Windows XP SP3 Build 3205 Released w/ New Features

jBubba writes "Windows XP SP3 build 3205 is the first official & authorized release of the next Windows XP service pack; and has been made available to testers as a part of the Windows Server 2008/Windows Vista SP1 beta program. NeoSmart Technologies has the run-down on the included 1,073 patches/hotfixes including security updates. Contrary to popular belief, Windows XP SP3 does ship with new features/components, most of which have been backported from Windows Vista. Some included features: 'New Windows Product Activation model: no need to enter product key during setup. Network Access Protection modules and policies have been brought to XP after being one of the more-well-received features in Windows Vista. New Microsoft Kernel Mode Cryptographic Module - the Windows XP SP3 kernel now includes an entire module that provides easy access to multiple cryptographic algorithms and is available for use in kernel-mode drivers and services. New "Black Hole Router" detection - Windows XP SP3 can detect and protect against rogue routers that are discarding data.'"

Re:is IE7 included?

[Bacon Bits]

I doubt it. Windows 2000 SP4 was still shipped with IE 5.01 (the version that shipped originally), and, indeed, it is the only way to apply the last service pack for IE 5.01.

Re:Windows Product Activation?

[HaloZero]

2K SP3 & SP4, and XP SP1 and SP2 provided the ability to merge the service pack into the base install for the operating system. The final product is usually referred to as a 'slipstream' install - it allows you to install Windows XP without having to patch to the absolute gills, just the muck from after the latest slipstreamed service pack.

After slipstreaming SP2 into my base XP install disk, a flat-format install did take a bit longer, but device propagation was FAR, FAR IMPROVED. There were a few other niceties, but they go beyond the scope of this post. I wouldn't be surprised if they're referring to changes made in the slipstream of the base install.

Full text

[sr243]

Following our coverage of the Windows XP SP3 beta leak almost a month ago in August, here's some more info on the official beta, which just had its first authorized distributable released earlier today. Say hello to Windows XP SP3, build 3205!

While the newly-released build and the one leaked a month ago (Build 3180) may share the same name, we can exclusively reveal that they are not identical releases. This release, also shipped as windowsxp-kb936929-sp3-x86-enu.exe, is 334.2 megabytes and has been made available to tier-one Windows Server 2008 and Windows Vista SP1 beta testers. Hashes are as follows:

CRC: 56e08837
MD5: c8c24ec004332198c47b9ac2b3d400f7

Along with the standalone installer redistributables (in English, Japanese, and German), Microsoft also provided the usual release notes and a list of all the hotfixes included in this release. Contrary to popular belief, Windows XP SP3 does ship with all-new features - not just patches and hotfixes, most of them backported from Windows Vista:

        * New Windows Product Activation model: no need to enter product key during setup. Thank God for that!
        * Network Access Protection modules and policies have been brought to XP after being one of the more-well-received features in Windows Vista. You can read more about NAP here.
        * New Microsoft Kernel Mode Cryptographic Module - the Windows XP SP3 kernel now includes an entire module that provides easy access to multiple cryptographic algorithms and is available for use in kernel-mode drivers and services.
        * New "Black Hole Router" detection - Windows XP SP3 can detect and protect against rogue routers that are discarding data.

Windows XP SP3 is compatible with all versions of Windows x86, included Embedded, Fundamentals, Start, Professional, Media Center, and Home Editions.

Windows XP SP3 now contains 1,073 patches/hotfixes, not including those in previous service packs. Of the 1,073 included updates, 114 are for security-related issues. The remainder are updates to performance & reliability, bugfixes, improvements to kernel-mode driver modules, and many BSOD fixes.

As with Service Pack 2, these include both previously publicly-available updates (whether through support.microsoft.com or via Windows Update) as well as any and all privately-redistributed updates for select customers or partners with specific problems/scenarios.

The first included update: KB123456 (April 7, 2006). The last: KB942367 (September 29, 2007).

We're checking with our MS contacts if we can provide you with the actual comprehensive list of updates included in Windows XP SP3, along with their descriptions and KB article links.

Re:Windows Product Activation?

[corychristison]

It should be noted that Slipstreaming is not as daunting as most people expect... nLite [nliteos.com] can help that problem and adds a lot of 'hacks' for the install as well. These hacks I speak of are more like features, such as adding Vendor information, as well as including the Serial # right in the install. You can setup an Unattended Setup... that is, you can pre-set all of the questions Windows Setup usually asks during installation.

:-)

Re:Vista Sound

[QBasicer]

It works by giving in addition to the main volume slider in the mixer/taskbar, providing a slider for each individual program using sound, like this picture. [arstechnica.com] The way, you can have Gaim/Pidgin sounds quite low, while you listen to relaxing music, but are waiting urgently for that important e-mail notification. I've played games where the sound is quite low to begin with, but then I get a message on my IM client, which seems fit to play a deafingly loud sound. IMHO, it's the only thing that Vista got right. I'm not sure how it works, but sound in Linux seems to be flaky at best.

Re:Windows Product Activation?

[nmb3000]

nLite can help that problem and adds a lot of 'hacks' for the install as well.

nLite can also completely frak up an XP install. One specific instance that we encountered when someone in our office used nLite was the inability for anyone who was not an administrator to use USB devices. None. The only way Windows would recognize and install the drivers for things like mice, keyboards, and flash drives was if you were an administrator. I've seen others, but this was one of the most problematic.

I very strongly recommend that nobody use it in a business setting or anywhere else you care about stability. If you want to customize an aspect of the Windows install process, do your homework and learn about it. Don't trust a black box to do it all for you.

Re:Windows Product Activation?

[schnikies79]

If you just want to slipsteam, don't mess with nlite as it can really screw up an install if you don't know what you are doing, instead try autostreamer. [softpedia.com]

Re:Vista Sound

[Lennie]

The pulseaudio [pulseaudio.org] sound daemon does this.

screenshot [0pointer.de]

It allows for setting the volume per audio source.

Mirror.

[antdude]

NeoSmart server seems to be down. Here's a mirror [networkmirror.com].

Re:Protection against black hole routers?

[pchan-]

So that when Windows wants to secretly download an update or send your data back to Microsoft, and you prevent them from doing so at the router level, they'll be able to detect it?

No. A black hole router is a router that incorrectly handles MTUs that are bigger than it can pass. That is, instead of fragmenting the packets, it just silently drops them. This makes for some very unreliable connections as only the bigger packets get dropped and smaller ones get through. This is usually a problem at the ISP level and has nothing to do with Windows updates. I now return you to your regularly scheduled tin foil hat.

Re:adding gasoline to the fire

[owlstead]

Don't be an idiot. The libraries that do this have been within Windows for ages. Besides, you can easily use XOR encryption if you just want to hide something. Not really secure, but you'll have to do crypto-analysis to get to the code anyway. Hell, you could use ROT-13. Are you going to look for assembly XOR or ADD routines? You'll probably find a few. Calls to this specific Windows API will be much easier to find.

I've been trying to find out what cryptographic features have been added to the FIPS security module in SP3. I'll be very surprised if there finally is some Elliptic Curve support or anything like that. It seems that .NET has some support for them, but Windows unfortunately still seems to lack support, even though the market is starting to show clear interest in EC crypto.

Anyway, the only thing I can find using Google is some page of Microsoft that's 7 years old. For the same FIPS module - for W2K of course. Does anyone have a link to more recent information? Currently there is little to discuss (unless you mention the missing PKCS#11 support by this arrogant monopolist).

Re:Blackhole Avoidance?

[the unbeliever]

black hole routers are not null routes.

black hole routers just drop packets that are "too big"; null routes are self explanatory, and are how most ISP's stop DOS attacks.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:I hate new features.

[suv4x4]

You're missing the real significance to this. They are back porting features from Vista!!! That's removing the incentive for migration from XP to VISTA on features alone. Considering the historic business model they have used, this is reason for further thought.

I've been thinking the same thing, and still, I don't know if pressure alone made them backport Vista features. People just want the patches rolled up in a SP. Vista security features was unexpected move.

Put this next to the toned down Vista campaign.

I have the feeling Microsoft are fully aware of the problems of Vista, and I wouldn't be too surprised to see them gradually backporting the better accepted core/security Vista features to XP until they arrive at a slimmer Vista, and throwing away or redoing the ill mouthed Vista features (such as the current allow/deny security model which often asks the wrong questions and doesn't learn, or clarify the source of the action).

If only they realized this, they wouldn't waste 5 years on grand vision ideas and arriving at an OS that's basically worse than the sum of its parts.

Vista: the spare parts OS. Backport and reuse as needed.

Re:Protection against black hole routers?

[Super_Z]

Well, according to this article: http://www.microsoft.com/technet/community/columns/cableguy/cg0704.mspx [microsoft.com] ,
PMTU black hole router detection seems to have been included in Windows 2000, Windows XP, and Windows Server 2003.

So I guess it was a feature of the BSD TCP/IP stack they put in there?

As an aside, the same article describes the alternaltive way to change the IP MTU: Edit the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318} registry key.
You just gotta love those keynames.

Re:But...

[TheRaven64]

Not the best example. Try this [colinux.org] instead.

Witch! Burn her!

[Oriumpor]

Don't throw something out because you don't understand it. nLite can be a very powerful tool in business to do the things you need to get done with a very nice pricetag. I've seen nlite do wonders for thousands of systems to streamline automated deployments.

What nLite did to windows in that instance the user TOLD nLite to do to windows.

Re:I would like to note something

[yanos]

Read me [slashdot.org]

For those too lazy, apparently some people over the ministry of agriculture of Japan were caught editing the Gundam page on Wikipedia while they were supposed to work. Hence the phrase "The agriculture ministry is not in charge of Gundam".

Re: Windows Product Activation?

[Allador]

I've never used Windows XP very much, but I wouldn't imagine that it would normally allow a user without administrative privileges to load arbitrary code (like drivers) into the kernel, right? Or are normal users allowed to do that if the code is signed or something?

Non-admin users canot load drivers, start drivers, etc. However, the plug-n-play behavior that is what people see when they plug in most devices to USB ports doesnt run as the logged in user. It's a system service that handles the hardware plug n play. So when it sees a new device installed, if it recognizes it and has the drivers built into the system (ie, already loaded and trusted), it will load the drivers and mount the device, and make it available to all user sessions.

If it doesnt recognize it and/or doesnt have the drivers, then it does indeed require admin privs to install new drivers.

I never really did understand why Windows doesn't come with all its own drivers installed by default, though.

It does. It comes with many tens of thousands of device drivers. One problem you run into though is with craptacular (yes, thats the technical term) consumer peripherals. They must farm out their driver software writing to 10-year old farm laborers in china or something. Most of these drver packs are good for one and only one model, so not reusable, and they're really poorly done.

So often, even if you have Model N1950 of this new digital camera, and windows ships with all drivers up to N1940 of the camera, its probable that you'll have to download drivers. Sometimes you can guess or know which drivers are compatible, but this is often plug n' pray (ie, might work, might not).

Why do you have to install e.g. the USB mass storage driver that comes with Windows the first time you insert a memory stick?

You dont. The only Windows OS that doesnt support the vast majority of usb memory sticks (as mass storage) out of the box is win98 and previous.

Some specialized memory sticks, with security features, come with extra software, that can 'auto-run' when you install it, but thats just a security nightmare, and wont work for a non-admin anyway.

Re:Blackhole Avoidance?

[cnettel]

A guess (but nothing else) is that it would also relate to the behavior when you have two interfaces providing theoretical routes to the target address, with different metrics, but one of them turns out to be unreliable. In that case, the strategy chosen by the local machine can clearly influence the result. (If your WLAN is actually more reliable than your cat5 that the cat toyed with yesterday...)

Re:Windows Product Activation?

[Neoprofin]

You can also use it to do al sorts of problematic things like turn off wireless support for laptops just to name one. I have to wonder if what happened there was the fault of nLite or the fault of someone tweaking knobs they shouldn't have. Any tool is dangerous in the hands of someone who doesn't know enough to know they don't know enough.

Re:I hate new features.

[Bazar]

You mean delivering just the locks.
the reason most people hate DRM, is because even if we legally own the product, the key to open it is in someone else's hand...

Re:I hate new features.

[Allador]

I'm an IT consultant for many companies as well, not just small companies with under 50 users. Any serious user base (100+) is an immediate NO GO for Vista, most larger companies are running at 256-512MB ram and are subpar for Vista performance, and do not have the budget for 2007-08 to do a large rollout of new end user workstations (and a lot of the budget issue can be due to ERP costs building up due to migration from older systems such as TOMS, to JDE/Cognos, SAP, Peoplesoft, etc., see this story [slashdot.org]). Anyone concerned with the end user experience, as you should be, is not upgrading to Vista any time soon. End user training, local performance issues, network performance issues, application compatibility issues, those are the first issues that come to mind.

For what it's worth, I agree. Sounds like many reason to make the choice NOT to go to Vista this year. There's nothing wrong with that.

Its easy to sideline quarterback this when you haven't attempted such a rollout for a client that seemed 'ready' for it, even after cost analysis and technical analysis. The beast that is Vista itself is not at all ready for a managed corporate environments with uptime requirements and user productivity concerns.

I'm a little confused why you thought they were ready for it, but werent. What happened when you did a test-deploy to a small but representative part of the userbase? Were there needs/issues/requirements present for the company at large that you didnt find in the test rollouts?

And if so, sounds like maybe its not time to do the rollout. Thats a fine choice.

I'm not being a 'sideline quarterback', I'm in the same business, and face the same concerns. Thats why I havent done any significant vista rollouts yet, and have none in the plan for the moment. Other than small groups or individuals within various groups, the timing isnt right.

What do you do for clients whose last Licensing agreement was for Win2k (and W2k Terminal Servers) and has NO SOFTWARE ASSURANCE. Check the costs on full SA licensing for Vista then get back to me.

Thats a tough position for the owners of that business to be in. Your job (or mine, were I in that role) would be to explain the situation to them, and the options they have, including costs, both short & long term, tangible and intangible. Then make a recommendation, or a decision tree. This was also one of those known side-effects to being in their licensing situation. There's nothing wrong with it, as long as it was come to with good information and known risks.

I apologize if I seem like I'm criticizing, I'm not. But every step along the way with making the decision to roll out vista should be made with lots of information, and known risks. Thats also why you do staged implementations. Start with a few people, the IT group, power users, etc. Then move to a larger representative group. Then start pushing out dept by dept. Take your time, figure out what goes wrong at each stage, and dont move to the next until you've solved it.

Or maybe take a different strategy. Do some test work in small groups, and then roll out as machines are refreshed. I'm not a fan of that, but its possible.

To be clear, I'm NOT doing any rollouts to anything but small groups right now, and not many of those.

But back to your original post: there's no cringing, there's no nightmares. And why would there be? There's no pressure to move, so you can do it when you're ready and not before. So take your time, make your decisions, be fully informed. If those decisions end up being not to move to vista at all for the foreseeable future, then thats great.

I just dont see the need for all the drama. You're a professional, make a plan, and work it. Make good decisions, test before you deploy. All of those things. This isnt rocket science.

But in any case, I hope your business is doing well, and growing, and all your ratios look good (assuming its your business, and you're not an employee).

Re:I hate new features.

[Anonymous Coward]

They did something similar to comply w/EU. They sold a copy of windows w/no WMP and no one bought it.