Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?
Windows Operating Systems Software Bug Upgrades IT

Survey Shows Admins Avoiding SP2 492

bonch writes "Tom's Hardware Guide is running an article about Windows XP Service Pack 2 and its limited acceptance by IT administrators. AssetMetrix is cited in the article as reporting that fewer than 24% of over 136,000 Windows XP PCs in 251 North American corporations even had SP2 installed. THG goes on to describe the reasons given by admins and discusses the advantages and disadvantages of installing SP2."
This discussion has been archived. No new comments can be posted.

Survey Shows Admins Avoiding SP2

Comments Filter:
  • no comment (Score:5, Funny)

    by LittleGuernica ( 736577 ) on Friday April 15, 2005 @05:08AM (#12242422) Homepage
    I heard most of the admins weren't available for comment...because their email program was busy sending a lot of messages to people they don't know..
  • by kilox ( 774253 ) on Friday April 15, 2005 @05:09AM (#12242424)
    No way It cannot be..I feel special now. I use SP2 and have no problems. When I first installed it the thing went wonky...and I just ignored all the problems. Then they magically went away.
    • Re:Whoa..first post? (Score:5, Informative)

      by Anonymous Coward on Friday April 15, 2005 @06:17AM (#12242646)
      After I installed SP2, I found that a lot of things started crashing (just applications, not system crashes). I eventually realised the problem was that my CPU has an NX bit, and SP2 had enabled it. Once I disabled it, all the problems went away.

      I'd like to have the NX bit enabled to improve security, but it's not worth it if it causes so much software to crash. The thing that worries me is that most people wouldn't have a clue about any of this, so would just be stuck with a choice between crashing applications or removing SP2.

      • Re:Whoa..first post? (Score:5, Informative)

        by Kierthos ( 225954 ) on Friday April 15, 2005 @07:18AM (#12242849) Homepage
        Oddly enough, I had the opposite happen. Okay, keeping in mind that probably 95% of what I use my computer for revolves around browsing, e-mail and games, I wasn't having that many problems before, but I was getting the occassional (like once every two or three days) complete freeze-up of World of Warcraft. After SP2 was installed, it has happened once. And that more likely had to do with me running WinAMP and a web browser at the same time, alt-tabbing between them to look up item drop rates and changing playlists.

        Yes, it's not 100% perfect. No upgrade ever is. Especially considering the staggering amount of code in XP. But for some of us, it's working just fine.


    • The parent post is moderated as "Funny", but that's what happened to us. We installed SP2 on numerous machines. There were a variety of problems. Re-installing SP2 and rebooting several times often cured the problems. Sometimes it was necessary to reload the entire Windows SP2 operating system.

      We troubleshot one of the problems and discovered that SP2 expects that a particular file exists on the target computer, before it has copied that file. So, if the version that was already on the target computer is not recent enough, SP2 will crash. We reported this to Microsoft, but there was only a spacey response, as though confusion reigned. Microsoft did not seem to have the capacity to respond sensibly.

      SP2 has numerous fixes for problems with USB 2.0. USB operated much better for us after SP2 was installed.

      Microsoft gives us the impression that the company has a sloppy management style supervising coders who are not given enough time to do a good job. If you don't install SP2, you are not giving Microsoft the opportunity to fix some of its bugs. Someone once said that the Microsoft motto was "The whole world is our beta test site." According to that, Windows XP SP2 is just the first release version of Windows XP. We had many, many time-consuming problems with the pre-SP1 version; in our opinion, it was not ready for release; it could be made to work, but it was a time-waster. Maybe it's foolish to believe that two billionaires could care what happens to the less rich.

      All of our Microsoft OS computers are now using SP2 with all the most recent critical updates, with no unexplained problems for months.

      Be careful with Windows XP updates other than critical updates. Someone made a mistake and updated a computer here recently with a recommended hardware driver. The name of the driver on the Windows Update web site is different from the name of the driver once installed. That computer has never had an "HP wireless keyboard" attached to it.
      • Microsoft gives us the impression that the company has a sloppy management style supervising coders who are not given enough time to do a good job. If you don't install SP2, you are not giving Microsoft the opportunity to fix some of its bugs. Someone once said that the Microsoft motto was "The whole world is our beta test site." According to that, Windows XP SP2 is just the first release version of Windows XP. We had many, many time-consuming problems with the pre-SP1 version; in our opinion, it was not re
  • Applications (Score:2, Interesting)

    by Anonymous Coward
    A heck of a lot of apps are NOT certified for sp2
    • Re:Applications (Score:4, Interesting)

      by SgtChaireBourne ( 457691 ) on Friday April 15, 2005 @06:45AM (#12242731) Homepage
      Heck, forget certified, a lot of applications plain don't WORK under SP2.

      Some new client software that one acquaintence is being pressured to look at by her current vendor doesn't work at all under SP2. The soon-to-be-discontinued client works just fine since it's accessed via a terminal emulator and can therefore be accessed from any platform with a terminal emulator. The new one can't. Nor does it function under XP SP2.

      If the vendor came out with a linux or bsd port for the new client then she could forget about MS-Windows altogether and wouldn't have to have those machines set up for dual boot. But then that would make sense.

    • A heck of a lot of admins are NOT certified for sp2
  • by Samari711 ( 521187 ) on Friday April 15, 2005 @05:13AM (#12242436)
    that I've seen this story before...
  • Simple... (Score:5, Interesting)

    by demondawn ( 840015 ) on Friday April 15, 2005 @05:14AM (#12242439) Journal
    1) People have enough problems with Windows without worrying about an upgrade that they've heard countless times will BREAK existing applications. 2) Some percentage of the population is simply pirating Windows and is afraid they'll get "caught" if they try to upgrade. 3) SP2 is seen as the first step in Microsoft's "Trusted Computing" initiative. 4) It breaks Halo. C'mon.
    • Grrrr. I installed it, now my network scans are crippled. In particular VNCon.

      Any slashdotters got any solutions apart from ditching SP2?
      • Re:Simple... (Score:5, Informative)

        by GraemeDonaldson ( 826049 ) <> on Friday April 15, 2005 @06:17AM (#12242642) Homepage
        This is probably because of the restrictions MS has added to limit concurrent incomplete TCP connection attempts. You probably have a whole bunch of 4226 events in your system log.

        From technet [] article:
        The TCP/IP stack now limits the number of simultaneous incomplete outbound TCP connection attempts. After the limit has been reached, subsequent connection attempts are put in a queue and will be resolved at a fixed rate. Under normal operation, when applications are connecting to available hosts at valid IP addresses, no connection rate-limiting will occur. When it does occur, a new event, with ID 4226, appears in the system's event log.

        See here [] for a fix.
    • Re:Simple... (Score:4, Informative)

      by Chanc_Gorkon ( 94133 ) <> on Friday April 15, 2005 @06:13AM (#12242633)
      Only ones I have seen on the list Microsoft publishes have been programs that need access through Windows Firewall. Sometimes it's easy to fix it....most times it isn't. Windows Firewall woul dbe MUCH better if:

      It let you open the ports you need, with plenty of warning message of what may/may not happen.

      Do more active scanning of the packets coming in and going out for malicious packets.

      Windows Firewall is not enough in someways, but too much and not fine grained enough in control in other ways.

    • Re:Simple... (Score:2, Insightful)

      by Jondaley ( 194380 )
      I dunno. I used the registry hack to make windows not force the update when it first came out, since I was concerned that my sony laptop might have issues, and I didn't want to deal with anything.

      But, after a while and I had heard good things about it, in terms of doing a good/significantly better job with security, I thought I would look into it more.

      When I went to download it, it recommended that I look here, to see if my manufacturer had anything to say. They did, and had a couple downloads before I
    • Re:Simple... (Score:5, Interesting)

      by Lumpy ( 12016 ) on Friday April 15, 2005 @06:40AM (#12242712) Homepage
      Yup, that is why the company I work for, one of the LARGEST communications companies in the USA, does not even run XP yet.

      W2K does everything that we need..... it's more STABLE than XP, and we do not have application incompatability. Hell we can even run some of the old windows 95 apps and DOS apps without problems.

      Wanna hear something funnier, for our critical stuff, the servers that make us $10,000 an hour running commercials, still run windows NT 4.0 because W2K is not proven to us to be as stable as NT4 in that specific use on that hardware. Also, cince those servers are on their own protected network any comments of "hax0r3d or own3d" are silly cince the script kiddie will need physical access or capable of tapping a fiber optic line, you can not access it without sitting in one of the data centers or the server locations.

      Although the temptation is pretty high on that gear, imagine forcing all the top channels in a community to start playing monty python and the holy grail at midnight.
    • by gilesjuk ( 604902 )
      This just demonstrates the problem Microsoft faces, they want to lockdown the OS and make it more secure, but the pain level associated with it is too high for some Windows users who don't want to fool around with port numbers etc.

      It's always easier to design something well from the start than to try and polish a turd.
      • Re:Simple... (Score:3, Insightful)

        by EvilAlien ( 133134 )
        Alternately, Microsoft's biggest security problem isn't their own development, but the braindead admins who refuse to install patches to address critical security issues (anyone remember Slammer?). I read a lot of the comments on /. and I see a community which very strongly tends towards blaiming a vendor for their past mistakes while refusing to let them fix the problem.

        SP2. Install it, goddamit.

  • Not I (Score:5, Interesting)

    by Anonymous Coward on Friday April 15, 2005 @05:15AM (#12242446)
    I spent just over 3 months testing SP2 with all of our internal and external applications as well as stress tests for performance differences between SP1a and SP2. SP2 got the green flag the second time round (it failed because some internal applications failed, these were updated as was decided by IM).

    I finished doing the last update about 3 weeks ago and have not had any problems relating to SP2 yet which is great.

    IMO the only negative thing about SP2 is its size/time to install. It has slowed down deployment because of the bandwidth it uses and the the time it takes to install which is a major impact to production, which means it needs to be down out of office hours which means IT support need to work over time, etc.

    While deployment of SP2 was tiring and long I would rather got on with it than wait it out like some companies are doing.
  • by Manip ( 656104 ) on Friday April 15, 2005 @05:16AM (#12242450)
    This is a 200Mb file that you need to send to every computer on the corp. network, so even if you were ready to start deploying SP2 you couldn't do so over night.

    Further more SP2 adds LOTS of functionality and changes the behaviour of Windows and thus is extremely likely to break things on a corp. setup.

    So I am not at all shocked that network admins haven't all installed it yet.. But I bet you if you changed the survey to - "How many network admins are installing (Via Slipstream) SP2 on new installations?" you would get a very positive and different result.
  • by MadMirko ( 231667 ) on Friday April 15, 2005 @05:17AM (#12242452)
    While there might be good reasons for not installing here and there, I suspect most of the so called "admins" are just to lazy or simply clueless when it comes to large scale software distribution.

    Installing SP2 in a large corporate environment is nothing to sneeze at, I agree, but that's no excuse for not patching.
    • by SgtChaireBourne ( 457691 ) on Friday April 15, 2005 @07:13AM (#12242823) Homepage
      XP SP2 is more like rolling out a new OS not a patch. It is more like going from NT4 to 2000 or from 2000 to XP than going from XP to XP SP1.

      It's got a lot of strikes against it:

      • I don't agree with what you say. I think your arguments are flawed:

        * It was late
        - it's MS. are you surprised? is this a valid reason not to upgrade?
        * Lots of apps don't work with XP SP2, including some of Microsoft's own
        - not out-of-the-box no. but after disabling/modifying the build-in firewall they will
        * It's been known to be unstable
        - a MS product that's unstable? no way!! I can only say that my pc doesn't crash more now that i've installed SP2.
        * Difficult to install
        - maybe if you have parkinson disease
      • by Martin Blank ( 154261 ) on Friday April 15, 2005 @11:32AM (#12244711) Homepage Journal
        It was late []

        This is fairly normal for a major overhaul of an OS. Delivery dates change. SP2 fundamentally changed many of the ways that XP operates, and, contrary to some opinions, really did raise the bar on Windows security. Besides, the article to which you link was complaining about the delay of a few days from the release to premium subscribers. That's getting a little pedantic.

        Lots of apps don't work with XP SP2 [], including some of Microsoft's own

        Many of the apps on the list work fine on 32-bit XP SP2, but have problems on 64-bit. Most of the others have patches available to allow them to work fine with SP2. VirtualPC, for example, works at expected speeds when updated.

        It's been known to be [] unstable []

        I'd like to be able to comment on this, but the article is expired.

        Difficult to install []

        Might be interesting to comment on this one, but it, too, is unavailable.

        Additions like the firewall have serious shortcomings []

        Wow, this is getting to be a trend. However, the Windows firewall was never intended to be an end-all, be-all solution. It was intended to make attacks more difficult by blocking off certain common ports. A middle ground was struck between home and enterprise users (one that was too open, IMHO) that still left some things somewhat open, but it's better than nothing. Had they come out with a miniature version of ISA, we'd have heard shouts (possibly including some from you, I suspect) that Microsoft was trying to put the security companies out of business.

        It messes with settings and permissions []

        Of course it changes settings, though I saw little about changes to permissions. But that article, while somewhat correct on a few things, misses wide on others. It calls for Automatic Updates to be disabled because "users should update Windows manually, though regularly, paying attention to the various update options and their relevance to one's system," which we know siginificant portions of the installed userbase do not do, and have no knowledge to do so. It is a mechanism that, while potentially abusable by Microsoft, is by far the lesser evil when compared to worms running rampant because some patch from eight months prior wasn't installed.

        Is still vulnerable anyway [] in many ways [], and it can take weeks or months to force a repair or even admission.

        Microsoft never claimed that SP2 would be vulnerability-free. It claimed that it would be more secure, and generally speaking has been correct in this. Even the patches that have covered both SP1 and SP2 have in many cases had lower severity ratings for SP2.

        Doesn't fix or remove MSIE []

        Well, they're not going to remove IE, so there's not much point in complaining about that. But whether it fixes it is another question. Are there still vulnerabilities? Sure there are. But while IE still has a good distance to go, IE6 SP2 is far superior to its predecessors in terms of default security and blocking random installations. I have personal clients who were at first annoyed by IE's new features, and in recent months have come to love that it blocks so much (I'm still working on converting some of them to Firefox).

        Has DRM features that let spammers 0wn [] the machine

        Not sure if this particular issue was ever directly addressed by Microsoft, but since I haven't seen much evidence of this method being used to gather up armies of zombies (most do it by e-mail or open ports), I'm not sure how serious it was to begin with.
    • by Anonymous Brave Guy ( 457657 ) on Friday April 15, 2005 @07:31AM (#12242881)
      While there might be good reasons for not installing here and there, I suspect most of the so called "admins" are just to lazy or simply clueless when it comes to large scale software distribution.

      And yet they've successfully set up those networks in the first place, probably installed numerous other WinXP patches across their networks afterwards, probably installed and configured office apps, corporate database stuff, corporate Intranet stuff, and more.

      Really, if installing SP2 from a centralised control point isn't a matter of "Click here" and perhaps fixing some unusual incompatibility problems on a small proportion of machines, then I'm betting it's SP2 (or its installation tools) that is broken, not the IT staff.

  • by Black Art ( 3335 ) on Friday April 15, 2005 @05:17AM (#12242459)
    It breaks a whole bunch of apps []. It is a large enough list that something will probably not work on a high percentage of machines in any sizable deployment of Windows XP.

    Windows admins have a good reason to be a bit careful here. Windows Service Packs have a long tradition of making systems or applications no longer function. After getting burned a few times, you learn to be careful.
    • Every move up the progressive OS cycle leaves programs behind that don't work. I sometimes spend hours on google trying to find workarounds to get old games working. You won't believe what you have to do to get System Shock 2 working on XP.
    • by Skye16 ( 685048 ) on Friday April 15, 2005 @06:30AM (#12242685)
      That may be, but we've heard people raving for years about MS security, most of which comes down to legacy support and the inherently bad design decisions in the code that supports that. So, they're starting to fix things, slowly. We've all predicted applications aren't going to work any longer when they make the change. But that's really just too bad. We can't really have it both ways; it wasn't done right the first time, so we either get security, or we get legacy application support. Not both.
    • "enough list that something will probably not work on a high percentage of machines in any sizable deployment of Windows XP."

      From experience, larger deployments of machines tend to have a much smaller pool of applications that are used. This is partly down to administration overheads, machine build overheads and user permissions - most in a large deployment won't have the ability to add new software themselves. If you use a piece of software widely, then it's easier to replace/patch/whatever. A worse scen
  • Security moanings (Score:4, Insightful)

    by hmmm ( 115599 ) on Friday April 15, 2005 @05:18AM (#12242461)
    Some administrators take every opportunity to whinge and moan when Microsoft products have a security vulnerability. When Microsoft do the "right thing" (such as XP SP2), there is more whinging and moaning . Security is not easy - the spin on security being a "business enabler" should have died with the dot com bust. Security restricts and breaks functionality, sometimes deliberately, with the tradeoff that you are now accepting less overall risk in your environment.
    • Yeah, but when they fixed security did they have to break the USB port at the same time?
    • Some administrators take every opportunity to whinge and moan when Microsoft products have a security vulnerability. When Microsoft do the "right thing" (such as XP SP2), there is more whinging and moaning .

      Some administrators whine and moan whenever they have to do work.
    • REAL security... (Score:5, Interesting)

      by argent ( 18001 ) <peter&slashdot,2006,taronga,com> on Friday April 15, 2005 @07:06AM (#12242793) Homepage Journal
      When Microsoft do the "right thing" (such as XP SP2),

      Microsoft has yet to do the right thing. The security community has been beggng them to back out of the tight browser/desktop integration and "security zones" since 1997, and split the rendering and access functionality of the HTML control into separate components so you CAN run a locked-down sandboxed version of Internet Explorer if you want to... but instead Microsoft refuses to admit they made a mistake and patches symptom after symptom instead of attacking the disease.

      That's why I, wearing my "security hat", banned all internet-capable applications that used the MS HTML control for rendering... back in 1997. As long as that ban was in effect we had zero virus and security panics, and we were the only division of our company for which that was the case.

      The fundamental design of the HTML control is broken and unfixable. THe only solution is to back out of that design at a very low level, and rewrite all the applications that use it to handle access themselves. In 1997 I expected that Microsoft would do that... by now, it's obvious that they won't. They're afraid of losing face.

      The right thing, from a security point of view, is to stop using Internet Explorer, Outlook, Outlook Express, Windows Media Player, Realplayer, and all other applications that use the MS HTML control to display potentially untrusted data whether they're shipped by Microsoft or some third party. Microsoft has proven over and over again for the last seven years that there is no other rational course of action.

      SP2 and every other "security" patch that Microsoft provides are just smoke and mirrors.
      • Re:REAL security... (Score:5, Interesting)

        by erroneus ( 253617 ) on Friday April 15, 2005 @08:23AM (#12243142) Homepage
        I wish I had the power to ban applications like that. It is unfortunate that I cannot, but that said, my deployment of "firefox" has been wildly successful. With SP2 installed, the OS seems to respect my default browser settings quite nicely in that when HTML formatted emails contain a link, the browser that is opened is still Firefox even though it's apparant that MSIE is being used to render the email. That's certainly unexpected behavior from Microsoft and I'm pleased with it.

        The results? Fantastic. My spyware-ridden network dropped to near-zero in terms of infestation. There is only one machine that still needs MSIE and for that, I taught that user that MSIE isn't really "gone" that she only needs to open an explorer and type in the URL or select a favorite that has been saved. Apparently ADP isn't as security conscious as they are of "ease of use and implementation." (Methinks their in-house developers only know one thing is all. One of these days I'm going to write a scathing message about the company so many depend on for payroll and other critical business functions using something known in the security community to be a huge blazing hole.)

        I pray for the day when some really smart person writes replacement code that will allow a complete switchover from MSIE to Firefox -- that would include all of those APIs and things that third-party software uses to activate the MSIE would be a good day for all.
    • Security restricts and breaks functionality, sometimes deliberately

      Security might have to restrict potentially dangerous functionality, but if your security is breaking functionality that wasn't a vulnerability in the first place, it's not really security, it's just a bug.

  • by The New Andy ( 873493 ) on Friday April 15, 2005 @05:20AM (#12242466) Homepage Journal
    Give them some time, then the malware authors [] will start writing SP2 dependant stuff and we'll all be much better off.
  • by Anonymous Coward on Friday April 15, 2005 @05:21AM (#12242473)
    Really, am I the only one thinking that something is very broken in Windows when Microsoft has to convince us to apply a (free) upgrade to the system?
    • The networks administrators are either (or many) of the following: just very lazy, unable to fix internal applications that would break, unable to upgrade to versions of boxed or otherwise external apps that would break, unwilling to spend time with this being busy with other stuff or just waiting for the perfect moment to upgrade (which in the vast majority of cases will *never* surface).

      The rest of us who aren't network admins either have it installed already, can't install it because our network admin w
      • The rest of us who aren't network admins either have it installed already, can't install it because our network admin won't let us, won't install it because it'll break something and we can't spend five minutes looking for a patch because that's too much work, or we've never heard of it.

        You forgot probably the most likely explanation among the WinXP users who read this forum: we've done the research, seen what vulnerabilities are supposed to be addressed, and concluded that we'd rather rely on our exist

  • by smithberry ( 714364 ) on Friday April 15, 2005 @05:22AM (#12242479) Homepage Journal
    I'm not surprised at the reluctance.
    Given that many of the SP2 changes relate to networks and firewalls, the bigger the corporate network the bigger the chance the upgrade will take some time to get working for everyone in a company.
    If you are used to fixing problems remotely and the upgrade prevents the problem PC connecting to the network... you see the issue :-)
  • As long as your internet connection is secure, ie, you have a good firewall or router (as you would have in a large corporate environment), then the negative effects of SP2 outweigh the positive ones.
    SP2 breaks network connectivity by limiting the number of connections you can make in a given amount of time.
    SP2 creates a bunch of annoying and useless popups and warning messages, with no real extra security (compare vulnerabilities found before and after SP2 on sites like Secunia).
    The only thing SP2 does
    • Re:SP2 is useless (Score:2, Interesting)

      by delymyth ( 17681 ) *
      I had to install SP2 here at work, because of the machine analysis program that examines all the machines connected to this network.
      I was just tired to see each and every monday the same email that was telling me it was *mandatory* to install the latest Service Pack on my machine.
      Since I'm not using that many programs here, SP2 works fine anyway.
    • That's great up until someone releases malware inside your network. On corporate networks, often 100k plus desktops, it will happen.

      SP2 isn't useless, it is manditory, but a serious pig to apply in the corporate environment. You are short sighted to think otherwise.
    • 1. Open up the Security Center applet in the Control Panel.

      2. On the left side of the Security Center window, locate and click the "Change the way Security Center alerts me" link.

      3. In the "Alert Settings" window that appears, uncheck any/all the warnings you no longer want to have pop-up when you log in.

      4. Click the OK button to save your changes.
  • by MrBandersnatch ( 544818 ) on Friday April 15, 2005 @05:32AM (#12242505)
    I recently obtained a copy of Visual Studio 2005 which I wanted to play around with. Install went fine (on XP) UNTIL I tried to install the DOCUMENTATION...which insisted that XP SP2 had to be installed!!

    So I installed it. It broke SQL Server 2000 because I hadnt patched it (but wrote information to the event log about how to fix it) but apart from that things went well...

    Until I tried to run the spidering app Ive been working on at which point I discovered that XP Pro + SP2 = Castrated System! SP2 limits the number of connections pending opening to 10 (down from 50) and provides no way to change this limit!!!! Unimpressed....

    Anyways, given that many pieces of software will only run on systems patched to a certain SP level Id expect that it wont take long before its a required upgrade...having to install it for documentation to work though....that rubbed me the wrong way I must say..
  • by zakezuke ( 229119 ) on Friday April 15, 2005 @05:32AM (#12242510)
    I friend told me this, that she observed that her p2p speeds went down after p2p. At first I didn't quite believe it, after all what could Microsoft do to make XP prejudice against P2P. Then I read this [].

    XP Sp2 limiting the number of connection/sec This feature/function can be handy from security point of view. Bink.Nu links to a functionality in Windows XP SP2 that limits conncurrent TCP/IP connections. I vaguely remember reading some relating when I was using Windows 2000 as well about a setting in registry where we can limit the number of TCP/IP Connections. On Googling I found the following link and on this forum . You can save your computer from P2P programs trying to make many connections at the same time and this can also apply to some of the viruses and worms.

    To be honest this was the first I heard about it. I just naturally assumed that shareza didn't peform as well as other dedicated P2P software applications. That registery entry seems to be missing and according to what i've read is hard coded in tcpip.sys. I found software to change the number of connections permited in tcpip.sys here [] and it might be covered in XP-antispy [] though I've not tested it yet.

    In all fairness I have had few problems with XP SP2. Unfortunatly any problem I've had has been hardware related.
    • I've once written a piece of code that probes all addresses on the local class C subnet, looking for the MySQL server. Yeah, this is a lame-ish solution, but it's much better than trying to explain what an "IP address" or even "server name" is to your average accounting drone.

      On 98: the limit of available TCP sockets is pretty low, but Windows will tell your program that the call failed. Ok.
      On XP SP1: the limit of available sockets is a lot higher. Everything works fine.
      On XP SP2: Windows will start _10
    • by Kjella ( 173770 ) on Friday April 15, 2005 @07:12AM (#12242821) Homepage
      XP Sp2 limiting the number of connection/sec

      It does not. It limits the number of pending connections. The biggest problem with this in relation to p2p is that clients often report IP/ports that are unreachable due to firewall/NAT. Hit 10 of those and you can't open any more connections for a while. Also very annoying if you hit a web page where the image server is down. 10 images you can't load? Tarpitted. Personally, I've changed this long ago.

  • by Shag ( 3737 ) * on Friday April 15, 2005 @05:35AM (#12242525)
    Got it when it became available through Windows Update. No issues, but then, I don't have a lot of weird apps, and Virtual PC doesn't emulate weird hardware, so oh well.

    I hardly ever use it, though... except to run Windows Update when a new batch of patches come out.
  • WI-FI woes (Score:5, Funny)

    by Anonymous Coward on Friday April 15, 2005 @05:39AM (#12242541)
    If you have a Windows XP laptop with WI-FI and if you go to conferences where there are wireless networks, then you HAVE to get SP2: it's a crime not to.

    The bug mentioned in the article, where Windows sets up an ad hoc network on a preferred SSID it can't find, is lethal in a conference network. One fuckwitted XP box stealing the SSID for its ad hoc network can disconnect hundreds of delegates. Any time that you're nearer the XP box than the access point (s.t. the XP box has more signal), your net access is toast, whether or not you're running windows.

    I've been at conferences where there were hourly PA-broadcasts begging XP users to turn off their ad-hoc networks. If you have XP SP1 on-line at a conference, then you should expect to have your laptop pounded into fragments by angry geeks. They will be justified.
  • Say what? (Score:5, Insightful)

    by Mr_Silver ( 213637 ) on Friday April 15, 2005 @05:42AM (#12242550)
    In the case of SP2, Microsoft wants people to upgrade on demand, Schneier says.

    So, if Microsoft force you to upgrade to SP2 to reduce the number and chances of a compromised PC it's bad because they're forcing you.

    If Microsoft don't force you to upgrade then it's bad because they're not being proactive enough in reducing the number and chances of a compromised PC.

    Must be great to be a decision maker at Microsoft where whatever choices you take it won't be liked.

    • Must be great to be a decision maker at Microsoft where whatever choices you take it won't be liked.

      The no-win decision is a direct result of their earlier decisions, which in turn were based on boosting profits at the expense of developing good software. You'll find no sympathy here.

  • Upgrading to Windows XP SP2 is nothing compared to a corporate update of, say, FreeBSD.

    Having said that, the problem remains : an admin REALLY BADLY WANTS to upgrade the companies machines, but is always faced with the daunting prospect that even with the best planning, you have NO IDEA what the hell the system is going to do once you start that update.

    This is not a probelms with home users who can afford to have their boxes trashed by the upgrade and then freshly installed (or then again, maybe not with
  • Bottom line (Score:5, Insightful)

    by spywhere ( 824072 ) on Friday April 15, 2005 @05:50AM (#12242571)
    Windows XP SP2 is, um, the current version of Windows. Avoiding it means your systems are running on a legacy OS.
    When new programs come out that require SP2 (like the upcoming IE7), it will be too late to start thinking about an upgrade... If it breaks your 5-year-old applications, replace them.
    If your internally-generated code isn't ready, fix it.
    If you can't cope with the lame Window Firewall, RTFM to customize or disable it.

    How long before the legal or finance departments need to use a business-critical Web site that requires IE7 for access?
    • How long before the legal or finance departments need to use a business-critical Web site that requires IE7 for access?

      I'd have thought that, as the customer, if that ever occurred, any sensible business would be telling the provider very loudly about how they will move to another provider if they don't make it Just Work(TM) with all recent browser flavours.


      • Of course.
        What is cheaper? Replacing the custom 5-year-old application that Just Works(tm) and costed $200.000 to write, and is generating $200.000 revenue with something that May Not Work(tm), or moving over to a service that is maybe $500/month more expensive but doesn't require IE7?

        And in the end, place 1-2 machines with SP2, IE7 and and that service access while keeping the rest of the net unchanged.

        Typing this from NT4 machine. I could move over to Win2k with custom apps that are installed here, but
    • Re:Bottom line (Score:5, Interesting)

      by argent ( 18001 ) <peter&slashdot,2006,taronga,com> on Friday April 15, 2005 @06:51AM (#12242754) Homepage Journal
      Avoiding it means your systems are running on a legacy OS.

      You say that like that's a bad thing.

      How long before the legal or finance departments need to use a business-critical Web site that requires IE7 for access?

      I don't know, you tell me: how long before some criminally stupid web developer creates a business-critical website that requires a specific version of a browser to even work? Not just "doesn't work on Firefox" (which is already in the "criminally stupid" department) but "doesn't work on recent versions of Internet Explorer"? Yes, I know, that's already happened... but in my case it was a website that didn't work on anything later than IE 5.5. Or older, either. Basically, Doctor Evil, this is a sword that cuts both ways.
    • Windows XP SP2 is, um, the current version of Windows.... If it breaks your 5-year-old applications, replace them.
      If your internally-generated code isn't ready, fix it.

      Or, you could carefully weigh the costs of running an outdated version of Windows against the costs of replacing all of your custom code and apps -- and then make an informed decision. Is it worth spending money and hours redoing your work to run the latest XP? If so, do it; if not, don't. It's a business decision with pros and cons --
  • I'd just do this:

    apt-get install sp2
    apt-get update sp2 ...
    Oh, wait.
    Wrong OS.
    Forget about it.
  • by rasteri ( 634956 ) on Friday April 15, 2005 @06:49AM (#12242743) Journal
    I work for a large oil company, and our worldwide (probably hundreds of thousands of PCs) rollout of SP2 killed Exceed, Samba, and a couple of inhouse apps. Turns out the NT guys hadn't even considered it. As a UNIX admin, I had to work quite a few long nights to repair the damage.
  • by Madas ( 866312 ) on Friday April 15, 2005 @06:50AM (#12242745) Homepage
    What they are saying is that if you like your computing experience to be all-Microsoft this is the way to go. [] Otherwise you'd be much better off with a different browser, email client and personal firewall!!
  • I know I'm avoiding installing SP2. After all, I have no idea what it would do if I installed it on any of my Linux or Mac OS X boxes here (nevermind my single lonely OS/2 machine)!

    I mean, it could actually cause me to waste hard drive space on those machines, and I need that space for pr0n!


  • ...Not everybody. I still have two users that have legacy (ie. OLD AND CRAPPY) applications that were a hack to work on XP SP 0-1. I'm just not feeling like pressing my luck right now.

    Of course, the people who do run SP 2 have reported exactly ZERO problems. True, I did have to reinstall Office on one lady's machine, but she also had the worst spyware/adware collection I've ever seen, so that probably had something to do with it.

    Bottom line? In my experience, SP 2 is not better or worse than any other
  • 90% installed here (Score:3, Informative)

    by GIL_Dude ( 850471 ) on Friday April 15, 2005 @08:12AM (#12243077) Homepage
    We participated in the private betas for months and months. Found several bugs and app compat issues - got them either resolved or worked around. Shipped it to our users, and are currently at 90% of our 60,000 machines. I can't claim that there have been no problems. There have been some web sites that need work (due to some of the new restrictions in IE) and some apps that are used by only a few users that have some problems - but in the main, this has gone extremely well. I honestly can't figure out why people are waiting on this.

    It seems incredibly disingenous of people to on the one hand say, "Windows is full of holes, help us here Microsoft, we are bleeding." and on the other hand say, "well, that's nice but I'd rather keep bleeding than spend the time and effort to apply the fix."

    Get with the program IT Admins! Work with the vendors of the apps if you have to, get the firewall exceptions in and SHIP this already!
  • by haplo21112 ( 184264 ) <[moc.anhtipe] [ta] [olpah]> on Friday April 15, 2005 @08:20AM (#12243123) Homepage
    The application we use to allow our technicians work trouble tickets through a web interface got completely hosed by SP2. They were fairly apathetic about the whole thing sending a link to a MS KB article that didn't solve the problem. There attitude was pretty much it was our fault for using SP2. I finally found a solution that involved basically hacking the registry to tun off one the SP2 security features which was breaking the products javascript.
  • by puzzled ( 12525 ) on Friday April 15, 2005 @08:42AM (#12243268) Journal

    If you've got a system plugged in to the public internet and you aren't using something similar to the subject line to update ... well ... you're probably not running FreeBSD. Silly you.

    I'm a bit more forgiving for desktop use - I can type 'yast' on this machine and begin changing things. One day soon, when I take the time to make vmware run on FreeBSD 5.3 I will again experience holy homogenous happiness and life will be perfect.

    I have heard of this SP2 of which they speak, but I have no fear, because I am far away from the blasted lands and their filthy start button virus infested machines ...

    Climb, brothers, climb! Go higher and higher, until no flabby, graphical interface only OS with an incontinent TCP/IP stack can follow. Dwell in the land of headless awareness and be at peace.


  • by rufusdufus ( 450462 ) on Friday April 15, 2005 @08:47AM (#12243292)
    Recently I was in a remote location with a computer that came with the building. I reformatted and reinstalled windows. I needed to register it, get a new video driver from nvidia, and then go to windows update to get patches and then SP2. I was on a wireless dialup connection.
    Sometime into downloading the first patches from windows update, the machine started to act oddly. Down to a crawl. Somehow during that time a worm had taken over and installed 30 or so different malware programs.
    There seems to be no way to get that computer secure on the internet without either buying 3rd party firewall or SP2 cd which was not an option at the remote location.
  • Signs (Score:3, Interesting)

    by Stormcrow309 ( 590240 ) on Friday April 15, 2005 @08:58AM (#12243377) Journal

    We have this methodology at work. I call it, 'Patch when it hits the fan'. Last time we did a major patch is when Nimda kicked our butts. Of course the patch was out weeks before.

    The issue is that admins and systems support are lazy. We haven't moved to SP2 because no one wants to get off their butts and test.

    Of course, all my systems are tested out on XP SP 2. :-p

  • SlashFUD (Score:3, Interesting)

    by EvilNecro ( 839456 ) on Friday April 15, 2005 @09:02AM (#12243403)
    Please, please, please... Let's try to make ourselves a cut (however slight) above the rest of the wailing masses. I am so tired of the anti-MS cattle on /. Are they a big evil corporation? YES. Do they do mean, nasty things, often... YOU BET. Do they occasionally get something right.. (here's the tough one).. YES! On to SP2. Although I don't work in the IT dept any longer, I know most of the people quite well and hear about when stuff is bad(tm). There are over 300 machines in the dept. that I work in. # of problems with SP2? ZERO. Is it perfect right after install - no way, lots of stuff doesn't work. HOWEVER, once the TCP Limit is fixed (yes, 3rd party fix, and MS should include it, but they, it exists), NX disabled (not ready yet) and assorted registry keys tweaked, it works fine. Now, for the apostles of Linux - How many of you install the standard base sytem and change nothing? That's right, ZERO! You can't take stuff 'out of the box' and expect perfection. Same with SP2. Is SP2 perfect, HELL NO. Is a PROPERLY setup install of it, tweaked by IT people with a clue better than SP1, YES. Considerable improvements exists in SP2 (USB, wireless, etc). Granted, some things are garbage (windows firewall.. hahahaha!) but they are easily dealt with, removed, or ignored. It is foolish to ignore the good parts of SP2 just to complain about a cheesy built in firewall. Broken apps. I have yet to hear of a broken app that doesn't have a patch, hasn't been replaced by a newer version, or can't be fixed with a couple of tweaks. We author and utilize a lot of in-house software, and the only thing an MS patch or upgrade, including SP2, has broken involved new security permission in .NET (and can be fixed either in the software, or by the blocked requests) At least be thankful that MS fixes some of it's mistakes.
  • by hkb ( 777908 ) on Friday April 15, 2005 @10:35AM (#12244108)
    Don't scream at Microsoft, they're merely listening to customer demands and trying to make Windows more secure.

    If you want someone to scream at, scream at the vendors who make shoddy, ill-written software that won't work under SP2, who still haven't released product updates that are compatible with SP2.
  • I call bullshit... (Score:3, Insightful)

    by Gruneun ( 261463 ) on Friday April 15, 2005 @10:36AM (#12244117)
    for a couple reasons.

    First, SP2 hasn't caused any problems in the broad range of machines I've seen or dealt with. While I don't doubt the 24% estimate, I sincerely doubt that 76% of machines lack the upgrade as a result of security concerns, which leads me to the second reason...

    If approached by someone questioning why the machines aren't up-to-date, the lazy IT manager, feeling backed into a corner, will make an excuse about how he is still evaluating the potential dangers of the controversial upgrade.

System restarting, wait...