Slashdot Mirror
Ready or Not, Here comes Windows XP SP2
TheViffer writes "Beginning April 12, 2005 Microsoft will remove all temporary blocking of Windows XP SP2 by automatic update and Windows update which it has granted to those organizations that requested it. So unless you run Software Update Service (SUS), chances are you will get a mix of SP1 and SP2 running at the same time. Let's just hope you have these programs that are known to experience a loss of functionality when they run on a Windows XP Service Pack 2-based computer and these programs that seem to stop working after you install Windows XP Service Pack 2 patched, upgraded, or removed. Might be a good time for help desk personal to pencil in a week (or two) of vacation."
I know that it breaks some programs and has caused some people problems, but the alternative of ridiculously insecure Windows boxes running rampant is worse.
I've been running Windows XP SP2 on all of my computers (which admittedly is a small population of 3) with no problems. The built-in popup blocker is more rigorous than anything else I've seen and itself breaks many things (most amusingly Outlook Access for Web), but for the most part is plays fairly nice.
I'm a big tall mofo.
we have a list we can refer to. So many times in the past it was just a "try it and see" situation.
"I'm just here to regulate funkiness."
More to the point, the two KBs linked are:
1. program breaks because it executes code in a data segment (i.e. broken, article tells you how to turn of no-execute protection)
2. program needs ports opening on firewall (i.e. you need to learn to admin your firewall)
Um, it was very well tested for almost 3 months by almost 200000 beta testers.
Last time I installed SP2 on my laptop I got a BSOD everytime I unpluged it.
Thank you micro$oft for rendering a laptop unusable.
(Before everyone tells me to update drivers and whatnot, I updated all my drivers and still had problems, something to do with my processer...)
"Thoroughly tested" on what sort of platforms? No matter how thorough of a beta test you do, you can't possibly hit every combination of hardware and software that will be running your software, so you can't possibly know everything that could possibly happen.
There is no bug-free software, excluding things like "Hello World".
I, personally, have had no problems with SP2 on any machine I have it installed on (three pc's at the house with wildly different hardware, and about 7 pc's in my small office with xpsp2, all running on some form of Dell)
You seem to fail to realize that SP2 also includes ALL hot-fixes released previous to it as well. So it too is a roll-up of all the other hotfixes previous to it, including those in SP1. SP's are no different that Apple's Major Updates. They do the SAME EXACT THING. Actually I more liken SP's to what Apple did with 10.0 to 10.1 to 10.2 to 10.3, except MS didn't charge ya $129 to make the move.
This is incredibly obnoxious. MS should provide some method of still operating those older programs within some kind of better 'sandbox' then just to permanently stop the function of those applications/games.
They do. RTF KB. These apps break because of no-execute protection in data segments. You can turn this off in the control panel. There's a link to tell you how.
If you don't trust Windows Update to do anything right, I know I don't, you can use the Microsoft Baseline Security Analyzer to give you a list of what needs updating, and all the relevant information, so you can download the patches for yourself. I use this so I can keep copies of all the patches needed on my hard drive and can install them all without connecting to the internet.
Another good way is to load up Nessus and have a good crack at one of your windows boxes.
SP2 will not automatically be installed. It will download automatically, but someone still has to accept the license agreement and manually install the service pack. There is nothing automatic about the install. Please stop spreading FUD about SP2!
What is more interesting is how long it takes to install. SP2 is HUGE! This will put off many. I still recommend it, though not for the firewall features. Personally, if you have broadband you should have a decent cable router with your ports closed. No this won't stop internally invited connections but it will do pretty much what the firewall feature is doing. It's a matter of staying up to date, which is essential in a Windows environment. Like it or not, SP2 should be installed. If you don't like it, seriously consider switching platforms. Yes it's frustrating, but we're in a mess. We have a dominant player on the desktop. Until Linux get's more up to speed on the desktop and/or Mac's gain some share this is what we have.
It will only block pop-ups that are initiated by a website. It sounds like you've got a computer full of spyware/adware. Stop installing things like kazaa and get yourself some decent cleaning software. I personally recommend Ad-Aware and Spybot Search & Destroy.
We've upgraded all our XP PCs to SP2 and haven't had any major problems. We, of course, ran into a few minor issues, but they were easy fixes. We're done!!! What's the big fuss?
© 2004 The SCO Group, Inc. All Rights Reserved.
... it's also interesting that Microsoft released a Service Pack for the affected product that fixes the issue...
a ds/sp1.mspx
http://www.microsoft.com/windows/virtualpc/downlo
You want to see real havoc, what do you think would happen if Microsoft put a really good fix into a Service Pack? For example, what if they didn't let an administrative user log in interactively, and you actually had to run Windows as a normal user. Then, of course, use "Runas" to run admin apps. I'll bet that tens of thousands of third party apps would break. Damned if they fix it, damned if they don't.
10.2 to 10.3 was not a minor upgrade. (There's nothing minor about Expose, but if you're not using it it might look just like eye-candy. Also the speed improvements are amazing. There were also over a 100 other features which I can't recall.)
10.3.4 to 10.3.5 is a minor upgrade, and you do get that for free.
I use SP2 at work, and do like it. (And by "like" it, I mean I don't really like it, but it's better than SP1.)
If you don't know what AltaVista is (was), get off my lawn.
OSX 10.0 to 10.1 to 10.2 to 10.3 isn't XP to XP SP1 to XP SP2.
;-)
It's more like Win95a to Win95b to Win95c to Win98 to Win98SE to WinME.
OSX 10.2 is vastly different from OSX 10.0 and same from 10.3 to 10.2. 10.4 to 10.3 again will be vastly different. The differences are greater than XP SP1 to XP SP2 or Win2K sp1 to Win2K sp2, etc...
Win95 is Windows Ver 4.0
Win98 is Windows Ver 4.1
WinME is Windows Ver 4.9
Win2K is Windows 5.0
WinXP is Windows 5.1
Win2K3 is Windows 5.2
Full versions of Home based are $200 with upgrades at $100 (Yes you can get them cheaper but this is the legitimate on the record price)
Full versions of Pro versions are $300 with upgrades are $200
OSX 10.0 (Cheetah)
OSX 10.1 (Puma)
OSX 10.2 (Jaguar)
OSX 10.3 (Panther)
OSX 10.4 (Tiger)
All versions are $129 for a full version.
(They also don't require virus protection @ 50/yr or spyeare protection)
if you steal from one source, that is plagiarism, if you steal from many, well, that's just research.
Quoth the parent:
Oh noes! My parent used a $ instead of an S, he is clearly an idiot! Insert more drama queen ranting here!
As for whether the MS firewall is "sub-standard", why don't we look at the standard features of a firewall and some of the alternatives out there:
Quick Start (ie turn it on and it functions "out of the box")
MS: Yes
Zone Alarm: Yes
iptables: No
Outgoing Connections
MS: No
Zone Alarm: Yes
iptables: Yes
Configurability
MS: Wait, what port numbers do I need?
Zone Alarm: Yes
iptables: at least I can recognize --destination-port https
In conclusion, we see that for features that end-users actually care about, either MS firewall is either substandard or the free edition of Zone Alarm is far better than the "standard" which was apparently set by microsoft's late entry to the market. iptables by itself is certainly not what an end-user would want to use, but thats why there's configuration frontends to simplify the process.
iptables reads in its rulesets and starts before any of the network services are started. Well, I suppose if you mess with the init scripts you could change that, but its going to work.
Any IT shop with more than 10 Windows boxes that isn't running SUS (or an equivalent 3rd party product) is guilty of dereliction of duty.
SUS is ok for trivially small numbers of Windows clients. 10 yeah, 50 yeah, maybe even a 100 or so. I have nealy 1000 Windows XP desktops and fifty servers running 2K and 2K3. SUS does not scale. It falls flat on its face after about 200 clients try to use it, leaving your network in shambles that has to be fixed by hand afterwards. It is only "beta test" quality at best. Remember that SUS is still only at version 1.0 (sp1) right now. And we all know how wonderful that Microsoft version 1.0 products always tend to be interms of completeness and readiness for prime time.
Are you sure about that? I thought the problem was caused by it being on "automatic." When I set mine to "highest," the 10.3.8-induced fan revving stopped.
I have Unix underpants.
If SP2 is breaking stuff, 99% of the time is because it's trying to use some network port that is now blocked with the firewall. Just sniff the traffic going in/out of one of the SP1 boxes, see what ports the apps seems to require, then open those ports after installing SP2 (or turning on the firwall in SP1)
It's really easy to implement a policy that will disable automatic updates on all corp clients. They can also block access to the windows update site on the corp firewall.
Your mind looks a little cramped. Why don't you stretch it a little?
First of all, I have found that all the incompatibility comes from two realms: NX-bit protection and the new Windows Firewall. Both are easy to disable.
/NoExecute=OptIn or /NoExecute line. (Go to System properties, Advanced tab. Startup and Recovery startup Settings button. and hit the edit button in the new window., it will open up your boot.ini file).
NX (off): Edit your boot.ini by removing that
Clear, simple, and every application will no longer flip out. + you'll get a boost in performance (I take a 10% performance hit when NX is on my laptop, far more visible in photoshop than any other application).
Windows Firewall: First off, GET A BETTER FIREWALL! Next step, net stop sharedaccess and find it in your services (Start->run: services.msc) Disabled it.
Horrah! Your windows should now perform in it's old SP1 ways. (I have yet to find any application to fail after these features were disabled). Oh yeah if you get annoyed by that Windows Security Center, in it's main window on the left side it has a way to change its notification (to completely off because nagging programs suck).
[!] No, I can't see my comments. They are not worthy of +3 moderation.
> When will the "bashing Microsoft makes me feel good" trend end?
When using microsoft products doesn't feel like bashing my head against a brick wall?
Umm.. you are aware that SP2 is a lot more than just a firewall and the security center, right? I don't even use those two technologies and I see a lot of improvement with SP2.
For example:
Popup blocker (yeah, you can install google toolbar or others as well)
No Execute protection (Yes, it's possible for an attacker to get around it, but so are door locks.. that doesn't mean i shouldn't lock my doors)
reworked RPC management (this is a biggie since it's going to prevent other kinds of RPC based worms if another vulnerability in RPC is found)
Manage Add-ons tool in IE (this lets you easily disable any IE extension, making it hard for spyware and adware to hide)
ActiveX improvements (Clueless users don't need to click yes to continue surfing when an activex dialog appears. Now you get the same yellow bar that Mozilla copied from IE)
And a whole lot more... frankly, I won't let any machine I manage NOT run SP2, it saves a lot of work in the spyware cleaning department.
If you need web hosting, you could do worse than here
Even most of those listings only affect .001% of the population and are usually the result of multiple part combination bugs involving specific and rare setups.
PS CS does NOT have an endemic problem with SP2. I've seen it insalled and run on hundreds of machines and never run into this specific problem.
ohhh so all of a sudden back ward compatibility is NO LONGER A MARKETING mechanism for MS anymore.
INTERESTING..
The second list, which is marked as a list of applications that don't work after installing SP2, is actually a list of applications that need ports opened for them. This is not terribly surprising, and would need to be done for any firewall that people had installed.
While I can understand how a sysadmin looking at the prospect of 100 or 10,000 computers possibly going kaputz is scary... get some perspective. It's not like the system is upgrading to a different OS, it's just adding a firewall and a few other protections that certain applications weren't expecting. Try out your must-have software on an SP2 machine before the update happens, but chances are unless you're doing some silly undocumented mumbo-jumbo for efficiency your apps should run fine.
The ______ Agenda