Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Windows Operating Systems Software Upgrades

Windows XP SP2 Impressions 683

A roundup of concerns and problems with Windows XP SP2 from the early adopters: Many, many users are reporting problems with SP2 limiting outbound TCP/IP connections. This appears to be nailing anyone who makes heavy network use of their machine, including especially users running P2P applications. A Microsoft blog rounds up some reports, as does SANS. Microsoft has objected to people helping them distribute SP2.
This discussion has been archived. No new comments can be posted.

Windows XP SP2 Impressions

Comments Filter:
  • by FortKnox ( 169099 ) on Thursday August 12, 2004 @01:22PM (#9950702) Homepage Journal
    Your list of 'impressions' is nothing but bad things people are saying. Any links to the other views?

    If not, simply change the title to "Bad things popping up with SP2" or something to that effect.
    • by garcia ( 6573 ) * on Thursday August 12, 2004 @01:25PM (#9950754)
      I read through some of the "reviews" linked through a MS employee's? blog. They were mostly people saying that the install went well but they have minor issues with it (ie slow downs).

      Personally I have installed it and have been using it since I learned of its release on Slashdot a couple weeks ago. It's nothing impressive for me but I didn't notice any slow downs.

      I griped about my personal issues with the updated "features" and the nagging it causes.

      YMMV.
      • All these people are supposed to be reporting major problems, yet the links point to sites with mostly positive reviews. Not to mention, I've been running SP2 since RC2 with not a single problem whatsoever.

        Slashdot and its juvenile broken window graphic just wanted a FUD article to meet the daily quota for the garish-looking IT section. :)
    • by kristofme ( 791986 ) on Thursday August 12, 2004 @01:27PM (#9950775)
      The BBC has a pretty good article about it [bbc.co.uk], entitled "Concerns over key Windows update". Seems like there are plenty of things going wrong..
    • by stratjakt ( 596332 ) on Thursday August 12, 2004 @01:34PM (#9950888) Journal
      I have a view. It hasnt caused a problem on any machine in my office, and I can only say that my personal machine at least "feels" more responsive.

      Look, this is slashdot. They aren't going to be objective. For years the whine has been "MSFT default security is teh suck". MS releases a service pack that locks the boxes down reasonably well. Now that's something to complain about: "my kazaa is teh broked!"

      Limiting outbound TCP connections to something sane make sense. Let the extreme P2P kiddies relax the rules manually. On the majority of desktops (not SERVERS) out there, an inordinate amount of outbound traffic is a sign of something bad, like a backdoored spam relay or the machine has been taken over as a DDoS drone.

      SP2 crashed a lot of machines that were already exploited. Good. They were already broken. Now those guys can go to Best Buy, who will format and reinstall for them, juice them up with SP2, and there's one less source of SPAM/DDoS/Worms/stupidness.

      IMO, SP2 was a huge step in the right direction, and confirmation to me that MSFT is doing more than paying lip service to security.

      Of course, this is slashdot, and everything they do is wrong.

      It's worth noting that I've never borked a windows box installing a service pack, all the way back to win 95. On the other hand, I've lost track of how much time I've spent cleaning up after typing "emerge -uD world". I thought I'd mention that so I can ensure I'll be modded troll. It's true, though, I swear it.
      • by C0deM0nkey ( 203681 ) on Thursday August 12, 2004 @02:01PM (#9951203)
        I thought I'd mention that so I can ensure I'll be modded troll.

        Or, better yet, I thought I'd mention that mentioning that I would be modded "troll" would actually ensure that I would be modded "+5, Insightful". :)

        How clever of you! :)

    • by Anonymous Coward on Thursday August 12, 2004 @01:39PM (#9950970)
      I'll give you my impression, because mine is positive. I've not noticed the limited tcp connection problem, the firewall works and doesn't completely suck (as basic as it may be), and overall stability is pretty good. The anti-virus reminder thing is obnoxious, which is probably good for the average user. The wireless network stuff screwed up my wep settings, but the wireless config tool is a huge improvement. I haven't used IE on that machine yet, but I didn't use it before, so I wouldn't know what to say is improved. I am planning on stress testing it this weekend before setting it up on a few other machines. I've seen one sp1-related crash not happen in sp2, so something is different. It has not broken any of my applications and I do use p2p programs daily (though only shareaza, bittorrent, and direct connect). I've criticized MS many times before regarding Windows XP, but I do believe they've made some steps in the right direction, and despite the SP2 problems, MS did specifically warn that SP2 will break programs.
    • by Doc Ruby ( 173196 ) on Thursday August 12, 2004 @01:42PM (#9951002) Homepage Journal
      When 49% of installers have problems, the bad reviews tend to crop up. I submitted a story about how 30% of installers reported "minor problems", like non-Microsoft browser incompatibility (the other 20% presumaably had major problems). So this story is actually spinning the SP2 problems more blandly than half its users would say themselves.
    • by Lothsahn ( 221388 ) <Lothsahn@@@SPAM_ ... tardsgooglmailcm> on Thursday August 12, 2004 @02:26PM (#9951485)
      Here's a good impression:

      I installed SP2 on three systems, and it worked flawlessly on all three. On my main system before SP2, XP would not allow me to install my SATA driver. I installed the SATA driver when I installed the OS, but once the OS was loaded, it referred to my SATA device as an "unknown device". Attempts to load the correct driver only caused the system to not boot.

      I've been living with no driver officially installed for the device, which basically means that all the caching and performance increases that one would normally have (DMA, write caching, etc) for their hard drive were not activated on mine. Now with SP2, it let me install the driver and it booted fine without any problems. As a result, my computer runs twice as fast on almost every application and about 20 times faster when using virtual disk drivers (www.jetico.com) for container file encryption.

      Their security center which monitors antivirus, firewalls, and automatic updates, as well as their HUGE automatic update selection box on startup are all good things too. I worked at a helpdesk for 6 months and 90% of the problems were users who had automatic updates turned off or set to install on notification (which they never selected).

      Overall I've been very happy with it.
    • by hazem ( 472289 ) on Thursday August 12, 2004 @02:28PM (#9951506) Journal
      You really only hear on the news about the cars that crashed the people who were injured and killed. You rarely hear about the thousands or millions who managed to drive to and from work safely.

      I think it's the same here. Sure there might be people who think SP2 did the best thing for their computer ever. But I imagine it's either... "it didn't break anything", or the range from "slowed me down" to "crashed everything".

      Sure, I'm interested to know how many people had more problems, but I'm much more interested to hear what problems there were.
    • by EpsCylonB ( 307640 ) <.moc.bnolycspe. .ta. .spe.> on Thursday August 12, 2004 @02:45PM (#9951707) Homepage
      Many, many users are reporting problems with SP2 limiting outbound TCP/IP connections. This appears to be nailing anyone who makes heavy network use of their machine, including especially users running P2P applications.

      This is what is supposed to happen, the firewall is turned on now by default, and from a security standpoint this is a good thing.

      Microsoft famously get criticised for slack security and when they try to do something about it they get it even worse.

      I wouldn't mind so much but this is a tech website yet the poster wrote this up in a way that made the concept of a firewall as something alien.

      People may well be having problems I don't know but it sounds like what is happening is that the less clueful are running an app, getting asked if they want to unblock it and don't know waht to do. Pretty soon they will learn what it all means and life will continue pretty much as normal.
      • by civilizedINTENSITY ( 45686 ) on Thursday August 12, 2004 @04:14PM (#9952803)
        Nope. Didn't read the article? Its not even about blocking or unblocking a port at your firewall.

        Its about two things, raw sockets go bye-bye, and TCP/IP stack based limits to simultaneous outbound connections:

        "The Windows implementation of TCP/IP still supports receiving traffic on raw IP sockets. However, the ability to send traffic over raw sockets has been restricted in two ways:
        *TCP data cannot be sent over raw sockets.
        *UDP datagrams with invalid source addresses cannot be sent over raw sockets. The IP source address for any outgoing UDP datagram must exist on a network interface or the datagram is dropped."

        Also, "The TCP/IP stack now limits the number of simultaneous incomplete outbound TCP connection attempts."

        Please note that this last is *not* the firewall, but the TCP/IP stack.
  • by rainman_bc ( 735332 ) on Thursday August 12, 2004 @01:22PM (#9950714)
    I've had no problems yet to report; the only thing that pissed me off is it reinstalled windows messenger after I had already uninstalled it.

    Other than that it's fine; I turned off the firewall; I'm already NAT'd and have limited ports of entry anyway.

    • by Anonymous Coward on Thursday August 12, 2004 @01:36PM (#9950932)
      Other than that it's fine; I turned off the firewall; I'm already NAT'd and have limited ports of entry anyway.

      The nice thing about the firewall is that every program that isn't signed that wants to become a server (listen on a port) has to get your permission first. That makes it more likely that you'll catch a malicious program like spyware before it starts sending your browsing activities off to the deep dark jungle of the internet.

      Your standard off-the-shelf router from BestBuy won't do that for you.

      Unless you run something equivalent like ZoneAlarm, I would suggest you turn it back on.
  • by joeblakethesnake ( 246440 ) on Thursday August 12, 2004 @01:23PM (#9950725) Homepage
    Just so there isn't a bunch of FUD being spread, the limit is on INCOMPLETE outbound connections. There is no limit on COMPLETED connections. This should only affect network scanners such as nmap.
    • by Anonymous Coward on Thursday August 12, 2004 @01:46PM (#9951048)
      Not just nmap et al. -- it hoses bittorrent as well. I had to uninstall SP2 last night because I found that I could now use either bittorrent or a web browser, but not both at once...and my bittorrent downloads were pitifully slow, to boot.

      The odd thing is that SP2 RC2 did nothing of the sort. Everything worked beautifully under it; I'm tempted to see if I can dig up a copy somewhere and reinstall it.
  • by Davak ( 526912 ) on Thursday August 12, 2004 @01:24PM (#9950740) Homepage
    XP SP2: Are P2P, Port Scanning, and Port-Opening Programs Slower? [tech-recipes.com]

    Check for the error code!

    By design SP2 limits the number of simultaneous incomplete outbound TCP connection attempts. Who cares? This mostly stops trojans.

    Run the event checker as described in the article above. You'll prove to yourself that you don't have a problem.
  • by Meostro ( 788797 ) * on Thursday August 12, 2004 @01:25PM (#9950743) Homepage Journal
    ... you can disable it with this [microsoft.com].
  • No Problems Here (Score:4, Informative)

    by ArchAngel21x ( 678202 ) on Thursday August 12, 2004 @01:26PM (#9950762)
    I have had no problems since RC 1. I for one applaud Microsoft for turning the firewall on by default and creating a central security control panel for all users to use and understand.
  • by Markvs ( 17298 ) on Thursday August 12, 2004 @01:26PM (#9950766) Journal
    Such as Norton or whatever, be aware that if XP's firewall is turned on (as it gets turned on by default in SP2) you won't be able to hit the 'net on that PC.

    -Markvs
  • Raw sockets (Score:5, Interesting)

    by ikewillis ( 586793 ) on Thursday August 12, 2004 @01:26PM (#9950770) Homepage
    There are numerous unconfirmed reports [google.com] coming primarily from the nmap mailing list that SP2 has removed support for raw sockets. However the ping and tracert utilities, both of which use raw sockets, still seem to function correctly. Perhaps only signed executables can use the raw sockets interface?
    • Re:Raw sockets (Score:5, Informative)

      by plover ( 150551 ) * on Thursday August 12, 2004 @01:35PM (#9950916) Homepage Journal
      From the Microsoft doc mentioned in the article:

      What new functionality is added to this feature in Windows XP Service Pack 2?
      Restricted traffic over raw sockets

      Detailed description

      A very small number of Windows applications make use of raw IP sockets, which provide an industry-standard way for applications to create TCP/IP packets with fewer integrity and security checks by the TCP/IP stack. The Windows implementation of TCP/IP still supports receiving traffic on raw IP sockets. However, the ability to send traffic over raw sockets has been restricted in two ways:

      TCP data cannot be sent over raw sockets.

      UDP datagrams with invalid source addresses cannot be sent over raw sockets. The IP source address for any outgoing UDP datagram must exist on a network interface or the datagram is dropped.

      Why is this change important? What threats does it help mitigate?

      This change limits the ability of malicious code to create distributed denial-of-service attacks and limits the ability to send spoofed packets, which are TCP/IP packets with a forged source IP address.
  • Read the reason- (Score:5, Interesting)

    by baudilus ( 665036 ) on Thursday August 12, 2004 @01:27PM (#9950774)
    From the note:
    Limited number of simultaneous incomplete outbound TCP connection attempts
    Detailed description

    The TCP/IP stack now limits the number of simultaneous incomplete outbound TCP connection attempts. After the limit has been reached, subsequent connection attempts are put in a queue and will be resolved at a fixed rate. Under normal operation, when applications are connecting to available hosts at valid IP addresses, no connection rate-limiting will occur. When it does occur, a new event, with ID 4226, appears in the system's event log.

    Why is this change important? What threats does it help mitigate?

    This change helps to limit the speed at which malicious programs, such as viruses and worms, spread to uninfected computers. Malicious programs often attempt to reach uninfected computers by opening simultaneous connections to random IP addresses. Most of these random addresses result in a failed connection, so a burst of such activity on a computer is a signal that it may have been infected by a malicious program.

    While the reason is valid, I don't see anything about if/how this is user configurable. It would be nice if you could actively turn this off, and/or grant certain programs (doom3, kazaa lite, iTunes, etc.) to have "unlimited" access.

    Then again, this is all conjecture, because I haven't installed it yet and don't know if this actually is possible. Someone care to comment?
  • by GillBates0 ( 664202 ) on Thursday August 12, 2004 @01:27PM (#9950784) Homepage Journal
    BBC ran this article [bbc.co.uk] a few days back about DownHillBattle.org offering a bittorrent. They summarize the new features offered by the SP as follows:

    CHANGES DUE IN SP2
    Pop-up ads blocked
    Revamped firewall on by default
    Outlook Express, Internet Explorer and Windows Messenger warn about attachments
    Origins of downloaded files logged
    Web graphics in e-mail no longer loaded by default Some spyware blocked
    Users regularly reminded about Windows Updates
    Security Center brings together information about anti-virus, updates and firewall
    Protection against buffer over-runs
    Windows Messenger Service turned off by default
    The "Origins of downloaded files logged" feature troubles me a little. What do they mean by "downloaded files"? Do HTML files count as "downloaded files"? What do they want to keep track of and log my downloaded files? How will they know if I use another browser and download files using that instead of IE? What about the other files I download through File sharing applications?

    What log "origins of downloaded files" at all? Does it improve security in any way? If they were logging keys/certificates of software updates (to AV software for example), it would make a little sense (but not a whole lot, it shouldn't concern the OS at all), but this feature sounds a heck lot more like a Big Brother OS thing, something like IE tracking all websites visited in a hidden+undeletable folder for the suits.

    • as compared to originating from a floppy/cd/network. This way it warns you that it may not be from a trusted source. I think I've seen this elsewhere - Win 2003 maybe?

      I don't think it is so much of a tinfoil-hat thing, as one more layer of warnings against installing applications off the internet.

      Most slashdotters know about the safety, or lack therof, of things on the internet. Grandmama may not.
    • by His name cannot be s ( 16831 ) on Thursday August 12, 2004 @02:09PM (#9951292) Journal
      Origins of downloaded files logged

      It's not a sinister as you seem to think.

      IE simply straps another NTFS stream onto the file so that the shell can warn you that you are running a file that came from a particular source.

      It doesn't log it anywere else (like a log file).

      So, it's more like an origin-stamp on the file, rather than logging.

    • by fzammett ( 255288 ) on Thursday August 12, 2004 @03:10PM (#9952018) Homepage
      I've already experienced this "logging" (much to my surprise)... Downloaded an EXE the other day (yes, from a known good source) and clicked it to run... The thing popped up a dialog asking if I wanted to run the file because it's source is not known and might not be trusted, or some verbiage to that effect.

      Wah? I thought?

      So I clicked a couple more EXE's that were already on my system. Nope, no warning. Copied one over from another machine on my local network. Nope, no warning. Downloaded another EXE. Yep, warning.

      I think it could get a tad bit annoying to someone like me that knows what I'm doing, but (a) I think I saw an option to turn it off on the dialog, and (b) it's I think a great idea for someone like my mom, or even the so-called "power users" who just THINK they know what they are doing.

      I don't know if that's the logging that's referred to, I haven't done the requisite research to find out. But I suspect it is, and if it is, it strikes me as a good, non-sinister thing.
  • Heh (Score:5, Interesting)

    by Hanna's Goblin Toys ( 635700 ) on Thursday August 12, 2004 @01:27PM (#9950785) Homepage Journal
    So they added a firewall which asks you if a program can access the Internet, but allows all the Microsoft ET-Phone-Home software to bypass its own firewall, thereby giving all non-Microsoft software a built-in disadvantage to not being released by the monopoly.

    Interestingly, this means that worms and malware authors need only make themselves appear to be Microsoft software (if Microsoft can bypass its own firewall, the credentials will be reverse engineered) in order to continue to spam from zombie boxes without informing the user.

    Secure Computing, yay!

    • Re:Heh (Score:4, Insightful)

      by Jarnis ( 266190 ) on Thursday August 12, 2004 @02:07PM (#9951265)
      It only asks permission to LISTEN (open ports for listening). So all phone-home applications are ignored by the firewall.

      So, while the builtin is WAY better than nothing, everyone should really install a third party one that controls all access on application basis.
  • by peacefinder ( 469349 ) * <alan.dewittNO@SPAMgmail.com> on Thursday August 12, 2004 @01:30PM (#9950828) Journal
    What new functionality is added to this feature in Windows XP Service Pack 2?

    Restricted traffic over raw sockets


    A very small number of Windows applications make use of raw IP sockets, which provide an industry- standard way for applications to create TCP/IP packets with fewer integrity and security checks by the TCP/IP stack. The Windows implementation of TCP/IP still supports receiving traffic on raw IP sockets. However, the ability to send traffic over raw sockets has been restricted in two ways:

    TCP data cannot be sent over raw sockets.

    UDP datagrams with invalid source addresses cannot be sent over raw sockets. The IP source address for any outgoing UDP datagram must exist on a network interface or the datagram is dropped.


    I bet his "I told you so" [grc.com] rant will be entertaining.
    • by stratjakt ( 596332 ) on Thursday August 12, 2004 @02:00PM (#9951184) Journal
      This guy drives me nuts. I can't stand FUD and lies.

      I'm talking about the "shields up" thing. It claims if you're in "stealth mode" then your machine is invisible. This is idiotic.

      Dropping incoming packets doesnt make you "invisible". If you were "invisible" and I tried to ping you, I'd get a "destination unreachable" error. If I get timeouts, I know you're there and dropping my packets. If you replied to my pings with "destination unreahables" you might trick me, unless I noticed that the destination unreachable messages were coming from the IP I was pinging (duh!).

      It's as false as the "your machine is broadcasting an IP!" popups.

      Fuck him and his crusade to break the internet by trying to convince people there's something to be gained by dropping incoming packets, instead of responding with a proper RST packet or ICMP message.

      Linux folks, set your default firewall properties to DENY, and not DROP. It doesn't make you vulnerable, it doesn't allow SYN floods (which attack by spawning multiple server threads on a local port - an application vulnerability not a TCP/IP one).

      It doesn't "hide" you from scanners, as he claims.

      It doesn't prevent DDoS attacks, if I have enough bandwidth to clog your downstream, it doesnt matter what you do with all the crap I flood you with.

      Actually, heh, he is doing a spin on the old "your machine is broadcasting an IP address" scam:

      Many Internet connection IP addresses are associated with a DNS machine name. (But yours is not.) The presence of "Reverse DNS", which allows the machine name to be retrieved from the IP address, can represent a privacy and possible security concern for Internet consumers since it may uniquely and persistently identify your Internet account -- and therefore you -- and may disclose other information, such as your geographic location.

      Uhhh, I can get that from the numeric IP, who cares about the reverse DNS. Do the RIAA do reverse DNS lookups when they launch all those suits against IPs?

      This machine does have a static IP and proper DNS, so I dont know why his tool says it doesnt. Though, I don't really care.
  • by Osrin ( 599427 ) * on Thursday August 12, 2004 @01:31PM (#9950848) Homepage
    ... yet the articles that are linked are mainly positive.

    Odd.
  • by sp00 ( 639381 ) on Thursday August 12, 2004 @01:32PM (#9950858)
    This was from the HTBugTraq mailing list a few days ago.

    To: NTBUGTRAQ at LISTSERV.NTBUGTRAQ.COM
    Subject: XP SP2 - Statement of the NTBugtraq list

    Ok, so I feel like I need to do this, hopefully its understandable.
    1. XP SP2 is the most significant security effort Microsoft has ever produced. Granted, it may not be a "silver bullet", or solve all problems, but it is significant in so many ways that we as a security community cannot fail to acknowledge it. I admire "discoverers" as much as the next, but before XP SP2 can be written off it will take many, many, vulnerability announcements.
    a) IMO, this is the first time that Microsoft has put security over existing, and frequently used, features.
    b) IMO, this is the first time that Microsoft has accepted the fact that their choice is going to lead to "some" incompatibilities.
    c) IMO, this is the first time that Microsoft has taken a stand against ISV who are definitely making money out of some features they (MS) made available to them.
    2. I, at least, as NTBugtraq Editor, believe we, as the NTBugtraq community, need to stand behind Microsoft's efforts. That means we need to continue to endorse XP SP2 despite what problems have arisen or may arise (within obvious reason.) The media is only going to state the problems. They cannot appreciate, nor do they believe their customers are willing to pay for, stories about XP SP2 successes.
    So, I want to hear from you, every one of you, regarding XP SP2 success or failure. Obviously, I want those stories in as much detail as you can provide.
    There are, no doubt, some (many?) applications which will not be compatible with XP SP2. I say they represent Vendors who are not prepared to accept the responsibilities we've always felt they should have as reasonably security-minded Vendors. They've had lots of time to figure out how to make their apps compatible, and have *chosen* not to.
    I offer any Vendor who feels Microsoft left them "in the lurch", regarding their problems with XP SP2. a forum to express their problems.
    Equally, I offer all NTBugtraq subscribers a place to state the problems they are encountering with an ISV application.
    It is extremely important for corporate environments to get XP SP2 deployed to all home systems running XP. Let's make sure the media has the right information.
    Cheers, Russ - NTBugtraq Editor
  • by An Onimous Cow Herd ( 8409 ) on Thursday August 12, 2004 @01:32PM (#9950863)
    Check Here [lvllord.de] for a fix.
    There's both a downloadable patch as well as manual instructions for patching by hand for the ultra-paranoid.
  • by goldspider ( 445116 ) on Thursday August 12, 2004 @01:34PM (#9950896) Homepage
    ...even if it isn't true.

    Ya'll complain that Microsoft doesn't care about security, but when they release a MASSIVE security patch, you try to find (and if that fails, fabricate) any and all tiny inconveniences it causes.

    As others here have pointed out, it doesn't block ALL outbound TCP connections, just incomplete ones. Would it kill an editor to come out and say for once that "Microsoft did a pretty good job here."?

    And no, I'm not new here.
  • by BRock97 ( 17460 ) on Thursday August 12, 2004 @01:35PM (#9950918) Homepage
    The good:

    • Things truely do seem to be snappy. I am not sure where to attribute this, but it is welcome.
    • My notebook has wireless which had the annoying habit of showing that there wasn't a wireless connection (the disconnected red x) coming out of hibernation even though it was fully operational. That appears to be fixed.
    • I was afraid that the firewall would prove to be annoying, but it actually works pretty well. When I load ICQ, Activestate Komodo, or other applications that try and used blocked ports, it pops up asking if I want to unblock things. The old SP1 firewall didn't do this.
    • IE's popup blocker is pretty slick. It will show a little dropdown area above the current page asking about the popup, if it should be displayed, etc. Neat. I do wish Firefox would do this instead of the small icon in the lower right of Firefox's window. It isn't enough to make me stop using Firefox, though.
    Now, for the stuff I find annoying.
    • Their Windows Security Alerts interface isn't compatible with my corporate Norton I have from my work place. It isn't a big whoop, but I am surprised they don't work together.
    • Some of my folder settings have changed. I am not sure why, but Microsoft feels the status bar shouldn't be on by default. To hit this point home, it changed it back to disabled after the install. Come on.....
    • Along those lines, they decided to mess with my sound scheme. I normally turn all of that off, but sure enough after reboot it is back in all its glory!
    • A lot of the wireless stuff has been funneled into wizards, need to find a way to turn that stuff off.
    • IE and PNG is still pretty broken. Alpha doesn't work, and that problem where the colors are slightly off of what they actually are is still there. You would have thought that they would have addressed some of that stuff!
    There you go, a user's point of view. Take it for what it's worth....
    • by twbecker ( 315312 ) on Thursday August 12, 2004 @01:51PM (#9951098)
      IE's popup blocker is pretty slick. It will show a little dropdown area above the current page asking about the popup, if it should be displayed, etc. Neat. I do wish Firefox would do this instead of the small icon in the lower right of Firefox's window. It isn't enough to make me stop using Firefox, though.

      Recent Firefox nightlies have this exact feature. Blatantly copied from IE yes, but hey if it's nice then what the hell. The icon on the status bar is still there as well.
  • Colors (Score:5, Funny)

    by Dolly_Llama ( 267016 ) on Thursday August 12, 2004 @01:40PM (#9950984) Homepage
    SP2 has been fine for me, but it's turned slashdot puke yellow!

    It must be a Microsoft conspiracy.
  • by ceswiedler ( 165311 ) * <chris@swiedler.org> on Thursday August 12, 2004 @01:44PM (#9951014)
    Security by definition must limit functionality. The best you can hope for is that the functionality limited is less valuable than the security gained.

    Microsoft management has finally realized that in order to avoid the gigantic fiascos of the past year's worms, they have to limit some functionality. My guess is Microsoft engineers have been telling their management this for a long time, and finally, they were heard.

    M: Is our product secure?
    E: The only way to improve security is at the expense of features.
    M: No way. Features sell the product.

    M: We need to patch this security hole.
    E: The only way to improve security is at the expense of features.
    M: I still can't accept this.

    M: Please, dear god, do ANYTHING to fix these security problems!
    E: The only way to improve security is at the expense of features.
    M: All right, all right! Do it!
  • by MrEntropy ( 75478 ) on Thursday August 12, 2004 @01:44PM (#9951019)
    Well the OpenGL tooltip bug is fixed. That makes me very happy. Prior to SP2, if you had an OpenGL app open, tooltips did not refresh correctly, often displaying a previous tip. A fix apparently exsited for a while but MS wasn't distributing it easily until SP2.

    Bluetooth seems more reliable than the implemention that was shipped from Belkin with my USB bluetooth device. It does seem to have fewer services though. For instance, there is no way to send a contact to Outlook from my phone or vice versa.
  • by SuiteSisterMary ( 123932 ) <{slebrun} {at} {gmail.com}> on Thursday August 12, 2004 @01:45PM (#9951032) Journal
    Microsoft has objected to people helping them distribute SP2.

    Can you blame them? Untrusted sources and all that?

  • Good reviews of SP2? (Score:5, Informative)

    by Doomie ( 696580 ) on Thursday August 12, 2004 @01:48PM (#9951070) Homepage
    I have not experienced absolutely any problem with SP2, perhaps with the exception of the terribly long install time -- it took 1-2 hours on my relatively fast machine (the backing up of files is not fast at all).

    For the normal "Joe Average" user there won't be too much of a difference -- a simple reboot and the system looks just the same. IE has the pop-up blocker, which has a semi-intuitive way of adding a sites to the white-list and is a bit imperfect, IMHO (if the pop-up displays a page which has a different URL than the originating page, then the "normal" user will be confused why adding the URL of the originating site doesn't work and the pop-up still doesn't display... this is the case even for subdomains of the same principal domain).

    The firewall is pretty nice, the default being to ask when some program is trying to access "the internet". BitTorrent works very fine with me and I haven't had any problems with IM programs.

    So, overall, after 2 days of SP2 experience, I can only recommend it to people who still use XP.
  • by Mateito ( 746185 ) on Thursday August 12, 2004 @01:50PM (#9951091) Homepage
    I'd like to see these guys [puppetryofthepenis.com] do an Windows XP impression.
  • Devil's Advocate (Score:5, Insightful)

    by Cheesewhiz ( 61745 ) <[moc.cam] [ta] [pnai]> on Thursday August 12, 2004 @02:00PM (#9951180) Homepage
    "Microsoft has objected to people helping them distribute SP2."

    I hate to play Devil's Advocate, but DUH... look at this from Microsoft's perspective. Having non-Microsoft sources distributing SP2 has two huge negative aspects for them:

    1) Unthrottled Rollout

    Having P2P'ers flooding the patch to "everyone-and-their-monkey's-uncle" destroys any potential throttle control that Microsoft might have had. Microsoft's initial plan was to trickle the rollout of SP2 out at only 25,000 downloads a day, exclusively via Windows Update. This is extremely practical due to the scope of the patch -- it makes a lot of sense for them to control the release in case a catastrophic show-stopper pops up, and also to allow developers some extra update time.

    2) P2P Security Liability

    Let's face it, Microsoft has a right to have their skivvies in a knot over people downloading any Windows patches from 3rd party sources. The infamous "Average Joe" (they guy who opens email viruses twice a week) isn't going to do an MD5 checksum comparison on a patch from a P2P net before running it -- who's to prevent someone from hacking up their own little "SP2" cocktail exe and distributing it? Ultimately the shit would hit the fan and Microsoft would take it in the face.

    Even those who do check MD5 digits on a P2P-downloaded patch need a trusted source for the correct checksum... again, Microsoft doesn't want to be liable. Sure, it could be argued that Microsoft could provide the MD5 checksum themselves, but then "Average Joe XP User" would never check it anyway because "Microsoft says it's ok, so it must be safe!"

    • Re:Devil's Advocate (Score:3, Informative)

      by Zocalo ( 252965 )
      Actually, Microsoft has published an MD5 sum for SP2 (or one version of it anyway), although they do not seem to be advertising the fact and I only stumbled across it. You can find it in the last paragraph of the article Top 10 Reasons to Deploy Windows XP Service Pack 2 [microsoft.com], and maybe elsewhere on Microsoft's site.

      Any sites that are doing more than linking to the official download sources are probably going to be getting nastygrams though; check out the second to last paragarph. There are some pretty usefu

  • by dze ( 89612 ) on Thursday August 12, 2004 @02:49PM (#9951754) Homepage
    I installed SP2 on my machine at work but it seems to have broken a Perl script using Net::FTP. I get these connection timeout errors. FTP works fine through a GUI client (I'm using Filezilla).

    Anyone else have this problem or know how to fix it?

    Other than that, it seems fine. Some good new options (and by new I mean newly copied from Mozilla) in Internet Explorer.

  • I Love It (Score:5, Funny)

    by SlipJig ( 184130 ) on Thursday August 12, 2004 @02:52PM (#9951780) Homepage
    From the article:

    How do I resolve these issues?
    Stop the application that is responsible for the failing connection attempts.


    Me: "Mr. Goodwrench, my car makes this horrible knocking noise and it will only go 40 miles per hour. What do I do?"
    Mr. Goodwrench: "Stop driving the car."

  • P2P issue (Score:5, Interesting)

    by weave ( 48069 ) * on Thursday August 12, 2004 @03:09PM (#9952010) Journal
    Control Panel -> Add/Remove Programs -> Windows Components -> Networking Services -> Peer-to-Peer "Enable Peer-to-Peer Networking Services."
  • by akac ( 571059 ) on Thursday August 12, 2004 @03:10PM (#9952016) Homepage
    Photoshop 5.5 won't work with SP2 - at least not for me. Just sits there on the startup screen.
  • by callipygian-showsyst ( 631222 ) on Thursday August 12, 2004 @03:17PM (#9952091) Homepage
    Microsoft has on their website a new Firewall API [microsoft.com]

    Many of these functions are new for SP2, for example the InetFWAuthorizedApplications [microsoft.com] interrface has a method to add [microsoft.com] a new application as "Authorized." Similar APIs allow the opening of ports, etc. (And most of these say Client: Requires Windows XP SP2. which indicates they were newly added.

    Here's my question: What's to prevent programs from simply adding themselves as authorized and opening the ports they need? After all, if the Firewall control panel applet can do it, can't any other program? And since many, many XP users run all the time in the "Adminstrator" group, can this somehow be blocked?

    Is it time for Microsoft to make a new "Super Administrator" level and start putting certain critical things (like changing the firewall) as needing that security level?

    Now I need to write a program to see if my XP box won't indicate if I authorized myself and open up a port....

  • by argent ( 18001 ) <(peter) (at) (slashdot.2006.taronga.com)> on Thursday August 12, 2004 @03:19PM (#9952117) Homepage Journal
    Microsoft has the wrong end of the stick here. Rather than trying to reduce the number of ways that PCs can become infected, they're trying to reduce the damage that malicious software can cause. They've done this before, and tripped up... they modified Outlook so that programs couldn't as easily get to the Outlook address book... and what happened? Well, what happens when you want to sync your PDA?

    Before they spend ONE MORE DAY on this kind of kludge to limit the utility of the OS, they need to deal with the FIRST stage of the infection. They need to remove the dangerous coupling between programs through the Microsoft HTML control, so that you don't have every program that registers a handler... even for *local* file access... suddenly becoming a potential attack point.
  • by ultranova ( 717540 ) on Thursday August 12, 2004 @04:52PM (#9953204)

    Many, many users are reporting problems with SP2 limiting outbound TCP/IP connections. This appears to be nailing anyone who makes heavy network use of their machine, including especially users running P2P applications.

    Psst. File Traders. Yes, you. Get some old Pentium machines (you can get these for free, since people can't run new games on them and are throwing them away - Pentium2 300 works fine), take memory from several of these, and concentrate it all on one machine so it has some 128MB of it. Then install a silent power source and a big, silent hard disk, install Debian GNU/Linux, VNC, xterm, all the fonts and sshd.

    Now you have a silent server machine, which can run several P2P clients at once (Gtk-Gnutella (for Gnutella) and Lopster (for OpenNap) in the VNC, Mldonkey (for eDonkey) from console (use nohup) with the Web Interface, and BitTorrent (btlaunchmany.py) in a "screen" session), Leafnode for newsgroups caching (so you don't need to keep on checking your news server daily), and if you install Samba you can mount your download dirs as network shares from Windows.

    There's even a program which automatically downloads pictures from Usenet News and shows them in a web gallery (automatically parsing the original messages to add initial keywords, of course) but that's still in early alpha and not publicly available (it can't handle multipart binaries yet, and yenc decoding in pure Python is pretty slow - but it's getting there).

    Just remember to firewall the machine from the Internet to keep out uninvited guests, and only open those ports that you actually need.

    And you never need to worry about connection limits again ;).

    The only thing it can't really run is Freenet - that darn bunny eats memory more than Ryo-Ohki eats carrots :(.

"jackpot: you may have an unneccessary change record" -- message from "diff"

Working...