×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Last Words On Service Pack 2

michael posted more than 9 years ago | from the we-can-only-hope dept.

Windows 542

thejoelpatrol writes "So did Slashdotters call this one? Windows XP SP2 seems not to be so secure after all. A Register reporter goes in depth to find out just how safe a fresh install is. He provides a list of which dangerous ports are left open and which services are left on by default. I guess now we know why Microsoft's security timetable is 10 years." Reader ack154 writes "ZDNet is reporting that many Dell Inspiron users are reporting an extreme performance decrease since installing Windows XP SP2 - decreases as much as from 2.6ghz down to 300mhz. Dell claims no responsibility, claiming it is 'externally loaded software' and they don't support it. In the mean time there has been a fix posted on Dell's forums, which rolls back the processor driver." Finally, Marxist Hacker 42 writes "Amid complaints of too much XP Service Pack 2 coverage on ZD Net, David Berlind writes that Service Pack 2 deserved the scrutiny it got- and charges that it failed to live up to Gates' Trusted Computing Initiative." Finally, Microsoft warns that installing SP2 on a spyware-infested PC is a bad idea.

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

542 comments

Performance decreases that exxxxtreme... (5, Funny)

Anonymous Coward | more than 9 years ago | (#10153991)

...deserve some extra 'X's.

Not secure? (-1, Troll)

Anonymous Coward | more than 9 years ago | (#10153992)

What a frickin surprise!!!

Also, firth poth NGGA!!

Last Words? (5, Funny)

Anonymous Coward | more than 9 years ago | (#10153994)

Somehow, I doubt that these are the last words we'll see on the subject....

GNAA EARLY POST - JUST USE LINUX INSTEAD (-1, Troll)

Anonymous Coward | more than 9 years ago | (#10154001)

This "early post" is brought to you by the ECFA (Euthanasia for Canus Familirous Association). We are an organization dedicated to the eradication of dogs. ECFA (Euthanasia for Canus Familirous Association) is committed to protect our oxygen, to clean our streets, and to curb noise pollution - through the simple eradication of canine pests.

We have recently "connected" with the GNAA to form one ECFA. Stay connected. Please note that since we are moving to a larger demographic (the untold scores of people who deal with dog messes, noises, and annoyances daily), most of the current GNAA content is offline. In fact, we're pulling all of it except the "early post", which is now a ECFA-style "early post". The traditional GNAA "early post" will continue to be posted on all SCO stories, as insisted by upper GNAA management and its core team of fans. The illicit images and language will not be a part of the new combined organiztion. We do not condone any sexual lifestyle or race.

Have you ever stepped in DOG DOO-DOO [k9treat.com]

Are you MAD? [apa.org]

Do you KILL DOGS? [aapn.org]

Are you a MAD DOG KILLER? [k911emergencies.com]

If you answered "YES" to any of the above questions the ECFA (Euthanasia for Canus Familirous Association) is for you! You no longer need change your skin color or sexual lifestyle in order to become a member of an "EVIL TROLLING ORGANIZATION." Instead, you can work toward the noble of goal of INCREASING OUR SUPPLY OF O2! OVERPOPULATION of DOGS is RAPANT in this country. Did you know that DOGS turn BENEFICIAL O2 into CO2 simply to gain their energy to bark, drool, and howl? They ACTUALLY BURN OUR OXYGEN SUPPLY!!! One dog easily waste the Oxygen output of ten mature trees! This country has MANY UNWANTED, ABANDONED DOGS that WE ARE PAYING MONEY TO KEEP ALIVE. We are FEEDING them our food supply while making the homeless STARVE! Are you TIRED of having your TAXES increased? Humane Societies cost our country over $100 million annually. By using a Dog Killing Gadget, a dog can be turned into beneficial food, helping us all. We let children go hungry yet feed our **UNWANTED** dogs like royalty.

One dog can output over 10 lbs of droppings daily. One dog can aggrivate the allergies of untold numbers of people with its fast growing hair and all too common dandruff. Do you own a dog? Are you tired of its mess? Don't feel like planting ten trees and waiting 10 years for them to reach maturity? Then get it euthanized. Euthanasia is a painless way for a dog to... terminate. However, it can be too expensive to buy these drugs for the LARGE NUMBER of DOGS in the HUMANE SOCIETIES. It is thus proposed that these dogs be turned into food for the homeless. One dog can feed up to five homeless children for one day.

Many have wondered the best way to exterminate dogs. Euthanasia is by far the most clean method, but it taints the meat and is cost prohibitive. Thus, the most economical method is our K9Zap product featured on TechTV ($29.95), which deals a fatal shock to a dog up to 60lbs. Alternatively, the slightly messier bakers chocolate approach costs only about $0.30 per pound of dog. For more information, reply to this message or contact Gadgets for the Elimination of Dogs (GED). A rifle also works wonders, but may be against local codes, and is generally best to avoid in dog elimination.

WANT TO SUPPORT THE ECFA? Simply participate in our propaganda campaign to exterminate dogs. You can become a member of our slashdot trolling team, our usenet trolling team, or you can be a member of our local campaigning - by simply handing out brocures or posting signs outside humaine socities. If you have MOD POINTS, alternatively you can moderate this post UP to support our cause.

==This post brought to you by the Proud Dog Killers in #windows on EFNET.

A little poem... (-1, Troll)

Anonymous Coward | more than 9 years ago | (#10154005)

Roses are red,
Violets are blue,
If Kerry is for something
He's against it too

It deserves scrutiny (4, Insightful)

ebsf1 (689864) | more than 9 years ago | (#10154008)

I don't get them moaning that there is too much scrutiny being given to this. It is going to affect 90% + of all the computers in the world.

Re:It deserves scrutiny (2, Funny)

Jugalator (259273) | more than 9 years ago | (#10154047)

It is going to affect 90% + of all the computers in the world.

Yup, in one way or another.

At least it shows the MS Quality Assurance team don't use Dell. :-)

Re:It deserves scrutiny (1)

ebsf1 (689864) | more than 9 years ago | (#10154074)

Good point! It's interesting that they would miss something like this though. Must have spent too much time looking at the software impacts.

Re:It deserves scrutiny (4, Insightful)

Mordaximus (566304) | more than 9 years ago | (#10154134)

90%?? Your point is well taken, but unless XP SP2 also installs on 2000, ME, 98, 95 and under Wine, you've overestimated it's impact by a longshot.

any time now... (5, Funny)

dirvish (574948) | more than 9 years ago | (#10154011)

Well, just wait 'til Longhorn. It will be way better...in like 12 years, or maybe 14...

Re:any time now... (5, Funny)

Anonymous Coward | more than 9 years ago | (#10154068)

Laugh it up, but when will the HURD 1.0 be released?

CPU Driver Problem? (5, Informative)

kevlar (13509) | more than 9 years ago | (#10154013)

ZDNet is reporting that many Dell Inspiron users are reporting an extreme performance decrease since installing Windows XP SP2 - decreases as much as from 2.6ghz down to 300mhz. Dell claims no responsibility, claiming it is 'externally loaded software' and they don't support it. In the mean time there has been a fix posted on Dell's forums, which rolls back the processor driver."

Aren't 99% of drivers 3rd party software? The only thing MS does is bundle them together, but I believe that AMD or Intel et al are the ones who actually WRITE the device drivers. And if the performance of a new driver sucks, I'd chock that up to being a shitty driver, versus a shitty Service Pack...

Re:CPU Driver Problem? (2, Insightful)

braindead (33893) | more than 9 years ago | (#10154069)

CPU driver? CPU driver? What on earth is a CPU driver?

I mean, a driver is something that tells your computer how to talk to some piece of hwardware - say a modem. It maps from a common API (say, the windows API) to the specific API of the device (say, use Int21 with ax=3 to hang up the phone).

Are you saying there's a windows API to the CPU? Something like HWND add(HWN ax, HWN bx) ?
That makes no sense at all.

Someone please explain this to me.

Re:CPU Driver Problem? (2, Insightful)

dastrike (458983) | more than 9 years ago | (#10154097)

My guess would be that it includes CPU model specific definitions for power management and other features that need to be activated in a certain way by the OS for them to function.

This could also explain that the processor clocks it down as certain power management features do that to the processor.

Re:CPU Driver Problem? (5, Informative)

Kenja (541830) | more than 9 years ago | (#10154098)

A CPU driver in this case referes to a system driver that enables the OS to set the clock speed of the CPU for power saving modes.

Re:CPU Driver Problem? (1)

Creepy Crawler (680178) | more than 9 years ago | (#10154166)

ACPI takes care of that...

So is that a ACPI-firmware bus driver? As a driver tells a CPU how something is done. It seems rather unweildy for a software 'driver' to tell the CPU how to control itself.

Re:CPU Driver Problem? (4, Informative)

Kenja (541830) | more than 9 years ago | (#10154210)

Granted this is from AMD but its the same stuff.

"AMD Athlon(tm) 64 Processor Driver for Windows XP, Version (exe) 1.1.0.14 - AMD Athlon(tm) 64 Processor Driver for Windows XP allows the system to automatically adjust the CPU speed, voltage and power combination that match the instantaneous user performance need. Download this Setup Installation program (EXE) to automatically update all the files necessary for installation. This package is recommended for users whom desire a graphical user interface for installation. This .EXE driver is a user friendly localized software installation of the driver designed for end-users."

This is followed by a link to a file called CPUDRIVER.EXE, so as strange as it sounds ,there are actual drivers for Windows XP to make use of advanced power features on CPUs.

Re:CPU Driver Problem? (0)

Anonymous Coward | more than 9 years ago | (#10154112)

Just a guess (not having read the forum), but it could be related to the processor speed adjusting most laptops do (not sure if this is part of ACPI?). Like, maybe SP2 makes the laptop think it should always be running at 300 mhz.

News for Nerds but not for Slashdot Nerds (Part 2) (-1, Flamebait)

Anonymous Coward | more than 9 years ago | (#10154016)

I thought I'd bring you the "News for Nerds" that the Slashdot editors thought was not appropriate for you to discuss..

Is Linus secretly working for Microsoft? [forbes.com]

Critical security flaws in Kerberos found in Unix, Linux, and Mac OS [com.com]. Windows not affected.

The thing is, that I seem to remember a day when Slashdot was open and honest enough to discuss all sides of the issues. I guess this post will get whacked by an editor and my IP will get banned. Oh well... there are much better blogs out there nowadays anyway.

Re:News for Nerds but not for Slashdot Nerds (Part (2, Insightful)

Adam9 (93947) | more than 9 years ago | (#10154118)



Do you actually believe an article that has:
"Microsofties say they were more worried about Linux a few years ago, when it was a truly free program, spreading on its own, from user to user, like a virus."

The author insists on comparing Linux support costs to Windows product costs:

"If the Linux camp simply manages to create an operating system that does roughly what Windows does for roughly the same price, what will be the point?"

The author says the difference between support and the product is "semantics":

"... Red Hat ... charges $799 to $2,499 for each server running Linux. That's not for the software, mind you, but for "maintenance." Semantics aside, you're paying for Linux."

The author also drank some of the SCO Koolaid:
"You might need to buy insurance to protect you against lawsuits over intellectual property rights. (One outfit hawks such policies for $150,000 year.)"

Some other excerpts:
" IBM and Novell are pumping millions of dollars and mountains of brainpower into development of a commodity operating system--they are re-inventing the wheel."

Actually, I could just quote the entire article. I hope Daniel Lyons (author) got paid for his time in writing this press release for Microsoft.

Re:News for Nerds but not for Slashdot Nerds (Part (-1, Flamebait)

Anonymous Coward | more than 9 years ago | (#10154153)

There's no greater zealot than the converted...

Re:News for Nerds but not for Slashdot Nerds (Part (1)

presidentbeef (779674) | more than 9 years ago | (#10154203)

Well, since "semantics" deals with the meaning of words, I guess he's right! Too bad Red Hat is FREE, and support is an OPTION. Does Microsoft have that option? Do they even have support? I mean, like a service where they help you, rather than a service where you get to call and wait for someone who is completely incompetant to tell you to reboot? And charge you $19.99 per minute for it?

Re:News for Nerds but not for Slashdot Nerds (Part (-1)

Anonymous Coward | more than 9 years ago | (#10154211)

Hmm, I guess you left out the part where he directly quotes the town that really did pick Windows over Linux. Maybe that's why you didn't quote the whole article? Oh, and by the way... YHBT. YHL. HAND.

Why I didn't bother... (5, Interesting)

gordgekko (574109) | more than 9 years ago | (#10154019)

This is why I didn't bother. My XP Pro with SP1 is protected with a firewall, updated virus scanner and Spybot S&D's innoculator. Running Firefox and Thunderbird and anti-spam software doesn't hurt as well.

I might add that the free/OSS I have protecting my machine weighs in considerably less in terms of combined file size then does SP2.

Re:Why I didn't bother... (5, Funny)

Carnildo (712617) | more than 9 years ago | (#10154055)

Why I didn't bother:

I'm dual-booting 98SE and Gentoo Linux. '98 predates all the security holes, and Linux doesn't have any worth mentioning.

Re:Why I didn't bother... (1)

gordgekko (574109) | more than 9 years ago | (#10154129)

> '98 predates all the security holes, and Linux doesn't have any worth mentioning.

No security holes in 98SE? You must be running a magic version :-) I'm not even going to touch the Linux side of that comment.

On a more serious note, I think this once again shows us why we should trust no one with our computer security, not Bill Gates, not Steve Jobs, nor Linux Torvaldos. Do it yourself.

Re:Why I didn't bother... (1)

Marxist Hacker 42 (638312) | more than 9 years ago | (#10154081)

That's because it doesn't also re-optimize the whole damn API for a processor you probably don't own. I still can't believe I need to replace every damn dll in the API for a 64-bit AMD processor when I'm running on a Pentium III.....

Re:Why I didn't bother... (1)

AhBeeDoi (686955) | more than 9 years ago | (#10154190)

Unfortunately, all OSes are suffering from bloat these days. I suppose you can blame it on cheaper memory, disk space and faster hardware. That goes for OSS as well. On the other hand, if your OSS OS is only used as a firewall for your Windows box, then your comparison is as flawed as MS's infamous UK TCO comparison to Linux on big iron IBM.

Wow (-1, Flamebait)

Anonymous Coward | more than 9 years ago | (#10154020)

I didn't knew it was possible to f*ck up something already f*cked up.

Correction (0, Troll)

jakel2k (736582) | more than 9 years ago | (#10154023)

Finally, Microsoft warns that installing SP2 on a spyware-infested PC is a bad idea.

This should read, "Installing Microsoft Windows on *ANY* PC is a bad idea."

Sorry couldn't help myself.

Re:Correction (-1, Redundant)

jd (1658) | more than 9 years ago | (#10154114)

Uhhh, moderators?... How is something that is probably not too far from the truth a "troll"?

This just sucks (1, Informative)

ATAMAH (578546) | more than 9 years ago | (#10154024)

Things that i have been disabling as a rule, just like a "normal" procedure after a windows install - are still out there active on default and still need to be disabled. As the article says they are simply not required for home machine (in a vast majority of cases anyway). So what is this major security improvement they speak of if basic things that have been attacked for so long are left open?

Re:This just sucks (1)

man_of_mr_e (217855) | more than 9 years ago | (#10154142)

Having read the article, I have to wonder how anyone could claim that a DNS client isn't required for a home machine, or a DHCP client for that matter, or file sharing (many many users have small home networks, and many small businesses use the "home" edition)

Re:This just sucks (0)

ATAMAH (578546) | more than 9 years ago | (#10154165)

Yet much many more - do not. Those who do, however, can enable what they need. Insecure stuff needs to be disabled by default and then looked at if required.

So basically: (2, Insightful)

Sheetrock (152993) | more than 9 years ago | (#10154025)

SP2 doesn't patch every possible security flaw for now and forever?

Because I wasn't expecting that it would, but apparently somebody is. Unrealistic expectations also lead to insecure implementation.

Re:So basically: (5, Insightful)

wobblie (191824) | more than 9 years ago | (#10154078)

RTFA. The main gripe is that it doesn't follow braindead simple best security practices (e.g., not leaving services listening on the public net) , not that it doesn't fix all the holes.

Many of microsofts security problems could be fixed by just following best practices, and the built in firewall doesn't do shit.

Re:So basically: (5, Insightful)

GigsVT (208848) | more than 9 years ago | (#10154133)

MS really is in a bind here.

If they were to close off all those ports, they would risk all the clueless sysadmins screaming on MS forums that SP2 breaks everything, even basic windows sharing facilities.

I think the main point here is that MS has tried to appeal to people by saying that it's easy to be a sysadmin, that anyone can set up a network and run it. Real sysadmins all over the place freaked out, with good reason. They were accused of being set in their ways, etc, etc.

Now all those things that the skillful have said would happen, have happened. Rampant security problems, etc.

Urky colours! (0, Offtopic)

Anonymous Coward | more than 9 years ago | (#10154026)

Roses are red,
Violets are blue,
This colour scheme sucks,
Have some blue [slashdot.org]

I don't get it (4, Insightful)

WD_40 (156877) | more than 9 years ago | (#10154027)

I don't get why Microsoft insists on leaving so many services enabled by default. So many of them the average home user will not need, and like the reporter from The Reg said, if a sys admin needs those services, it will be trivial for him to enable them.

Re:I don't get it (4, Insightful)

Marxist Hacker 42 (638312) | more than 9 years ago | (#10154065)

To some extent the Reg Reporter was just FUDing- if you truly turned off everything that article said to turn off, you'd lose a lot of functionality.

Having said that- I was surprised by his port scan of a SP2 machine, since my own tests at ODOT showed NetBios inaccessible after SP2 install, killing the ability for SMS to see the machine (one of the reasons that I'm NOT allowed to do testing on the real network for SP2).

Re:I don't get it (1)

WD_40 (156877) | more than 9 years ago | (#10154082)

Yeah, I agree a lot of it was FUD. Unfortunately ou can't disable RPC or DCOM without major negative impacts, but several of the other services that are enabled by default are not needed by your average user. When it comes to security, minimalism is a good idea.

Re:I don't get it (2, Informative)

Marxist Hacker 42 (638312) | more than 9 years ago | (#10154126)

That was the other bit- RPC and DCOM are ON after an SP2 install, because if you actually read the documents from Microsoft, under SP2 there's a whole new accessibility layer built into the DCOM Server that checks the registry to see if this COM component can really be activated by a remote procedure call- and the default setting is "Yes, but authentication required, no anonymous connections." I know this because we've got a lot of DCOM here, and for EACH component we're going to need a separate group policy setting in Active Directory to get it all to run right.

Re:I don't get it (1)

WD_40 (156877) | more than 9 years ago | (#10154161)

It's nice to see that MS took that step. At least they're adding some sanity checks to those services you can't afford to turn off.

Re:I don't get it (1)

einhverfr (238914) | more than 9 years ago | (#10154160)

Why does RPC and DCOM have to be listening on public networks anyway? Because PPP depends on them? Why should PPP depend on them? Just because it saved MS a buck or two in development costs?

Here is the thing....

The *correct* approach is to have these things only listen on localhost by default and then if software needs to open up DCOM to the outside, have that installation be responsible for the registry changes. Also, such powerful things shouldn't be the basis for braindead dependencies (like PPP which depends on Client for Microsoft Networks, for some stupid reason). Even fi they are dependent, the PPP client should pass the information over localhost anyway, so disabling it on the network interface should be possible.

Anyway.... enough ranting. I am however seeing that MS can't design secure architectures if the survival of their company depended on it.

Re:I don't get it (1)

gordgekko (574109) | more than 9 years ago | (#10154175)

> Unfortunately ou can't disable RPC or DCOM without major negative impacts

I'm not that technically minded but what impacts? I've had DCOM shut off for over a year with no problems.

Re:I don't get it (0)

Anonymous Coward | more than 9 years ago | (#10154170)

I did not wait until MS finally included something that I;ve already had running for about 10 years. Yes my sytax has changed over the years but it has always started with something like this ;)

$IPTABLES -P INPUT DROP

In all honesty, you can buy and install or use any preinstalled software based firewall for Windows but 99% of the home computing world would be much better off going to an office store or even Walmart and buying a cheap ass simple $30 hardware router/switch/firewall and be done with it.

Re:I don't get it (0)

Anonymous Coward | more than 9 years ago | (#10154176)

As if Red Hat, SuSE, et al. don't leave a retarded set of services turned on by default. Let's see...NFS, NFS-RPC, PortMap, Sendmail, to name a few. There have been at least as many security flaws found in NFS and Sendmail as there have in Microsoft's RPC and NetBIOS.

Whoa! (2, Funny)

Jugalator (259273) | more than 9 years ago | (#10154033)

These news sure struck like lightning from a clear sky!

*phew*

I think I must sit down to recover from the shock.

Re:Whoa! (1)

wes33 (698200) | more than 9 years ago | (#10154162)

> like lightning from a clear sky as C. S. Lewis said of Tolkien's 'Lord of the Rings' when it appeared in the literary landscape in 1954 !

Oh boy an article from the Register! (2, Insightful)

Anonymous Coward | more than 9 years ago | (#10154036)

Now all I need to do is go down to the grocery store and buy my copy of the Inquiror and I'm all set for news.

Tell me again why people other than rabid Microsoft haters read that garbage?

Of course SP2 isn't completely secure...neither is *gasp* Linux *gasp*. Nothing plugged into the Internet ever will be.

Security has to be built in... (1)

datastalker (775227) | more than 9 years ago | (#10154038)

...not added on afterward. As soon as Microsoft realises this, they can placate people with XP SE 2, and work on incorporating security into LongHorn. This isn't a troll, just a plan of action that would make the most sense for them, maximise their inward cashflow, and still keep them on track (somewhat) for a release of LongHorn in 2006.

This just in (-1, Troll)

Anonymous Coward | more than 9 years ago | (#10154042)

I AM GOING TO FUCK YOUR HOT LITTLE ASS OFF

Lameness filter encountered. Post aborted!
Reason: Don't use so many caps. It's like YELLING.

From an Inspiron 9100 owner... (4, Interesting)

SoCalChris (573049) | more than 9 years ago | (#10154044)

I haven't had ANY decrease in performance. I have had a lot more stability with wireless networking now though.

Re:From an Inspiron 9100 owner... (0)

Anonymous Coward | more than 9 years ago | (#10154130)

Does anyone know what chips are effected? I've got a 2.8 P4HT on my 5150. I was hoping to install SP2 on Pro, but if it's going to cause a crappy clockrates, what's the point?

Easy Windows (3, Insightful)

jals (667347) | more than 9 years ago | (#10154045)

You Could say that if you disable and enable everything mentioned there, configure your machine so it is secure, you should be OK. But the problem with that is Windows is meant to be the option for the user who doesn't want to be dealing with configuration and settings to get their computer working.

not to be a jerk, but... (2, Interesting)

Trailer Trash (60756) | more than 9 years ago | (#10154046)

David Berlind writes that Service Pack 2 deserved the scrutiny it got- and charges that it failed to live up to Gates' Trusted Computing Initiative.

Okay, Mr. Berlind, did you actually fall for that and now you're surprised?

Re:not to be a jerk, but... (1)

Marxist Hacker 42 (638312) | more than 9 years ago | (#10154192)

Good question- he seemed to have earlier in the summer. You can find this article and more that he's written since May at This search page I created on SP2 articles at ZDNet [search.com]

My primary job function is slowly going away and being replaced with SP2 testing so right now I need to keep VERY informed on this subject. It seems to me most of the ZD Net staff were swept up in TCI hoopla- and wanted to test SP2 to see if it lived up to the hoopla.

Spyware infestation (5, Informative)

ogewo (652234) | more than 9 years ago | (#10154048)

If for some reason you DID load SP2 on a spyware infested computer and it is no longer booting just boot with the "Last known good configuration" option in the F8 boot menu. Uninstall SP2 (you may have to use XP system restore before doing this), remove spyware, reinstall SP2.

All I see is Security Center (1)

moankey (142715) | more than 9 years ago | (#10154051)

Whats the big deal? Seems all they did was add Security Center. No other enhancements I can see.
Is the author correct from a 2.6ghz to a 300 mhz. That seems a bit extreme if not exagerrated.

Re:All I see is Security Center (1, Informative)

Anonymous Coward | more than 9 years ago | (#10154131)

There are a bunch of other things which are actually useful:
- Popup blocking in IE
- Warnings when you try to download a file, run a downloaded file, or access a page with an ActiveX control
- Enhanced wireless networking; now I no longer have to use the program from my wireless card manufacturer if I want WPA-PSK
- Firewall on as soon as the system starts up

Firewall is on by default (4, Interesting)

sparks (7204) | more than 9 years ago | (#10154056)

Yes, perhaps there are things that could have been done better in SP2, but the simple act of filtering inbound connections is a massive step forward in security for Windows users.

I say it's a "massive step forward" because there are literally MILLIONS of windows machines which are never updated, don't run any firewall software, and which are directly connected to broadband ISPs. The people running these boxes truthfully don't know what they're doing in these matters.

Right now, those poeple have NOTHING. Now at least they will have something, albeit limited. This is a major improvement. Even the old XP internet connection firewall, if it had only been enabled by default, would have prevented Blaster from ever happening.

Of course there are some questionable exceptions in the new firewall default configuration, and no doubt the next generation of worms will take advantage of those - but at least the bar has been raised a little higher.

Re:Firewall is on by default (5, Insightful)

Psiren (6145) | more than 9 years ago | (#10154148)

I say it's a "massive step forward" because there are literally MILLIONS of windows machines which are never updated, don't run any firewall software, and which are directly connected to broadband ISPs. The people running these boxes truthfully don't know what they're doing in these matters.

So if these machines are not updated, and the owners don't know what they're doing, what makes you think they'll install SP2?

Re:Firewall is on by default (2, Insightful)

sparks (7204) | more than 9 years ago | (#10154156)

Oh, they won't, no doubt about that.

But I'm anticipating SP2 making it onto new PCs at some point soon.

Spy ware and SP1 (5, Informative)

Solidblu (241490) | more than 9 years ago | (#10154059)

"Microsoft warns that installing SP2 on a spyware-infested PC is a bad idea."

One word. DUH. If you even install sP1 on a spyware infested computer it can render it unbootable. I've run into atleast 10 machines this week that have had this same problem. I work at a university which is forcing students to install service pack 1. there are a lot of machines that can't even take the service pack because of the spyware the installs just hang or destroy the install on the computer. I feel bad for the students because they have to either format or pay to get thier comptuer fixed. It not thier fault or the universities fault. who would have thought forcing college students to update thier microsoft patches would be a bad idea.

Re:Spy ware and SP1 (1)

Creepy Crawler (680178) | more than 9 years ago | (#10154135)

What do they do with people running in Linux?

Yes, I do use a Linux-based desktop system, with no VMware crud. Just occasional Wine for the few programs that I require.

Works for me (1)

Aggrajag (716041) | more than 9 years ago | (#10154060)

At the moment my PC has a faulty DIMM (random crashes). It passes memtest but it is still faulty and the new one hasn't arrived yet. After installing SP2 my system has become much more stable and noticeably faster. And I don't use Windows' firewall for security as I've used Outpost Firewall for a year now.

slow downs not only on inspirons (0)

Anonymous Coward | more than 9 years ago | (#10154063)

ive noticed since ive installed, that if im running several programs at once, the system can suddenly become unresponsive altogether. ctrl-alt-delete even takes time to bring up the task manager. i never had this problem before sp2. only some of these programs are using the internet, so i dont see how the new maximum connections policy effects it. has anyone else had these problems (on a non-inspiron)? i was hoping for a better responsive system because i was told that it had recomplied core libraries with a newer version of the MS C complier

It's not THAT bad (0, Insightful)

Anonymous Coward | more than 9 years ago | (#10154084)

Remember what was out there previous to SP2. Sp2 is a major improvement, and just like anything else, there's still room for much more. I will be installing SP2 on every XP computer I can because it may not be the holy grail of computer science, but it's better than not installing it.

M$ spent a LOT of time and money on SP2 trying as hard as possible to make it a quality piece of code. Hell, my 400MHz laptop boots twice as fast w/ SP2 installed and I haven't had one piece of spyware install itself, and I was getting 3-10 a week before. Kudos to the guys at M$ who worked their ass off to make my ancient laptop a viable machine for years to come.

And it IS a Dell.

all in the spirit....and its manifestation... (2, Interesting)

3seas (184403) | more than 9 years ago | (#10154089)

.... The MS mindset of making people need them has resulted in a widely integrated manifestation of the user frustration function in their software.

Its this same manifestation of the application of doing things in software to "make people need them" that is causing all the security problems.

This security problem is not fixable by this mindset that cause it.

Its like an alcoholic or drug abuser, their mind is geard towards supporting the continuation of its vise. What I call a "self supporting dependancy". And under such conditions, as those who have admitted it and sough help, you have to have external help in order to be lead out of the blindness of the self supporting mindset.

Whos helping MS??? If anyone can?

Those CPU deceases are a GOOD thing... (0)

Anonymous Coward | more than 9 years ago | (#10154091)

...and is an indication that MS has finally crammed in all the secure goodness that they could fit into your CPU. The slower it gets, the more secure you are. I think you should be thankful.

ZDNet, huh... (3, Insightful)

Chris Mattern (191822) | more than 9 years ago | (#10154093)

> [Performance] decreases as much as from 2.6ghz down to 300mhz.

I'm not going to place any faith in benchmarks generated by someone who thinks performance is measured in clock speed.

Chris Mattern

Classic, just classic. (2, Funny)

A_Non_Moose (413034) | more than 9 years ago | (#10154099)

FTA,
We look to ZDNet as a beacon of light in IT journalism.

(pauses)

BWAAAHAHAHAHAHAHA!

All I can say to this person, is 'look out for the oncoming train...prolly complete with windows logo and named "longhorn".'

IT journalism, brought to you from the same folks of Military Intelligence.

Firewall defaults? (1)

ChangeOnInstall (589099) | more than 9 years ago | (#10154100)

In reading the article it almost sounded as though RPC, NetBios, and friends were still accessible under the default configuration. Is this the case or am I misreading the article or is the article incorrect? I was under the impression that the default firewall configuration in XP SP 2 was "accept nothing"?

And if I may make myself expressly clear on this point, this post contains no statements of fact, only a QUESTION.

Hrmm... (4, Funny)

Zygote-IC- (512412) | more than 9 years ago | (#10154104)

Finally, Microsoft warns that installing SP2 on a spyware-infested PC is a bad idea.

So basically, you don't want to install it on any computer running a Microsoft operating system that has been using a Microsoft browser or a Microsoft e-mail client.

Huh..I think I'm starting to see a pattern.

Re:Hrmm... (0)

Anonymous Coward | more than 9 years ago | (#10154147)

I'm so sick of people claiming that if you run Windows you have spyware. Come on people all it takes is half a brain to keep spyware free. Sure I've been duped once or twice, but a quick run of Adaware cures all. Problem solved.

The security center is soo worthless... (0)

Anonymous Coward | more than 9 years ago | (#10154107)

Try killing the process called "WSCNTFY.EXE" and see what happens... oh man it's great fun!

And to think someone wasted their time coding that POS.

RNC & Slashdot using the same strategy (-1, Troll)

Anonymous Coward | more than 9 years ago | (#10154108)

Fear mongering at its best. TERRORSTS! BUGS! SERCURITY!!!!!! OMG!

I've installed SP2 on probably 25 machines already with no issues. I know plenty of other people who have installed it happily as well.

Seems like an odd coincidence (2, Informative)

LiquidMind (150126) | more than 9 years ago | (#10154109)

"reporting an extreme performance decrease since installing Windows XP SP2 - decreases as much as from 2.6ghz down to 300mhz"

From the MS website regarding minimum requirements for running Windows XP:

PC with 300 megahertz or higher processor clock speed recommended (source) [microsoft.com]

which seems to be just enough to keep the system running. Coincidence? I think not....

Stop bitching (3, Insightful)

maelstrom (638) | more than 9 years ago | (#10154120)

Microsoft at least got some things right in SP2. Personally I usually run Linux. If you don't like it stop fucking whining and install Linux.

OT Google invites :)) (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#10154125)

Interesting... (4, Informative)

pc486 (86611) | more than 9 years ago | (#10154127)

"DHCP Client, automatic. Unnecessary on most home machines. Should be disabled by default."

Now, I'm no fan of Microsoft (Windows free for over 5 years now), but this is insane. Evey home user I have ever helped needs a DHCP client so that their computer can get an IP off the university LAN or off their brand-spankin'-new broadband router. To disable the DHCP client means to turn off the interweb for the majority of users. Greene went a little over the top it seems.

These Laws Need Names (2, Funny)

slipnslidemaster (516759) | more than 9 years ago | (#10154143)

Please don't mod troll or funny. I'm serious.

I think it's about time that we come up with as a community name for this law:

All the Odd Star Trek movies and Odd Microsoft service packs suck.

In all seriousness, it's service pack TWO!! I didn't load it just because of that and I'm dead serious. One of the guys decided to load it and sure enough, he's reloading his system from scratch. It will take the release of service pack 3 before I consider moving from SP1 and the current crop of hotfixes.

Didn't anyone learn anything from the NT service pack 2 debacle? How about NT service pack 4?? Now I know you are going to say service pack 6a but we all know this is the first time Microsoft uses an "a" and it should have been SP7.

Re:These Laws Need Names (1)

th1ckasabr1ck (752151) | more than 9 years ago | (#10154204)

All the Odd Star Trek movies and Odd Microsoft service packs suck.
In all seriousness, it's service pack TWO!!

Hey buddy, two is an even number, not an odd one.

Service Puke? (0)

Anonymous Coward | more than 9 years ago | (#10154152)

I once worked in a shop running NT4/IIS/ on an app and installing Service Pak 3 broke everything, so the system admins started calling them Service Pukes....

Windows XP SP2 installed OK for me... (1)

fitten (521191) | more than 9 years ago | (#10154172)

Athlon 64 3000+ => fine
Dell Inspiron 8600 => fine
Shuttle SN41G2 => fine
Frankenstein P3-933 => fine
Shuttle SN41G2 => fine (yes, I have two of them)

What people don't realize (1, Insightful)

Anonymous Coward | more than 9 years ago | (#10154183)

...Is that much of SP2 is designed to help protect users from themselves. The average Windows user has no idea what a firewall is and thinks a "precision date/time manager" is a pretty neat idea. He might even fall for those popup ads that look like message boxes. In this case, the extra warnings, popup blocking, automatic firewall, etc in SP2 are definitely very helpful.

Also note that many of the "flaws" in SP2 still have to do with users' stupidity. "A program running with admin privileges can make the security center falsely report that the firewall is on" - well duh, but why did you download that program in the first place, and why are you running it as admin?

Some suggestions a bit extreme? (1)

andymurph (803194) | more than 9 years ago | (#10154195)

The article reporter wrote a good security book that I reviewed on /. here [slashdot.org], so I know that he preaches shutting off services you're not using proactively, because if there's an exploit that comes out, you won't be affected by it. But this is too much: he says MS should disable DHCP and DNS clients. If you need them, you can turn them on. But I think a lot of Windows users won't know how to do that, and will get frustrated with that level of lockdown. Also he says javascript should be off, but it makes it hard to surf the Web. In his book he says it's safer to use Thunderbird or Mozilla with javascript, which makes more sense. He should have mentioned that in the article. Anyway, it's a good article; SP-2 is obviously more security talk than reality and it's about time someone looked at it carefully. I just think he overdid the paranoia level a little bit.

get a grip! (1)

mqx (792882) | more than 9 years ago | (#10154201)


Get a grip -- anyone reading this that has worked with a complex software product can tell you that these sorts of upgrades inevitably involve gitches -- even more so where the vendor (Microsoft) isn't able to test all possible operating scenarios (i.e. combinations of vendor hardware and software).

You'd be an idiot to think that with the size of SP2, that it would install on hundreds of millions of different computers without some gitches.

The fact that there is such an easy work around (i.e. driver rollback) says much to the credit of the O/S. How many Linux or other operating system upgrades would allow you to roll back discrete components (e.g. individual drivers, resource managers, etc)?

I do agree that Microsoft could be more aggressive with addressing security issues.

Take a balanced view folks!

WinXP happiness (0, Troll)

maximilln (654768) | more than 9 years ago | (#10154207)

I heard that SP2 enabled the Windows firewall. I don't know if it does or not.

I have a default install of WinXP on my work laptop. SP2 came out from automatic updates and was installed on my machine. Two days later IT sent out a memo not to install it until they had finished testing it. Oops. Oh well. I'll just not say anything.

A coworker and I were messing around at work and he was RDC'ing to a server upstairs. I asked him how often he used RDC and pattered on about my sshd on my home boxen but that I hadn't set up the remote X server. Eventually we both blinked and I asked him if he'd ever tried RDC'ing into another employees system. He shrugged and we decided that he should try to RDC to my computer across the office.

So he did. Now I had SP2 installed (sshhh!) but, amazingly, he was given a login box. When he entered his u/p combo, authenticating through our domain server so as not to deal with local accounts on my machine, he was presented with a box which warned (pph): "The user blahnameblah is currently logged in on system BLAHNAMEBLAH-CPU. If you continue that user will be logged out."

WTH? He's RDC'ing into *MY* system and HE gets the option to kick me out so that he can login? Well... we tested it, it worked. I was logged out and he happily logged in to browse my files. What's more, his account was magically created on my system and the default policy was to allow him the access to modify all the files on MY HD.

Some security... thanks SP2... or whatever.
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...