Microsoft has taken the wraps off of Service Pack 2 for Windows XP. It addresses security concerns, fixes previous security issues, and implements new security features. In case you are slow on the uptake, Windows XP Service Pack 2 is all about security, says ArsTechnica.
Windows XP Service Pack 2 Beta first look
About The Author
Eugenia Loli
Ex-programmer, ex-editor in chief at OSNews.com, now a visual artist/filmmaker.
Follow me on Twitter @EugeniaLoli
These security features are nice, but aren’t they too little, too late? I mean, shouldn’t they have come packaged with XP from the get-go to avoid the many viruses and security flaws that plagued XP in 2003? And why does the update have to be so big? (I read that it will be over 200 megs!) Can’t it be compressed to a more reasonable size?
It is compressed. A big part of this update is newer binaries compiled with Microsoft’s better compilers that are supposed to produce better binaries.
Seems like a good idea even though late; however MS is still giving the w2k user the blind eye treatment. I suspect that MS will extend support for XP until Longhorn comes out. That will force many users to upgrade to XP then to Longhorn.
Seems to be more about the dollar than anything else. And whats with the death to linux thing, it doesnt impact you in anyway shape or form unless your name is Bill Gates.
You can order the Update on CD and MS sends it to you for free.
Thats a kind of service you don’t get from commercial Linux distributors.
Do some new apps contain managed code running on the .NET framework? Or will MS wait with .NET based apps until Longhorn?
You can orden the Update on CD and MS sends it to you for free.
Thats a kind of service you dont get from Linux-distributors.
Yeah, free + shipping and handling.
And linux distributors don’t put out 200 meg updates. They release their updates when they come out instead of building them up for this long.
Of course an upgrade like XP Service Pack 2 would constitute an entire version upgrade for a mainstream Linux distro.
Either way, a 200 meg update is insane. Why does everybody forget that the majority of us are still using 56Kbps and slower dialup connections?
This is a step in the right direction, nothing terribly innovative, but definitely a positive step.
“You can orden the Update on CD and MS sends it to you for free.
Thats a kind of service you dont get from Linux-distributors.”
There is no such thing as SP packs for linux. and technically speaking linux is just a kernel. Now as for the different distros there are updates for security reasons but these are generally other software other than the os that have security errors, and yes they are huge when you take all the updates for each piece of software. all the updates for mandrake 9.1 totalled about 300 mb for me. Not that its a huge problem considering i have broadband and if you dont. LinuxCentral has Updates CDs for the major distros if I remember correctly.
Besides if its a free os like Debian of course I dont expect them to ship me a free CD. MS could ship everyone XP for free and theyd still be rich. Nothing changes with their huge treasure chest
Please keep the conversation to the SP2’s advancements or problems and dont’ start yet another flamewar with LinuxVsWindows in the middle. All further Linux comments will be moderated down.
I wonder if MS improving/turning on by default the firewall is going to piss off companies like Zonelabs and Sygate. Furthermore, I wonder if it’s going to be functional enough so that you don’t really need an external firewall anymore if you don’t want to install one?
Generally, in these cases, either the company in question abandons their product, or distinguishes it by making it even better. None of the people I know (admittedly a statistically irrelevant sample) have registered ZoneAlarm; they stick w/ the free version. So, this may have little bearing on ZoneAlarm’s (paying) customer base.
While it may hurt certain companies I don’t think in the current climate anyone could argue against them adding this functionality to the OS.
I’m not suggesting that you are complaining btw, it’s just after all the controversy surrounding MS security of late it would be hypocritical if people used the fact that it might hurt a few software houses to start another MS flame.
“These security features are nice, but aren’t they too little, too late? I mean, shouldn’t they have come packaged with XP from the get-go to avoid the many viruses and security flaws that plagued XP in 2003? And why does the update have to be so big? (I read that it will be over 200 megs!) Can’t it be compressed to a more reasonable size?”
They got to start somewhere!
And regarding the size, it’s 200MB but still has debug symbols in it. The final size will be more like 100MB the same as SP1.
Gein
I was a Kerio Personal Firewall user, but when I got the SP2 beta, I uninstalled it. It seems that ICF is very much improved and can actually clcaim the title of a “firewall”. It takes care of the inbound and outbound connections. Plus, it has the program exception rules, and only opens ports that a program requires (ports are kept closed by default). It seems safe to use ICF as a main firewall.
I’m glad to see MS including a pop-up blocker in IE, but when the hell are they going to get around to including multi-tab viewing inside the browser like Mozilla or Firebird?
where? how?
Anyone know if MS is including an anti-virus program in XP SP2? That is a key security feature that shouldn’t be overlooked.
If they do so, MacAffee and others will sue MS for “anti-competing” and destroying the AV market. It is not an easy decision for this to be taken by MS for several reasons. If something like that would happen, MS would likely buy such a solution because it is not easy writing and populating an AV from scratch in a short period of time.
“If they do so, MacAffee and others will sue MS for “anti-competing” and destroying the AV market. It is not an easy decision for this to be taken by MS for several reasons. If something like that would happen, MS would likely buy such a solution because it is not easy writing and populating an AV from scratch in a short period of time.”
They have bought it.
A romanian solution called GeCAD.
http://www.enterpriseitplanet.com/security/news/article.php/2219911
http://www.silicon.com/software/security/0,39024655,10004596,00.htm
Gein
Actually, they did bought a small antivirus company some time ago. I don’t know if they’ll include their software in Windows soon thought.
Most people agree that AV s/w (in some form) will be included in longhorn
I am a student and parttime ‘technical support engineer’ at an european helpdesk. Well, I can tell you: firewalls do more harm than good. You have to understand people expect computers to be as simple as tvs. Well, they are not. So, people get paranoid when reading in newspapers ‘if you have a adsl/cable connection, you need a firewall’. Well, you do, if 1) You know what you are doing; or 2) You have a LOT of money on your bank account. My company uses Virtual Private Networking for their cable connection (l2tp protocol), and Boy, firewalls screw up!!! First thing I ask if they have a problem is: do you have zonealarm/norton internet security installed? If so, UNINSTALL. But however unfortunate, microsoft products are made to work for their IE, so if they extend their own firewall, I guess it will be a good thing… (expect for those people I advice to install Linux 🙂
Simon
MicroSoft bought GeCAD which was a company. In Romania. Who made the product “RAV AntiVirus” (which was a very good AV scanner for GNU/Linux) …
http://www.ravantivirus.com
“If they do so, MacAffee and others will sue MS for “anti-competing” and destroying the AV market. It is not an easy decision for this to be taken by MS for several reasons. If something like that would happen, MS would likely buy such a solution because it is not easy writing and populating an AV from scratch in a short period of time.”
I think it’s right that any OS company should and can build their OS and include anything they wish. I dun know why other companys and users gets upset at the fact MS uses their own software that comes bundle with their OS. They make the OS, they sell it for you to use, the fact you can build code for it is a right they give you if they really want to be crazed of it the OS can be the type where it’s illegal to even right your own programes for.
I am still using 56k dial-up service and I think Microsoft should send registered users update CDs. It seems that a company like AOL can fill stores and just about everyone’s mailbox with CDs but Microsoft will not.
A good advantage to having CDs is that when you have to do a clean install, you can apply all the patches you have so you do not have to log onto the internet totally naked.
I am glad there are third party firewall makers so I can install a firewall before grabing updates from Microsoft.
Any improvements security wise Microsoft makes to Windows is more than welcomed.
All they have to do now is make it easy to get and install updates.
But what about viruses installing software that can do DDoS attacks, or send spam for example? Well… As far as I can see thats one reason for a (Windows) computer user to have a firewall.
firewall is a must for everyone.
it protects you from virus/worm/malicious code and sometimes dirty port scans.
personally i use agnitum outpost (warning its not vevy
friendly with vpn).
glad too see MSs taking seriously about security this time(or from now on?)
first 2003 server than xp sp2, even a last security patch cd for 98 users.
i see hope in longhorn
“I am a student and parttime ‘technical support engineer’ at an european helpdesk. Well, I can tell you: firewalls do more harm than good. You have to understand people expect computers to be as simple as tvs. Well, they are not. So, people get paranoid when reading in newspapers ‘if you have a adsl/cable connection, you need a firewall’. Well, you do, if 1) You know what you are doing; or 2) You have a LOT of money on your bank account. My company uses Virtual Private Networking for their cable connection (l2tp protocol), and Boy, firewalls screw up!!! First thing I ask if they have a problem is: do you have zonealarm/norton internet security installed? If so, UNINSTALL.”
I hope you are just kidding about what you wrote, otherwise they probably shouldn’t be letting you use a computer. Advising someone to remove firewall software is wrong, even more so if they are incompetent. I’d rather have someone not have his applications working but be secure than having his applications working and be insecure.
To prove my point, I will use your example with the l2tp VPN connection. In such a situation, it will be preferable to tell the client that they are too stupid to connect to the VPN before ever telling them to remove their firewall. Management will prefer to have employees not be able to connect thru VPN over having them to be able to connect along with every single other person on the planet that has choosen to hack that users computer. Data Integrity and Security is far more important than Accessibility.
I would suggest that the proper steps of action you should take is to find a firewall that works, tell your company about it, make your company eat the cost and make it available at no cost to your end users, and then have it as a required installation to access VPN.
“A good advantage to having CDs is that when you have to do a clean install, you can apply all the patches you have so you do not have to log onto the internet totally naked.”
But is there any other way to log on, other than totally naked?
“I think it’s right that any OS company should and can build their OS and include anything they wish. I dun know why other companys and users gets upset at the fact MS uses their own software that comes bundle with their OS. They make the OS, they sell it for you to use, the fact you can build code for it is a right they give you if they really want to be crazed of it the OS can be the type where it’s illegal to even right your own programes for.”
The problem is not with them including their own software. The problem is that they do not release enough information about the internals of windows as they know. So they have an advantage to creating faster/more compatible programs.
Just look at this statement from Microsoft. “Microsoft felt that customers were better served by using Apple’s browser, noting that Microsoft does not have the access to the Macintosh operating system that it would need to compete.”
Sure and the very second they include multi-tab browsing, someone here will be claiming they stole the idea from one of the other browsers that support it. (no win situation)
I have used browsers that support multi-tab, and personally I don’t really care for it. If you really need that function included in your browser, use someone elses.
No big deal, and likely not something MS is terribly worried about given their current sitution.
=====
firewall is a must for everyone.
it protects you from virus/worm/malicious code and sometimes dirty port scans.
=====
Do not mix the terms “firewall” with “av software”
A firewall filters your network traffic but it doesn’t protect you from any virus or malicious code. From some types of worms you aren’t protected either.
That’s when your av software kicks in. The av software protects you from known virusses and worms but not from malicious code.
And port scans aren’t more dangerous than a kid doing some ringing realm.
Yeah if they’ve added outbound checking to ICF, then it’s credible now. I personally find the app level deals like zonealarm to be a pain, but they do add security. I personally kind of like outpost free firewall better than ZA. Add a nice tool like Trojan Defense Suite and you’ve got some decent security for avoiding reverse shells / backdoors. It would be nice if MS came up with a nice tripwire alternative (it’s too expensive on windows). I think integrity checking is a good thing.
The 200 meg sucks. I will have to order the CD, or just apply small security patches instead.
This is not a release of a new OS, just an update to a couple of featurs plus a revamping of some aspects of security. As an update it looks pretty nice IMHO. I especially like the revamp of wireless, while I don’t really care too much about the UI update I found the original wireless UI a little flaky.
Also I must say that to tell a user to uninstall the firewall is questionable at best. First of all, with the exception of NAT, most firewall related issues with VPNs can be resolved by simply opening the correct ports with appropriate packet types. NAT traversal based problems of course can not be resolved except by removing the NAT. To tell them to uninstall the firewall to allow VON access borders on negligent. At most you should tell them that the firewall may be interfering with operation if the VPN and to contact the firewall manufacturers support.
First thing I ask if they have a problem is: do you have zonealarm/norton internet security installed? If so, UNINSTALL.
Don’t say that to your boss. You might risk your part-time job.
There are one or two firewalls for windows that are dumb proof. If the person is so stupid that he/she can’t learn what afirewall basically does on the OS then it’s better not tell him/her to uninstall. One can tell him/her to let the mail and browser programs to access the web and deny access to all the others … speccially svchost.
On a seconf tought, I would not trust a firewall from Microsoft running on their OS. They always try to collect some data, if not to check the activation and the apps you have installed then it will be to collect debuging information.
My best choice would be to disable Microsoft firewall and buy Sygate or use a free firewall.
Just my € 0.002
I’m glad to see MS including a pop-up blocker in IE, but when the hell are they going to get around to including multi-tab viewing inside the browser like Mozilla or Firebird?
Probably never. I have a feeling that Microsoft considers tabbed-browsing to be a kissing cousin of MDI (multi-document interface), which has been officially deprecated for some time now.
They make the OS, they sell it for you to use, the fact you can build code for it is a right they give you if they really want to be crazed of it the OS can be the type where it’s illegal to even right your own programes for
Yeah, that would be useful. An OS with no developers == an OS with no users.
I am not sure if this is fixed or not but outlook just
crashes left and right .
XP workstation with sp1 seems very unstable which lock ups randomly running simple outlook or word ???
I had always thought M$ used the Intel compilers, why would they make their own?
“The problem is not with them including their own software. The problem is that they do not release enough information about the internals of windows as they know. So they have an advantage to creating faster/more compatible programs.”
You are very right about that. The way I think MS and all companys should do with their OSes is instead of pre-installing the programes give out another cd along side of the OS with their software. This gives the user the choice and I think that is very fair. Also it would be nice if they can let devs know more about how the OS works.
“Yeah, that would be useful. An OS with no developers == an OS with no users.”
Yup your right about that too. However my point was instead of fussing about what they do allow you to have enjoy what you got or just leave it for a better OS. I use windows and linux and love to mess around with other OSes as well.
I think it’s right that any OS company should and can build their OS and include anything they wish.
———
You are welcome to think that, but in the USA anyway, that’s not true. After learning about the problems of unrestrained monopolies in the early 1900s, the federal government instituted regulations carefully controlling the rights of monopolies. These regulations often prevent monopolies from doing whatever they want with their own products. If you do not like these laws, please feel free to lobby to get them changed.
PS> For those who are interested — the reasoning behind government control of monopolies in a supposedly “free market” system is thus: a monopoly is actually an anomoly of a free market. Unlike a competitive market, a market in which there is a monopoly is economically inefficient — they take more resources to produce a given amount of product than are necessary. It is similar to making hamburgers with two patties, but throwing one of them away before selling it. Its not that economic benefit in this situation is shifted from the consumer to the monopoly, but rather, potential economic benefit is lost for society as a whole. Thus, it is almost a requirement of free market economies to have some level of control over monopoly markets, turning them into competitive markets before they do too much damage.
Public goods (education, defense, the environment, etc) are also anomolies in a free market economy, which is why the government has regulations for those markets as well.
Some of you stated that having someone remove a firewall is neglagent. In 98 you can just remove netBIOS and there are 0 services in listening state anyway. XP is different but, almost ALL of the end users I know that are using firewalls just click “yes” to every question zone alarm ask them. In the event the firewall does bock something they didn’t get a chance to click yet to it spits some message like:
“somene is trying to HACK you, they are trying to STEAL your data, and we STOPPED the HACKER, the pro version will TRACK DOWN the HACKER PIG and make him BEG for mercey”
And 95% of the time the firewall does this it’s just arp broadcasts or someonething else mildly less threatening than a port scan. Some of the scare tactics used by many firewall companies to get people to “upgrade” or convince them they installed the right product makes me want to break something. I have always liked tiny personal firewall but any firewall is only as good as the person that configures it. I am using the SP2 firewall and so far I am pleased with it.
The Service Pack is a rollup of SP1 + all hotfixes since then (up to a certain point) and then the recompiled code, new features, and such.
As such, there will be an ‘express’ version of SP2, which will download only an installer which will then scan your computer and then go out and download only the updates that you need for your system, which means if you’ve downloaded all the hotfixes already, there is not much you will have to download.
Also, Microsoft is still testing the ‘PC Satisfaction Trial’, google it, it includes AV software, among other items, and is rumored to be released with SP2.
okay, correct me if i am wrong but isn’t a patch or how microsoft calls it a ‘service pack’ supposed to fix bugs/vulnerabilities, all in all shouldn’t it make the whole system more stable? – SO HOW IN THE WORLD CAN A PATCH BE BETA? BETA!!!!
<<<The problem is not with them including their own software. The problem is that they do not release enough information about the internals of windows as they know. So they have an advantage to creating faster/more compatible programs.>>>
Remy, obviously if vendors of AV programs are able to produce their products, sufficient information exists on Windows internals.
Because they need to test it to see if all the patches work together on more than one setup? Remember that most business users don’t use Windows Update.
This is true; AV companies have had access to underlying code for Windows.
But…That doesn’t prevent Microsoft from changing code to make sure that most AV products don’t work, causing people to start using the built in AV software from Microsoft.
This is exactly how Microsoft won the browser war with Netscape; integrate the web browser directly into the OS, then shut off access for Netscape to develop theirs the same way.
“Please keep the conversation to the SP2’s advancements or problems and dont’ start yet another flamewar with LinuxVsWindows in the middle. All further Linux comments will be moderated down.”
How odd that I did not see this comment in the Linux Kernel article posted yesterday. Here is my suggestion:
“Please keep the conversation to the Linux Stable Kernel advancements or problems and dont’ start yet another flamewar with LinuxVsWindows in the middle. All further Windows comments will be moderated down.”
Feel free to cut & paste it…
>> These security features are nice, but aren’t they too little, too late? I mean, shouldn’t they have come packaged with XP from the get-go to avoid the many viruses and security flaws that plagued XP in 2003? <<
That is like saying why didn’t SSH fix all their security problems before they released their product. Come on stop spreading FUD and actually realize that MS might not have the greatest past but they are putting out a pretty desent product and trying to correct the mistakes they made in the past by making security flexible, easy to use, but powerful enough to protect the computer.
Personally I don’t use any of the software firewalls because I let my router with it’s own firewall handle that. And pretty much the only things those firewalls do is product people from getting in not out. So that is why I feel that a port block on my router does just fine for my firewall needs.
>>I am still using 56k dial-up service and I think Microsoft should send registered users update CDs. It seems that a company like AOL can fill stores and just about everyone’s mailbox with CDs but Microsoft will not. <<
Come on shipping and handling is only like 5.00 at most. In addition AOL is trying to force a product on you, Microsoft isn’t, they don’t care if you apply a patch it is not extra money for them. What they should do is include the patch on AOL CD’s.
A good advantage to having CDs is that when you have to do a clean install, you can apply all the patches you have so you do not have to log onto the internet totally naked.
>> All they have to do now is make it easy to get and install updates. <<
http://windowsupdate.microsoft.com
I think with the new VC++ compiler they just released that is ~98% complete that that is what everybody is talking about.
This is exactly how Microsoft won the browser war with Netscape; integrate the web browser directly into the OS, then shut off access for Netscape to develop theirs the same way.
That’s not true, MS won the browser market from netscape by giving it away for free whilst you had to pay for netscape. Incidently, the US government asked MS to do this as it they were worried about the monopoly Netscape were starting to form over something as important as the internet.
I do not argue that AV software companies have more access to the internals of windows than other software companies. Actually I do not think I even responded directly to AV software.
Microsoft will always have the upper hand in developing software for their own platform. They release “enough” information so that the software works but they do not release all the information they could….
It’s the same way for the Mac and any other closed source OS.
Isn’t there a distinct possibility that the changes to RCP’s permissions will screw up some network apps and games that were coded with the original permissions (re: God-level access) in mind? Has anyone here who has the beta had any problems?
I got so sidetracked by the obvious that I almost forgot to comment on the service pack. Yes, it’s about time MS does something about their customers’ pleas for support. I’ve been eagerly awaiting this. It’s very much a good thing
Yay MS
>> This is exactly how Microsoft won the browser war with Netscape; integrate the web browser directly into the OS, then shut off access for Netscape to develop theirs the same way. <<
That is not true. Netscape just stopped developing their browser. I mean how long did it take for Netscape to go from that horrible-under-standarized browser to the current 6.0.
Microsoft in the mean time said we will give away our browser and make it better than the competition, and they did that for 3 years while Netscape got their act together and started to release good stuff like Mozilla.
The browser war wasn’t Microsoft’s fault it was Netscape for sitting on top of their hill saying we don’t need to put out anything any more that is qaulity because we own the market.
Also on a side note what happened to Netscape 5.0?
While there is a terrible news, it’s good to see how quickly a patch was produced. I wonder how long the vulnerability was known about before this was brought to the kernel maintainers attention. Do we know if this was figured out by the black hat community (the “many eyes”) first? And, also, note that XP is not affected by this security hole.
This comes from the 2.4.24 thread. Please take this and note it. The fix for the Linux vulnerability will _NOT_ be included in your Microsoft’s SP2.
[I feel since this message belongs on MS related news (not kernel.org news) then it needs to be included here. Please keep all MS related comments within the MS targeted threads. ]
Bravo!
“Come on shipping and handling is only like 5.00 at most.”
The amount of money isn’t the issue. That Microsoft sells a product that needs to be patched to fix glaring holes and then wants to charge you for the patch is the issue. The wealthiest corporation in the world needs to squeeze an extra 5 bucks out of each of us?
<<<But…That doesn’t prevent Microsoft from changing code to make sure that most AV products don’t work, causing people to start using the built in AV software from Microsoft.>>>
I’ve heard that canard put forth time and time again without any proof. Look, there are plenty of AV vendors, and each of them has had no problems getting their software to run with existing Win32 APIs. If MS were to break those APIs, they’d break a lot more apps than must AV vendors. So, consequently, such a charge just isn’t credible.
>>>The amount of money isn’t the issue. That Microsoft sells a product that needs to be patched to fix glaring holes and then wants to charge you for the patch is the issue. The wealthiest corporation in the world needs to squeeze an extra 5 bucks out of each of us?
You can download all the security patches yourself for free. Most of the space in the 200 Meg file is for ADDITIONAL NEW security features.
For those who are interested — the reasoning behind government control of monopolies in a supposedly “free market” system is thus: a monopoly is actually an anomoly of a free market.
A monopoly is the logical *product* of the free market, not an anomaly. If they were an anomaly, the free market wouldn’t need outside control (government regulation) to keep them under control.
Given time in a free market, eventually the biggest player(s) will start working (together) to screw the consumers and raise significant barriers to market entry.
Unlike a competitive market, a market in which there is a monopoly is economically inefficient — they take more resources to produce a given amount of product than are necessary. It is similar to making hamburgers with two patties, but throwing one of them away before selling it.
Monopolies aren’t (necessarily) resource inefficient, they are simply in a position to be able to charge any price they please, and not “market value”.
Thus, it is almost a requirement of free market economies to have some level of control over monopoly markets, turning them into competitive markets before they do too much damage.
The biggest problem with monopoly laws is that companies have no way of knowing if they’re a monopoly until after they’ve been legally found one – and pretty much the only time that ever happens is after they’ve been charged with abusing monopoly power and found guilty. In other words, it’s kind of hard to avoid abusing monopoly powers, because you generally don’t know you are until it’s too late.
The same way AOL spams us with their CDs everytime there is a new version out, Microsoft should send the new service pack to all users who have bought Windows XP. This would make the users who don’t pay attention to updates aware of the new security features and hopefully fix ALL user’s computers. In addition to the service pack Microsoft could include some new themes or games or something simple, this way users who don’t care about security are encouraged to upgrade.
This solution would benifit everyone. Microsoft’s OS will be more secure and thus more trusted, so they will mantain good customer relations. Everyday users will have less viri and can even get some *cool* new features. And the internet in general won’t be plagued by all of the masses of infections and lag.
While they’re at it M$ really needs to include anti-virus software in their OS. As nice as firewall protection is, it means nothing without anti-virus software which has become subscription based with the big companies and is often neglected by home users once their trial perior expires.
———————–
You can order the Update on CD and MS sends it to you for free.
Thats a kind of service you don’t get from commercial Linux distributors.
———————–
LOL, yeah I guess having your entire OS available for ISO download for free kind of superceeds that need.