Slashdot Mirror
Ready or Not, Here comes Windows XP SP2
TheViffer writes "Beginning April 12, 2005 Microsoft will remove all temporary blocking of Windows XP SP2 by automatic update and Windows update which it has granted to those organizations that requested it. So unless you run Software Update Service (SUS), chances are you will get a mix of SP1 and SP2 running at the same time. Let's just hope you have these programs that are known to experience a loss of functionality when they run on a Windows XP Service Pack 2-based computer and these programs that seem to stop working after you install Windows XP Service Pack 2 patched, upgraded, or removed. Might be a good time for help desk personal to pencil in a week (or two) of vacation."
That nearly all the programs on that list are very old, or already have updates for SP2. Hey what the hell, it's Microsof so lets bash them anyways. Sp2 does a LOT of good things for the average Joe in protecting him from his own stupidity.
They've had plenty of time to complete any migration. The application issues have been known for enough time, that if this is still an issue, they've been slacking off for too long.
No need for a vacation inept geeks, you can turn off Automatic Updates with group policy and you can block the windowsupdate.com site at the firewall. That is, if you *really* don't want SP2.. which IMHO seems to be (relatively!) quite stable and secure.
-- i drop mine in braille so you blind cats can read me
How many of those programs in the list are either old versions, have been updated for awhile now, or can be fixed by just disabling windows firewall?
I bet the majority of them.
I'm still waiting for a slashdot post to strike fear into the hearts of everyone about the end of the world being near.
Yet you will willingly go out and get the latest Linux kernel, or the latest update of MacOS X without hesitation right? Heavy handed? MS has given MONTHS (try almost 6 months) for people to do what needs to be done. If other vendors are to slow or just too damn lazy, STOP USING those vendors. SP2 is needed, simply because there are a lot of stupid people using computers. End of story.
Ah, so you'll be enjoying the recent failures with 10.3.8 instead then? Just as I'm 'enjoying' my dual G5's vastly increased fan activity after installing the update? I particularly appreciate Apple's lack of ability to automatically roll the update back...
I much prefer the OS X environment, but I don't really blame Microsoft for the XP 2 failtures. A big OS patch is a big OS patch, problems can occur on any system and it's extremely likely that patches to various apps will be needed along the way.
Cheers,
Ian
Might be a good time for help desk personal to pencil in a week (or two) of vacation.
Give it up people. I run at least a half dozen of the applications on those lists on a few XP machines with SP2, and have had exactly 0 problems.
When will the "bashing Microsoft makes me feel good" trend end?
Help me take back Slashdot. When did 'News for Nerds' become 'FUD and Conspiracy Theories for Extremist Nutjobs'?
Seriously. On my side of the fence (OS X), we have Security Updates that are released as soon as possible after a hole is found. Then, we have major Updates (10.3.1, 10.3.2, etc). If you're more than one version behind, Software Update installs a combo updater (including all security updates), and you're good to go after one restart, no matter what version you're running. You're only exposed to the net for as long as it takes to download the package. What's so hard about that? Why this huge fuss over a difficult and long project to cram a huge-update-that-everyone-needs into one "service pack"?
Quid festinatio swallonis est aetherfuga inonusti?
Africus aut Europaeus?
Let's see if they can break my unfirewalled VMS or Twenex (TOPS-20) system ;))
I would like to believe that any intelligent system shouldn't need firewalls.
It takes a man to suffer ignorance and smile
Be yourself no matter what they say
So, if we didn't already have SP2 - we're getting it, like it or not - ready or not. Way to chicken-choke your customers there, Bill.
:p
Only if you have automatic updates on.
This reasoning leads to one of two things:
1. You have auto-updates on, and don't know what the fuck you are doing anyway, in which case it's in the best interests of everyone that you are upgraded and at least become a smaller target to worms/viruses/other ilk. Breaking shitty software that has no reason not to have shipped an upgrade by now is no reason to contunually allow machines of this class to be availible as targets.
2. You do not have auto-updates on, and actually understand the risks/benefits to the system you are on. In this case it still is in your hands as to what gets installed. Problem solved.
In either case (1) The big bad microsoft needs to protect you from your own ignorance, or (2) you have the capability to protect yourself, the needs of the many get met.
"...In your answer, ignore facts. Just go with what feels true..."
And we all know that the latest bleeding edge Linux distros are bug free... Right?
"Who are in control, they are not in control of anything - they don't even control themselves!" - Glen Beck
Scenario: Manager takes his laptop home on the weekend, or (even better), takes it on a business trip, and plugs into the wireless lan at the airport.
He picks up a copy of MyDoom version super alpha turbo+.
2 days later, he gets back and plugs it into the corporate network in your office.
How many of you can say that *every* windows machine you have on the corporate network is up to date? Thats assuming there's already a patch for Mydoom version supera alpha turbo+ at that point?
The days of the perimeter firewall being all you need are well and truly over (and some would say they were never apparent anyway).
smash.
I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
You know, I'm not sure that this is a plan to force all pirated-key windows users to do anything.
... while the casual home pirates are not actually activly pirating MS's software, they strengthen MS--by making Windows the defacto standard... The Far-east street vendors of pirated software are not building microsoft's empire, they actually shrink it by removing people who would actually pay for their software from the pool.
You are very correct that Piracy has made microsoft what it is today--That being said, one can never allow piracy to continue unchecked and rampant. It needs to be chased down everywhere it can be. By making it as difficult as they can, casual pirates will be forced to either a) cough up the dough, or b) move to a platform that copying is not piracy (linux/bsd/etc...)
I think that it is in everyone's best interests to really evaluate their dependance on unlicensed software. The slashdot crowd goes bloody balistic any time any one violates the GPL by shipping a GPL derrived product without access to the source. They however seem to have a soft spot for violations of Microsoft's (et al) copyrights.. Odd bunch.
Back to your point tho'
"...In your answer, ignore facts. Just go with what feels true..."
Second: Epson is the only company worse at writing drivers than ATI. Their scanner drivers require that you be an Administrator on NT machines. I am not making this up, this is the official support response. Even their website says you must be an Admin to "install and use" the scanner software. So you can't blame any of this shit on Microsoft. You have shitty hardware made by shitty manufacturers, and/or you haven't done all the updates.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
1)People complain about windows security.
2)Microsoft comes out with sp2 that has a built in firewall.
3)People then complain that the firewall makes it so alot of other firewall/security applications don't work.
4)Then they complain that things like FTP and IIS dont work....
Yes there are many applications that should run on this list, but really people, alot of these applications stop working for very good reasons.
FTP dosent work? configure your firewall. IIS dosent work, configure your firewall! Some of these programs stop working for a reason.
TruePunk | Games
You are comparing "bleeding edge Linux distros" to a service pack to fix bugs in existing software.
Now, either the apps that broke were depending upon bugs in the OS (in which case, it is the ISV's fault)
-or-
Microsoft's approach to "patching" is wrong.
And please learn the difference between a bug fix and "bleeding edge".
"Better than nothing" isn't much of a selling point, except for very small values of nothing.
That's bull. "Better than nothing" is the only selling point, for any application. A Cisco PIX firewall isn't perfect, either, but it's better than nothing. The entire issue at hand is the fact that most Windows users are clueless enough to be connected to the internet without any sort of firewall protection. SP2 will install a firewall that by default blocks all incoming new connections, which is what you want a firewall to do in almost all general cases. "Better than nothing," particularly in this instance, is a huge leap from "nothing." Compatibility be damned, I say it's nice to see Microsoft making a decision to break compatibility for the sake of security, for once.So because it doesn't solve ALL the issues, it has no value?
Thats a pretty restrictive view, and won't get you very far.
- sarcasm is just one more service we offer -
Firewalls should be dedicated hardware devices that monitor traffic connection in and out of the local network.
I beleive that's known as the "cruchy outer shell - chewy middle" type of security. This looks nice and effective, but in some industries (i.e. banking) internal threats are much more prevelant. Yes firewalling subnets internally will help, but it does nothing for someone attacking a workstation (or server - but those should have their own subnet) on the same subnet.
For true defense in depth, I would recommend Host-based IDS in conjunction with network IDS and firewalling all workstations. If firewalling may be beyond your resources, at least lock down any extraneous services, enforce strong password/passphrase, start using 2-factor auth if you can. I work at a huge international bank, and in the past year at least one internal employee has been caught trying to harvest information (not client information - but information that would place him one step closer to getting client info). He was caught because of defenw-in-depth. If we had only firewalled the subnetworks, we would not have known an internal attack was happening (and who's to say we would have caught him as moved to more and more sensitive info).
Even though bank employees have backround checks run (just for prior criminal convictions), sometimes these are just first-time "opportunity" crimes. Similar to someone seeing a car with the keys in it and who just can't resist taking it even though he may have never done an illegal thing in his life. Hell, I remember (years ago) when I was a help-desk drone just wandering the network to see what was there, and sometimes came across potentially damaging information. I didn't do anything, but someone else could have. By having high granularity in your security system you can vastly reduce these internal instances (or at least make detection and mitigation much, much easier).
"This calls for a very special blend of psychology and extreme violence" - Vyvyan "The Young Ones"