Forgot your password?
typodupeerror
Windows Operating Systems Software Security

Service Pack 1 for Windows Server 2003 429

Posted by michael
from the security-is-priority-one dept.
mithridate writes "Microsoft has posted the Windows 2003 Service Pack 1 Release Candidate. eWeek has a short review of the service pack. My favorite quote from the article is, 'The company argues that the improvements are important enough that applications should be changed to accommodate them.' I know I still have not installed SP2 because of the problems it causes with SQL Server, I can't wait to see what kind of havoc it causes on the servers..."
This discussion has been archived. No new comments can be posted.

Service Pack 1 for Windows Server 2003

Comments Filter:
  • Win2k & Server 2k3 (Score:2, Insightful)

    by mr.henry (618818) *
    I am no MS fanboy -- and I will be the first to admit that Windows 95, 98, ME, and XP are unstable and crappy -- but Windows 2000 and Windows 2003 Server are both solid operating systems.
    • by NotoriousQ (457789) on Tuesday December 07, 2004 @07:32PM (#11025838) Homepage
      I would not call XP unstable, but it is now suffering from what linux users have suffered for too long: bad hardware / drivers.

      If I put cheap memory into the machine - I should expect it to crash. If I run bad drivers - I should expect it to crash.

      I do not believe that 2000 is that much more stable than XP. 2003 I do not know, but I guess all of these have the same level of stability, however XP goes on to more computers made out of crap, and therefore it craps out more.

      Windows9x was crappy because it did not implement correct separation of processes from each other and from the kernel.
      • by ad0gg (594412)
        Bad drivers are cause of lot of problems. I know with the old version of the ATI drivers would blue screen my win2k workstation box on a weekly basis. Called up ATI and they told me they didnt' support win2k workstation, ended up buying an nvidia card and my problem was solved. I won't even talk about XP and my soundblaster card, i don't know how much hair i tore out of my head dealing with that crap.

        Now with our server, I still haven't seen a blue screen almost two years now. Of course they are all Del

    • by XopherMV (575514)
      Win2003 was forked from the WinXP code base. They are basically the same OS with some minor tweakages. WinXP is made for single users who usually run just a few programs at a time. Win2003 is a server OS, made for running tons of programs all at once.

      That's why you often don't see drivers for Win2003. Companies mostly just write one driver for both WinXP and Win2003. That saves them time and money.

      To say WinXP or Win2003 is better than the other is kind of ridiculous since they're about the sam
  • by Anonymous Coward on Tuesday December 07, 2004 @07:24PM (#11025713)
    ...Security. Oh god, that -1 for me!
  • by SoupGuru (723634) on Tuesday December 07, 2004 @07:25PM (#11025724)
    ... and damned if you don't.
  • Flame Microsoft (Score:3, Insightful)

    by Anonymous Coward on Tuesday December 07, 2004 @07:26PM (#11025743)
    You guys flame them for not caring about security, then they take an proactive stance on security which causes a few inconviences and then you bitch about that.
  • Catch-22 (Score:5, Insightful)

    by rackhamh (217889) on Tuesday December 07, 2004 @07:26PM (#11025748)
    So a bunch of people wrote applications that take advantage of lax security in Windows server environments.

    Now Microsoft is saying they won't be so lax anymore, so the applications need to change.

    Microsoft is basically damned-if-they-do, damned-if-they-don't. If they don't patch the flaws, they're bad for providing an unsecured environment. If they do patch the flaws, they're bad for breaking existing applications.

    I for one fail to see how this is a bad thing... OSes evolve, and applications have to keep up. That's why manufacturers provide separate drivers and software versions for different OS versions, isn't it?
    • Re:Catch-22 (Score:5, Insightful)

      by Spad (470073) <slashdot@@@spad...co...uk> on Tuesday December 07, 2004 @07:30PM (#11025796) Homepage
      Take a look at the list on the MS website of apps that are broken by SP2.

      Microsoft have more applications on there than any other single vendor.
      • Re:Catch-22 (Score:2, Insightful)

        by rackhamh (217889)
        Well, duh. Can you name a vendor that produces more individual software packages for the Microsoft platform than Microsoft itself?
      • Re:Catch-22 (Score:4, Insightful)

        by Matje (183300) on Tuesday December 07, 2004 @09:44PM (#11027329)
        Take a look at the list on the MS website of apps that are broken by SP2.

        Microsoft have more applications on there than any other single vendor.


        do you think this might be because no one else bothered to have their app tested by microsoft?
      • Re:Catch-22 (Score:5, Insightful)

        by obeythefist (719316) on Tuesday December 07, 2004 @10:59PM (#11027962) Journal
        Ugh, if you actually read the background material, you would notice that SP2 doesn't break anything. It's a list of apps that don't work when you run an unconfigured firewall, for the most part.

        Why on earth is it Microsoft's fault that they're telling their users which applications may be affected because in SP2 they're activating a firewall in an attempt to remedy some of the poor security practices they've used in the past?

        I think some recognition for a company moving in the right direction wouldn't go astray every now and then, instead of jumping down MS's throat every time they make a move.
    • Microsoft is basically damned-if-they-do, damned-if-they-don't

      No, theyre damned because they didn't do it right in the first place.

    • Re:Catch-22 (Score:2, Insightful)

      by erhudy (751890)
      It's not a bad thing at all, and I just observed the exact same thing privately. Microsoft is finally doing what they should be doing, yet all the Linux zealots here and elsewhere still see fit to excoriate them. Blame Microsoft for having prioritized features over security for far too long, fine. Don't blame them for trying to fix it.
  • by mr.henry (618818) * on Tuesday December 07, 2004 @07:27PM (#11025754) Journal
    Love Windows 2000 and don't want to bother with XP? You can always run Windows Server 2003 as a workstation with this guide. [msfn.org]
    • What's the point if on the second page, you tell them to make an administrator user? Win2k3 has amazing security enhancements and that step effectively drops them on the floor.
    • Er, you know that XP is closer to 2003 than 2000 is. Server 2003 is based on XP; they took the XP code base, re-added the 2000 server stuff and made some updates.
      2000 is NT 5.0
      XP is NT 5.1
      2003 is NT 5.2
      • by Blakey Rat (99501) on Tuesday December 07, 2004 @08:08PM (#11026272)
        There's this wide belief that Windows 2000 is better than Windows XP because it's more simple... i.e. less background services, less eye candy, runs faster.

        The fact is that XP, once configured close to Windows 2000's defaults, is actually quite a bit faster than Windows 2000, uses the same amount of memory, and still has all the features built-into XP. (Like Remote Desktop, System Restore, more advanced IE.)

        In my opinion, there is absolutely no reason to still be using Windows 2000 with Windows XP available. Grab XP, spend an hour customizing it, and you can make it basically a clone of 2000 but with more features.
    • Talk about crazy... My GF's best friend has a PC running Windows Server 2003, as her home computer. Her main applications are... ...MSN Messenger and Internet Explorer. Mind you, this was when WS2k3 was still in beta.

      All this is running quite unhappily on a Pentium II, 266 with 64 MBs of RAM. When I saw this snail / turtle-like behemoth of a computer I was baffled that it ran a 2003 install with absolutely everything installed and turned on! Except for anything resembling a firewall.

      I asked her where she
      • It turns out, her brother's GF is a market droid at Microsoft here. She had given a computer that was in private use by some developer or something and meant that (actual quote): "2003 is just so much better, just look: it's three years more advanced."

        So, a marketing droid said a marketing sentence. Whoa, big news! Admittedly, it wasn't the best thing to say in order to sell the OS on someone, but neither was the hacked up machine running it. It's hard to validate the "seller of the year award or some cra
        • by nordicfrost (118437) * on Tuesday December 07, 2004 @09:19PM (#11027128)
          Well, she must have been seen as an asset, as she apparently was offered a 25% raise over two years time for not leaving MS sales. She now has a job for a local company in another own, her home town. They moved after not enjoying the capital too much. But she apparently misses MS and they want her back, says the GF's friend (talked to her on MSN...)

          Also, it seems that the MS sales persons are truly out of it some chatting with others in the development business now revealed another story about a lame MS attempt to sell in solutions. They were offered lunch to hear out the offer from the sales person. They listened politely to the sales chat and then confronted the guy with such questions as mean uptime, compability with older equipment etc. He couldn't answer it, and was finally asked: Why should we replace the Linux domain servers, firewall and file servers with your products? The reply was "Well, the TCO of Windows Server is lower" at which point F burst out in laughter at the restaurant. He replied "You want us to pay XXX money for replacing the software, which by the way requires XXX in hardware upgrades. All this to replace free software legacy systems that had 0 downtime over two years?" at that point they said 'thanks for the lunch, you're paying.' and left.

          The sales droid got a bit upset and tried to mention something about Linux being more expensive to maintain, and he replied that they could easily afford the two days of onsite tech for maintanence a year and how many times a year would they require someone to look at the Windows systems?
    • Unless you're on old hardware. I found severe problems with the optical drives on my system. Even with a recent DVD+/-RW drive, accessing DVDs quickly resulted in IDE bus errors and loss of access to the drive and anything else on the bus, and often even a complete lock up of the OS. This is on a five year old dual P3-850 with 440BX(GX?) chipset.

      Mind you, the cost of Windows Server 2003 is enough of a reason not to use it on the desktop. Not everybody has a Universal MSDN subscription to make it worthw
    • I can't see any reason to spend several thousand dollars to make an OS run like one available for $200 or less.

      Be sure to complain how much the built-in firewall sucks when you didn't spend the extra $40 on a hardware solution.
  • by ferreth (182847) on Tuesday December 07, 2004 @07:27PM (#11025757) Homepage Journal
    Is it just me or are others pissed off that M$ has taken the term "Service Pack" and stretched it way beyond it's intended meaning?

    A Service Pack should fix bugs, provide MINOR enhancements, and performance tweaks. Anything more is a version change.

    Hell, I would be perfectly happy to see the term "Service Pack" disapear entirely to be replaced by 0.01 releases and 0.1 for bigger changes, like most of the rest of the world does. At least that terminology has meaning to me.
    • A Service Pack should fix bugs, provide MINOR enhancements, and performance tweaks. Anything more is a version change.

      This is more or less an indication that the initial release was premature and is what the *nix community might call a "Release Candidate", or even a beta that has few enough (!) bugs to be marginally usable.

    • by Schnapple (262314) <tomkidd&viatexas,com> on Tuesday December 07, 2004 @07:50PM (#11026031) Homepage
      Would you prefer to have Windows Server 2004 or 2005 come out and be charged for this?
      • Exactly, Apple releases a new version that fixes the things they half-assed in the prior version of X and they expect you to pay $129.
      • by typhoonius (611834) on Tuesday December 07, 2004 @08:11PM (#11026295) Homepage

        I think you're missing the point.

        What the grandparent means is that bug-fixing Service Packs and feature-adding upgrades should be kept separate so you can grab the bug fixes without worrying about the new features breaking shit. Both would ideally be free.

        Hell, look at Apache; they're still updating the 1.3.x line just for security and using the 2.0.x branch for adding new features (which break a fair number of old things). If your site is already running 1.3.x reliably, you don't want to shake it up for no reason--servers are supposed to be reliable, not flashy--but you want the latest security patches. So you can keep grabbing the 1.3.x updates.

        With Windows, you don't have the choice; you pick the devil you know or the devil you don't. Everyone says Microsoft is damned if they do or damned if they don't with the Service Packs, and it seems like their customers are in the same position.

    • Microsoft already does this, they just mask it from the stupid "end user"

      Winver will show you exactly what version you are running, and what the build number is.

      Let me get this straight.. you're pissed off because they threw "extra" into the service pack instead of releasing a new version and charging you for it? I think your wallet is too fat, and is affecting the bloodflow to your brain..
    • Is it just me or are others pissed off that M$ has taken the term "Service Pack" and stretched it way beyond it's intended meaning?

      They pioneered this years ago, way back with NT4 SP3. That was basically NT 4.5.

      But *it was a free upgrade*. That's the distintion here: new version number, you pay for it.

    • "When I use a word," Humpty Dumpty said, in rather a scornful tone, "it means just what I choose it to mean--neither more nor less."

      "The question is, " said Alice, "whether you can make words mean so many different things."

      "The question is," said Humpty Dumpty. "which is to be master--that's all."


      I think that answers your qestion.


      (Doctor Who fans, though, may find additional meaning in Microsoft being The Master...)

    • Perhaps they should ditch the whole XP thing and stick to dates (W95, W2000, W2003) taking into consideration your suggestion.

      Then the current version would be 2004.12.07 and tomorrow when the next nasty virus comes out it would be 2004.12.08 and later that afternoon when they realize their patch opens up two other holes for the one it closed they can release 2004.12.08.14.15. :-)
  • by TWX (665546) on Tuesday December 07, 2004 @07:27PM (#11025771)
    ...would be to just firewall every Windows machine behind a Linux box or BSD box and use port forwarding or some other restrictive routing scheme. Even if the hardware to isolate a gigabit's worth of bandwidth ran $1,000, it'd probably still save the company money compared to the man hours required to fix custom software, test it, and install it.
    • by Malc (1751)
      Why would I use a Linux or BSD box for that? Get off your hobby horse. That was cool amongst nerds five years ago - now it's so passé.

      A cheap, low power (10W), low maintenance, consumer grade router will do this job for much less effort. Admittedly, some of them like my Linksys WRT54G run Linux and can hacked for more functionality...
  • by Staplerh (806722) on Tuesday December 07, 2004 @07:28PM (#11025772) Homepage
    I know I still have not installed SP2 because of the problems it causes with SQL Server, I can't wait to see what kind of havoc it causes on the servers...

    This is a little predjudicial. You may have some historical examples to draw upon, but we should cut Microsoft some slack. If they didn't release this, people would complain, and when they do, people complain. If Microsoft is willing to admit that the "the improvements are important enough that applications should be changed to accommodate them", then perhaps they are right. It's doubtful that Microsoft is going to cause this much of a hassle unless it was for a good reason - ultimately, it would be easier for them to forgo this. Perhaps it is initial flaws, but how could they get it all right on the very first release?

    I know I sound like some sort of Microsoft 'fanboy', but I'm just trying to present a devil's advocate view against the Slashdot bias against Microsoft.
  • that windows server 2003 will actually be able to use up to date hardware?

    Will I finally be able to plug my DVD writer into my PDC and back up the AD tree?

    Didn't think so. That's it, I'm going back to Debian.

    • Ya I know. Its so hard to have a system thats used to back things up.
  • Windows Firewall (Score:5, Insightful)

    by Ghostgate (800445) on Tuesday December 07, 2004 @07:28PM (#11025783)
    TFA says they have added the same Windows Firewall as XPSP2. However, this is one issue that I can't see being NEARLY as big of a deal as it was for XP. XP has a much bigger percentage of novice users, many of whom had never even heard of a firewall until SP2. Win 2003 is, in general, used by people who would be aware of how to deal with such things and how to troubleshoot any problems that might occur.
  • In the docs they write that a server should be able to accept unsollicited connections so the new Windows Firewall defaults to off, unlike the one in XP SP2.

    Hm. I'm not sure about that.
  • I know I still have not installed SP2 because of the problems it causes with SQL Server

    And your running Sql server on XP? Only developers edition runs on XP. And it isn't meant to do production stuff.

    • by figleaf (672550)
      Don't you realize this is Slashdot.
      He had to make an idiotic comment like that to get his story in.

      Anyways SQL Server runs fine on XP.

    • by njan (606186) on Tuesday December 07, 2004 @07:55PM (#11026110) Homepage
      Some (enterprise-grade) applications require the use of SQL Server Desktop Engine (the anti-virus vendor Sophos, for one, use this - Veritas would be an example of another).

      In many instances, this doesn't react well with software on Windows server builds (again, as examples, SQL Server proper and Terminal Services both are broken by and break these two products in particular).

      Especially in the ranks of middle-sized organisations which don't feel like splashing out hundreds of dollars (or more) for copies of windows server simply to run veritas and sophos, there are plenty of organisations which run 'server' software and SQL desktop engine / SQL Server on workstation builds of windows.
    • For others - and the story poster - there's some very useful information about how XP SP2 affects SQL Server here [microsoft.com].

      To write something as stupid as "I know I still have not installed SP2 because of the problems it causes with SQL Server, I can't wait to see what kind of havoc it causes on the servers..." is just down to ignorance, incompetence and probably a lack of understanding about both products. Yes it might sound harsh, but to write something as daft as that in a story for nothing more than an anti-MS
      • by RupW (515653) *
        Thanks for the link - so default firewall settings break SQL server's TCP/IP interface: I didn't know that.

        That said, you *shouldn't* be using the TCP/IP interface pretty much ever. If your client is on the same PC you should use "(local)" which will use either named pipes or shared memory IPC; if you're accessing another PC on the same network you should use named pipes and if you *really* need remote enterprise manager across the NET you should remote desktop into the PC and run it locally. Then there's
  • About SP2 (Score:3, Interesting)

    by chaffed (672859) on Tuesday December 07, 2004 @07:40PM (#11025933) Homepage
    Interesting comment by the author about SP2. It made me think about my upgrade practices. On my Win2k servers I wait nearly 6 months before I upgrade or apply any patches. I just need to know all the bugs are out before I put it into production.

    However on my linux server I love installing the latest stable builds. Maybe that is because the software tends to be of better quality?... Possibly masochism... maybe... Then again I do run Win2k server.

    • Maybe the W2K server(s) are production, and the Linux server_ is a toy? Personally, I don't install a single thing that I don't need to, including service packs. If there's a specific problem or security issue that I'm aware of, then fine. Otherwise, I don't touch 'em. Life has worked like that for old school Unix admins for 20+ years. Why does everybody feel the sudden need to update their core OS software on almost a daily basis now? I don't get it. It's like switching out the compressor in your re
      • Re:About SP2 (Score:3, Insightful)

        by Em Adespoton (792954)
        I think the point is that it *is* broke. The reason MS doesn't charge for service packs is that they are the software vendor's version of a product recall -- Microsoft has realised that the original product is broken, and they are recalling the product to fix it. The benefit is that in the software world, you get to keep your product and the internet allows the company to make a house call and repair it on-site.

        Of course, most people don't do a bi-annual check for recalls on their hardware, so they live

  • by DogDude (805747) on Tuesday December 07, 2004 @07:45PM (#11025986) Homepage
    Are that many people even using Windows Server 2003? Other than the .NET Framework that can also be bolted onto W2K, I don't know what the advantages are to running Win 2003. W2K both Pro and Server are very, very stable for us, and as far as I can tell, we have zero incentive to upgrade (if it's even a real upgrade). I personally don't know of a single person or company running Server 2003 for the same reason. W2K works just fine.
    • Volume shadow copy restore... Web services edition..

      2 reasons for you.
    • by ad0gg (594412) on Tuesday December 07, 2004 @07:55PM (#11026104)
      If your running asp.net under win2k it runs as an ISAPI process. With server2003 its runs natively in IIS, makes it a little bit more robust. Also like the security settings, especially being able to control TCP/IP down to the port level. Not sure if this also on win2k, if it is, it must be buried.
    • by RupW (515653) *
      A few more reasons:

      • IIS 6.0: performance and compartmentalisation for security / stability
      • Remote desktop improvements: full colour, can debug across a remote desktop connection
      • Nice tweaks like network usage and remote desktop management on task manager
      • You need it to run Exchange 2003. Which is great. The web interface alone is worth the upgrade.
    • Sounds like your company hasn't moved to Win2003, so your knowledge is limited.

      Most companies I know don't like to be on the bleeding edge and don't want to switch until the first service pack is released. Once SP1 comes out, you can bet a lot more companies will look at Win2003 seriously.
    • by Malc (1751) on Tuesday December 07, 2004 @08:15PM (#11026346)
      If you're buying or leasing new systems, it's probably a better idea to go with Windows Server 2003 than an OS that's five years old. Sure there's good reason not to jump on the new OS bandwagon, but I think it has proven its stability. Think about it: in three years time (which could be well within the lifetime of those servers), Win2K is going to be getting very long in the tooth. Almost as long in the tooth as NT4 is now.

      Anyway, all our new servers use the new OS. Obviously tested it first. It's a lot nicer to work with remotely, and is just generally better all round (shock! horror! Microsoft's marketing turned out to be true!).
  • by jxyama (821091) on Tuesday December 07, 2004 @07:57PM (#11026130)
    >'The company argues that the improvements are important enough that applications should be changed to accommodate them.'

    so, does the PC exist to run the OS or the application? i thought the point of PC and the OS was to run the application that's useful. why does running of the application, which actually accomlishes something, must be compromise to enable the OS to run better?

    i'm not arguing that OS is an important/integral part of using a PC to accomplish a task. but i feel that their philosophy is backwards. even if it's the truth, they shouldn't say it. PCs do not exist to run the OS. PCs exist to run the applications. no one cares about a PC that can run the OS perfectly if it can't run useful apps.

  • by jaxon6 (104115)
    I am of the mindset that I don't touch anything Windows until Service Pack 1. At least on the server side, it's very possible. For our domain controllers at a large university on 77 Massachusetts Ave. in Cambridge, I specifically am holding off upgrading the domain to Win2k3 until SP1. I am sure many others out there are doing the same.

    As for Win2k3 in general, I think it's the best Windows yet, which is still not saying much. I won't touch IIS ever, in fact we have Win2k3 systems running apache becaus
  • on MSDN subscriber downloads. They're marked build 1214 which ties up with the last-but-one build of Windows XP 64-bit available. They've now just release Windows XP 64-bit build 1247 so chances are this is build 1247 of the 2003 SP1 code.

    But we haven't tried it here yet: no obvious victim 2003 machine, and no problems with our web app on WinXP SP2 code.
  • bullsh*t (Score:2, Interesting)

    by flight666 (30842)
    I'm sorry, but all of the posts mentioning catch-22 or "damned if you do, ..." are full of it.

    Basically, Microsoft is breaking a whole crapload of things that don't need to be broken. Several of these changes impact me, and I can tell you that they are not improving security by turning these features off. Actually, they are reducing security by turning these off because now every Tom, Dick, and Harry out there need to go and write their own kernel mode driver to re-implement the missing functions.

    For exam
  • To further tighten security on new installations, the Post-setup Security Update Wizard blocks all incoming traffic until the latest updates are applied and Automatic Updates are configured.

    We have our own tools to perform updates.
  • I don't get it... (Score:2, Insightful)

    by DaFallus (805248)
    Why do so many people continue to use Windows when all they do is complain about it? I have installed SP2 on numerous machines and have had absolutely no problems. I like Windows for what I use it for, and for purposes where I feel that Windows is not the best choice I also run multiple linux machines.

    If you don't like Windows or are just anti-microsoft, then just stop using their products. Maybe this doesn't happen because if everyone who had problems with Microsoft switched to linux or some other open so
  • Last year I loaded a 1976 version of the PL/C (Programming Language / Cornell) compiler onto a modern IBM System 390 running zVM. And it worked, perfectly, the first time. After 27 years. Take that Microsoft ;-)
  • by Flower (31351) on Tuesday December 07, 2004 @08:49PM (#11026814) Homepage
    You may not be able to install immediately if the SP breaks a production app but nowadays with all the regulatory compliance issues companies face this becomes a nice club to use in forcing the vendor to clean up their broken crap.

    It's also a good time to look into your SLAs and get them in order. Make sure to provide a provision that the vendor has to start taking security into consideration. Have them justify why their app needs administrator privs because *I* have to justify it to my auditor. Don't let them off the hook if you can't patch. If viable, withhold payments. Communicate with peers about the level of service the vendor provides (I don't know about small businesses but in medium to large organizations it is surprising how much weight decision makers put into these informal discussions.)

    This is an opprotunity not a setback folks.

  • by mwood (25379) on Wednesday December 08, 2004 @10:41AM (#11031672)
    I have to agree with Microsoft on this one. It is long past time for MS to bite the bullet and stop worrying about breaking shoddy software from the dawn of time -- stuff that never should have worked, but did because earlier OSes allowed unforgiveable sloppiness. There are a lot of app.s out there that deserve to die and be replaced by correct code.

    I'm very much in favor of preserving backward compatibility for decent software, but many PeeCee products are great examples of how not to design and build software, and they should go. Now.

    (Can you tell how many hundreds of hours I've lost trying to get antiproductivity software running for someone who simply *must* have it?)

Badges? We don't need no stinking badges.

Working...