Last Words On Service Pack 2 542
thejoelpatrol writes "So did Slashdotters call this one? Windows XP SP2 seems not to be so secure after all. A Register reporter goes in depth to find out just how safe a fresh install is. He provides a list of which dangerous ports are left open and which services are left on by default. I guess now we know why Microsoft's security timetable is 10 years." Reader ack154 writes "ZDNet is reporting that many Dell Inspiron users are reporting an extreme performance decrease since installing Windows XP SP2 - decreases as much as from 2.6ghz down to 300mhz. Dell claims no responsibility, claiming it is 'externally loaded software' and they don't support it. In the mean time there has been a fix posted on Dell's forums, which rolls back the processor driver." Finally, Marxist Hacker 42 writes "Amid complaints of too much XP Service Pack 2 coverage on ZD Net, David Berlind writes that Service Pack 2 deserved the scrutiny it got- and charges that it failed to live up to Gates' Trusted Computing Initiative." Finally, Microsoft warns that installing SP2 on a spyware-infested PC is a bad idea.
CPU Driver Problem? (Score:5, Informative)
Aren't 99% of drivers 3rd party software? The only thing MS does is bundle them together, but I believe that AMD or Intel et al are the ones who actually WRITE the device drivers. And if the performance of a new driver sucks, I'd chock that up to being a shitty driver, versus a shitty Service Pack...
This just sucks (Score:2, Informative)
Spyware infestation (Score:5, Informative)
Spy ware and SP1 (Score:5, Informative)
One word. DUH. If you even install sP1 on a spyware infested computer it can render it unbootable. I've run into atleast 10 machines this week that have had this same problem. I work at a university which is forcing students to install service pack 1. there are a lot of machines that can't even take the service pack because of the spyware the installs just hang or destroy the install on the computer. I feel bad for the students because they have to either format or pay to get thier comptuer fixed. It not thier fault or the universities fault. who would have thought forcing college students to update thier microsoft patches would be a bad idea.
Re:CPU Driver Problem? (Score:5, Informative)
Seems like an odd coincidence (Score:2, Informative)
From the MS website regarding minimum requirements for running Windows XP:
PC with 300 megahertz or higher processor clock speed recommended (source) [microsoft.com]
which seems to be just enough to keep the system running. Coincidence? I think not....
Re:I don't get it (Score:3, Informative)
Interesting... (Score:5, Informative)
Now, I'm no fan of Microsoft (Windows free for over 5 years now), but this is insane. Evey home user I have ever helped needs a DHCP client so that their computer can get an IP off the university LAN or off their brand-spankin'-new broadband router. To disable the DHCP client means to turn off the interweb for the majority of users. Greene went a little over the top it seems.
Re:All I see is Security Center (Score:1, Informative)
- Popup blocking in IE
- Warnings when you try to download a file, run a downloaded file, or access a page with an ActiveX control
- Enhanced wireless networking; now I no longer have to use the program from my wireless card manufacturer if I want WPA-PSK
- Firewall on as soon as the system starts up
Re:CPU Driver Problem? (Score:5, Informative)
"AMD Athlon(tm) 64 Processor Driver for Windows XP, Version (exe) 1.1.0.14 - AMD Athlon(tm) 64 Processor Driver for Windows XP allows the system to automatically adjust the CPU speed, voltage and power combination that match the instantaneous user performance need. Download this Setup Installation program (EXE) to automatically update all the files necessary for installation. This package is recommended for users whom desire a graphical user interface for installation. This .EXE driver is a user friendly localized software installation of the driver designed for end-users."
This is followed by a link to a file called CPUDRIVER.EXE, so as strange as it sounds ,there are actual drivers for Windows XP to make use of advanced power features on CPUs.
SP2 is actually more funny than secure... (Score:2, Informative)
#v+
well SP2 is IMHO funny they really haven't added anything useful to it
1] popup blocker - but hey I've got popup blocker in MSIE for like one yer thanks to - http://toolbar.google.com/ - and it comes with google search feture which is uber-cool. I install it on every XP client I touch so OK - popup blocker. how innovative...
2] hardened MSIE - well it is a myth. it is still the same MSIE, nothng changed beneath. still to deeply integrated in system, still with unsecure features like ActiveX - it is just they are turned off by defaut so first thing you will do is reebable thise features since without them nothing works. nice patch... really.
3] NX technology - well it is something but right now it makes no difference as it requires modern hardware and only few chips support that. and I'am (and I'am not alone here) probably not going to change (meaning networks I administer) hardware till it dies... so few more years to go without NX... and also to mention Linux has similar options (executable stack protection) for ages - aviable as patches f.e. PaX. (for kernel) and also few options (like pro-police-gcc) to glibc... and if you need you can recompile everything against those features as it is Open Source... again MS - innovative... really
4] new firewall - well good to see it but it has it's flaws. like it runs in user space, it is worse than other offerings. but still - this is feature I find nice.
what other things left? lets see...
5] new Windows Update - new but it sucks ass like ever. why can't make a decent patching service. it only requires a server and decent GUI for client. I mean jesus I can make such thing myself, just give me specs and some time and I could make it. options I would include:
* decent GUI for configuration with Active Direvtory support tu push configuration to domain
* setup proxy server for updates (f.e. local proxy server to limit bandwith use)
* free local proxy server software for updates. it even could be only on Windows. to have one machine cacheing updates in LAN - jesus it's being done in Linux so easly, I can set up my own updates proxy with Linux in like 3 minutes...
* option to choose which connection can be used for automatic downloads (f.e. I wouldn't like my system to pull updates when I am connected via GPRS mobile modem, but I wouldn't mind when it does when I am on corporate LAN)
* some better handling of applying those patches. maybe just downloading them and waiting (I mean waiting not bothering me to reboot manually) for next boot to apply patches while booting (no files locked)...
what else left "new"... oh the funniest thing! new Security Center applet in Control Panel - a place where you can se that you are "secured" (not to mention that you still can be 0wned) - weeeeeeelll in one thing Micro$oft is brilliant - marketing: people wan't secure Windows, tell them they are secure, show them nice icons telling them that they are secure - people can actually belive it that is in some way brilliant isn't it? too bad it does not work better security for me (and you)...
and also this hype with Longhorn delays due to shifting literally everybody to develop SP2 - what they actually developed? few icons? changed default settings? this requires whole resources of multibilion software gigant? that is pathetic for me... Fedora community alone (backed by Red Hat but still it is different scale than M$) can do amazing things like incorporating advanced MAC security with SELinux in months, and software giant can't make a basic security level with all theirs resources (oh and they do leave things unpatched, or issue things like disable login from URL as a patch, oh and update breaks like every 1 of 10 setups)? and still they say open source model is not superior? mehehehahhwhw...
Opinion Represented as Fact with a \. Slant... (Score:5, Informative)
L0LZ@Micro$0ft!111!!11oneeleven1!! because your firewall choices and services defaults aren't what I would have picked.
There's still service bloat in XP. There's little doubt about that, but suggesting that you turn off DHCP when 51% of us use broadband? I mean, DHCP only has an effect for people that actually, you know - HAVE A FRICKIN NETWORK CABLE PLUGGED INTO THEM! Can we make an assumption that a pretty fair percentage of people who have network cables plugged into their computer use DHCP? Good lord almighty.
Also, he complains because the service type on most services is set to...
Sure, XPSP2 isn't perfect, but articles like this, these "If I had made it, I'd have made it stupid!" articles - they're just drivel.
Re:Last words on SP2? (Score:3, Informative)
I otherwise agree with most that was written - I totally agree that "less is more" when it comes to security (although there often ends up being hooks for stuff like RPC all over the place) and I couldn't believe it when I saw "Remote Assistance" enabled on my computer by default when I loaded it - WTF!
Reverse FUD (Score:5, Informative)
-Lucas
Re:CPU Driver Problem? (Score:2, Informative)
Recommendations on speeding up XP (Score:2, Informative)
Another way to boost your speed is hanging your Prefetch setting, http://techrepublic.com.com/5100-6270_11-5165773.
TCPOptimizer http://darkedge.levels4you.com/review.l4y?file=20 [levels4you.com] also helped speed up my collection a lot.
Another cool tip is fixing Event ID 4226 which limits your connections in SP2, check it out at http://www.lvllord.de/?url=tools#4226patch [lvllord.de].
And, of course get the MS TweakUI for XP at http://www.microsoft.com/windowsxp/downloads/powe
And although they are not freeware I actually bought and really like Registry First Aid http://www.rosecitysoftware.com/reg1aid/ [rosecitysoftware.com] and Registry Compactor http://www.rosecitysoftware.com/RegistryCompactor
I hope you all have as much success as I have with spedding up XP. It is a pain in the butt to do it, but it is worth it in the end.
New PC + SP2 =Broken Pgm (ECDC5) - Dell shines it. (Score:3, Informative)
(We have a need to make saving to CD as simple as a floppy for some elderly folks.)
This one isn't listed on Microsoft's list of SP2 incompatible [microsoft.com] programs [microsoft.com].
Nor is anything mentioned on Roxio's site except people complaining. Roxio is up to version 7 now so you know they say to upgrade, but Dell still ships old v.5 out with new PCs. Go figure
Re:any time now... (Score:5, Informative)
Meanwhile, back in the Short term.
Microsoft disclaims responsibility for OEM software and:
"Dell does not validate any externally loaded software and can therefore make no representations as to their effectiveness, stability, appropriateness, or safety. Any problems encountered with this kind of software should be addressed to the respective manufacturer."
It appears that the actual support that can be relied on is maybe a hair less than what you get from Fedora Core release candidates.
From a Compaq Presario owner... (Score:3, Informative)
Re:Last words on SP2? (Score:1, Informative)
Comment removed (Score:3, Informative)
Re:Slowed Down? (Score:4, Informative)
Re:I don't get it (Score:4, Informative)
Today I built a fresh XP machine with SP2. I just scanned that machine with nmap and it showed absolutely nothing open except the VNC port that I specifically configured. The machine doesn't even return pings. I'd say that's a pretty tight default setup.
Re:Why I didn't bother... (Score:4, Informative)
Block Windows XP Service Pack 2 (Score:3, Informative)
Re:Slowed Down? (Score:3, Informative)
I don't see how SP2 could be faster. Microsoft added new bloat compared to SP1.
I think the reason it was faster after SP2 might be...
Windoze gets a bad case of registry rot from installing and uninstalling software, and all that spyware in there slows things down a lot, too.
Obvious solution... I gotta see a man about a penguin.
Re:It deserves scrutiny overrated (Score:2, Informative)
I've just recently performed a fresh ("slipstream") install of XP SP2 on my laptop, and my nmap scans and observations of active services are quite different from this article's report. Maybe he upgraded a fresh XP or XP SP1 install?
Honestly, the guy says that services like DHCP and DNS should be disabled by default and that "most home machines" don't need it. I guess he doesn't expect people to read his article from home, then, because without being able to get an IP address lease from an ISP or resolving theregister.co.uk, they aren't going to be able to read it!
Re:SP2 is actually more funny than secure... (Score:2, Informative)
as well wonder if it has this line in the EULA as they did for the latest update.
"Digital Rights Management (Security). You agree that in order to protect the integrity of content and software protected by digital rights management ("Secure Content"), Microsoft may provide security related updates to the OS Components that will be automatically downloaded onto your computer. These security related updates may disable your ability to copy and/or play Secure Content and use other software on your computer. If we provide such a security update, we will use reasonable efforts to post notices on a web site explaining the update. "
Thats one of the resons i never udated from Media 7
What place does Window Media 9 play in the operating system to me its just not part of a OS so it should not be there. plus the DRM sucks as well.
what you can do today, you may not tommrow.
They have no rights to do this and you hand over root access to your system for agreeing with the EULA agreement.
My 2 cents worth