Service Pack 1 for Windows Server 2003

mithridate writes "Microsoft has posted the Windows 2003 Service Pack 1 Release Candidate. eWeek has a short review of the service pack. My favorite quote from the article is, 'The company argues that the improvements are important enough that applications should be changed to accommodate them.' I know I still have not installed SP2 because of the problems it causes with SQL Server, I can't wait to see what kind of havoc it causes on the servers..."

Win2k & Server 2k3

[mr.henry]

I am no MS fanboy -- and I will be the first to admit that Windows 95, 98, ME, and XP are unstable and crappy -- but Windows 2000 and Windows 2003 Server are both solid operating systems.

damned if you do...

[SoupGuru]

... and damned if you don't.

Flame Microsoft

[Anonymous Coward]

You guys flame them for not caring about security, then they take an proactive stance on security which causes a few inconviences and then you bitch about that.

Catch-22

[rackhamh]

So a bunch of people wrote applications that take advantage of lax security in Windows server environments.

Now Microsoft is saying they won't be so lax anymore, so the applications need to change.

Microsoft is basically damned-if-they-do, damned-if-they-don't. If they don't patch the flaws, they're bad for providing an unsecured environment. If they do patch the flaws, they're bad for breaking existing applications.

I for one fail to see how this is a bad thing... OSes evolve, and applications have to keep up. That's why manufacturers provide separate drivers and software versions for different OS versions, isn't it?

A cheaper solution...

[TWX]

...would be to just firewall every Windows machine behind a Linux box or BSD box and use port forwarding or some other restrictive routing scheme. Even if the hardware to isolate a gigabit's worth of bandwidth ran $1,000, it'd probably still save the company money compared to the man hours required to fix custom software, test it, and install it.

Microsoft Pre-judged?

[Staplerh]

I know I still have not installed SP2 because of the problems it causes with SQL Server, I can't wait to see what kind of havoc it causes on the servers...

This is a little predjudicial. You may have some historical examples to draw upon, but we should cut Microsoft some slack. If they didn't release this, people would complain, and when they do, people complain. If Microsoft is willing to admit that the "the improvements are important enough that applications should be changed to accommodate them", then perhaps they are right. It's doubtful that Microsoft is going to cause this much of a hassle unless it was for a good reason - ultimately, it would be easier for them to forgo this. Perhaps it is initial flaws, but how could they get it all right on the very first release?

I know I sound like some sort of Microsoft 'fanboy', but I'm just trying to present a devil's advocate view against the Slashdot bias against Microsoft.

Windows Firewall

[Ghostgate]

TFA says they have added the same Windows Firewall as XPSP2. However, this is one issue that I can't see being NEARLY as big of a deal as it was for XP. XP has a much bigger percentage of novice users, many of whom had never even heard of a firewall until SP2. Win 2003 is, in general, used by people who would be aware of how to deal with such things and how to troubleshoot any problems that might occur.

Re:Catch-22

[Spad]

Take a look at the list on the MS website of apps that are broken by SP2.

Microsoft have more applications on there than any other single vendor.

Re:damn.

[Anonymous Coward]

is microsoft just shooting themselves in the foot again? I'm scared shitless of XP SP2, I can't imagine this being much better.

Scared of what? If you install it and something actually doesn't work then you can simply uninstall it.

By now there are workarounds or updates available for most of the apps that didn't work with SP2. .m

Re:Win2k & Server 2k3

[NotoriousQ]

I would not call XP unstable, but it is now suffering from what linux users have suffered for too long: bad hardware / drivers.

If I put cheap memory into the machine - I should expect it to crash. If I run bad drivers - I should expect it to crash.

I do not believe that 2000 is that much more stable than XP. 2003 I do not know, but I guess all of these have the same level of stability, however XP goes on to more computers made out of crap, and therefore it craps out more.

Windows9x was crappy because it did not implement correct separation of processes from each other and from the kernel.

Re:Catch-22

[erhudy]

It's not a bad thing at all, and I just observed the exact same thing privately. Microsoft is finally doing what they should be doing, yet all the Linux zealots here and elsewhere still see fit to excoriate them. Blame Microsoft for having prioritized features over security for far too long, fine. Don't blame them for trying to fix it.

Re:damn.

[Anonymous Coward]

"The company argues that the improvements are important enough that applications should be changed to accommodate them.' I know I still have not installed SP2 because of the problems it causes with SQL Server, I can't wait to see what kind of havoc it causes on the servers...""

You know for an editor of slashdot, you should really do some research.

If you use the latest service pack for SQL server, XP service pack 2 works fine. The same thing goes for running SQL 2k on Windows 2003. Maybe if you kept up with the current application service releases you would not have problems with the OS ones. :)

I could bitch and whine about vi, gnome, or anything else and I would told to upgrade to the latest revision. Why should you not do so on SQL?

Re:A cheaper solution...

[Anonymous Coward]

That'll work until someone brings in an infected laptop from the field, and then the virus/worm will spread throughout the network. Unless you're talking about firewalling each computer individually ??

Re:Service Pack vs Version

[rd_syringe]

I don't know, but it annoys me to, in the year 2004, still see the term "M$" being thrown around like it's 1998 when it was witty and cool and anti-establishment. Just because you have some arbitrary definition of what a Service Pack "should" do doesn't make you right. I think you're bitching just to find something to bitch about. This is a good thing, and you'd be bitching if they didn't do this.

Windows 2003 popularity?

[DogDude]

Are that many people even using Windows Server 2003? Other than the .NET Framework that can also be bolted onto W2K, I don't know what the advantages are to running Win 2003. W2K both Pro and Server are very, very stable for us, and as far as I can tell, we have zero incentive to upgrade (if it's even a real upgrade). I personally don't know of a single person or company running Server 2003 for the same reason. W2K works just fine.

Re:Service Pack vs Version

[Schnapple]

Would you prefer to have Windows Server 2004 or 2005 come out and be charged for this?

Re:Catch-22

[rackhamh]

Well, duh. Can you name a vendor that produces more individual software packages for the Microsoft platform than Microsoft itself?

Re:Service Pack vs Version

[E-Rock]

Exactly, Apple releases a new version that fixes the things they half-assed in the prior version of X and they expect you to pay $129.

sorry, but what's the point of the computer?

[jxyama]

>'The company argues that the improvements are important enough that applications should be changed to accommodate them.'

so, does the PC exist to run the OS or the application? i thought the point of PC and the OS was to run the application that's useful. why does running of the application, which actually accomlishes something, must be compromise to enable the OS to run better?

i'm not arguing that OS is an important/integral part of using a PC to accomplish a task. but i feel that their philosophy is backwards. even if it's the truth, they shouldn't say it. PCs do not exist to run the OS. PCs exist to run the applications. no one cares about a PC that can run the OS perfectly if it can't run useful apps.

Re:Windows 2003 popularity?

[XopherMV]

Sounds like your company hasn't moved to Win2003, so your knowledge is limited.

Most companies I know don't like to be on the bleeding edge and don't want to switch until the first service pack is released. Once SP1 comes out, you can bet a lot more companies will look at Win2003 seriously.

Re:A cheaper solution...

[Malc]

Why would I use a Linux or BSD box for that? Get off your hobby horse. That was cool amongst nerds five years ago - now it's so passé.

A cheap, low power (10W), low maintenance, consumer grade router will do this job for much less effort. Admittedly, some of them like my Linksys WRT54G run Linux and can hacked for more functionality...

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:sorry, but what's the point of the computer?

[Elwood P Dowd]

why does running of the application, which actually accomlishes something, must be compromise to enable the OS to run better?

Because those applications depend on poor security. Break them. They shouldn't work.

I don't get it...

[DaFallus]

Why do so many people continue to use Windows when all they do is complain about it? I have installed SP2 on numerous machines and have had absolutely no problems. I like Windows for what I use it for, and for purposes where I feel that Windows is not the best choice I also run multiple linux machines.

If you don't like Windows or are just anti-microsoft, then just stop using their products. Maybe this doesn't happen because if everyone who had problems with Microsoft switched to linux or some other open source OS then they'd have nothing left to bitch about.

Re:About SP2

[Em Adespoton]

I think the point is that it *is* broke. The reason MS doesn't charge for service packs is that they are the software vendor's version of a product recall -- Microsoft has realised that the original product is broken, and they are recalling the product to fix it. The benefit is that in the software world, you get to keep your product and the internet allows the company to make a house call and repair it on-site.

Of course, most people don't do a bi-annual check for recalls on their hardware, so they live in ignorant bliss untill that reported and supported issue rears its ugly head and creates a real problem... why should it be any different in the software world?

Why is this a problem?

[Flower]

You may not be able to install immediately if the SP breaks a production app but nowadays with all the regulatory compliance issues companies face this becomes a nice club to use in forcing the vendor to clean up their broken crap.

It's also a good time to look into your SLAs and get them in order. Make sure to provide a provision that the vendor has to start taking security into consideration. Have them justify why their app needs administrator privs because *I* have to justify it to my auditor. Don't let them off the hook if you can't patch. If viable, withhold payments. Communicate with peers about the level of service the vendor provides (I don't know about small businesses but in medium to large organizations it is surprising how much weight decision makers put into these informal discussions.)

This is an opprotunity not a setback folks.

Silly question

[mav[LAG]]

Can you disable the "phone home" feature?

Re:Win2k & Server 2k3

[drsmithy]

No, it was much simpler than that. Windows 95,98,ME sucked because they were all just GUIs on top of DOS.

Ah, it was a touch more than that. Windows 9x took over memory management, I/O, CPU scheduling, etc. It was *far* more than "just a GUI on top of DOS".

Re:Windows Firewall defaults to off

[antoy]

Well if you are running a server you can assumedly be trusted with the simple task of configuring a proper firewall by yourself, if you do indeed need it. Besides, the Win2003 "way" is to not to run any network services at all until you tell it to.

Re:Catch-22

[Matje]

Take a look at the list on the MS website of apps that are broken by SP2.

Microsoft have more applications on there than any other single vendor.

do you think this might be because no one else bothered to have their app tested by microsoft?

Re:SQL Server on XP SP2?

[BenHill]

Most .NET developers run SQLServer (along with IIS if they do ASP.net) on their local boxes. It's nice to have your own "private world" in which to work.

Not quite sure if you have ever worked on SqlServer, but it is really no big deal to port something built locally on XP to something on Windows Server 2000/2003.

The only pain in the ass is keeping the dB up-to-date - we have gotten around this by building an asp.net engine to compare the local database schema with the SQL scripts located in a SVN-controlled directory.

Re:Great, but...

[cooley]

Linux or no Linux, the poster of the article states that (s)he still hasn't installed SP2 (which I take to mean Windows XP Service Pack 2) because of the things it messes up with SQL server. This begs the question, why are they running SQL server on a workstation? Windows XP is not an OS meant to run a server.

Re:Catch-22

[damiam]

Right, but you'd think they could fix their own software to work with their own OS.

Re:Great, but...

[DotNM]

Development. A systems designer I know uses IIS on his Windows XP laptop to design the web-based systems for his clients, then deploys it to production web servers.

Re:Flame Microsoft

[Waffle Iron]

And they richly deserve all the flames. They should have started focusing heavily on security circa 1994. But they didn't, so they got flamed for almost a decade until they finally started to wise up.

Now, they get more flames because in their desperate attempt to belatedly patch up their wares, they're breaking much of the code that was written to their old lame security models. They knew that they should have fixed these models many years ago, but they didn't, and they nevertheless encouraged everyone to continue writing to them. They deserve these new flames because the compatibility problems are a result of their own procrastination. If they hadn't let things get this bad, there wouldn't be so many screwups now.

Re:Catch-22

[obeythefist]

Ugh, if you actually read the background material, you would notice that SP2 doesn't break anything. It's a list of apps that don't work when you run an unconfigured firewall, for the most part.

Why on earth is it Microsoft's fault that they're telling their users which applications may be affected because in SP2 they're activating a firewall in an attempt to remedy some of the poor security practices they've used in the past?

I think some recognition for a company moving in the right direction wouldn't go astray every now and then, instead of jumping down MS's throat every time they make a move.

Re:Catch-22

[obeythefist]

I don't believe I mentioned BSD or Linux or Jaguar or any other OS or company apart from Microsoft.

I'm not sure what you mean however with regards to "fixing and breaking things more often". Microsoft patches are quite strenuously tested, so they are very slow to arrive (not more often, less often) Very few if any MS patches break third party software. Compare this to the complexity of handling Linux dependencies. I am sure if you upgrade some components of Linux and replace dependencies, you might find a lot of things suddenly stop working. Microsoft isn't really responsible for making third party software work on their OS... are you holding MS accountable for the work of Adobe? Or for the work of nameless shareware developers? Is it not their responsibility to fix the software if they write applications that work outside of Microsoft's preferred APIs?

My experience with Linux dependencies on a couple of different distros have been nothing like your example. Many different applications just don't work on Linux without downloading and installing very specific packages to handle dependencies... so much so that people need to write software purely to handle dependencies. For some reason.. when I install software on a windows box, I double-click an exe file and it works. I don't even need to see the word "dependency". I'm not trying to say one method is better than the other. But what I am saying is that Microsoft have decided to take this path and as a result they have to be very precise with the fixes and patches they apply to their OS.

The unified patching for debian and redhat really makes it easy on the user when you can run a single command to update EVERYTHING in your system.

Shame that isn't available on every Linux distro. With every current version of Windows, I can go to a website called "Windowsupdate.com" and click a single button to update EVERYTHING in my system. And you know what? I don't have to go looking anywhere but microsoft.com for fixes for Windows.

Windows XP SP2 hasn't broken any drivers that I know of, unless they are drivers that for some reason need a hole in the firewall and I suddenly forget how to configure a firewall. Of course I can simply uninstall the service pack if that does ever happen (it doesn't, RTFA please).

So basicly the windows way is bad and painful to use. and the linux was is nice and easy for once

You haven't demonstrated this. Please explain with consise examples of what you mean. Providing a questionable statement without decent supporting arguments is hardly compelling, although on Slashdot people will believe you because "Linux good, Windows baaaaaad".

Microsoft have made the best business decision possible in terms of advancing the security of their platform at the minor cost of a few applications that (again, RTFA because you don't seem to have noticed this) don't work when a firewall blocks them. This is applicable to Linux. Firefox on Linux is *broken* when you install a firewall and block port 80. By your arguments, Linux is therefore "fucked if they do and fucked if they don't" because if you install a firewall the "API is so hacked together to keep everything working" and this somehow has something to do with applying a default-on firewall to the OS. Linux users are purportedly more open minded and understanding of basic OS principles. Why am I constantly meeting Linux advocates who are so more closed minded than the average AOL toting Windows user?

People are bitching at microsoft for no real reason in this case. An unconfigured firewall breaks a few applications that need ports opened, and for some reason, as my parent post said, Linux advocates believe this is a flaw in Windows XP and put the blame squarely on Microsoft.

Explain yourself clearly, concisely, or put your PC back in the box and send it to your OEM. Computer license revoked by the Darwin Internet Preservation Act.

Re:Win2k & Server 2k3

[Anonymous Coward]

In neither Linux nor NT can I make a call to a hardware interrupt or access hardware directly (except via driver of course.) This restricts the damage that an application on the OS can do. It's also why so much Win95-ME software won't work on 2K, because it's making non-WinAPI calls, now verboten.

Personally I consider the distinction to still be important because the operating system disallows apps to do anything but make API calls.

I'm moderately suspicious that Win95+ doesn't make calls to DOS. Simply because if that was the case, it should have been so much easier to make a version of Win95 that bootstrapped itself and wouldn't run badly coded software, providing the essentially what the NT kernel was written for. NT kernel is better in a lot of ways (I'm thinking preemptive multithreading), but I'm convinced that if they did not have to rewrite Windows to get rid of DOS, they would not have done so. Pure speculation on my part.

Re:bullsh*t

[x-caiver]

So lets see the list of changes that you feel are so horrible. You say there are multiple changes and that they are not improving security.
You list one example with a pretty weak explanation on why exactly it was an 'idiotic' change - try some more.