Ready or Not, Here comes Windows XP SP2 580
TheViffer writes "Beginning April 12, 2005 Microsoft will remove all temporary blocking of Windows XP SP2 by automatic update and Windows update which it has granted to those organizations that requested it. So unless you run Software Update Service (SUS), chances are you will get a mix of SP1 and SP2 running at the same time. Let's just hope you have these programs that are known to experience a loss of functionality when they run on a Windows XP Service Pack 2-based computer and these programs that seem to stop working after you install Windows XP Service Pack 2 patched, upgraded, or removed. Might be a good time for help desk personal to pencil in a week (or two) of vacation."
Never mind the fact.... (Score:5, Insightful)
Re:Never mind the fact.... (Score:2, Informative)
1. program breaks because it executes code in a data segment (i.e. broken, article tells you how to turn of no-execute protection)
2. program needs ports opening on firewall (i.e. you need to learn to admin your firewall)
Re:Never mind the fact.... (Score:5, Funny)
Re:Never mind the fact.... (Score:3, Funny)
Seriously though, this bypasses an installation prevention method that Microsoft released for businesses to use. It was either a GPO or registry setting. Either way, Aunt Susie already got SP2 last fall, when it first hit Windows Update. That's why I had to install some software updates for her back then.
Re:Never mind the fact.... (Score:5, Insightful)
You mean the 90+% of the public that doesn't have a sysadmin on staff in their home?
Should be fun.
Re:Never mind the fact.... (Score:3, Insightful)
Re:Never mind the fact.... (Score:5, Insightful)
This is absolutely my argument. If applications use shortcuts which are blocked the instant security is applied, more fool the programmers. There are documented ways to do things, if you use shortcuts then don't blame the OS vendor when those shortcuts are locked down.
Re:Never mind the fact.... (Score:3, Interesting)
Total time to repair problem: 7 minutes, plus 60 minutes tops to allow all machines to replicate (again, settable in group policy).
We deployed XPSP2 complete with a fix for a rather badly put together application we use. It took about the same amount of time, except i
Re:Never mind the fact.... (Score:5, Insightful)
SP2 is better, that really isn't a point of argument. The only thing that nags at me is why Microsoft didn't do this ten or so years ago, when home users were beginning to connect to the Internet in large numbers. It isn't like stack protection is new technology, nor is having basic firewall functionality available. These two things are probably among the easiest things to implement security-wise, with many examples to follow. If Microsoft had moved the Outlook Express "File Attachments Convenience Team" over to the "Basic Firewall Team" they would have saved themselves a ton of grief.
Re:Never mind the fact.... (Score:5, Interesting)
Until the Windows 98-XP transition was completed there was no point. There is no way to make Win 98 secure, too much support for legacy systems. Sure you could do a firewall, but it would be too easy for a trojan to disable it. I don't think the stack protection scheme would work in Win-98.
We waited ten years for Apple to get its act together and finaly release OS-X and give us basic memory protection.
The hold up here is because there are a bunch of corporate IT departments who have not got arround to making XP SP2 deployment a priority which in turn is because many of them have a small number of apps that are not SP2 compliant.
All I use my machine for is Office, IE and Visual Studio. But I have to wait until they have checked out several hundred Oracle, Clarify etc. apps.
Scientific software is disproportionally affected (Score:4, Interesting)
Sp2 is great for the average Joe who uses his box for email and pr0n, but if you are using your computer as a scientific instrument, then installing Sp2 changes (and breaks) too many things.
(In case you are wondering, the reason they don't switch to Linux is that some of their data acquisition hardware doesn't have good Linux drivers)
Re:Scientific software is disproportionally affect (Score:5, Informative)
Re:Scientific software is disproportionally affect (Score:3, Interesting)
Or mac drivers. Which sometimes drives me crazy. I work in a lab, too, and we have an image processing package which we use to make 3D anaglyphs from Z-series data acquired by a confocal optical microscope. A rep from Apple told me that they have tried to get the programmers to make a Mac OS X version of the package, and the programmers keep refusing, even thoug
Re:Scientific software is disproportionally affect (Score:3, Interesting)
Then they wouldn't even need to patch those computers.
T
That's a list of applications that need PORTS open (Score:3, Informative)
While I can understand how a sysadmin looking at the prospect of 100 or 10,000 computers possibly going kaputz is scary... get some perspective. It's not like the system is upgrading to a different OS, it's just adding a firewall and a few ot
They don't deserve vacation (Score:5, Insightful)
SP2 is actually a good thing. (Score:5, Informative)
I've been running Windows XP SP2 on all of my computers (which admittedly is a small population of 3) with no problems. The built-in popup blocker is more rigorous than anything else I've seen and itself breaks many things (most amusingly Outlook Access for Web), but for the most part is plays fairly nice.
Re:SP2 is actually a good thing. (Score:2, Informative)
Re:SP2 is actually a good thing. (Score:5, Insightful)
Thats a pretty restrictive view, and won't get you very far.
Re:SP2 is actually a good thing. (Score:4, Informative)
"Installing Service Pack 2 will not affect Norton SystemWorks." source: symantec.com
McAfee support site shows how to load their web downloaded products with SP2. It's just an approval of an activeX control.
"BlackICE PC Protection and BlackICEServer Protection work fine with Windows XP's Service Pack 2." source: iss.custhelp.com
"All ZoneAlarm products (5.1 and higher) are compatible with XP SP2." source: zonealarm.com
Re:SP2 is actually a good thing. (Score:3, Interesting)
Re: (Score:3, Insightful)
Re:SP2 is actually a good thing. (Score:4, Insightful)
I beleive that's known as the "cruchy outer shell - chewy middle" type of security. This looks nice and effective, but in some industries (i.e. banking) internal threats are much more prevelant. Yes firewalling subnets internally will help, but it does nothing for someone attacking a workstation (or server - but those should have their own subnet) on the same subnet.
For true defense in depth, I would recommend Host-based IDS in conjunction with network IDS and firewalling all workstations. If firewalling may be beyond your resources, at least lock down any extraneous services, enforce strong password/passphrase, start using 2-factor auth if you can. I work at a huge international bank, and in the past year at least one internal employee has been caught trying to harvest information (not client information - but information that would place him one step closer to getting client info). He was caught because of defenw-in-depth. If we had only firewalled the subnetworks, we would not have known an internal attack was happening (and who's to say we would have caught him as moved to more and more sensitive info).
Even though bank employees have backround checks run (just for prior criminal convictions), sometimes these are just first-time "opportunity" crimes. Similar to someone seeing a car with the keys in it and who just can't resist taking it even though he may have never done an illegal thing in his life. Hell, I remember (years ago) when I was a help-desk drone just wandering the network to see what was there, and sometimes came across potentially damaging information. I didn't do anything, but someone else could have. By having high granularity in your security system you can vastly reduce these internal instances (or at least make detection and mitigation much, much easier).
At least this time (Score:5, Informative)
A Good Thing (Score:5, Interesting)
Re:A Good Thing (Score:5, Insightful)
I would like to believe that any intelligent system shouldn't need firewalls.
Re:A Good Thing (Score:4, Interesting)
Re:A Good Thing (Score:5, Insightful)
"Better than nothing" isn't much of a selling point, except for very small values of nothing.
That's bull. "Better than nothing" is the only selling point, for any application. A Cisco PIX firewall isn't perfect, either, but it's better than nothing. The entire issue at hand is the fact that most Windows users are clueless enough to be connected to the internet without any sort of firewall protection. SP2 will install a firewall that by default blocks all incoming new connections, which is what you want a firewall to do in almost all general cases. "Better than nothing," particularly in this instance, is a huge leap from "nothing." Compatibility be damned, I say it's nice to see Microsoft making a decision to break compatibility for the sake of security, for once.Last Post! (Score:5, Funny)
Why? (Score:3, Insightful)
Why SP2 (Score:5, Interesting)
Re:Why SP2 (Score:2, Insightful)
Re:Why SP2 (Score:5, Insightful)
Scenario: Manager takes his laptop home on the weekend, or (even better), takes it on a business trip, and plugs into the wireless lan at the airport.
He picks up a copy of MyDoom version super alpha turbo+.
2 days later, he gets back and plugs it into the corporate network in your office.
How many of you can say that *every* windows machine you have on the corporate network is up to date? Thats assuming there's already a patch for Mydoom version supera alpha turbo+ at that point?
The days of the perimeter firewall being all you need are well and truly over (and some would say they were never apparent anyway).
smash.
Re:Why SP2 (Score:3, Insightful)
Don't use windows firewall, update your software (Score:5, Insightful)
I bet the majority of them.
I'm still waiting for a slashdot post to strike fear into the hearts of everyone about the end of the world being near.
"help desk personal" (Score:5, Funny)
Can somebody translate the second half to English? (Score:2, Insightful)
Ulterior motives? (Score:2)
I know there is a procedure that can change the installation key, but it is time consuming to go to each computer and reset the key. Plus, it may also break any shareware programs that use a hash of the license key for their registration/serial number check.
My question is this - is this a plan to force everyone who has a - ummm how can I put this
Re:Ulterior motives? (Score:5, Insightful)
You are very correct that Piracy has made microsoft what it is today--That being said, one can never allow piracy to continue unchecked and rampant. It needs to be chased down everywhere it can be. By making it as difficult as they can, casual pirates will be forced to either a) cough up the dough, or b) move to a platform that copying is not piracy (linux/bsd/etc...)
I think that it is in everyone's best interests to really evaluate their dependance on unlicensed software. The slashdot crowd goes bloody balistic any time any one violates the GPL by shipping a GPL derrived product without access to the source. They however seem to have a soft spot for violations of Microsoft's (et al) copyrights.. Odd bunch.
Back to your point tho'
Re:Ulterior motives? (Score:2)
I'm curious... (Score:4, Interesting)
I'm asking both "if" it could be done, and whether it IS in fact an option if so.
That seems like a better solution, IMHO, than holding off on upgrading to SP2 forever, if it could be made to work. Of course, I don't think there's any easy way to centrally deploy or manage appcompat stuff, either...
Xentax
Re:I'm curious... (Score:2)
Re:I'm curious... (Score:2)
Group Policy will let you disable that "poorly-configured-and-superfluous-in-our-environ m ent" personal firewall. So, you install SP2, you reboot, and the GP turns it back off when you log in. Where's the problem?
I agree that making an SP1 environment defeats the purpose of SP2. But *only for specific applications*. At least the rest of your system (say, the user's browsing experience) should still see the benefit
Ready or not, here comes the FUD (Score:5, Insightful)
Give it up people. I run at least a half dozen of the applications on those lists on a few XP machines with SP2, and have had exactly 0 problems.
When will the "bashing Microsoft makes me feel good" trend end?
Re:Ready or not, here comes the FUD (Score:3, Insightful)
2. It will exactly end at the same time when the "pointing-out-that-slashdot-bashes-ms" threads stop sucking up karma. When will people understand that these are two sides of the coin, where rationality is somewhere between, although it occurs exactly as often as you see a coin on it's edge.
Re:Ready or not, here comes the FUD (Score:2)
Re:Ready or not, here comes the FUD (Score:3, Interesting)
For me, SP2 is evil, no matter how you spin it. OSX users never have problems, I only maybe have to reset an email password for them once in awhile. PS2 users, if they have the correct numbers in, and it's not working, you know it's some sort of DSL issue. Routers, same thi
I don't understand this whole "service pack" thing (Score:4, Insightful)
Re:I don't understand this whole "service pack" th (Score:2, Insightful)
Re:I don't understand this whole "service pack" th (Score:3, Informative)
10.3.4 to 10.3.5 is a minor upgrade, and you do get that for free.
I use SP2 at work, and do like it. (And by "like" it, I mean I don't really like it, but it's better than SP1.)
You're not comparing apples to apples (Score:4, Informative)
It's more like Win95a to Win95b to Win95c to Win98 to Win98SE to WinME.
OSX 10.2 is vastly different from OSX 10.0 and same from 10.3 to 10.2. 10.4 to 10.3 again will be vastly different. The differences are greater than XP SP1 to XP SP2 or Win2K sp1 to Win2K sp2, etc...
Win95 is Windows Ver 4.0
Win98 is Windows Ver 4.1
WinME is Windows Ver 4.9
Win2K is Windows 5.0
WinXP is Windows 5.1
Win2K3 is Windows 5.2
Full versions of Home based are $200 with upgrades at $100 (Yes you can get them cheaper but this is the legitimate on the record price)
Full versions of Pro versions are $300 with upgrades are $200
OSX 10.0 (Cheetah)
OSX 10.1 (Puma)
OSX 10.2 (Jaguar)
OSX 10.3 (Panther)
OSX 10.4 (Tiger)
All versions are $129 for a full version.
(They also don't require virus protection @ 50/yr or spyeare protection)
Re:You're not comparing apples to apples (Score:3, Informative)
Last time I installed SP2 on my laptop... (Score:2, Informative)
Thank you micro$oft for rendering a laptop unusable.
(Before everyone tells me to update drivers and whatnot, I updated all my drivers and still had problems, something to do with my processer...)
Re:Last time I installed SP2 on my laptop... (Score:4, Insightful)
Second: Epson is the only company worse at writing drivers than ATI. Their scanner drivers require that you be an Administrator on NT machines. I am not making this up, this is the official support response. Even their website says you must be an Admin to "install and use" the scanner software. So you can't blame any of this shit on Microsoft. You have shitty hardware made by shitty manufacturers, and/or you haven't done all the updates.
You install stuff you aren't asked to? Really? (Score:3, Interesting)
In which case you desperately need a lawyer, a PR guy, and a new line of work, probably in that order.
I've heard loads of technically competent people say they've installed SP2/latest updates/etc. and not had a problem. For each two of them, I've heard at least one equally technically competent person tell me about at least a major software failure, and frequently the
so? (Score:2, Insightful)
And by everybody, i mean not people reading slashdot.
Hey, now... (Score:2, Insightful)
But the time here is pretty negative for something Microsoft did to help customers. They recognized a compatibility issue and gave their customers time to modify things before the heavy-handed automated updates broke them.
Arguing "SP2 breaks things! Bad Microsoft!" isn't helpful either--SP2 closes a number of security holes, and we're all down on Microsoft about security holes, so they're in large part doing
Any experience with P2P or GoogleDesktop? (Score:2, Interesting)
I know that you can let a program be allowed to open a listening server, but I would like to ask to the
do you have tried using it with the common P2P apps and google desktop? Do they work?
I'm worried to break something I regularly use....
Re:Any experience with P2P or GoogleDesktop? (Score:3, Interesting)
All I Know Is... (Score:2)
If it was a couple of applications that didn't work, I could live with that. But in this case, the machine would hang in the middle of the windows flash screen on bootup, rendering the whole damned computer useless.
Thats a day of my life I'll never get back. Unacceptable.
Good Alternative to Windows Update (Score:2, Informative)
Another good way is to load up Nessus [nessus.org] and have a good crack at one of your windows boxes.
In-House Apps (Score:2)
Good advice, but posted to the wrong board... (Score:2)
Might be a good time for help desk personal to pencil in a week (or two) of vacation.
Shouldn't this be posted to www.slashdot.in?
Forget broken programs, SP 2 refuses to boot (Score:2, Interesting)
Booting into safe mode has allowed me to uninstall SP2 and restore the machine to a usable condition. I don't mind SP2, I just don't want to spend the time troubleshooting a failed install.
Even if Microsoft were to offer me free telephone support, it would still waste my time. It seems unfair to force users to accept upgrades that may very well cause their com
run SUS (Score:2)
SUS is free, easy to setup, and gives you complete control of which updates roll out, how often, etc. (It can be setup to automatically roll all updates out daily of course).
Besides, SP2 is a good thing in terms of security.
SP2 Causes Problems with Microsoft's own Products (Score:3, Interesting)
When you run a Windows XP SP2-based virtual machine, it will perform slowly compared to a Windows XP SP1-based virtual machine."
Interesting that a Microsoft product has problem with their own Service Pack.
The Real Story (Score:5, Informative)
Always backup. (Score:2)
AU (Score:3, Informative)
It might be a good time for helpdesk personell... (Score:3, Funny)
Let me get this stright (Score:5, Insightful)
2)Microsoft comes out with sp2 that has a built in firewall.
3)People then complain that the firewall makes it so alot of other firewall/security applications don't work.
4)Then they complain that things like FTP and IIS dont work....
Yes there are many applications that should run on this list, but really people, alot of these applications stop working for very good reasons.
FTP dosent work? configure your firewall. IIS dosent work, configure your firewall! Some of these programs stop working for a reason.
MS is doing the right thing (Score:5, Interesting)
How to make SP2 not suck (Score:4, Informative)
NX (off): Edit your boot.ini by removing that
Clear, simple, and every application will no longer flip out. + you'll get a boost in performance (I take a 10% performance hit when NX is on my laptop, far more visible in photoshop than any other application).
Windows Firewall: First off, GET A BETTER FIREWALL! Next step, net stop sharedaccess and find it in your services (Start->run: services.msc) Disabled it.
Horrah! Your windows should now perform in it's old SP1 ways. (I have yet to find any application to fail after these features were disabled). Oh yeah if you get annoyed by that Windows Security Center, in it's main window on the left side it has a way to change its notification (to completely off because nagging programs suck).
Ready or Not, Here comes Security (Score:3, Interesting)
I already ran my own (software) firewall that did both ingress and egress filtering, along with running Firefox as a web browser.
SP2 hasn't done anything noticeable for me, except that the wireless network dialogs are a lot nicer.
I'll admit that the firewall drove me nuts for a bit: it was always popping up, telling me it was doing me a favor by blocking legitimate traffic. I ended up turning it off, but only because I had my own firewall already.
When I find myself using IE (infrequently), I do find that it'll now occasionally put a bar across the top informing me that it's barred various malware from installing itself. Between this and the firewall, SP2 is a very good thing for the average computer user, and is of little harm to those of us who already found something to do it.
Bias. (Score:3, Insightful)
How is this a problem (Score:3, Funny)
Re:Wonderful... (Score:3, Insightful)
Re:Wonderful... (Score:3, Interesting)
The parent said nothing of the kind.
"MS has given MONTHS (try almost 6 months) for people to do what needs to be done."
Given? MS sold an OS riddled with security problems. Those who wanted a fix had to wait a long time for it and the "fix" broke a boatload of functionality resulting in yet more cost for the customer. Those who don't want this mixed bag of code will now have it force
Re:Wonderful... (Score:4, Insightful)
Only if you have automatic updates on.
This reasoning leads to one of two things:
1. You have auto-updates on, and don't know what the fuck you are doing anyway, in which case it's in the best interests of everyone that you are upgraded and at least become a smaller target to worms/viruses/other ilk. Breaking shitty software that has no reason not to have shipped an upgrade by now is no reason to contunually allow machines of this class to be availible as targets.
2. You do not have auto-updates on, and actually understand the risks/benefits to the system you are on. In this case it still is in your hands as to what gets installed. Problem solved.
In either case (1) The big bad microsoft needs to protect you from your own ignorance, or (2) you have the capability to protect yourself, the needs of the many get met.
Re:Have fun with that (Score:5, Insightful)
Ah, so you'll be enjoying the recent failures with 10.3.8 instead then? Just as I'm 'enjoying' my dual G5's vastly increased fan activity after installing the update? I particularly appreciate Apple's lack of ability to automatically roll the update back...
I much prefer the OS X environment, but I don't really blame Microsoft for the XP 2 failtures. A big OS patch is a big OS patch, problems can occur on any system and it's extremely likely that patches to various apps will be needed along the way.
Cheers,
Ian
just can't do it... (Score:2, Interesting)
(Granted, this is a trailing edge machine - VIA VA-503 / K6-III, but still daaaaamn!)
neato!
Re:Have fun with that (Score:3, Informative)
For example:
Popup blocker (yeah, you can install google toolbar or others as well)
No Execute protection (Yes, it's possible for an attacker to get around it, but so are door locks.. that doesn't mean i shouldn't lock my doors)
reworked RPC management (this is a biggie since it's going to prevent other kinds of RPC based worms if a
Re:Have fun with that (Score:2)
Re:Have fun with that (Score:3, Funny)
Re:help desk "personnel" (Score:5, Funny)
Re:help desk "personnel" (Score:5, Funny)
User: Hi, I'm having problems with my hard disk
Tech: hold on, I'll be right there
Re:Hrmm (Score:2, Interesting)
Most of the reasons for "Bloat", "Lax Security", and "Instability" are because of constant need to keep every version/update to Windows compatible with even the earliest versions. With this Service Pack, a bazillion people voiced out that they want security... even at the price of compatibility. Now you bitch. Had they done the same old thing, you would still bitch.
This post is simply an obviou
Re:Hrmm (Score:3, Insightful)
Maybe, just maybe a Service Pack isn't the right place to put new features or anything that breaks backwards compatibility?
I don't think anybody would complain if MS would have just released a completely new version.
Re:Hrmm (Score:3, Informative)
There is no bug-free software, excluding things like "Hello World".
I, personally, have had no problems with SP2 on any machine I have it installed on (three pc's at the house with wildly different hardware, and about 7 pc's in my small office with x
Re:Hrmm (Score:5, Interesting)
The funny thing was, someone wrote a Problem Tracking Report (i.e. "Bug") about this, and had the MVS team change the program - the flaw was that the return code register was being set in the utility, but the 0=byte program was not copying this result code into it's own return register, so the program was returning a "success" evem when a failure had occurred.
We co-ops got a chuckle out of it because of the "bugs per line of code" calculation would have had a div-by-zero problem
Re:Hrmm (Score:5, Insightful)
Bleeding edge != bug fix. (Score:5, Insightful)
Now, either the apps that broke were depending upon bugs in the OS (in which case, it is the ISV's fault)
-or-
Microsoft's approach to "patching" is wrong.
And please learn the difference between a bug fix and "bleeding edge".
Re:Hrmm (Score:3, Insightful)
So Fedora is a just a research toy, and should not be used for anything important? There are no significant bugs or holes in any of the SuSE / RHEL / Gentoo / ect. distros? Unless you are running Debian Stable, you should shut up.
Re:Hrmm (Score:2, Insightful)
Re:Why? (Score:4, Insightful)
Its the same principle as when driving. Consider everyone else as an idiot. That way when you come across one you're more likely to survive.
Re:Why? (Score:2)
Re:Why? (Score:3, Insightful)
Re:A Question (Score:2)
Because it has some serious program incompatabilities in it. Heck I've even had to back it out of a couple of machines due to simple things like printer drivers not working. Look over the other posts as I'm sure someone else has posted the Microsoft Knowledge Base article link. Those of us running XP in something like engineering enviro
Re:A Question (Score:2)
The thing that gets me is that many of those damn security updates turn Automatic Update back on after I went through all the trouble to disable it on all the machines. Microsoft Automatic Update is as insidious and annoying as any commercial adware - and just as hard to get rid of!
That's great, except when the CEO is the exception (Score:3, Insightful)
Right. It must be a lot of fun to work in a shop where 20% failure is considered normal.