Microsoft Releases Changelist for Upcoming XP SP2 524
kylef writes "As we know from independent sources, Microsoft is busy readying Service Pack 2 for Windows XP. They have published on their website a changelist document (link goes to TechNet download page) detailing the nature of the security-related fixes and updates. The document is targeted towards XP admins and covers some interesting things such as the new Internet Explorer Pop-up Manager and various security policy changes. Some other juicy tidbits from the document: Internet Connection Firewall will be enabled by default, and there will be new support for something called "Execution Protection" which allows developers to make use of the NX (no execute) page guard flag on Intel's Itanium and newer AMD processors. An interesting read."
All this work (Score:-1, Insightful)
Firewall (Score:0, Insightful)
Just another angry Linux zealot post... (Score:5, Insightful)
Why not put such documents in a more Portable Document Format? Even assuming I have Word Reader or Openoffice, why on earth would you dissemante information via a word processor document format?
Re:Program Error (Score:5, Insightful)
How Microsoft thinks about security, in a nutshell (Score:2, Insightful)
What bugs me about this is that it strikes me as a problem that was well known about when the developers were writing the original code for ICF. They knew about it, and they didn't do shit about it.
Re:Program Error (Score:2, Insightful)
Re:Program Error (Score:1, Insightful)
Um, no (Score:5, Insightful)
This feature is a great idea, it means that if, for example, Acrobat Reader is causing IE to crash then at least I know who is to blame and can uninstall or upgrade it.
Re:*POOOF* (Score:5, Insightful)
Not unless they up the feature set - when I looked into XP's firewall, it only blocked incoming connections, not outgoing. I use outgoing blocks as a matter of course to catch spyware, etc, and to prevent Outlook Express/MSNIM from fetching images/ads from web servers, etc. I was looking at the XP firewall for my laptop, because Kerio made my laptop's suspend/sleep functions stop working (grrr) so had to find an alternative. As it turned out, I tried Norton Personal Firewall, which was actually quite good, and not nearly as bad as I had feared. None of them are particularly great at config UI though. Norton especially requires a lot of clicks to set rules up.
It's just occurred to me that maybe MS don't want to implement an outgoing firewall, given that the number of Windows components that randomly connect to MS servers is quite high, and it would highlight this fact if they did outgoing connection blocking. Hmm.
Re:Internet Explorer Add-on Crash Detection (Score:5, Insightful)
What this new feature does (and it IS rather nifty) is detects which piece of spyware loaded up with IE is causing crashes, and lets the user disable said spyware.
Nice actually. ^_^
Re:*POOOF* (Score:5, Insightful)
To take an objective perspective, firewalls seem best if they are part of the operating system, not wedged in, but I'm surprised they aren't taking the licensing path that they chose with CD burning and disk defragmenting (both are not written by Microsoft and licensed). The XP firewall, however, does lack outgoing connection control, which shouldn't be enabled by default but should be an option (how hard is it to use the same engine for outgoing connections too?).
Re:All this work (Score:4, Insightful)
Possibly. Who cares? I don't agree with such limitations - you put a site on the web for people to read, free of restrictions. I've yet to agree to anything on my computer other than EULAs. Reading a website does not signify I consent to anything.
Re:*POOOF* (Score:5, Insightful)
Yep, just like the web browser market.
Bad-dum-bump.
Thank you! Thank you! I'll be here all night!
Meh (Score:2, Insightful)
Rant over.
Fortress of Insanity [homeunix.org]
Re:Internet Explorer Add-on Crash Detection (Score:2, Insightful)
Re:Wow. (Score:2, Insightful)
...where is tabbed browsing? (Score:4, Insightful)
Now, that's marketing.
As an aside, when is Windows going to include multiple desktops in their shell? I've used a number of third party pagers, but each has its drawbacks and flaws, probably because it's not written with the privilage of truly understanding the Windows code.
Re:Quick, call the cops! (Score:5, Insightful)
who cares about ie blocking popups, still insecure (Score:3, Insightful)
Ie is just too insecure. Look at all the spyware that utterly rapes it. With Mozilla as mature and stable as it is, there is just zero excuse to use ie for daily surfing. Sure there are the rare occasional times you need it for crappy sites that refuse to run on standard compliant browsers, but 99% of your surfing time should be in Moz (or opera or anything else).
Re:Wow. (Score:5, Insightful)
Biggest pain for me (as a non-IE user anyway) is that they *STILL* haven't added proper PNG transparancy support! Every other browser on the planet handles it fine, even IE on the Mac.
It's not like it's a big secret everyone's hiding from MS
Too many of us are affected by their software. (Score:3, Insightful)
Re:How Microsoft thinks about security, in a nutsh (Score:5, Insightful)
Alternately:
-- They knew about it, and management wouldn't let them do shit about it.
-- They knew about it, but addressing it would take significant time and effort, so they opted to defer that to a later release. After all, a million people running a mediocre firewall is better than a million people running no firewall at all.
-- They didn't actually realize it until later on. Are you psychic, or do you just happen to have a buddy who was on the ICF dev team?
But I suppose those angles would just mess up a good troll.
Re:*POOOF* (Score:5, Insightful)
They are definitly intruding the personal fw market: Look into "Appendix B: Netsh Command Syntax for the Netsh Firewall Ipv4 Context" for the "add allowedprogram" command - finally, they realized that there is something like trojans...
They're still far away from other packetfilters like netfilter/pf/..:
There's still a lot of work waiting for the ms devel team ...
I Hope... (Score:2, Insightful)
Re:*POOOF* (Score:5, Insightful)
Re:Internet Explorer Add-on Crash Detection (Score:3, Insightful)
> they have apparently given up on that,
You've completely misunderstood. The entire point of the Crash Detection system is so that Microsoft ARE aware of when crashes are happening and CAN fix them. If this system wasn't there - they wouldn't even know your browser had ever crashed. Users rarely report bugs (and especially don't bother to give you detailed information) so this system is an excellent idea.
Additionally, this new system "Add-on Crash Detection" allows them to give you useful advice if a 3rd party (IE non MS) component causes a crash.
I don't know about anyone else, but my IE has been crashing quite a lot since I installed Macromedia Flash 7. This isn't obviously Microsofts fault, but they might be able to tell Macromedia what crashes are occuring and how they were caused.
I *really* hate stupid ill-thought-out comments like yours.
Re:who cares about ie blocking popups, still insec (Score:4, Insightful)
A site that broken, run by someone with that little regard for his users, is a site I have zero interest in visiting anyway. So what's the problem?
Re:I just hope (Score:2, Insightful)
One could definitely make a case though that the default install should be more secure however that's another topic.
Re:*POOOF* (Score:3, Insightful)
Lastly, I don't believe this SP shuts off activeX by default, which is the biggest problem facing windows users as its a gateway to a semilegal spyware trojans.
There really should be a "shut off ActiveX day." 15th of the month anyone? I'm getting sick of doing it on every computer I come across after someone tells me "I have no idea how gator got on there!"
Re:Quick, call the cops! (Score:3, Insightful)
"to 'circumvent a technological measure' means to descramble a scrambled work, to decrypt an encrypted work, or otherwise to avoid, bypass, remove, deactivate, or impair a technological measure, without the authority of the copyright owner"
As the copyright holder of the DLL is Microsoft, anything they do to the DLL (however stupid) will be "with the authority of the copyright holder". Hence nothing they do will be caught by the circumvention restriction.
Re:Confused by this part? (Score:3, Insightful)
PAE is for 32bit processors that want to be able to access more than 4Gb of memory.
Usually you would not enable PAE unless you needed that much memory, such as on a database server.
Because the AMD64 must be running in PAE mode for the NX bit to function desktop user will need to use PAE even though they don't have over 4Gb.
Most drivers for consumer equipment are not written to operate in PAE mode, so the HAL is emulating standard 32bit mode in order to ensure compatibility.
http://developers.sun.com/solaris/developer/sup
If you are running the 64bit version of Windows you will not need to enable PAE as the NX flag is availible in 64bit mode.
Broken firewall? (Score:5, Insightful)
About damned time. I just hope that DHCP works through it by default, because right now it doesn't, and if it blocks DHCP, all of those broadband users who connect the PC right to the cable/dsl "modem" will deactivate the firewall to get online.
Of course, what we really need is for ISPs to include a user-manageable firewall in the damned devices in the first place.
Comment removed (Score:3, Insightful)
Re:Program Error (Score:4, Insightful)
A program should fail gracefully, especially one that is to be used to open text documents of arbitrary size. After all, what's one to use to open such documents when one doesn't *have* a full-fledged word processor installed? For me, I have two basic choices: Notepad or WordPad. We all know Notepad's not an option for a document of serious length, but at least it usually fails gracefully by throwing up an error stating that the document is too large.
Also, WordPad's not so old. It's been updated with Unicode support lately, and supports the latest Word documents for opening. Why doesn't it fail gracefully instead of letting Windows terminate it?
Not the same thing (Score:3, Insightful)
With the dreaded grouping, everything is hidden from you until you click below. While I enjoy having things wrapped for me at christmas, I would find it exceedingly annoying to have everything wrapped for me all year long, the actual contents hidden until I unwrapped them.
The grouping was the first thing I turned off in XP and the single most requested feature to help other people disable once they found it it was possible.
Re:All this work (Score:2, Insightful)
This reminds me of GeoCities where people with a GeoCities homepage (as they call it) were not allowed to put in HTML, JavaScript, or anything else that blocked or altered the adds. I have never heard of an EULA that had anything to do with agreeing to not block popup adds or add images.
Even if an EULA forbid people browsing the web from blocking the popup adds that would be very stupid because there is no way to inforce such an agreement and stop people from using Squid Guard and such software. Besides, HTML is an interpreted language. It's up to the web browser to figure out how it should look in the end.
Maybe someone could make an EULA that forbids blocking any images on the web page, altering the text size, defult font, colors, and forbids the use of text-only browsers such as lynx. If anyone does let me know so we can sterilize those people and their descendants so we can rid the gene pool of such people. :)