty.
Also, he complains because the service type on most services is set to...
Sure, XPSP2 isn't perfect, but articles like this, these "If I had made it, I'd have made it stupid!" articles - they're just drivel.
You, and your domain admins, don't know what you are doing.
:-)
That's an admirable superiority complex you have going there. Where can I get one?
First, RDC is disabled by default in Windows XP
I didn't make this corporate distro. It's enabled. We checked other machines around the office.
Second, RDC can be locked down using group policy. Read this information
Is that like saying that you could have set the safety on the gun before shooting your best friend? Sure... it's possible... was it smart to have the safety off to begin with?
+++ATHZ 99:5:80
Think about it, for a moment. The firewall is blocking internally-generated connections. Which is fair enough. (Though silently dropping would likely have been safer.) However, to lock the machine up, the TCP stack has got to be taking the error as cause to retransmit the packet.
Why am I so certain that this is what's happening? Because Windows has had some degree of preemption for a while. It's not great, but it works. Sort-of. Lock-ups should be next to impossible on a totally pre-emptive OS, as the locked-up program would simply be interrupted. It'd slow the machine down, slightly, but it wouldn't be fatal.
What we're getting here, though, looks like something fouling up big-time in a non-blockable part of Windows. Odds are pretty good that it's the network code. My suspicion is that the TCP stack and firewall are in an unbreakable infinite loop, with the error generated by the firewall causing the TCP code to resend the packet, ad infinitum.
A lot of people have argued that Microsoft isn't to blame for other people's crappy code. Which is fair enough. But they are very much to blame for their own crappy code. If you're going to have non-blockable code (a VERY bad idea!) then you've got to be damn sure that there are no scenarios in which that code will put itself into a spin-dry cycle.
It seems as though Microsoft merely added firewall code, with absolutely no thought as to the possible impact it could have on the rest of Windows.
Further, if my suspicion is correct (and I'm pretty confident it is), then it should be possible to crash any Windows box remotely. Simply generate a packet that Windows cannot reply to. By forcing the TCP stack and the firewall to fight it out, you'd paralyze the machine.
The correct way to handle this kind of situation is to recognise when a connection is administratively prohibited or impossible, and to not keep retrying. You'd then escape out of the non-blockable code, and pre-emption would allow you to continue as normal.
If you want slightly "smarter" behaviour, then if a process repeatedly keeps retrying a connection or activity that is prohibited, every time it gets woken back up, it should drop in priority, be slept a reasonably long time (in the hope the problem can be cleared by then) or get kicked off the system. ("Three strikes and you're out." logic.)
It should absolutely not be possible for any user process, no matter how badly written, to create a situation in which an uninterruptable infinite loop can develop. Either there needs to be some mechanism to interrupt any loop that might be infinite, OR there needs to be a mechanism for recognising when a loop is running unacceptably long.
It's no use Microsoft whining that customers should clean their computers first. That would be like McAffee arguing that you should clean your computer of viruses before running their software. And how are you supposed to do that, if you've no software installed for detecting and/or cleaning the damn things in the first place?
The only way you can know (for certain) that there's nothing trying to access an unauthorised port is by blocking the ports and seeing what happens when you try to use the computer as normal. And the only way you can then do anything about it is if the computer can cope with that situation in a controlled manner.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
I otherwise agree with most that was written - I totally agree that "less is more" when it comes to security (although there often ends up being hooks for stuff like RPC all over the place) and I couldn't believe it when I saw "Remote Assistance" enabled on my computer by default when I loaded it - WTF!
Hulk SMASH Celiac Disease
-Lucas
That's not SP2. RDC is off by default in XP, when you turn it on, the firewall opens its port (3389). Just because your admins can't use Group Policy to turn off RDC across the domain doesn't mean SP2 inherently sucks.
his account was magically created on my system and the default policy was to allow him the access to modify all the files on MY HD
DUH. That's the whole purpose of a domain - he logs on with an AD UN, he gets the same permissions on whatever machine. Again, your admins should be using permissions to provide you with protected storage on a central server, NOT on your machine. If you want stuff stored on your machine, safely, then setup your own damn permissions.
I let my naive young greek (hey: I'm posting from greece ) colleague experiment with his home machine.
OK, it worked for him, but the bottom line was "my machine runs a bit slower now".
Sigh. Doesn't fix anything anyone with half a brain who is NATed and appropriately Gene Hackman wouldn't be able to fix, and you run even slower.
I'll stick with what I have now. What bothers me is that those "Merchants of Darkness" at Microsoft
will use future service packs as a slippery slimy slope for delivering "Longhorn"....
At the end of the day *their* products will work. But all of ours will be waving their legs in the air as if they'd just received a burst of pyrethroids...
good thing I paid the extra $70 and got XP Professional. it doesnt seem to affect me.
My inspiron is acting fine too. A little snappier too.
>So did Slashdotters call this one?
No. They really didn't. Of course SP2 was going to cause *some* problems, but poo-pooing everything MS in a knee-jerk fashion doesn't help anyone and probably is keeping people from installing it, which is a real shame because:
1. Firewall on by default. Power users can easily shut it off. How many Slashdot posts do we have that wish MS did this, but when they do suddenly MS is doing wrong. Yes an admin can shut it off even with an activeX control. Such is the life of running as admin.
2. Nag screens for anti-virus and updates. Much needed.
3. Better wireless interface. The old one wasn't so hot and this is a welcome upgrade.
4. "Drive by installs" are not going to be as common as IE requires an extra step to install/download stuff and blocks pop-ups natively and by default. Man, how many slashdoot posts did we have about "MS should do something about pop-ups and click installs!" Well, they did. Sure, they didnt remove activeX altogether, but no one was expecting that.
5. NX support for AMD 64. Wow.
> Finally, Microsoft warns that installing SP2 on a spyware-infested PC is a bad idea.
No shit. Installing ANYTHING on a spyware infested PC will cause all sorts of problems. Fighting spyware is what SP2 is trying to do. Give it time or at least introduce your friends and co-workers to a little thing called Ad Aware, especially if they'll never switch to FireFox. Face it, many people will never switch and will go to their deathbeds using bundled software.
>So did Slashdotters call this one?
Granted, if you take the negative approach to life 24/7 you will be right every so often or at least subjectively, but I feel these are much needed changes and will help technophobes better use their machines. MS can do things right. Yeah, break out the smelling salts...
Yeah, I know this is off-topic but I just had to respond. I have 256 megs of PC133 SDRAM with some bad areas. I found the bad areas with Memtest86. Then I allocated them using MmAllocateContiguousMemorySpecifyCache in a driver that runs at boot. I found a nice example driver that I just had to modify slighty. The example I used seems to be the NT example at the bottom here.
Uhh... that's absurd. Where did this person come by such information?
We have two PCs running Windows 2000 Professional quite nicely; one of them has 384 MB of RAM (the other has 256).
It would seem to me that if anything, Win2k Server would be capable of handling more (not less) RAM than Win2k Professional.
Scott
©20014 angrykeyboarder & Elmer Fudd. All Wights Wesewved
Remember, Nessus is your friend.
A firewall can not protect you from yourself. Turn off what you do not need. Do not use the firewall to do your work.
Maybe last rites would be more appropriate.
I find it amusing that Windows requires so much babysitting. OS Patching, anti-virus signature updating, anti-spyware scanning, rinse & repeat. And after awhile when entropy has taken too much of a toll on the machine, it's time to back everything up, erase the computer and reinstall the operating system.
It's a computer for crying out loud! Why can't the process be automated so users can do other things?
Ruby on Rails Screencast
I read it as someone saying SP2 sucks because they had their head up their ass - sorry about that.
As far as kicking console logins, that's something screwy with the setup. It may be a problem with using it on the domain, I'm not sure. I use RDC with all of my machines at home (no domain), and the console gets the option to deny the RDC login. If they don't respond, they get booted after a timeout. The only time this doesn't happen is when Administrator is connecting on RDC, which shouldn't actually happen, because obviously it's stupid. I think the only way to deny this is via policy editor - XP doesn't have a specific 'Deny' for RDC users, you can only 'not allow' them. However, admins default to allowed RDC access. So it's more of a half-assed RDC implementation issue than a firewall/SP2 issue.
As far as the local files, the only location he possibly shouldn't have access to is your My Docs folder, as that the only folder inherently 'owned' by you - everything else is machine-wide. Again, this can be set, but it's a bitch to do, even through policy editor.
The problems with this service pack are much more complex than what most people and the media are making them. I don't think anyone will disagree that Microsoft has a huge user base, or that they have some flaws in their software.
;)
Implementing major security upgrades, a very necessary thing to do, comes with difficulties. The main problem is trying not to cause problems with too many other applications; else MS would have more issues to deal with. The trick is to balance the fixes with their effect on applications and corporate network configurations where questionable Windows services are most commonly utilized.
Don't get me wrong, I am not trying to defend MS. But I think people need to see that problem this big can only be fixed in stages, else it will create so many problems that no one will install it. The 10% rate of SP2 problems recently cited is a very acceptable rate overall. Had MS locked much more down, we'd most likely be seeing problem rates closer to 50%.
I think we can all think of at least one past experience with a flawed application where the manufacturer went too far and basically destroyed their user base thanks to a fix or update. MS is not going to do that. In addition, end users have to take responsibility for implementing known measures to ensure their system is as secure/virus free as possible. I recently read an article I concur with based on years of working with end users. The article stated that a very high percentage of users do not bother to keep their virus scanners up to date. In addition, at least one company has made a good firewall available for end users to use FREE for one year. Microsoft has had a link to that software for quite some time now. If a user is not doing the minimum known procedures to keep their system secured and virus free, they have no one to blame beside themselves.
Give it time. As Windows grows up, is fixed further, it will slowly become a secure product. The only part of Windows that I'd saw in an unfixable mess is IE, and there are known, easy to obtain alternatives. One can do a lot to plug the security holes now, but they have to get over blaming MS for the problem and take responsibility for their system(s).
Ok, this concludes my rant. Let the flames begin.
The register generally has very whitty and sharp commentary surrounding many facets of the computing industry. Their review of SP2 however, lacked a reasonable level of objectivity.
The first section of the article goes on to explain how a number of services are left on that "shouldn't be". This is for the most part a subjective rant about services that have traditionally been a source of system compromise. The "Hate On Microsoft" stick was made apparent when the author went so far as to proclaim that the DHCP client service and DNS client service should be off by default, "DHCP Client, automatic. Unnecessary on most home machines. Should be disabled by default. "DNS Client, automatic. Unnecessary on most home machines. Should be disabled by default." that wouldn't be a very useful computer would it? How about hitting up google for an answer to "Why can't I check my mail, browse the web, or do ANYTHING online?" - oh, wait...
Among some of the old favorites that were left on, file and print services made the list. That would be pretty bogus if the system's firewall wasn't turned on by default:
"The new "Windows Firewall" packet filter is turned on by default, finally. However, an exception for Remote Assistance connections is enabled, which is preposterous, although file and printer sharing, and UPnP, are blocked by the firewall as they should be."
Since it's firewalled, it's a non-issue. In fact, most of the article is written as if the system's firewall is not installed. Remote assistance is referenced in almost all of the help documents it would be a pretty bad user experience if you wanted help - but couldn't get it. As far as I can tell there has been no exploit based on this service since the introduction of XP.
Generally speaking unused services should be turned off. The only reasonable way to address this would have been yet another wizard that would ask the user how they use the computer and set services setting accordingly. However, the question of "Is sp2 remotely exploitable out of the box? More to the point is it secure from a network perspective, now and into the future?" The answer to that question is generally yes. Unless there is a nasty buffer overflow of some kind in the firewall (one hasn't been found, not to say it won't) an SP2 box is pretty safe on the network.
Wasn't that the point of SP2?
When evaluating the effectiveness of SP2 the net result needs to be evaluated. Many critics have evaluated the implementation. A lot of people might NOT AGREE with File sharing, RPC, Remote Assistance, or any number of the other services being on by default for that matter, but does it matter from an exploitability perspective? Only if that port is available for remote exploitation -- which is not the case.
Network issues aside, IE and the shell both do a good job of throwing up warning dialogs when the user is about to run an executable. There is also the "Data Execution Prevention" feature that detects when "data" is trying to execute as a program, though for it to work well the hardware has to support non-executable memory regions. Only time will tell how well those measures aid in stopping the propagation of worms.
I know you're just trolling anyways, but I'll answer your points.
First, in a domain, anyone can log in to any other machine on that domain (unless specifically configured not to). As such, someone can connect with RDC to another computer and log in. It's supposed to do that.
Second, RDC is disabled by default, so either you enabled it, or your admins have set up a policy to enable it (probably so they can remotely administrate it themselves). When the service is enabled, the firewall opens an incoming port. This is part of the UPnP specification, and many home hardware firewalls will do the same thing.
Third, why can another user log you off? They can't, at least not exactly. What they do is force you out of the console, however the user at the console is given a dialog box asking for permission to do so which will time out after a certain period of time (if you're not using the computer, it doesn't matter if someone kicks you out of the console).
You're not logged off, your tasks continue to run. When you come back and unlock the machine, it kicks off the remote user. Only one user is allowed by license to use the PC at a time.
There was a period of SP2 when multiple users could use the PC simultaneously, but MS decided to prevent that.
So the answer is, SP2's not to blame for what you or your admins deliberately configured it for.
If you need web hosting, you could do worse than here
I have been having this problem on my Inspiron ever since I installed SP2. I have tried a lot of things, and I highly suggest http://www.blackviper.com/WinXP/servicecfg.htm for tweaking your services settings.h tml has a great article on how to do it.r toys/xppowertoys.mspx./ .
Another way to boost your speed is hanging your Prefetch setting, http://techrepublic.com.com/5100-6270_11-5165773.
TCPOptimizer http://darkedge.levels4you.com/review.l4y?file=20 also helped speed up my collection a lot.
Another cool tip is fixing Event ID 4226 which limits your connections in SP2, check it out at http://www.lvllord.de/?url=tools#4226patch.
And, of course get the MS TweakUI for XP at http://www.microsoft.com/windowsxp/downloads/powe
And although they are not freeware I actually bought and really like Registry First Aid http://www.rosecitysoftware.com/reg1aid/ and Registry Compactor http://www.rosecitysoftware.com/RegistryCompactor
I hope you all have as much success as I have with spedding up XP. It is a pain in the butt to do it, but it is worth it in the end.
"Your 'Gin n'tonic Futon Brain' sure makes you smart!"
"That's 'Positronic-photon Brain', you idiot!"
If you still use Roxio Easy CD Creator 5.x, you will not get to use DirectCD for UDF Packet writing to save directly to CD after SP2 is installed. This program comes with every new Dell Optiplex we bought this year. These Computers are supposed to be Supported with SP2. But 2 calls into Dell T.S. resulted in a "Sorry, too bad" response. They recommend Windows native CD burning, but that ain't UDF.
(We have a need to make saving to CD as simple as a floppy for some elderly folks.)
This one isn't listed on Microsoft's list of SP2 incompatible programs.
Nor is anything mentioned on Roxio's site except people complaining. Roxio is up to version 7 now so you know they say to upgrade, but Dell still ships old v.5 out with new PCs. Go figure
For the machines we tested at work, the firewall actually blocked more than was necessary. We were surprised to find the admin share totally invisible even though the computers were on a domain.
Methinks something is borked with this anaylsis. A lot of these services aren't accessible on the boxes I've tested with (both on and off domains).
There are two sets of articles on XP SP2:
1 -- "XP SP2 BREAKS TONS OF APPS!!"
Essentially, Windows is *too* secure and now breaks tons of programs -- so don't install it!
2 -- "XP SP2 IS TOTALLY INSECURE!!"
Too many Windows services are on, which means lots of apps -- including harmful ones -- are still able to run, which means XP SP2 is totally insecure -- so don't install it!
You can't have life both ways. Yes, added security will break *some* apps, but most will still work. Yes, it's not as secure as, say, a OpenBSD installation where you turn on one service at a time -- but end-users aren't expected to go through turning on service by service and tweak firewall settings every time they install a new app!!
By the way, for corporate deployments, most of that stuff (services, firewall, etc) can be administrated through Group Policy, anyway, so the default settings apply much more to home users than corporate ones who can pick and choose what services, firewall settings, etc to allow on their Windows PCs.
Communism was just a red herring.
This is odd. Now, repeat the steps again *after* switching the password from "password" to "test". The results? The login dialog does not report that "test" is an invalid password.
While I am not doing any more debugging of XP for Microsoft (a detail or two might not be 100% correct), what I have seen is enough to make me wince. Microsoft did not test this one well enough.
Note: It may be necessary to have a program running in the admin account to trip up this bug.
A firewall can not protect you from yourself. Turn off what you do not need. Do not use the firewall to do your work.
DNS Client, automatic. Unnecessary on most home machines. Should be disabled by default.
He's too kind.
They should call it the "DNS on crack" service.
The only reason I can see for it existing is for sites where DNS is non-existent or badly broken, so that names pulled out of WINS, browsing, or by casting entrails or yarrow sticks can be used to let some applications run that would otherwise freak out. The problem is that when you do have working DNS it will, occasionally, freak out and return randomly wrong information.
Unless you're at a small business using a misconfigured Windows-based external firewall AND you're not willing to spring for an Active Directory server, turn this baby off and disable it. You'll be glad you did.
All that you speak of is controllable via GPO.. That is how enterprise users handle things...
If your team doesnt know how to do that and you have more then 5 machines on your network.. i would be afraid.. very afraid...
---- Booth was a patriot ----
And seriously, problems with a Dell, what a shock since the tend to try and turn even simple "open" devices into proprietary cash cows (I had a customer with 5 Dimension XPs, all were extremely noisey, I recomended he swap the exhaust fans when we determined they were the source of the noise, but could only order the same replacement from Dell since the power connector was completely non-standard and attached to a non-standard header on the motherboard, no fan detected in BIOS, no boot). Dell always sticks their customers with the old "it's third party so we can't help" crap, so can that really be counted?
Establishing less-privileged user accounts, even for the machine's owner, is the single most productive step one can take towards reducing the impact of malware. WinXP makes this possible, but, unfortunately, not necessary.
Why would this be true? All a worm needs to propagate is access to a socket (or to the API of your email agent). This is one of the things that makes worms so powerful.
I certainly don't advocate running systems in single-user configurations (I'm a Mac person, and the Mac handles this elegantly, even if it isn't waterproofed yet). However, as a Unix person at heart, the fact that worms can be effective even against services running as "nobody" in chrooted environments --- often even in systrace-style jails --- is one of the most interesting systems-security implications of the malware problem.
When you come back and unlock the machine, it kicks off the remote user
Yes. When I came back to log on I could kick him off.
You're not logged off, your tasks continue to run
That wasn't true, though. I was actually logged off and, upon logging in again, nothing was running. I had left Outlook and a Word doc open.
+++ATHZ 99:5:80
Although I don't have a dell, I noticed the same thing. My wireless connections now work the first time all the time. SP2 improves power management as well. My laptop now comes out of sleep mode every single time in a couple seconds. Pre-SP2 half the time it would reboot or just sit there with a blank screen until I hit the power button.
As an OEM that sells systems bundled with XP, Dell, I believe, is obligated to support systems whose users apply service packs to the OEM-installed OS. There was some flak about this some time ago when some OEMs simply referred their customers to Microsoft, and I believe that they were reminded that they picked up this obligation as one consequence of their OEM arrangement. This support site page gives the particulars for Dell. In my experience, Dell acts like any other Windows sysadm: they wait until their own internal testing is done before they add it to the list of supported service packs, so that they can simultaneously publish a list of any issues (such as required driver updates). Until then, you take your chances (which have been minimal for me, though I tend to stay in the Latitude line, even for home systems) and rely on the forums. My reading is that Dell isn't done with its testing, and the particular spokesperson is only half right: not supported until their testing is complete and it appears on the above page.
And it isn't the stupid^^^dents fault for getting spyware onto their computer in the first place, let alone ensuring it gets removed when it is? It's not like it's a regular thing to have on a well-kept computer. I have a laptop runing XP that has yet to see anything that doesn't belong on it (except MS messenger, but that was before I even got ahold of it, didn't take long to remove it). My wife has a win95 box that is basically on an open broadband connection and as long as it's not left on, I might find myself removing malicious files off of it every two months or so, it's not hard to ctrl+alt+del and make sure you recognize what's running and find a way to kill anything that shouldn't be. Maybe they should make this a lesson in the freshman 101 class or the computer 101 class that nearly every college/university requires?
Yet Another Insprion Owner.
Didn't see any increase or decrease in performance but OSA9.exe kept pegging at 100% after SP2 was installed. Also I now get errors with Wordpad about registered filetype or some such. I give SP2 6/10 for breaking my laptop and ultimately wasting my time with a reinstall which I'll now probably have to do at some point.
before anyone suggests it, I don't have any viruses or spyware installed and I don't use IE or Outlook. SP2 just broke some things as MS themselves admit.
If you wanna get rich, you know that payback is a bitch
I just noticed on a clean install of XP SP2 that the integrated video output from an Intel 845G chipset is corrupted. Removing SP2 corrects the issue.
There are alot of 845 chipesets out there; I wonder if they all have the video issue.
-ted
>They recommend Windows native CD burning
Which works pretty well (although not a packet writing host, agreed).
I haven't figured out how to tell Windows the volume size though.
-fb Everything not expressly forbidden is now mandatory.
Does anyone know weather the service pack 2 includes any function to kill stupid worms in real time or throttle fast worm propagation? If it at least has this feature, service pack 2 is valuable to most of the windows users. Most of the worms are stupid (ip scanning, fake source email address, fast propagation ...), OS should be easily
catch them.
--
I'm a farmer in silicon valley. My labtop is my hoe.
The service is not enabled... it is in a state where applications that rely on it can start it if its necessary, but that would be performed by the user. Have it not enabled is not a security risk....
I love this service. I love that it is not enabled by default, but must (as above) be initiated by the user. Again, there is nothing wrong having this service in a state where the user can enable it without confusion...
This service is what allows fast-user-switching (multiple console logons w/out logging out). It is an integral part of the XP ui and absolutely should be enabled.
Newsflash -- Windows is not *nix, its user base is not a *nix user base, etc... Excuse the cliche, but "Mom" is not going to login as a "user" then launch setup apps in root/admin context -- this is just not something that "mom" can wrap her head around.
I'm calling bullshit on this one. Pick -- the end user should be smart enough to work in the user context until he/she needs admin access, then they should go use it for that specific context, etc... but they shouldn't know if they trust a site or not? And by default there is nothing in the "trusted" sites list, so the user is going to be prompted for each download attempt. If they don't like the "zones" idea that's fine, but complaining about the implementaion is different from that implementation being unsafe.
More of the same. We get it, you don't like the "zones" thing. There is no difference between what the review wants and what IE already does in this case. There are no trusted sites by default and the user is going to have to go out of his/her way to get some there. If you like reading some activex riddled crap page you should be able to view the site without being bothered every 2 seconds. You have that right.
As a matter of fact, can you imagine the user experience if these setting
Earlier this week I finished work on a ResNet scanning CD for the college that I work for. The CD autoruns, scans for viruses using Stinger, changes some proxy settings, and on Windows XP systems, it installs SP2. I neglected to include a spyware scanning program. All the copies of the CD are already made, and ready to be deployed to students on Tuesday. I'm thinking I should probably create some additional CDs that autorun SpyBot or something.
Anyone else in my situation? What have you done, or wish you had done?
"0101100101? It's just jibberish. *looks in mirror, gasps* 1010011010@!? AHHHHHH!!"
Dell Inspiron users are reporting an extreme performance decrease since installing Windows XP SP2 - decreases as much as from 2.6ghz down to 300mhz.
Hmph... didn't know that the OS could change your clock settings.
I guess an opinion by a former customer is dangerous.
"Curiosity killed the cat, but for a while I was a suspect."- Steven Wright
Why should everyone use the latest OS . aka the win XP and suffer all these problems?
Except a few s/w that work on XP only , 98 does it fine.
what reay ou going to lose out if runnin g a in98 se - patched up system?
Dont tell me " bad looks" - aint like XP feel....thats garb.
plus virus writer these days target XP mainly...98 escapes...example: Blaster.
Think about it.
Why does yahoo do this
Why does a remote login have the capability to kick a console login?
Your Domain probably has the common setup of Local Administrators including the "Domain Users" group. So anyone logged on to your machine has Administrator access. So you could phrase it as "Why shouldN'T one administrator be able to kick off another?"
(Although the more I think about it, you could boot out your cow-orkers from their machines with RPC and no Terminal Services required. Hmm...)
FWIW, NT3.x didn't have this problem -- Domain users had to be specifically granted local rights. But people found it too much of a pain in the ass.
Business. Numbers. Money. People. Computer World.
If the past year has proven nothing else, it's that we can't afford to let the Windows masses to have control over their own machines. The paranoid rants of a few slashdotters gave us Blaster, and I really don't think they can be forgiven for that.
Actually, the author is unaware of new measures like stack protection built in, that actually strongly suggests to me that the author hasn't gone any further then a normal port scan, and this isn't a true analysis.. Stack protection would have stopped just about every worm so far in windows (except the shared drives ones in win2k).. Anyway, its a disillusion that worms need ports open to spread. In reality, its really irrelevant if they are open or not due to the forced automatic updates and stack protection, and your biggest risk is stuff like internet explorer.. Basically, I dont believe the author really has much of an insight into computer security at all
I have a Dell i8600 and I did have problems with SP2. When I installed the last public beta of SP2 before it went gold, whenever I pulled the AC cord out while Windows was running, I'd get a STOP error with gv3.sys. Searching on those same Dell forums, I found out I had to update my CPU driver. My original driver was dated sometime in 2002, but a nice and quick upgrade over the net from Microsoft gave me a April 2004 driver that has done away with the STOP errors.
On another note, I don't have any performance problems with SP2. It runs pretty much the same as with just SP1. Then again, I hear lots of stories about Dell computers and I don't give them any weight because I've never experienced any. The forums are interesting to wander through, complete lists of drivers for machines, nothing but a positive experience.
It automatically, re-enables, MS's worthless firewall, and changes Automatic Update to download and install without any user input regardless of what you had it set for already.
In addition, the security center is an annoying piece of sh!t. I just got done setting up an elementary school lab with 35 new PC's, and once Automatic Update kicks in and downloads SP2, I'm gonna have to make a return trip just to reset every goddamn thing back to the way I had set it.
That is by far my biggest gripe, MS simply doesn't think about computers that are going to be used in a multi-user environment outside of a family room. I feel sorry for school admins across the country who are gonna have to deal with this shit at every school with XP machines. Thankfully, I only have to deal with one school.
I wish OS developers would include a special User account specifically designed for "Students".
Exactly what I was thinking.... Slashdot owners didn't "call this one" at all. The overall vibe I got here was generally "this SP2 is going to be great - even though it'll inconvenience some people for a while and break some stuff, because it makes changes that were sorely needed, instead of just doing superficial patches after the fact for specific vulnerabilities".
.... but I found evidence of some strange item still attaching itself to the TCP/IP stack. I figured "Oh well - I'll look that one up later." and applied SP2. It installed fine, and upon reboot - generated a couple error messages related to the exact item I was worried about. On the next reboot, those errors didn't come back - and the malware seemed to be completely gone! I think in this case, the malware was trying to use some method of attaching to the stack that was changed or eliminated in SP2, so my problem was solved for me. I'd say SP2 is definitely not all bad - and seems more secure than what we had before.
But now that it's released and some complaints come forth, Slashdotters want to claim they "told you so"? Nah.... not really.
One of my customers runs XP at home on the family PC, and I've been out there at least 4 times now to clean up viruses and spyware. Despite my best efforts at preventing things from getting in (AVG anti-virus set to auto update every 3 days and Spybot 1.3 set up to immunize the browser, etc.) - nothing has really worked. Basically, they have a household full of teenager girls who know just enough about computers to download all sorts of free offers that sound good on the web, use music sharing programs, and exchange lots of email and instant messages.
This last time out, I cleaned up the system the best I could, and it seemed to be running well again
Yep it's bogus. HD crashing only occurs when all RAM has been used on our machines as well. And the machine w/384 MB runs (understandably) better with more apps running.
Scott
©20014 angrykeyboarder & Elmer Fudd. All Wights Wesewved
It only does this if you choose to install the new driver for download on Microsoft's site. This is no something inherent in SP2.
This script can be used to remotely block or unblock the delivery of Windows XP Service Pack 2 (SP2) from the Windows Update Web site or via Automatic Updates.
To-do List: Receive telemarketing call during a tornado warning. Check.
So installed XP SP2 on my laptop and it broke internet explorer as well as dhcp over wireless. So I figure with no internet (since I connect with a wireless connection and most non-geeks would know nothing about static ip addresses) and IE not working that must be as secure as Windows XP can get.
Question everything that you've accepted without thinking.
As for the firewall, egress filtering is overkill - plain and simple. I've been annoyed WAY too many times with SW firewalls constantly asking for permissions - and I know what I'm doing. Most home users blindly click Yes anyways (that's why they have the spyware/virus in the first place), so why bother? NAT (which, in effect, is the same as ingress filters) has been accepted as the norm for many SMB networks so why shouldn't it be acceptable for the Windows firewall? If you really want more control, go download ZoneAlarm or something. Even better, get yourself a real firewall and be done with it. SW firewalls in general are a dumb, dumb idea.
Okay...I do agree with their view on limited user accounts. Unfortunately, a lot of Windows software was never designed (or still isn't designed) to support multiple or limited users - so, once again, MS is stuck between being secure by default or breaking things. Since they (presumably) know their user base isn't too keen on having once working apps broken, they chose the lesser of two evils. It's a tough call, and one I'm glad I don't have to make.
As for the Inspiron 1150 problem, Dell should be supporting SP2. It's an official MS update to a supported OS, and Dell is required to support it. If they can't figure out that it's a processor driver, then they're seriously incompetent. SP2 was in beta for quite awhile, and I'm sure Dell had access to it - there's no excuse for them not being ready for it. It strikes me as being ridiculously obvious. (SpeedStep broken? Hmm...lookie here - it looks like there's a new CPU driver. Maybe if we try the known working one?)
I've just recently performed a fresh ("slipstream") install of XP SP2 on my laptop, and my nmap scans and observations of active services are quite different from this article's report. Maybe he upgraded a fresh XP or XP SP1 install?
Honestly, the guy says that services like DHCP and DNS should be disabled by default and that "most home machines" don't need it. I guess he doesn't expect people to read his article from home, then, because without being able to get an IP address lease from an ISP or resolving theregister.co.uk, they aren't going to be able to read it!
This guy missed out the most important feature of SP2: the buffer overflow protection being compiled into all system services.
There are always going to be new buffer overflows found. What SP2 will do is make these unexploitable. If this sort of protection was in XP previously the vulnerability blaster used would not have worked even with the same coding mistake that resulted in an overflow.
I suspect the author would only have been happy if Microsoft had gotten rid of every networking feature of the OS. SP2 while not prociding the super secure magic bullet which the commentators want definitely raises the bar greatly for a default configured workstation.
I never install a service pack right away. I wait awhile for the people to opine on it.
"DHCP Client, automatic. Unnecessary on most home machines. Should be disabled by default." -from the article
ummm i think many home machines use dhcp to connect to the internet. this may be something which should not be disabled. just my thoughts
Here's an interesting question: has Microsoft released new OEM install or full-install CD-ROM's of Windows XP Home Edition or Professional Edition that incorporates all the Service Pack 2 code? I haven't heard of such a release yet....
I for one think XP service pack 2 is a good thing. Now really, why is the security issues in service pack 2 so blown up, all earlier service packs has had security issues too?? Service pack 2 is about to make serious changes to the web, simply becaus popup's are blocked. Even Joe Average will have a popup blocker in 6 months time. It makes me wonder if there could be some anti-popup-blocker people spreading a whole lot of FUD about this package? The days of popups might have come to an end, and some people might not like that.
Remi Denis
I'm glad I'm not the only one that browses the internet by IP only!
The author obviously does the same... since he so strongly recommends against the use of the "DNS Client" service on home machines. Yeah... home machines don't need DNS.
Excellent post.
/. source code - where is that often lamented upside of the free software), but cheesy color schemas are never in short supply.
I have complained about editorial policy in several of my posts, but (silly me) haven't ever suspected that ownership of Slashdot could have to do with what gets posted here.
I have also complained about low quality FUD troll articles by michael and suggested that articles be moderated, too, so that we can filter out that cheap propaganda that pollutes the site.
Of course, it seems it'd be "complicated" (suddenly it became hard to tinker with
This year has been really bad.
I my opinion, some 40% of all articles and 80% of all comments are of miserable quality. Sometimes one has to browse four pages of comments to find 3-4 insightful posts. And as the parent post says, you can't get rid of worthless comments because totally stupid articles get modded insightful or funny.
As articles can't be modded or filtered ("michael filter" anyone?) either, it's becoming quite unbearable.
Sadly, that is the new Slashdot - perhaps it's "If you don't like it - leave!", so I've been thinking if I should still visit Slashdot.org any more or perhaps join one of commercial tech sites with quality articles and forums.
Truly pathetic.
P.S. In past months I've been getting to moderate ONLY anonymous posts - now I have started to suspect that happens because I've voiced my dissatisfaction too many times... Anyone else gets only to moderate only posts by anonymous cowards?
Of course - the article is full of shit.
....
From the article (*) and what I think about it (-):
* DCE endpoint resolution (epmap), port 135.
This is basically the UNIX/BSD/Linux portmap daemon, and unnecessary on home machines.
- unnecessary but not dangerous
* NetBIOS name service, port 137. This is the WINS (Windows Internet Naming Service) server for a NetBIOS network, and unnecessary on home machines.
- so fucking what - ADSL links makes NetBIOS not listen on the Internet network interface - that's the default without SP2
* NetBIOS datagram service, port 138. This is used by the SMB (Server Message Block) browser service, and is unnecessary on home machines.
- bullshit - I have 3 PCs at home and I share data all the time. Besides, the port is closed to outside (the Internet)
* Microsoft-ds (Server Message Block), port 445. SMB can run directly over TCP/IP, without NetBT by using this service, which is unnecessary on home machines.
- yeah, riiight, almost everyone with 2 PCs need it and it's closed on the Internet interface
* NetBIOS Session, port 139. This is used for Windows File and Printer Sharing, unnecessary on most home machines, and extremely dangerous on any machine connected to the Internet unless the owner knows how to run it securely.
- bullshit it's off by default on that network interface and possibly protected by the firewall (I haven't tried SP2 yet)
* Error Reporting is on by default. However, there is no reason why a machine should phone home every time it encounters an error. This is better left disabled.
- that's like, your opionion. if it was off, someone would surely complain about that too
etc..
The thing that amazes me is that Port 445 has apparently been left open. Switching over to my Firewall screen shows that I block a 445 scan every 10 seconds on average. It is not just one or two IP-Addresses which try it, each Source Address will try 3 times and then move on.
Two machines a minute are saying 'Hello' on 445, 95% of my scans are on that Port and it has been left open. Sheesh.
The other unblocked Port where I often saw scans is 135, but the frequency there has dropped almost to zero recently.
Mielipiteet omiani - Opinions personal, facts suspect.
Er, no, that's the logical conclusion from the facts. Either you, or your admin, has re-enabled something which you consider to be a security problem. This isn't WinXP's problem! I didn't say I've never done anything similar ;-)
I didn't make this corporate distro. It's enabled. We checked other machines around the office.
Then it's a domain config problem and your domain admin staff are at fault. Active Directory and Group Policy need to be configured correctly. Running a windows domain is NOT just a case of slapping together a server and creating user accounts. A default installation of a Windows 2000 server (I don't know about 2003 server) is to set all policy items as unconfigured, which is probably not what you want. There are lots of books, articles and MS deployment guides on configuring group policy correctly, and you can configure separate policies for the domain controllers and domain members, and associate different policies with security groups and LDAP Organisational Units in the directory.
Jon.
Connecting to a USB piece of hardware screwed up (most of the time, not all, so its not a security thing) on our main development tool at work. So we had to uninstall it (and the app works again now, thank goodness uninstall works).
ahh, I just found the whole DNS thing funny too. Yes you could use it for a MITM attack or something, but honestly, everyone would just reverse the install because they thought their internet was broken and there would be no such thing as wireless hotspots.
Forgot to mention that I believed that the problem with windows has always been very poor internal security (sometimes it has taken Microsoft months on time to fix even the smallest privlage elevation exploits), and its always been my belief that the worm coders have just been too stupid to be capable of coding a decent worm based on already established connections.
I also never expected a worm based on port scanning to take over the planet, but rather believe ones based on sneaking in through established connections are the worse, and they are the hardest to stop because a firewall wont stop them. Melissa was a great example of one. One benefit is that these programs are the ones which stackguarding isn't enabled for by default, and in most cases dont even use buffer overflows.
I said that I thought this article didn't belong on OSnews, and I think its quite unfortunate it ended up on frontpage of slashdot too..
Actually, Windows's DNS client was showed to be very insecure in last Phrack release and probably various other places, so you don't even need to be in the middle to attack. Nevertheless, as you say, I don't expect Windows or any other OS to work fine without its DNS client. To disable the DNS client service, Microsoft would have to make it an on-demand library, per application, as it is on Linux. But they'll lose most of the DNS cache feature.
Remi Denis
But even then, most of his claims are just wrong. DNS and DHCP clients unnecesary to home users? Remote Access Connection manager should be disabled by default? Yeah, right, tell it to my modem and ISP. Here is a real world description for you, pal:
"Routing and Remote Access, disabled. About time." Well, it is disabled in SP1, and so is Telnet. WebClient: unnecessary. Maybe, if you don't need WebDAV folders integration into Explorer shell. Etc, etc...
But second sentence of the article really got me: "We installed XP with the NTFS file system, choosing all of the factory defaults, then patched it with each recommended security update including SP-1 (required), before installing SP2." And I tought point of installing SP2 is to avoid all pre-SP2 patches.
Way to go, please bring us more insightful articles like this.
[*] From this excellent site with *really* informative description of Windows services: http://www.theeldergeek.com/services_guide.htm
This is not a linux site, it is news for nerds, although you may consider it pro-linux. Nerds use MS products too, so we need to know what is going on with everything from linux to XP to Mac to more obscure (dec, sgi / mips, etc).
Smear campaign agains MS? You sound like you could be on the MS payroll, one of those "grassroots" marketing efforts they can fund with the stacks of cash they make sellin you a $1 CD / software package for $300. I have never met a legitimate fan of MS products. People may be ok with MS, but few take it upon themselves to defend MS openly.
I installed SP2 on my Dell 4600 and now no contextual menus. Worked fine on another of my computers and at work.
I'll bite again, shall I? That report which Newham used was funded by Microsoft. Um...
Friggin idiot. Yes everyone uses other parts. Where in my post did I say IBM only uses their own parts? What I did say was that Dell doesn't test the mass of cheapest-made, least compatible parts they purchase. They have the lowest R & D budget in the industry. That was a fact I wish I had known before I bought one of their products.
Perhaps next time you decide to criticize, you'll read the post, and COMPREHEND it first.
"Curiosity killed the cat, but for a while I was a suspect."- Steven Wright
I think there is an strong element as you describe, and that the slashdotters do themselves a diservice by over-stating their case.
With respect to the public good, however, there are problems with the RIAA, MPAA, M$ and the coporate model in general has flaws. It's fine to discuss that, but over-stating your case makes it very easy for your opponents to sideline you.
With more posts such as yours, ideally, slashdot could give more balanced coverage, including the good things M$ has achieved. It's fine to draw attention to anticompetitive M$ tactics and general anti-social behaviour. Let them spread their FUD, but if you FUD back, who do you think people are going to listen to?
We must always remember that M$ is a corporation, and thus is out to make a buck at all costs - that's the formula that corporations operate to. We can't expect M$ to change without a change in corporate culture, it just wouldn't make sense in the real world. So which problem are slashdotters bitching about? How evil company X makes $$$ by using shady practices {Y...}, with the effect of damaging Z? That happens everywhere! That doesn't make it okay, but you should at least realize that it's a cultural problem!
With regards to the RIAA/MPAA, it's hard to have any sympathy for them at all, particularly considering my wife and many friends are musicians and film-makers. I have already noticed the success of their media machine in making people believe their mantra.
In the quest to own everything conceivable, corporations have twisted IP laws so that they can own ideas. They own obscenely long copyrights on cultural bread and butter, such as the song "Happy Birthday" (bet that shareholder's happy). They have pushed patent laws so that they can patent living things, genes, discoveries, algorithms, ideas. This is wealth usurpation, pure and simple.
The prevailing group-think on slashdot, however, is that people feel that they should get something for free anyhow. After all, linux is free, and don't people make money off it anyway? There are, however, problems faced by IP owners. Those very same IP owners (powerful people) are using those problems to extend their wealth (by getting new rules passed, or getting customers to agree to restrictive conditions that they wouldn't have considered before).
The RIAA/MPAA is doing well in this game, and slashdotters don't even realize that they're being out manoeuvred; sitting at home trolling about how evil they are only makes it easier for the RIAA/MPAA to push their agenda. Once mum and dad agree that DRM and similar are culturally necessary to protect the "artists" (well, the record label), then we'll all have DRMed computers... because the market will accept it.
I went to get some music photo copied a few days ago and couldn't. The copy shop had received threatening letters warning not to copy any music. It didn't matter that it was for personal use, or that the music was written in the era of Mozart, or that it was published in 1939. The store owner said I had to buy a new copy from the publisher, because otherwise I'd be stealing profit from the publisher.
The copy shop is the one who had profit stolen from them, and the owner didn't even get it! That's what we're up against people; misinformation turning into a cultural attitude that copying is inherently bad for the economy.
So long as people whine here, the RIAA/MPAA will have a free hand to continue their campaign, until they're a public institution. If only slashdotters saw RIAA/MPAA articles as a chance to discuss solutions to this problem. Perhaps someone clever will come up with some good ideas, and spread them to other slashdotters. If the ideas are good enough, someone will write to their heritage minister (or non-Canadian equivalent), or form a political action group, and _that_ is how you fight the copyright cartel.
Like all pain, suffering is a signal that something isn't right
Oh, that's right, you enjoy trolling the
XP's handling of SpeedStep (and similar technologies) absolutely sucks.
It used to be that with Windows 2000, the user could use Intel's SpeedStep applet to exercise extreme control over the CPU's SpeedStep functionality. (Forcing full-speed, forcing minimum speed, etc.)
With XP, Microsoft rolled about half of the SpeedStep control applet into the OS, MINUS the user interface, so that if the SpeedStep control mechanism got stuck on an undesirable setting, the only way was to hack the registry. The old Intel applet can't be used any more, as it conflicts.
XP's suspend features also never worked for me. My Inspiron 8200 wouldn't come back out of suspend from Day 1. On Day 2 I nuked XP and installed Windows 2000, and have been extremely happy with my laptop ever since.
retrorocket.o not found, launch anyway?
>Firewall only filters incoming traffic, totally oblivious to outgoing. (2nd paragraph, last sentence)
Enable firewall. Start Apache, and I get a warning about the app opening a static listening port. Yes, it does not ask about every connection, which is a design decision based on usability. What percentage of users know foo.exe is? For average users this kind of functionality is overkill. To say it does "nothing" for worms and trojans is being pretty disigenious as a port must be accessible to be attacked.
>Popup blocking is WAAAAAYYYY too late
So they should just stop it? Wireless support in Linux is a PITA, should developers give up on that too? You are being illogical.
>Nope, broken. Strike three.
Whoever told you there wouldnt be driver issues after a major upgrade lied to you.
>Must we delineate MS's culpability for the glut of spyware in the first place?
If MS could forsee the spyware issue they would have kill it, as its THEIR asses on the line. Spyware/viruses/worms is making their OS unusable and SP2 is really the service pack that is going to keep people from switching to Apple, assuming it works.
It seems that installing SP2 will make your system incompatible with a huge list of microsoft's software like MS Office, so we can think that it was just a bug, not as if compatibility were lost with OpenOffice or any Linux emulator for win. Post by: lobito151
Many, many broadband ISPs use DHCP to grant IP addresses. What's wrong with it being on? It'll be shut off or otherwise made inactive if you hardcode your IP.
DNS is sort of essential to the internet. Even if this is only a cacheing daemon, it's still valuable.
Wouldn't this make it possible for users to become administrator only when absolutely necessary, instead of all the time?
From the article it says,"The Security Center does little beyond warning users that the firewall is disabled, that automatic updating is disabled, or that antivirus software has not been installed."
There are people who don't even know what a firewall is, let alone what it does. It appears that Microsoft is trying to educate users on security from the non tech-savvy perspective. Once everyone has upgraded to XP SP2, the words,"firewall" and "antivirus" will be as common as words like,"Internet" and "email" to even the least pc literate person.
It's possible that Microsoft will be gradually increasing security measures and awareness as more people get used to the idea of having firewall and anti-virus software.
This could be a problem, though. If Microsoft places too much dependency on firewalls and antivirus software and not enough more secure design, then Windows will continue to be insecure on the inside of the firewall.
That may be the case. Did I mention that ITs response, when everyone in the office scratched their heads over this insecurity, was to "turn on the firewall"? Is there any good reason to allow RDC on a default installation for an office machine? Is there any good reason why a remote login should have the authority to kick out a console login?
The reason to allow RDC is so that when the lusers call, you can RDC into their machine and fix the problem. And the remote login ALWAYS had the authority to kick out a console login- that's how the admin gains control of the machine so that they can install software. If they're doing it properly, it's blocked at the corporate firewall and nobody can log in AT ALL from home.
Administering a large corporation is not the same as doing so on your home LAN- AT ALL. It's a different playing field entirely, and behind the firewall, you want the maximum possible transparency for your techs whil reducing holes for stuff people bring in bypassing the firewall. It's quite the balancing act.
SJW: a person who perceives an injustice, and while correcting it, commits a greater injustice.
I can't believe someone did mod "troll". If you don't trust him, find some comp, and put a fresh new Windows XP on it. Install ad-aware and scan. I did it one time, and soon I figured out that windows came with spyware slipstreamed!
"*ANY* PC", keep in mind, lil boy.
dude, you do not have a humble opinion, you have an attitude problem. In attacking Dell, you are attacking 25,000 hard-working Americans who make the best computers available. At least you could learn to spell.
Best researched, best designed PC products, according to every survey done by all the leading magazines in the business. Those are customer surveys. They sell the most PCs (they are # 1 in sales) because more people like them than any other brand. So why are you shitting on the guy who bought a Dell? Probably because you like attacking people. I am one of those hard-working, proud Dell engineers. I have a clue. I would suggest you get one, except it would be a waste of wisdom.
wake up and hold your nose
DHCP: (as mentioned above) Outside North America most people, even on broadband, don't have a static IP. In Australia it's available as an option, but you often have to pay extra. (They assume you want to host a server of some description) And what about people on dialup? DNS: (as mentioned above) What's with all this huggy-feely friendly name crap, everybody should be typing in raw IP addresses! *roll eyes* Remote Access Connection Manager: Required to make a dialup connection. Yeah, why just choke their connections downloading the thing, when you can disable them altogether and curb the spam problem!" Brilliant work at the Reg. ;)
SSDP Discovery Service & UPnP: Unfortunately, these are used for the remote control aspects of the XP implementation of Internet Connection Sharing. If they disabled these out of the box then people would lose this functionality. At least the firewall limits it to the local subnet by default.
NetBIOS helper: Required for backwards compatability with Win9x machines, and file/print sharing is restricted (by the firewall again) to the local subnet.
He had some good points about permissions, but that kind of stuff should no news to any of us.
Finally, his IE bitching is irrelevant. It's very easy to switch to Firefox, Mozilla or Opera. IE should be disabled with all security options set to max, so that programs which wrap IE aren't too vulnerable. If you want to go one step further you can set a fake proxy in IE's Connection options and make Windows Update an exception, so that you can still manually check it if required.