Slashdot Mirror
Ready or Not, Here comes Windows XP SP2
TheViffer writes "Beginning April 12, 2005 Microsoft will remove all temporary blocking of Windows XP SP2 by automatic update and Windows update which it has granted to those organizations that requested it. So unless you run Software Update Service (SUS), chances are you will get a mix of SP1 and SP2 running at the same time. Let's just hope you have these programs that are known to experience a loss of functionality when they run on a Windows XP Service Pack 2-based computer and these programs that seem to stop working after you install Windows XP Service Pack 2 patched, upgraded, or removed. Might be a good time for help desk personal to pencil in a week (or two) of vacation."
That nearly all the programs on that list are very old, or already have updates for SP2. Hey what the hell, it's Microsof so lets bash them anyways. Sp2 does a LOT of good things for the average Joe in protecting him from his own stupidity.
They've had plenty of time to complete any migration. The application issues have been known for enough time, that if this is still an issue, they've been slacking off for too long.
No need for a vacation inept geeks, you can turn off Automatic Updates with group policy and you can block the windowsupdate.com site at the firewall. That is, if you *really* don't want SP2.. which IMHO seems to be (relatively!) quite stable and secure.
-- i drop mine in braille so you blind cats can read me
How many of those programs in the list are either old versions, have been updated for awhile now, or can be fixed by just disabling windows firewall?
I bet the majority of them.
I'm still waiting for a slashdot post to strike fear into the hearts of everyone about the end of the world being near.
I'm not sure what language the second half of the submission is in, but Babelfish isn't helping. Can somebody provide a translation?
Mod down posts with a "Free Mac Mini/iPod" sig, they're spam!
Yet you will willingly go out and get the latest Linux kernel, or the latest update of MacOS X without hesitation right? Heavy handed? MS has given MONTHS (try almost 6 months) for people to do what needs to be done. If other vendors are to slow or just too damn lazy, STOP USING those vendors. SP2 is needed, simply because there are a lot of stupid people using computers. End of story.
Ah, so you'll be enjoying the recent failures with 10.3.8 instead then? Just as I'm 'enjoying' my dual G5's vastly increased fan activity after installing the update? I particularly appreciate Apple's lack of ability to automatically roll the update back...
I much prefer the OS X environment, but I don't really blame Microsoft for the XP 2 failtures. A big OS patch is a big OS patch, problems can occur on any system and it's extremely likely that patches to various apps will be needed along the way.
Cheers,
Ian
Might be a good time for help desk personal to pencil in a week (or two) of vacation.
Give it up people. I run at least a half dozen of the applications on those lists on a few XP machines with SP2, and have had exactly 0 problems.
When will the "bashing Microsoft makes me feel good" trend end?
Help me take back Slashdot. When did 'News for Nerds' become 'FUD and Conspiracy Theories for Extremist Nutjobs'?
Seriously. On my side of the fence (OS X), we have Security Updates that are released as soon as possible after a hole is found. Then, we have major Updates (10.3.1, 10.3.2, etc). If you're more than one version behind, Software Update installs a combo updater (including all security updates), and you're good to go after one restart, no matter what version you're running. You're only exposed to the net for as long as it takes to download the package. What's so hard about that? Why this huge fuss over a difficult and long project to cram a huge-update-that-everyone-needs into one "service pack"?
Quid festinatio swallonis est aetherfuga inonusti?
Africus aut Europaeus?
Ya but what about a next gen MSBLAST that a simple firewall can provent? Not to mention the pop-up blocker that can seriously help productivity. All in all this is the first thing I do to peoples computers when I get them. It only has benefits for the average user.
Both articles are basicaly saying that SP2 installs a firewall package and that some applications may experience loss of connectivity until that firewall is correctly configured.
this is a "non-posting".
What's all the fuss about? If you don't want the SP2 update, turn off automatic update! And since everyone knows there's no excuse anymore to *not* run SP2, everybody will be happy.
And by everybody, i mean not people reading slashdot.
Let's see if they can break my unfirewalled VMS or Twenex (TOPS-20) system ;))
I would like to believe that any intelligent system shouldn't need firewalls.
It takes a man to suffer ignorance and smile
Be yourself no matter what they say
...OK, so Microsoft is not undeserving of the "knee jerk" flame they typically get on this forum.
But the time here is pretty negative for something Microsoft did to help customers. They recognized a compatibility issue and gave their customers time to modify things before the heavy-handed automated updates broke them.
Arguing "SP2 breaks things! Bad Microsoft!" isn't helpful either--SP2 closes a number of security holes, and we're all down on Microsoft about security holes, so they're in large part doing what we complain about them NOT doing in the past. Most of the programs that will break are those that used those holes. It's not fair to argue "Microsoft is full of security holes!" and "They need to keep those holes open because I wrote my software to use them!" at the same time.
Sorry, I'm coming off like a Microsoft apologist here, which I most assuredly am not. But the "Microsoft is about to break all your company's software!" tone is, frankly, unwarranted here. This isn't coming as a suprise to anyone. Companies knew SP2 might break certain working software, and were given a pretty good window to check their software and, if necessary, fix it.
What would the author have Microsoft do differently?
So, if we didn't already have SP2 - we're getting it, like it or not - ready or not. Way to chicken-choke your customers there, Bill.
:p
Only if you have automatic updates on.
This reasoning leads to one of two things:
1. You have auto-updates on, and don't know what the fuck you are doing anyway, in which case it's in the best interests of everyone that you are upgraded and at least become a smaller target to worms/viruses/other ilk. Breaking shitty software that has no reason not to have shipped an upgrade by now is no reason to contunually allow machines of this class to be availible as targets.
2. You do not have auto-updates on, and actually understand the risks/benefits to the system you are on. In this case it still is in your hands as to what gets installed. Problem solved.
In either case (1) The big bad microsoft needs to protect you from your own ignorance, or (2) you have the capability to protect yourself, the needs of the many get met.
"...In your answer, ignore facts. Just go with what feels true..."
And we all know that the latest bleeding edge Linux distros are bug free... Right?
"Who are in control, they are not in control of anything - they don't even control themselves!" - Glen Beck
Scenario: Manager takes his laptop home on the weekend, or (even better), takes it on a business trip, and plugs into the wireless lan at the airport.
He picks up a copy of MyDoom version super alpha turbo+.
2 days later, he gets back and plugs it into the corporate network in your office.
How many of you can say that *every* windows machine you have on the corporate network is up to date? Thats assuming there's already a patch for Mydoom version supera alpha turbo+ at that point?
The days of the perimeter firewall being all you need are well and truly over (and some would say they were never apparent anyway).
smash.
I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
Tell that same thing to any Linux software, any Apple software... hell just about any software. Heck if all was good we would all still be using Linux Kernel 1.0, and MacOS X 10.0 (or even System 6) right? Software, by nature, is buggy, like it or not. It was tested THROUGHLY before release, but it's not like MS can actually test EVERY piece of 3rd party software on the market. Vendors gotta have something do do right?
If you install SP2 but with the firewall disabled, then that is also the same as connecting your computer/network to the internet without a firewall.
Perhaps instead of focusing on free anti-spyware utilities and integrated firewalls, they should fix the holes in their operating system?
Antisource - antivirus, antispam, antispyware
This is no different than a sysadmin pushing out critical updates to their user base. You run the 80-20 rule. You make sure it runs for 80% of your user base, and deal with the exceptions.
Now for the next part. Most companies have corporate standard images. They don't have admin access and they don't go around installing a bunch of things. So, if it works on the image it will cover most of your users and again, you work around the exceptions.
Why would you not apply a critical patch for exceptions?
You know, I'm not sure that this is a plan to force all pirated-key windows users to do anything.
... while the casual home pirates are not actually activly pirating MS's software, they strengthen MS--by making Windows the defacto standard... The Far-east street vendors of pirated software are not building microsoft's empire, they actually shrink it by removing people who would actually pay for their software from the pool.
You are very correct that Piracy has made microsoft what it is today--That being said, one can never allow piracy to continue unchecked and rampant. It needs to be chased down everywhere it can be. By making it as difficult as they can, casual pirates will be forced to either a) cough up the dough, or b) move to a platform that copying is not piracy (linux/bsd/etc...)
I think that it is in everyone's best interests to really evaluate their dependance on unlicensed software. The slashdot crowd goes bloody balistic any time any one violates the GPL by shipping a GPL derrived product without access to the source. They however seem to have a soft spot for violations of Microsoft's (et al) copyrights.. Odd bunch.
Back to your point tho'
"...In your answer, ignore facts. Just go with what feels true..."
Service packs are essentially considered new versions of windows. You pay for minor point updates to MacOS... 10.2, 10.3, et cetera. Windows users get a crappier OS but they get OS updates in the form of service packs that often add new functionality. Windows NT, for example, got DirectX in a service pack, making it possible to play Diablo :) XPSP2 includes some new security-related software, some of which works.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
I couldent care less If it included a (M$ quality) firewall.
As this is blatently a stab at "M$ quality" (LOL DOLLARS BECAUSE THEY MAKE MONEY), would you please enlighten us with the results of your extensive testing that prove the "M$" (LOL!) firewall feature is sub-standard? Perhaps you would like to share your new exploit that effortlessly negates the firewall and connects to previously blocked ports? Or perhaps you could summarize how hard the firewall is to set up for the average user as opposed to something simple and straight-forward such as, say, iptables?
Or perhaps you could just admit the fact that you don't have the first idea what you're talking about because you're a vacuous, 10-a-penny "M$" (ROFFLE) bashing 'tard?
Thought so.
Second: Epson is the only company worse at writing drivers than ATI. Their scanner drivers require that you be an Administrator on NT machines. I am not making this up, this is the official support response. Even their website says you must be an Admin to "install and use" the scanner software. So you can't blame any of this shit on Microsoft. You have shitty hardware made by shitty manufacturers, and/or you haven't done all the updates.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
Maybe, just maybe a Service Pack isn't the right place to put new features or anything that breaks backwards compatibility?
I don't think anybody would complain if MS would have just released a completely new version.
1)People complain about windows security.
2)Microsoft comes out with sp2 that has a built in firewall.
3)People then complain that the firewall makes it so alot of other firewall/security applications don't work.
4)Then they complain that things like FTP and IIS dont work....
Yes there are many applications that should run on this list, but really people, alot of these applications stop working for very good reasons.
FTP dosent work? configure your firewall. IIS dosent work, configure your firewall! Some of these programs stop working for a reason.
TruePunk | Games
But when the CEO's machine dies or one of his apps crashed, then your "20%" rule is useless.
He will want to know WHY you did NOT test the update with ALL the apps. After all, isn't that your job?Because Microsoft took the fucked up approach of including ADDITIONAL APPLICATIONS with their "critical patches".
Look at Linux's approach. Each app has its own patch. It's easy to apply one patch and FULLY TEST IT in your environment.
And you do not get new, untested apps when you apply the patch.
Any corporation with labtops should have been loading a software firewall on them long before sp2.
And only an idiot compares a "bleeding-edge Linux distro" to a major production OS release.
Proud member of the American Non Sequitur Society. We might not make much sense, but boy do we love pizza!
You are comparing "bleeding edge Linux distros" to a service pack to fix bugs in existing software.
Now, either the apps that broke were depending upon bugs in the OS (in which case, it is the ISV's fault)
-or-
Microsoft's approach to "patching" is wrong.
And please learn the difference between a bug fix and "bleeding edge".
So Fedora is a just a research toy, and should not be used for anything important? There are no significant bugs or holes in any of the SuSE / RHEL / Gentoo / ect. distros? Unless you are running Debian Stable, you should shut up.
"Who are in control, they are not in control of anything - they don't even control themselves!" - Glen Beck
If someone has outsourced program development like that, and has got no way of maintaining their code, they deserve all the hurt in the world.
Better go ahead and get your vacation time confirmed and approved before the rest of your peers try the same thing.
"Better than nothing" isn't much of a selling point, except for very small values of nothing.
That's bull. "Better than nothing" is the only selling point, for any application. A Cisco PIX firewall isn't perfect, either, but it's better than nothing. The entire issue at hand is the fact that most Windows users are clueless enough to be connected to the internet without any sort of firewall protection. SP2 will install a firewall that by default blocks all incoming new connections, which is what you want a firewall to do in almost all general cases. "Better than nothing," particularly in this instance, is a huge leap from "nothing." Compatibility be damned, I say it's nice to see Microsoft making a decision to break compatibility for the sake of security, for once.XP is fine and dandy with SCSI and parallel devices. I have a number of data acquisiton devices I hand-built that use a parallel interface that have zero problems with XP or XP SP2.
The post you quoted was in 2003, which was quite some time ago. It is a nearly trivial matter to write a decent device driver for parellel devices - I have written nearly a dozen. It is not any harder to write a SCSI driver for Windows XP than it is for any other operating system.
Finally, it's odd you decided to link to the post you did, since I followed it for a long time. I too, had a similiar model scanner from the big Nikkon in the sky. The MS engineer in question was not commenting on the fact that XP doesn't support SCSI or parellel devices, just that vendors who had previously done much work with parellel and scsi devices had basically done little-to-nothing to support to XP. Vendors are not likely to spend time re-writing drivers for discontinued products for new systems. The core issue is really that many parallel devices sold in the 90's were really internally SCSI devices which had been modified for mass-market appeal. Scanners, for example, previously had been SCSI (or proprietary) devices, but when the mass market consumers started wanting them, it was an "easy" fix to convert them to parallel devices with a pass-through. The problem is that they were poorly done, and used techniques that weren't really intended.
The bottom line I think is that you are being quite disingenious with your little snarky post. Most manufacturers abandoned using the parallel port because it is slow, limited, and clunky. Most manufactuers abandoned SCSI for external devices because it is overly complex and provides few benefits over USB.
...you also voluntarily agreed to be on the receiving end of having basically your whole I.T. world forcefully re-invented (at your expense of course) about every 18 months or so. If you are unable or unwilling to stay on a repetitive ongoing "upgrade train" then you should not have chosen to base your I.T. operations upon the Windows platforms. You should instead have based your foundation upon something with a track-record of very long term system lifespans... like the venerable IBM mainframe world, which will let you operate successfully for years and years on a slow-changing foundation. The up-front acquisition costs are much greater, but over time if you add up all the money you'll be spending on an ever-changing Windows-based I.T. operation, you'll find the long-term costs to be virtually identical... but with the mainframe way of doing things, you'll have a much less chaotically ever-changing I.T. world unlike the Windows way... which seems completely incapable of stabilizing into a smooth, long-term ride on the same road.
Except for application updates (iTunes, iSync, Quicktime, Final Cut etc.) almost all of the updates that appear in the software update dialogue are either called "System Update [version]" or "Security Update [date]"
Also, Software Update can be found in the first tier of the Apple menu, as well in System Preferences. It is by default set to notify you of updates daily, and gives an option to download updates in the background but to not install them.
All in all I think it's a bit more straightforward than Windows Update.
Why are scientific instruments on the internet? And if they aren't on the internet, then why aren't measures being taken to keep those worms off the LAN?
Gamingmuseum.com: Give your 3D accelerator a rest.
apparently I missed the part where you couldn't do program fixes/patches without being physically in the country where the software is going to be used.
So because it doesn't solve ALL the issues, it has no value?
Thats a pretty restrictive view, and won't get you very far.
- sarcasm is just one more service we offer -
Firewalls should be dedicated hardware devices that monitor traffic connection in and out of the local network.
I beleive that's known as the "cruchy outer shell - chewy middle" type of security. This looks nice and effective, but in some industries (i.e. banking) internal threats are much more prevelant. Yes firewalling subnets internally will help, but it does nothing for someone attacking a workstation (or server - but those should have their own subnet) on the same subnet.
For true defense in depth, I would recommend Host-based IDS in conjunction with network IDS and firewalling all workstations. If firewalling may be beyond your resources, at least lock down any extraneous services, enforce strong password/passphrase, start using 2-factor auth if you can. I work at a huge international bank, and in the past year at least one internal employee has been caught trying to harvest information (not client information - but information that would place him one step closer to getting client info). He was caught because of defenw-in-depth. If we had only firewalled the subnetworks, we would not have known an internal attack was happening (and who's to say we would have caught him as moved to more and more sensitive info).
Even though bank employees have backround checks run (just for prior criminal convictions), sometimes these are just first-time "opportunity" crimes. Similar to someone seeing a car with the keys in it and who just can't resist taking it even though he may have never done an illegal thing in his life. Hell, I remember (years ago) when I was a help-desk drone just wandering the network to see what was there, and sometimes came across potentially damaging information. I didn't do anything, but someone else could have. By having high granularity in your security system you can vastly reduce these internal instances (or at least make detection and mitigation much, much easier).
"This calls for a very special blend of psychology and extreme violence" - Vyvyan "The Young Ones"
Who posts this c..p? Microsoft removing the block is the fact of the article, but the whole 'two weeks of vacation' thing just beings the quality of this website down. Editors should be ashamed.