Slashdot Mirror
The Verdict on WinXP SP2?
A reader writes: "Now that time has passed, people have been giving their opinions as to the effectiveness of Windows SP2. The jury has been good, but mixed." The ITMJ Product Guide is part of OSTG; what's been your, if any, experiences with SP2?
The article's like totally content-free. If you've vaguely heard of XP SP2 before it adds nothing.
And there are no user reviews on the site - the four-day old "discussion" has been "archived".
It's been running for nearly six months now on my Thinkpad T40 (I was in the beta program) and I've never had a problem. I've been able to take off my software firewall and let Windows handle it. No stability issues or compatiblility issues.
;)
A job well done, though it'll pain a moderator to let that last comment stand.
PocketGamer.org - For the gamer on the go!
Wow talk about relevant... I was at someone's house last night and they had just downloaded Service Pack 2. They were having problems with Internet Explorer so they hoped SP2 would fix it so they let the computer chew away for 5 minutes, then once it was installed they rebooted.
The computer got 5 seconds in to loading Windows before getting a BSOD (which lasted less than a second) before rebooting again.
And again. And again.
After 5/6 crashes it was obvious SP2 had royally fucked the PC up. Luckily we managed to boot up in Safe Mode and use System Restore to undo the effects of SP2 and now the computer is working normally (in fact, the IE problems seem to have gone!).
Now I am very dubious about installing SP2 at work, I think we'll be forced to upgrade before long but MS clearly still have some bugs to squash.
Sorry, but my karma just ran over your dogma.
My experience?
Since installing it on my brother's computer, my Mum and Dad's c computer. I've found myself having more time to watch TV, then trying to rid their computers of adaware and trying to explain to them why hundreds of screens pop up all the time.
I am not a Windows fan by any lengths, but hey. It's saved me some hassles so I am a happy camper.
I downloaded SP2 on my laptop and it caused a ripple effect thus disabling 99% of my non microsoft programs. Thus the last straw to be broken for me to switch to Linux. Looks like Bill is now off my christmas card list :P.
Please keep the Service Pack 2 shot my mother and buggered my dog posts to a minimum.
Thanks,
You need windows to run it, so he's waiting until it can be emerged or apt-gotten other his Linux installation :-)
Trolling using another account since 2005.
1) Search no longer working
2) Windows installer no longer working
and the fixes MS lists involve long registry edits that don't usually work. And these problems happen on most machines I put SP2 on. :-\
But if IIRC, this SP adds a popup killer, and a personal software firewall (and some bugfixes along with side effects).
So I understand the reason why most of the big Swiss companiesI am working with decided to stay on Windows 2000 (with ActiveX and VBScript deactivated).
Trolling using another account since 2005.
Yeah, the default firewall and other security stuff is pretty nice. Doesn't make much of a difference to me or the amount of crap I find on my clients' computers, though. My favorite aspect of SP2 is the new wifi management app. I used to constantly have random 802.11x connectivity problems, as did many other Windows users. I'd just occasionally get dropped and have to repair the connection. Irritating. But... SP2 fixed it! Yay! Anyone else see this behaviour? -Yoweigh
You must be new here. We're all closet Windows users.
Quiz: How many of you run Linux only? Now how many of you are blown away by Half-Life 2? I rest my case.
It would be cool if it didn't suck.
security center -> bottom of page -> 'firewall settings'
It's got all the goodies you want, including allowing full-access to specific processes and ports.
The firewall was there in SP1 too though, it's just on-by-default in SP2. I fail to see the big deal with it. It's almost an admision of defeat to install the firewall by default.
Also, if I were MS, I'd ask 'do you share files in your home with Network Places?' with a default of 'no' and remove the 'file and print sharing' service, which is a HUGE security risk.
"Sometimes, I think Trent just needs a cup of hot chocolate and a blankie." -Tori Amos on Nine Inch Nails
That's not true. It's not the best firewalling solution ut there (I personally prefer using the free version of Sygate Personal Firewall) (honestly, I personally prefer not to run Windows) but you can add some 'exceptions' (i.e. filtering rules), and it's better than nothing for Mr. and Mrs. Clueless.
In addition, it's an application level firewall (AFAIK the internet connection firewall in WinXP was only a level 3 'block any incoming connection' solution).
As I said, neither state-of-the-art, neither junk.
Signatures are for stupids.
"After spending an hour on the phone with Microsoft's India-based support team, I resolved the problem. Unfortunately, I never figured out the cause or the fix; things were just suddenly working."
HE resolved the problem without knowing the cause or what he did! WOWSA, it's like magic DOODZ! Better grab this guy for your support team, he's worth his weight in gold!
MS Hint: When speaking to Indian based MS support, for best results, hop up and down three times on left leg. Please contact support if leg is inoperative, leg is missing, or gravitational challange is experienced. A patch will be provided.
Now I'm the grandest Tiger in the Jungle!
If they put iptables in there, it would be very configurable and not at all useful to any usual windows user. It's about balance. Most windows users don't want to host anything on their boxes. They are passive participants on the internet. Those users who DO want to host something on their windows boxes will know how to install a firewall that allows them to do what they want to, be it software or hardware.
What does that mean? The people who are judging the product consists of white and black males and females,with some straight, gay, disabled etc representatives?
Or do they mean that the verdict was good, but mixed. Which means...mixed, and not good.
It looks like the grammar and spelling of the articles posted here are being dumbed down to the level of most of the comments!
Speak for yourself monkey man. I have some self-control. If the game isn't out for xbox, ps2, gameboy [which I use for pocknetNES mostly] or Linux x86-64 then I don't care for it.
Half life 2 may be a cool game and all but until they release a Linux release [re: never] I won't play it on any of my machines.
Tom
Someday, I'll have a real sig.
You must have a Creative sound card or something. Their drivers for 2000/XP have always been terrible. If you have a SBLive! or Audigy, I recommend getting the kX Project Audio Drivers. They're third party and do a lot of the basic things better than the orginal drivers do. It has things like a fully customizable bus and surround filters so you can upmix stereo music to surround - something Creative dumped when they moved on from Windows 98. EAX is supposedly not supported, but surround seems to be working just fine for me.
It would be cool if it didn't suck.
SP2 was meant to take a working system and secure it beyond the normal level of security.
If IE or any part of the system was borked, you should have run a virus scan, spyware scan, and troubleshot the problem before slapping SP2 on.
Never assume a security update can solve already existing errors within the operating system. SP2 is not to blame here, refusal to solve the problems before upgrading the system is on your side.
"We're breaking out the ramen noodles. . . "
"Really? Is it someone's birthday?"
I run linux, solaris, and mac os x on my desk.
what's this windows you speak of?
I think the situation is very simple.
SP2 improves security. This is Good.
Some applications rely on insecure functionality. This is Bad.
SP2 breaks some of these applications. If this affects you, you will need to find different applications before you install SP2, or secure your system in a different way.
The upshot is that Real operating systems and applications are not affected by this.
Please correct me if I got my facts wrong.
I had similar problems. I installed SP2 and after that the machine just refused to boot. Just before the XP-logo is supposed to show the screen just went blank and nothing else happened. Annoying as hell. Since I had the orgiginal XP-CD I tried the "repair" utility but no matter what I tried the machine just wouldn't boot. I even tried installing the whole thing over the old installation but still nothing. Fortunatly I had two HD's in the machine and since Linux never fail me it was no biggie booting into Linux and getting the files I wanted.
:-/
.haeger
A complete reinstall of XP was required to get the damn thing to work. If I hadn't been required to run IE to access some work related things I wouldn't have installed it again.
Oh, and now I won't forget to backup all files every now and then.
You are not entitled to your opinion. You are entitled to your informed opinion. -- Harlan Ellison
There isn't a way to block outgoing access, as it is an incoming only firewall. Good catch :)
I never said it could do outgoing, and I did say that there are better alternatives out there. Don't get me wrong, I know the firewall in SP2 is limited, but I also know that the information the parent poster provided was completely inaccurate. MeErely wanted to clear up a few things.
And yes, you are entirley correct. The custom section does have that minor exploit, but since the SP2 is targetted moreso with home users 255.255.255.0 would only be their brother/father's/sisters/dog's computer on the same network as them, and thus only someone on the same home network could have unlimited access with default FW configurations. Of course, if I'm wrong please correct me. Also, if a buisness or anyone other than a typical home user network wanted to focus on security, then let's hope their tech knows enough to have a hardware firewall/router and not depend upon software alternatives.
"We're breaking out the ramen noodles. . . "
"Really? Is it someone's birthday?"
Athletic Scholarships to universities make as much sense as academic scholarships to sports teams.
Well it worked great for me, then I took it off. :)
Of course I'm exaggerating the "works great" part. My GPRS enabled celphone stopped being a modem and became a phone. That means it could no longer work for dialup networking.
This problem means little or nothing to anyone who doesn't own a Sony Eriksson T220. To me it's the difference between internet access or staying offline.
--= Isn't it surprising how badly I spell ?
Why? Is there a reason that a computer should by default allow all traffic to flow in and out without any user interaction at all? Firewalls are not just an indispensible first line of defence (for while you're getting those patches, be your OS Windows, Linux, BSD, whatever), but also an essential tool for you to retain some control over your network/internet connection.
You know you've been IMing too long when you almost say 'lol' out loud to a non-geeky friend...
I have a HTPC that I have tried to install SP2 on three times, the last time being last night, and each time it has hosed my system. After the second time calling 1-888-SP2-Help they told me to order the CD, then start the machinge in safe mode to do the install. That's what I did last night, and guess what, it still freezes after reboot.
I am just continually baffled as to why people don't just use something suited to the job. If you are going to connect to the Internet, use a dedicated firewall. Sure, a full, enterprise level appliance may well be £50k (new Nokia IP2250) but you can get a decent home firewall for a couple of hundred.
It is a simple segregation of duties issue - a sensible defence from the internet is a filtering router, firewall, DMZ if you need it, AV on your mail gateway and PCs.
And then you need to seriously look at Firefox as a replacement for IE, again this will just add some security, as IE just has too many hooks into the OS and so can seriously bu66er your PC.
Of course, this being Slashdot, I would also have to argue that using any Microsoft product is just wastefull and inappropriate:-)
Some examples:
My mother got a new PC with XP and Norton AV. She connected it up to download updates, and got infected within 2 minutes by a virus Norton can see but can't do anything about.
My firm rolled out XP to all laptops (were on 2000) - now the boot time is longer, many functions don't work, hibernate is flaky, I need admin rights for more apps than I used to and the only good thing is that Excel 2003 has some great features. Even Word sucks even more than it did.
Suffice it to say on my home network I have only one PC running windows (currently 22 running other OS's - BSD, Linux, Solaris, Irix, HPUX, AIX etc) and it is purely for games playing and does not have a connection to the outside world. My firewall filters out pretty much everything - very little is needed inbound except SSH.
So let me get this straight... Microsoft's ueber-update to improve Windows security works great, as long as you install it on a machine that was already secure enough not to have malware/spyware on it?
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
Well, I've installed it on four machines now (my one at home and three at work), and I haven't had any problems with it. All four machines came up and worked as expected.
About the only change I noticed was that the Security Center was yelling at me on my home machine for not having virus protection, a firewall, and not having automatic updates installed. So I disabled those alerts. (I have my reasons for not using any of that on my home machine - the biggest one being that it's behind an actual firewall that blocks all incoming connections.)
Since I don't use IE and instead use Firefox on all four machines, I haven't noticed any real change with IE yet. About the only thing I noticed was that it apparently doesn't run JavaScript on local HTML files without prompting first, which is kind of weird. Oh, and it warns you before running programs you've downloaded off the Internet, even if you don't run them through the Download dialog.
So, ultimately: no problems, yet, but no real improvements that I've noticed. Granted, most of the improvements were supposed to be added security, so it's not like I'd magically notice my box was more secure. They just kind of run like they've always run.
You are in a maze of twisty little relative jumps, all alike.
They'll support it as long as megacorps are refusing to upgrade their desktops to SP2 because of all the instability problems. I work for one, and we're all under strict orders not to download the update until it's been properly checked out by our IT guys. Go on, tell me you haven't heard that from millions of others as well. :-)
It's just like dropping support for old versions of Windows itself: MS would love to, but since they've borked the update process and their major customers aren't riding with them, they can't do so without seriously damaging their business.
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
An admission of defeat to install a firewall by default?
Every linux distro I've installed in the past 8 years has come with a firewall on by default, and most of them were configurable during the install.
I guess it isn't only MS that's defeated.
Bummer.
B
"We must still have chaos within in order to be able to give birth to a dancing star." --Friedrich Nietzsche
I always tidy up first - Ad-aware especially - especially make sure AV and firewall software is on the latest version, so that they and SP2 can coexist happily.
A good summary can be found here.
With SP2, there is no outgoing blocking. When a program not on the exception list tries to open a listening port, there is a pop up.
One line blog. I hear that they're called Twitters now.
You can get Cable/DSL "routers" for less than $100. They're not full blown firewalls, but they can provide NAT and at least removed the machine from being directly connected to the internet.
A fine is a tax you pay for doing wrong and a tax is a fine you pay for doing all right.
Firewall's way more advanced in SP2. What I believe you're referring to is TCP port filtering. The firewall in SP2 is at the application level, not the just the port level. The difference is quite major.
The TCP port filtering still exists in SP2 as well.
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
Everyone keeps bashing SP2 so much, I decided I'd even this up a bit.
Although I'm not an NT admin, I did install SP2 in a couple of places, and here's my take:
1. Added a simple, probbably far-from-what-we-here-on-/.-would-call-decent but TURNED-ON-BY-DEFAULT firewall to joe-clueless-user. IMHO, this will severely reduce virus infections on the vast amount of joe-user machines that are not properly mainained with good up-to-date malware-protection.
Yes, a minority of 'joe-average's will have stuff break due to this, but the majority will benefit.
2. Enabled windows update by default. Again, will severely increase resilience of a vast number of joe-poorly-mainained-user boxen.
3. Tags files that were downloaded from the internet as such, and gives a proper warning when attempting to execute it. Another simple idea that will decrease suffering of people from malware.
4. [...Finally] added a decent popup blocker.
5. IP configuration GUI improvements. After 9 years of renewing a DHCP lease from the command line, they finally put a "right-click-on-tray-icon--->>REPAIR" option that gets a new one. right-click-->STATUS was also complemented with a new tab that... SHOWS MY IP ADDRESS. BRILLIANT!
Sheesh, and it only took them 9 years. Buy hey, better late than never, I say.
6. After 2 years with flaky, unstable, bugged, alpha, crappy user UNfriendly blowatware bluetooth drivers based on the WIDCOMM "my-dog-can-write-better-software" SDK, Microsoft finally threw in their long awaited BT stack. And boy, was it a sight for sore eyes. It supports all my BT plugs out-of-the-box, Its simple and intuitive to use, and works like charm. BT network driver works great, as does syncing with PDA and a symbian phone. No more 30-minute battles with the Nokia suite, the BT tray icon that stopped responding and a guess-list of 12 serial port drivers to sync my phone with Outlook.
I tip my hat to MS for issuing an *excelent* BT driver suite, albeit 2 years overdue.
And yes, they crippled raw packet API on the TCP/IP stack, so nmap had to write a little workaround.
So go ahead and bash MS all you like, but as far as both myself and quite a clueless family members I inevitably get to support are concerned, SP2 did good. If fewer people have to spend their time, money and nerves treating virus-related computer problems, all the better.
Kudos Microsoft, and thats coming from a hardcore UNIX geek and fulltime Linux/Solaris admin.
Flame away kids.
-
Whatever about security flaws and errors introduced in SP2, it accommplpished one thing very well. It makes users more security conscious
The XP SP2 security center is the greatest thing to come out of Redmond since the start button. it forces users, through alerts to be aware of the vunerabilities of their own system. if they are without Antivirus, Firewall or automatic update, it tells them, and keeps telling them, until they fix the problem. This alone has saved me countless hours of explaining why security is important to people who just don't give a shit. For some bizarre reason, lecture after lecture from a techie on security will result in a user who still installs spyware ridden file sharers and smileys, browses on IE and won't install a simple antivirus, and who thinks your being paranoid. And yet a simple taskbar bubble proclaiming 'Your computer may be at risk' grabs and holds their attendion, to the extent that they actually do secure their PC(In as much as a windows PC can be secured).
Security Center Rocks!
Time for a Gnome Version methinks.
P.S.
BITS is also a lifesaver! Now at least when little annie stops downloading MP3's for 5 minutes, updates will actually be downloaded.
P.P.S.
Remember to set the install time for the updates when you fix computers for friends and family. I find 0600 is good. Everyone is in bed, so no panic results when the installer dialog pops up. Of course the computer must be on 24/7 , but just tell them that turning it on and off too much will break it.
May the Maths Be with you!
Turning it off is not that easy, at least for me. I logged in as admin ("Owner") and turned off the firewall. Then I logged off and logged back in as a normal user (myself), and the firewall was turned back on! And since I didn't have admin privileges, I couldn't turn it off. So I logged off and back in as Owner, and it was off.
Finally, some combination of turning ot off, rebooting, logging in, turning off, etc, finally got my user account to turn the thing off (I use ZoneAlarm Pro). However, when my wife logs in on her user account, the firewall is on again, and she can't turn it off.
Otherwise I haven't had any problems with SP2. I disabled the security center process too while trying to figure this mess out.
Some really good things about SP2 and security that people like my mother would benefit from:
1) Application warnings
In a similar way to some adware programs (such as WinPatrol), SP2 warns when new applications are trying to add themselves to your startup and gives quite a good explanation as to what is going on.
It also warns if applications are trying to contact the internet like some of those personal firewall things.
2) Internet security warnings
You know those dialogs "This is a really complex technical thing about running ActiveX controls and you know nothing about them, hey, so just click Yes or press Enter because that's what we've decided to default this dialog to". Well those are now quite different. The Action button to say yes is actually disabled for about 5 seconds or so to encourage reading of the dialog (and its better worded) and they also don't default to evil actions.
A few other things I like:
* They've hidden all of those pesky updates from Add/Remove programs, you can turn them on with a checkbox. My Add/Remove was becoming ridiculously long with all the automatic update patches showing up as installed applications.
* Much improved Wireless networking capabilities. Made it user friendly enough for lusers to understand and configure without impacting on advanced capabilities.
I haven't had any major problems as some others seem to have had (and neither have the 100 odd people in my company who have also updated), so I can't comment on that. All I can say is that I've updated certain "stuff" on my linux boxes before that has broken other things, so lets not get overly critical about one or two teething problems.
As much as I hate to admit this, I think that MS have actually done quite a good job with SP2.
It tells me those machines are pretty typical. I work for a tier 1 helpdesk on a fairly large (~20k people) campus, mainly supporting student machines. After SP2 was released, nearly half my problems were "SP2 not installing cleanly" problems. I've had a lot of different issues -- mostly networking (a full stack reset after uninstalling SP2 usually fixes these), but quite a few more serious errors like "Unmountable Boot Volume" in a blue-screen loop after installation. As far as failure rate, I'd have to say SP2 is the worst update as far as failure rate goes.
The root cause of a lot of these problems are viruses, spyware, and adware, which is funny because those problems are what SP2 is supposed to fix. Anything that mucks around with any system files gives SP2 fits, especially the network stack. Luckily, most people have either got SP2 now, or have automatic updates disabled until such time as they can reinstall Windows so that they can update their machines again.
Also, I found out yesterday that the Indeo codec is no longer included in Windows XP! All new installations of XP SP1 or higher don't include it, and the Windows version of the codec costs $15 from Indeo's website. I had to play my video on my laptop with OS X (OS 9 Quicktime in Classic), because OS 9 came with an Indeo codec, when previously, Indeo was pretty much the Windows codec to use (before WMV anyways)
SP2 is the first verion of Windows to support Blue Tooth.. and it is a GREAT improvement over using vendor supplied drivers and utilities.
Oh yeah.. the WiFi support and interface is MUCH bettter too.
Not in 100% of cases, but at the very least they shouldn't make those systems any worse. By the arguments people are giving in reply to my previous post, no security patch can ever install reliably, yet strangely, many have until this point.
For a start, Windows XP is supposed to have filesystem protection in place to prevent permanent changes to key Windows system files. This was one of the much-hyped benefits of upgrading, if you recall. If this has been circumvented, Microsoft must at least know the correct checksums etc. for all the key system files in their unmodified state.
At the very least, following the "do no harm" policy, each included patch in the SP could check whether the previous versions of the files it's changing were unmodified, and issue a warning rather than messing around trying to install over bad starting data in that case. That alone would probably prevent a lot of the problems.
Taking that to its logical conclusion, it would be hard to compromise a system without affecting any key files at all. Why can't the update include checksum information for all the key system files, check them all at the start of installation, and abort with a suitable warning rather than proceeding if the system has been compromised? It's not as though it's a small, modem-friendly download and they're worried about file sizes.
Come on guys, this isn't rocket science, it's kindergarten. Failing to read page one of the manual is no excuse for delivering an update to such essential software that takes out something like 30% of your installed base according to early adopters. I could understand the odd slip up, some particularly clever malware or a human error among hundreds of fixes, but we're talking about thousands and thousands of installations being wrecked here.
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
The Wireless Zero Configuration service was far from Zero effort on my laptop. If the zero applied to useful functionality then it was 100% effective. It doesn't support my NetGear 802.11a PC-Card. It does support the on-board 802.11b. If it's enabled then WEP doesn't work on the NetGear (even if the NetGear config software is running). If it's disabled then the on-board wireless NIC doesn't work. In the end I had to disable the service and use the NetGear XP driver and config S/W then go get Windows 2000 drivers and config S/W for the on-board NIC so that I could run both at the same time. I burned hours "fixing" SP2. I saw the posts about Joe-average and agree but if it breaks big-time when it doesn't work then that's nasty for Joe-average and irritating for me. Joe-average would never have figured out why their shiny new wireless network stopped working.
One problem with SP2 that has not been mentioned yet is the fact that in all of MS's infinite wisdom, they broke the definition of a loopback address. According to SP2, a loopback address is defined as ONLY 127.0.0.1, not the entire 127/8 address range. If you use certain types of remote access, such as client-based or clientless VPN methods, it will break the user's access. Although MS issued a hotfix for the problem several months later, this is aother demonstration of their lack of pre-release testing or software QA... --->Rob
I slipstreamed SP2 into XP. It loads from scratch without issue.
And SP2 loads just fine to current installs if you are free of issues. Spyware/Malware/Viruses/Etc. are ALWAYS found on every machine I work on. I boot from a WinPE CD and manually remove that which I know is going to cause problems and then uninstall all crapped-up software. I even run Scandisk & Defrag prior to ensure a smooth transition.
I have yet to have an unexplained issue.
I've upgraded dozens of machines this way. And it keeps me in beer money!
Kenny P.
Visualize Whirled P.'s
I bought my parents a 2400 a little more than a year or so ago, and things ran fine on it, until told them to install SP2. Now, for some reason, it's slow as hell; every little mouse click takes a very noticable pause. At first I thought it was malware, but we ran Adaware on things and nothing's helped. I think I've covered everything I can:
I've installed a decent video card
It has 768MB of RAM in it
It's firewalled (hardware router/firewall)
It has zonealarm just in case
It has Norton Antivirus
No programs installed in the last 9 months
It's been defragged
The only conclusion I have is that it's SP2. The Dimension was a little slow before, but once SP2 was installed, it went from a consistent 'kind-of' slow to a now progressively slower and slower system. Grr! I'll have to do windows reinstall next time I visit. Probably stick to SP1
0- Eamonman Proud member of DNRC