Last Words On Service Pack 2

thejoelpatrol writes "So did Slashdotters call this one? Windows XP SP2 seems not to be so secure after all. A Register reporter goes in depth to find out just how safe a fresh install is. He provides a list of which dangerous ports are left open and which services are left on by default. I guess now we know why Microsoft's security timetable is 10 years." Reader ack154 writes "ZDNet is reporting that many Dell Inspiron users are reporting an extreme performance decrease since installing Windows XP SP2 - decreases as much as from 2.6ghz down to 300mhz. Dell claims no responsibility, claiming it is 'externally loaded software' and they don't support it. In the mean time there has been a fix posted on Dell's forums, which rolls back the processor driver." Finally, Marxist Hacker 42 writes "Amid complaints of too much XP Service Pack 2 coverage on ZD Net, David Berlind writes that Service Pack 2 deserved the scrutiny it got- and charges that it failed to live up to Gates' Trusted Computing Initiative." Finally, Microsoft warns that installing SP2 on a spyware-infested PC is a bad idea.

Performance decreases that exxxxtreme...

...deserve some extra 'X's.

Last Words?

Somehow, I doubt that these are the last words we'll see on the subject....

Re:Last Words?

[skeptikos]

Famous last words: "I'll install SP2!"

Re:Last Words?

[rd_syringe]

It's a total flamebait article. This sort of article would have gotten modded down if it was a comment. It's just an attempt to bog people down with anti-"M$" links. I could create an article with just as many positive SP2 ariticles--and believe me, the response to SP2 was very positive and not at all this phony letdown that Slashdot is trying to put out to its readers--but it would never get posted on the front page of Slashdot.

The entire summary is inflammatory. "Did Slashdotters call this one?" Well, gee, I'm so surprised that Slashdotters think SP2 is a failure. And then it even links to the widely criticized "Windows Secure In 10 Years, Says MS" article.

I am fully convinced there is a smear campaign going on against Microsoft that goes beyond merely being a pro-Linux site--as in, it is going beyond normal levels of criticism. I suspect it has to do with the fact that this website is corporate-owned, an entity of OSTG which is a company that makes money off of selling OSS and Linux products. The rate of anti-Microsoft articles has increased dramatically with the release of SP2, and headlines/article summaries are often wildly exaggerated or even completely false. If Microsoft owned a tech news site, and the articles it posted were inflammatory and exaggerated in the same way Slashdot's are, you know that Slashdot itself would be all over it with criticism! But Slashdot's misleading "news" is given a pass because a lot of people here have chosen this website as the haven for their frustrations with Microsoft. This place is the Ain't-It-Cool-News for IT nerds.

I'm sure many of you will disagree, and I respect that because I used to like Slashdot too back in the 90s when it was still a good place to find cool science and computer news, but since the corporate buyout, it has been a major source for three major things--anime news, anti-Microsoft news, and OSS project releases. In between those are scattered various articles intended to generate page hits by inciting emotions in the majority viewpoint of Slashdot--anti-capitalist, anti-corporate, left-leaning computer geeks (which makes it all the more amusing that Slashdot is actually corporate-owned, displays large banner ads, and sells subscriptions). That's why we get "More Automated DMCA Lies" articles--as if an automated system was an actual live being that could "lie" to you, when it's really just some automated system that made a mistake--and anti-RIAA, anti-SCO, and anti-copyright articles. We all know the formula for those articles.

Finally, it does not surprise me one bit that this article was posted by michael. Plenty of others have said enough about him. Even Jon Katz's articles were at least genuine in their subject matter. Michael's are almost always a cynical backslap against someone. Let's not forget his all-caps "ANTI-INTEL" troll in the 64-bit chip article, which would have been modded down had it been a normal comment and not an article on the front page.

If you disagree, reply and let me know why you do. But this whole obsessive-compulsive desire to bash and bash and bash Microsoft is just boring me to death. This is supposed to be a LINUX site, remember? Isn't there anything cool going on in OSS lately? I miss the old articles we used to get on Slashdot, and the fascinating discussions that used to take place (as opposed to the karma point games that go on now as everyone plays comedian and makes +5 Funny jokes that aren't funny). Do we really need yet ANOTHER SP2-bashing article?

any time now...

[dirvish]

Well, just wait 'til Longhorn. It will be way better...in like 12 years, or maybe 14...

Re:any time now...

Laugh it up, but when will the HURD 1.0 be released?

CPU Driver Problem?

[kevlar]

ZDNet is reporting that many Dell Inspiron users are reporting an extreme performance decrease since installing Windows XP SP2 - decreases as much as from 2.6ghz down to 300mhz. Dell claims no responsibility, claiming it is 'externally loaded software' and they don't support it. In the mean time there has been a fix posted on Dell's forums, which rolls back the processor driver."

Aren't 99% of drivers 3rd party software? The only thing MS does is bundle them together, but I believe that AMD or Intel et al are the ones who actually WRITE the device drivers. And if the performance of a new driver sucks, I'd chock that up to being a shitty driver, versus a shitty Service Pack...

Re:CPU Driver Problem?

[Kenja]

A CPU driver in this case referes to a system driver that enables the OS to set the clock speed of the CPU for power saving modes.

Why I didn't bother...

[gordgekko]

This is why I didn't bother. My XP Pro with SP1 is protected with a firewall, updated virus scanner and Spybot S&D's innoculator. Running Firefox and Thunderbird and anti-spam software doesn't hurt as well.

I might add that the free/OSS I have protecting my machine weighs in considerably less in terms of combined file size then does SP2.

Re:Why I didn't bother...

[Carnildo]

Why I didn't bother:

I'm dual-booting 98SE and Gentoo Linux. '98 predates all the security holes, and Linux doesn't have any worth mentioning.

Spyware infestation

[ogewo]

If for some reason you DID load SP2 on a spyware infested computer and it is no longer booting just boot with the "Last known good configuration" option in the F8 boot menu. Uninstall SP2 (you may have to use XP system restore before doing this), remove spyware, reinstall SP2.

Spy ware and SP1

[Solidblu]

"Microsoft warns that installing SP2 on a spyware-infested PC is a bad idea."

One word. DUH. If you even install sP1 on a spyware infested computer it can render it unbootable. I've run into atleast 10 machines this week that have had this same problem. I work at a university which is forcing students to install service pack 1. there are a lot of machines that can't even take the service pack because of the spyware the installs just hang or destroy the install on the computer. I feel bad for the students because they have to either format or pay to get thier comptuer fixed. It not thier fault or the universities fault. who would have thought forcing college students to update thier microsoft patches would be a bad idea.

Re:So basically:

[wobblie]

RTFA. The main gripe is that it doesn't follow braindead simple best security practices (e.g., not leaving services listening on the public net) , not that it doesn't fix all the holes.

Many of microsofts security problems could be fixed by just following best practices, and the built in firewall doesn't do shit.

Re:So basically:

[GigsVT]

MS really is in a bind here.

If they were to close off all those ports, they would risk all the clueless sysadmins screaming on MS forums that SP2 breaks everything, even basic windows sharing facilities.

I think the main point here is that MS has tried to appeal to people by saying that it's easy to be a sysadmin, that anyone can set up a network and run it. Real sysadmins all over the place freaked out, with good reason. They were accused of being set in their ways, etc, etc.

Now all those things that the skillful have said would happen, have happened. Rampant security problems, etc.

Re:Firewall is on by default

[Psiren]

I say it's a "massive step forward" because there are literally MILLIONS of windows machines which are never updated, don't run any firewall software, and which are directly connected to broadband ISPs. The people running these boxes truthfully don't know what they're doing in these matters.

So if these machines are not updated, and the owners don't know what they're doing, what makes you think they'll install SP2?

What crap

[rabtech]

The writer of the article is full of it and obviously knows nothing about Windows.

He claims that WebClient, DCOM, TCP/IP NetBIOS Helper, Secondary Logon, Remote Desktop Help Session Manager, Remote Access Connection Manager, DNS Client are all on or set to manual and should be disabled. Thanks, but I'd like to be able to use WebDAV, COM/DCOM, share files with a roommate/family member, use remote desktop from work, VPN into work in the first place, and resolve DNS hostnames thanks.

I might also add that he rails on Microsoft not taking advantage of multiuser capability properly then recommends that Secondary Logon be disabled for home users! Without it, Windows can't popup when you try to install a program or run Control Panel and ask for an admin password to proceed... which makes using a non-admin account a pain in the ass.

He also whines about these network drivers being installed:
Client for Microsoft Networks, File and Print Sharing, and the QoS Packet Scheduler

But perhaps he assumes everyone has one and only one PC in their home and has no wish to share files between them (yeah right). Oh, and you'd like to take advantage of QoS for VOIP or bandwidth throttling? Forget it if the driver isn't available.

With "genius" insights like these I certainly wouldn't trust this yahoo to install a toaster oven, let alone an operating system.

Opinion Represented as Fact with a \. Slant...

[mythosaz]

This is normal. This is another in a long line of articles that does little more than say:

L0LZ@Micro$0ft!111!!11oneeleven1!! because your firewall choices and services defaults aren't what I would have picked.

There's still service bloat in XP. There's little doubt about that, but suggesting that you turn off DHCP when 51% of us use broadband? I mean, DHCP only has an effect for people that actually, you know - HAVE A FRICKIN NETWORK CABLE PLUGGED INTO THEM! Can we make an assumption that a pretty fair percentage of people who have network cables plugged into their computer use DHCP? Good lord almighty.

Also, he complains because the service type on most services is set to... ...get this... ...MANUAL. Manual is another word for "not on unless I need it," which is a nice long way of saying "OFF" -- you damned chowderheads.

Sure, XPSP2 isn't perfect, but articles like this, these "If I had made it, I'd have made it stupid!" articles - they're just drivel.

Re:Interesting...

[eV_x]

Agreed.

Suggesting that we turn off DHCP with a comment like "Unnecessary on most home machines" shows that someone is not in touch with the rest of the world.

Maybe in L33Td0M you only run static IPs so you can connect by typing in l33T IP addresses instead of machine names, but the rest of the world doesn't know an IP address to save them.

Comments like that show you have no clue, because the world is not full of command prompt users.

Fellow inspiron owner

[gad_zuki!]

My inspiron is acting fine too. A little snappier too.

>So did Slashdotters call this one?

No. They really didn't. Of course SP2 was going to cause *some* problems, but poo-pooing everything MS in a knee-jerk fashion doesn't help anyone and probably is keeping people from installing it, which is a real shame because:

1. Firewall on by default. Power users can easily shut it off. How many Slashdot posts do we have that wish MS did this, but when they do suddenly MS is doing wrong. Yes an admin can shut it off even with an activeX control. Such is the life of running as admin.

2. Nag screens for anti-virus and updates. Much needed.

3. Better wireless interface. The old one wasn't so hot and this is a welcome upgrade.

4. "Drive by installs" are not going to be as common as IE requires an extra step to install/download stuff and blocks pop-ups natively and by default. Man, how many slashdoot posts did we have about "MS should do something about pop-ups and click installs!" Well, they did. Sure, they didnt remove activeX altogether, but no one was expecting that.

5. NX support for AMD 64. Wow.

> Finally, Microsoft warns that installing SP2 on a spyware-infested PC is a bad idea.

No shit. Installing ANYTHING on a spyware infested PC will cause all sorts of problems. Fighting spyware is what SP2 is trying to do. Give it time or at least introduce your friends and co-workers to a little thing called Ad Aware, especially if they'll never switch to FireFox. Face it, many people will never switch and will go to their deathbeds using bundled software.

>So did Slashdotters call this one?

Granted, if you take the negative approach to life 24/7 you will be right every so often or at least subjectively, but I feel these are much needed changes and will help technophobes better use their machines. MS can do things right. Yeah, break out the smelling salts...

Re:Slowed Down?

Thanks Bill.

A cursory inspection of the article yields

[ribond]

This reads a bit like the Republican take on Kerry's record. It's so like accuracy that it can be deceiving. Here's what I saw from just a glance...

Automatic Update is off by default...

...it's a true statement, but their comment goes on to say it should be off... so what is wrong with having it off and prompting users to change state if they want to?

NetMeeting Remote Desktop Sharing, manual. Unnecessary on most home machines. Should be disabled by default.

The service is not enabled... it is in a state where applications that rely on it can start it if its necessary, but that would be performed by the user. Have it not enabled is not a security risk....

Remote Desktop Help Session Manager, manual. Unnecessary on most home machines. Should be disabled by default.

I love this service. I love that it is not enabled by default, but must (as above) be initiated by the user. Again, there is nothing wrong having this service in a state where the user can enable it without confusion...

Secondary Logon, automatic (enables starting processes under alternate credentials). Unnecessary on most home machines. Should be disabled by default.

This service is what allows fast-user-switching (multiple console logons w/out logging out). It is an integral part of the XP ui and absolutely should be enabled.

The chief weakness of a single-user system is that whoever sits at the keyboard is the administrator, or root in UNIX parlance, capable of taking any action he pleases. He can install programs and delete files or wipe out whole directories; he can alter system settings with the same privileges as the owner.

Newsflash -- Windows is not *nix, its user base is not a *nix user base, etc... Excuse the cliche, but "Mom" is not going to login as a "user" then launch setup apps in root/admin context -- this is just not something that "mom" can wrap her head around.

the user decides whether or not to allow provider X or Web site Y to run code on his machine, based on pure guesswork and vague impressions.

For example, Internet Explorer allows a user to choose websites from which potentially dangerous content like JavaScript and ActiveX controls will be trusted. Content from 'untrusted' websites can be assigned reduced privileges.

This approach is wrongheaded from the start.

I'm calling bullshit on this one. Pick -- the end user should be smart enough to work in the user context until he/she needs admin access, then they should go use it for that specific context, etc... but they shouldn't know if they trust a site or not? And by default there is nothing in the "trusted" sites list, so the user is going to be prompted for each download attempt. If they don't like the "zones" idea that's fine, but complaining about the implementaion is different from that implementation being unsafe.

"Empty Temporary Internet Files folder when browser is closed" is not selected. (We would leave it enabled.)
"Installation of desktop items" gets a prompt, and is enabled for trusted sites. (We would require a prompt at all sites.)
The pop-up blocker is enabled, but disabled for trusted sites. (We would leave it enabled.)

More of the same. We get it, you don't like the "zones" thing. There is no difference between what the review wants and what IE already does in this case. There are no trusted sites by default and the user is going to have to go out of his/her way to get some there. If you like reading some activex riddled crap page you should be able to view the site without being bothered every 2 seconds. You have that right.
As a matter of fact, can you imagine the user experience if these setting