Last Words On Service Pack 2

thejoelpatrol writes "So did Slashdotters call this one? Windows XP SP2 seems not to be so secure after all. A Register reporter goes in depth to find out just how safe a fresh install is. He provides a list of which dangerous ports are left open and which services are left on by default. I guess now we know why Microsoft's security timetable is 10 years." Reader ack154 writes "ZDNet is reporting that many Dell Inspiron users are reporting an extreme performance decrease since installing Windows XP SP2 - decreases as much as from 2.6ghz down to 300mhz. Dell claims no responsibility, claiming it is 'externally loaded software' and they don't support it. In the mean time there has been a fix posted on Dell's forums, which rolls back the processor driver." Finally, Marxist Hacker 42 writes "Amid complaints of too much XP Service Pack 2 coverage on ZD Net, David Berlind writes that Service Pack 2 deserved the scrutiny it got- and charges that it failed to live up to Gates' Trusted Computing Initiative." Finally, Microsoft warns that installing SP2 on a spyware-infested PC is a bad idea.

CPU Driver Problem?

[kevlar]

ZDNet is reporting that many Dell Inspiron users are reporting an extreme performance decrease since installing Windows XP SP2 - decreases as much as from 2.6ghz down to 300mhz. Dell claims no responsibility, claiming it is 'externally loaded software' and they don't support it. In the mean time there has been a fix posted on Dell's forums, which rolls back the processor driver."

Aren't 99% of drivers 3rd party software? The only thing MS does is bundle them together, but I believe that AMD or Intel et al are the ones who actually WRITE the device drivers. And if the performance of a new driver sucks, I'd chock that up to being a shitty driver, versus a shitty Service Pack...

This just sucks

[ATAMAH]

Things that i have been disabling as a rule, just like a "normal" procedure after a windows install - are still out there active on default and still need to be disabled. As the article says they are simply not required for home machine (in a vast majority of cases anyway). So what is this major security improvement they speak of if basic things that have been attacked for so long are left open?

Spyware infestation

[ogewo]

If for some reason you DID load SP2 on a spyware infested computer and it is no longer booting just boot with the "Last known good configuration" option in the F8 boot menu. Uninstall SP2 (you may have to use XP system restore before doing this), remove spyware, reinstall SP2.

Spy ware and SP1

[Solidblu]

"Microsoft warns that installing SP2 on a spyware-infested PC is a bad idea."

One word. DUH. If you even install sP1 on a spyware infested computer it can render it unbootable. I've run into atleast 10 machines this week that have had this same problem. I work at a university which is forcing students to install service pack 1. there are a lot of machines that can't even take the service pack because of the spyware the installs just hang or destroy the install on the computer. I feel bad for the students because they have to either format or pay to get thier comptuer fixed. It not thier fault or the universities fault. who would have thought forcing college students to update thier microsoft patches would be a bad idea.

Re:CPU Driver Problem?

[Kenja]

A CPU driver in this case referes to a system driver that enables the OS to set the clock speed of the CPU for power saving modes.

Seems like an odd coincidence

[LiquidMind]

"reporting an extreme performance decrease since installing Windows XP SP2 - decreases as much as from 2.6ghz down to 300mhz"

From the MS website regarding minimum requirements for running Windows XP:

PC with 300 megahertz or higher processor clock speed recommended (source) [microsoft.com]

which seems to be just enough to keep the system running. Coincidence? I think not....

Re:I don't get it

[Marxist Hacker 42]

That was the other bit- RPC and DCOM are ON after an SP2 install, because if you actually read the documents from Microsoft, under SP2 there's a whole new accessibility layer built into the DCOM Server that checks the registry to see if this COM component can really be activated by a remote procedure call- and the default setting is "Yes, but authentication required, no anonymous connections." I know this because we've got a lot of DCOM here, and for EACH component we're going to need a separate group policy setting in Active Directory to get it all to run right.

Interesting...

[pc486]

"DHCP Client, automatic. Unnecessary on most home machines. Should be disabled by default."

Now, I'm no fan of Microsoft (Windows free for over 5 years now), but this is insane. Evey home user I have ever helped needs a DHCP client so that their computer can get an IP off the university LAN or off their brand-spankin'-new broadband router. To disable the DHCP client means to turn off the interweb for the majority of users. Greene went a little over the top it seems.

Re:All I see is Security Center

[Anonymous Coward]

There are a bunch of other things which are actually useful:
- Popup blocking in IE
- Warnings when you try to download a file, run a downloaded file, or access a page with an ActiveX control
- Enhanced wireless networking; now I no longer have to use the program from my wireless card manufacturer if I want WPA-PSK
- Firewall on as soon as the system starts up

Re:CPU Driver Problem?

[Kenja]

Granted this is from AMD but its the same stuff.

"AMD Athlon(tm) 64 Processor Driver for Windows XP, Version (exe) 1.1.0.14 - AMD Athlon(tm) 64 Processor Driver for Windows XP allows the system to automatically adjust the CPU speed, voltage and power combination that match the instantaneous user performance need. Download this Setup Installation program (EXE) to automatically update all the files necessary for installation. This package is recommended for users whom desire a graphical user interface for installation. This .EXE driver is a user friendly localized software installation of the driver designed for end-users."

This is followed by a link to a file called CPUDRIVER.EXE, so as strange as it sounds ,there are actual drivers for Windows XP to make use of advanced power features on CPUs.

SP2 is actually more funny than secure...

[kosmosik]

I'll repost something I've written today:
#v+
well SP2 is IMHO funny they really haven't added anything useful to it

1] popup blocker - but hey I've got popup blocker in MSIE for like one yer thanks to - http://toolbar.google.com/ - and it comes with google search feture which is uber-cool. I install it on every XP client I touch so OK - popup blocker. how innovative...

2] hardened MSIE - well it is a myth. it is still the same MSIE, nothng changed beneath. still to deeply integrated in system, still with unsecure features like ActiveX - it is just they are turned off by defaut so first thing you will do is reebable thise features since without them nothing works. nice patch... really.

3] NX technology - well it is something but right now it makes no difference as it requires modern hardware and only few chips support that. and I'am (and I'am not alone here) probably not going to change (meaning networks I administer) hardware till it dies... so few more years to go without NX... and also to mention Linux has similar options (executable stack protection) for ages - aviable as patches f.e. PaX. (for kernel) and also few options (like pro-police-gcc) to glibc... and if you need you can recompile everything against those features as it is Open Source... again MS - innovative... really

4] new firewall - well good to see it but it has it's flaws. like it runs in user space, it is worse than other offerings. but still - this is feature I find nice.

what other things left? lets see...

5] new Windows Update - new but it sucks ass like ever. why can't make a decent patching service. it only requires a server and decent GUI for client. I mean jesus I can make such thing myself, just give me specs and some time and I could make it. options I would include:
* decent GUI for configuration with Active Direvtory support tu push configuration to domain
* setup proxy server for updates (f.e. local proxy server to limit bandwith use)
* free local proxy server software for updates. it even could be only on Windows. to have one machine cacheing updates in LAN - jesus it's being done in Linux so easly, I can set up my own updates proxy with Linux in like 3 minutes...
* option to choose which connection can be used for automatic downloads (f.e. I wouldn't like my system to pull updates when I am connected via GPRS mobile modem, but I wouldn't mind when it does when I am on corporate LAN)
* some better handling of applying those patches. maybe just downloading them and waiting (I mean waiting not bothering me to reboot manually) for next boot to apply patches while booting (no files locked)...

what else left "new"... oh the funniest thing! new Security Center applet in Control Panel - a place where you can se that you are "secured" (not to mention that you still can be 0wned) - weeeeeeelll in one thing Micro$oft is brilliant - marketing: people wan't secure Windows, tell them they are secure, show them nice icons telling them that they are secure - people can actually belive it that is in some way brilliant isn't it? too bad it does not work better security for me (and you)...

and also this hype with Longhorn delays due to shifting literally everybody to develop SP2 - what they actually developed? few icons? changed default settings? this requires whole resources of multibilion software gigant? that is pathetic for me... Fedora community alone (backed by Red Hat but still it is different scale than M$) can do amazing things like incorporating advanced MAC security with SELinux in months, and software giant can't make a basic security level with all theirs resources (oh and they do leave things unpatched, or issue things like disable login from URL as a patch, oh and update breaks like every 1 of 10 setups)? and still they say open source model is not superior? mehehehahhwhw... :P~ - this means only good things for Linux, bad things for Micro$oft and sadly bad things for me (us) as we live in a M$ world - consider getting even more probes

Opinion Represented as Fact with a \. Slant...

[mythosaz]

This is normal. This is another in a long line of articles that does little more than say:

L0LZ@Micro$0ft!111!!11oneeleven1!! because your firewall choices and services defaults aren't what I would have picked.

There's still service bloat in XP. There's little doubt about that, but suggesting that you turn off DHCP when 51% of us use broadband? I mean, DHCP only has an effect for people that actually, you know - HAVE A FRICKIN NETWORK CABLE PLUGGED INTO THEM! Can we make an assumption that a pretty fair percentage of people who have network cables plugged into their computer use DHCP? Good lord almighty.

Also, he complains because the service type on most services is set to... ...get this... ...MANUAL. Manual is another word for "not on unless I need it," which is a nice long way of saying "OFF" -- you damned chowderheads.

Sure, XPSP2 isn't perfect, but articles like this, these "If I had made it, I'd have made it stupid!" articles - they're just drivel.

Re:Last words on SP2?

[xmas2003]

At the risk of sounding like a Windoze shill, I did see one inaccuracy in the Register article in that there is some egress filtering - this popped up on my first FTP connection (from DOS), my first VPN session, and for Google Compute [powder2glass.com], it asked about "phoning home" to the Folding@HOME project.

I otherwise agree with most that was written - I totally agree that "less is more" when it comes to security (although there often ends up being hooks for stuff like RPC all over the place) and I couldn't believe it when I saw "Remote Assistance" enabled on my computer by default when I loaded it - WTF!

Reverse FUD

[Nintendork]

Not to mention that the author completely overlooked the default configuration of the open ports. A lot of them are only open to the local subnet, which for 99.9% of the people is a home or small business LAN. Anything coming in from beyond the router is dropped. Smart move. A LOT of people would have been pissed off if their home file sharing stopped working after installing SP2 and they would have just disabled the firewall. In a corporate environment, administrators can lock down all the clients froma central point using group policy. The default configuration combined with powerful administration tools is probably the most secure way they could have done it.

-Lucas

Re:CPU Driver Problem?

[Compass Man]

Actually, a "CPU Driver" would probably contain code to handle specialize features of certain CPU's. For example, in order to take full advantage of Hyperthreading, you would need different code to distribute threads between the two virtual processors. Likewise, there could be additional code to take advantage of extended instructions sets like MMX, SSE, 3DNow, etc. At the very least, it could contain information about which features are available in the CPU.

Recommendations on speeding up XP

[jumex]

I have been having this problem on my Inspiron ever since I installed SP2. I have tried a lot of things, and I highly suggest http://www.blackviper.com/WinXP/servicecfg.htm [blackviper.com] for tweaking your services settings.
Another way to boost your speed is hanging your Prefetch setting, http://techrepublic.com.com/5100-6270_11-5165773.h tml [com.com] has a great article on how to do it.
TCPOptimizer http://darkedge.levels4you.com/review.l4y?file=20 [levels4you.com] also helped speed up my collection a lot.
Another cool tip is fixing Event ID 4226 which limits your connections in SP2, check it out at http://www.lvllord.de/?url=tools#4226patch [lvllord.de].
And, of course get the MS TweakUI for XP at http://www.microsoft.com/windowsxp/downloads/power toys/xppowertoys.mspx [microsoft.com].
And although they are not freeware I actually bought and really like Registry First Aid http://www.rosecitysoftware.com/reg1aid/ [rosecitysoftware.com] and Registry Compactor http://www.rosecitysoftware.com/RegistryCompactor/ [rosecitysoftware.com].

I hope you all have as much success as I have with spedding up XP. It is a pain in the butt to do it, but it is worth it in the end.

New PC + SP2 =Broken Pgm (ECDC5) - Dell shines it.

[jwold]

If you still use Roxio Easy CD Creator 5.x, you will not get to use DirectCD for UDF Packet writing to save directly to CD after SP2 is installed. This program comes with every new Dell Optiplex we bought this year. These Computers are supposed to be Supported [dell.com] with SP2. But 2 calls into Dell T.S. resulted in a "Sorry, too bad" response. They recommend Windows native CD burning, but that ain't UDF.
(We have a need to make saving to CD as simple as a floppy for some elderly folks.)
This one isn't listed on Microsoft's list of SP2 incompatible [microsoft.com] programs [microsoft.com].
Nor is anything mentioned on Roxio's site except people complaining. Roxio is up to version 7 now so you know they say to upgrade, but Dell still ships old v.5 out with new PCs. Go figure

Re:any time now...

[Tony-A]

Well, just wait 'til Longhorn.

Meanwhile, back in the Short term.

Microsoft disclaims responsibility for OEM software and:
"Dell does not validate any externally loaded software and can therefore make no representations as to their effectiveness, stability, appropriateness, or safety. Any problems encountered with this kind of software should be addressed to the respective manufacturer."

It appears that the actual support that can be relied on is maybe a hair less than what you get from Fedora Core release candidates.

From a Compaq Presario owner...

[oogoliegoogolie]

Although I don't have a dell, I noticed the same thing. My wireless connections now work the first time all the time. SP2 improves power management as well. My laptop now comes out of sleep mode every single time in a couple seconds. Pre-SP2 half the time it would reboot or just sit there with a blank screen until I hit the power button.

Re:Last words on SP2?

[Anonymous Coward]

The filtering you describe is the firewall stopping a program from opening a listening port. It's still not true egress filtering. Programs can phone home without your permission. Verify this by running

findstr "OPEN" %windir%\pfirewall.log

while using the program. (assuming you've enabled full logging).

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:Slowed Down?

[Anonymous Coward]

I don't see how SP2 could be faster. Microsoft added new bloat compared to SP1. Two new kernel drivers that I can tell, fltmgr.sys and http.sys. Both of those stay in memory. There were also new/existing services enabled, like Windows Security Center, Network Provisioning Service, Application Layer Gateway, Dcom server, Network Provisioning Service, among others. I'm still investigating hidden features that were stolen by Gates and his gang. Here's two: command line ftp no longer has a pipe feature. Before you could type

dir . |more

for long directory output. Or you could type

get filename |more

to read text files. Now its gone. Also about:mozilla no longer works in IE.

Re:I don't get it

[Cthefuture]

I agree. I don't think he knows what he is talking about. He said services are "listening" and that may be true but the firewall is blocking everything by default.

Today I built a fresh XP machine with SP2. I just scanned that machine with nmap and it showed absolutely nothing open except the VNC port that I specifically configured. The machine doesn't even return pings. I'd say that's a pretty tight default setup.

Re:Why I didn't bother...

[drinkypoo]

Actually, that's not an accurate representation of the situation. The real problem with Win98 is that it has no system-level security. It only has network-level security (including, mind you, PPTP VPNs.) Thus no matter who you log in as, you are root. There are two purposes for the two windows logons. The basic "Windows Logon" has the purpose of setting your name for basic programs which care. The Windows Networking Logon also sets your user context and after validating your password, will use it for network services.

Block Windows XP Service Pack 2

[whovian]

This script can be used to remotely block or unblock the delivery of Windows XP Service Pack 2 (SP2) from the Windows Update Web site or via Automatic Updates. [microsoft.com]

Re:Slowed Down?

[Long-EZ]

I don't see how SP2 could be faster. Microsoft added new bloat compared to SP1.

I think the reason it was faster after SP2 might be...

...and doing a clean install

Windoze gets a bad case of registry rot from installing and uninstalling software, and all that spyware in there slows things down a lot, too.

Obvious solution... I gotta see a man about a penguin.

Re:It deserves scrutiny overrated

[Dfiant]

I've got to agree with you, auzy. He seems to lack even rudimentary knowledge of computer security, despite the brief credentials at the bottom.

the author hasn't gone any further than a normal port scan

It's worse than that, actually. He uses netstat as his source of open ports--of course, even if a program is listening and visible through netstat, the firewall still blocks it! He doesn't appear to have used any sort of external source to check for open ports.

I've just recently performed a fresh ("slipstream") install of XP SP2 on my laptop, and my nmap scans and observations of active services are quite different from this article's report. Maybe he upgraded a fresh XP or XP SP1 install?

Honestly, the guy says that services like DHCP and DNS should be disabled by default and that "most home machines" don't need it. I guess he doesn't expect people to read his article from home, then, because without being able to get an IP address lease from an ISP or resolving theregister.co.uk, they aren't going to be able to read it!

Re:SP2 is actually more funny than secure...

[Martix]

And they forgot it loads Window Media player 9
as well wonder if it has this line in the EULA as they did for the latest update.

"Digital Rights Management (Security). You agree that in order to protect the integrity of content and software protected by digital rights management ("Secure Content"), Microsoft may provide security related updates to the OS Components that will be automatically downloaded onto your computer. These security related updates may disable your ability to copy and/or play Secure Content and use other software on your computer. If we provide such a security update, we will use reasonable efforts to post notices on a web site explaining the update. "

Thats one of the resons i never udated from Media 7

What place does Window Media 9 play in the operating system to me its just not part of a OS so it should not be there. plus the DRM sucks as well.
what you can do today, you may not tommrow.

They have no rights to do this and you hand over root access to your system for agreeing with the EULA agreement.

My 2 cents worth