Learn about the plethora of security enhancements that Microsoft has included in Windows XP Service Pack 2, as well as how these security features could impair the functionality of some applications.
Windows XP SP2 a Big Step Forward in Security, but Breaks Things
About The Author
Eugenia Loli
Ex-programmer, ex-editor in chief at OSNews.com, now a visual artist/filmmaker.
Follow me on Twitter @EugeniaLoli
First, well done to MS for at last including a working firewall. Its an improvement.
That said, I’ve found a lot of Windows XP machines run better when down-graded to Windows 2000 which, even running a third-party firewall and AV scanner has a lower memory imprint than XP Pro default setup
Windows XP has gained from this SP, but it seriously needs to lose some weight. Microsoft have made in my opinion a bad mistake by adding more bloat. They should have set far more services to not run by default, or only when actually being used as even on my moderately powerful computer it feels notably heavier
Which isn’t helped by things like Windows(MSN) Messenger running by default, services which bug me to clean up my desktop (FFS!It’s MY desktop), flashy effects which seriously drain power on older machines and even make a noticeable difference on current hardware.
XP’s getting there security-wise, but it still has a lot to learn about not harrassing its user.
Seriosly. I call it X-tra P-lump.
To be honest, the fact it may break a few apps does not bother me, in fact it gives me more confidence in Microsoft that they might be taking security seriously enough to inconvenience a few third party software companys.
To apply the same standards I am used to in Linux to Windows, a little breakage ain’t bad if the results are worth it.
I don’t connect to the Internet with WinXP. I would rather know if they’ve fixed bugs and improved the timing problems of the USB system in relation to MIDI interfacing. I don’t care about security, but that’s all these articles cover. Is that all the SP covers??
If your install SP2 every java app stop working …. thats strange …. ;0)
The day after that: Police arrest some poor schmuck in a third-world country for releasing code from his old Pentium.
Seriously: It’s amazing how they can locate these so-called “crackers” in the third-world for revealing the Win32 holes that an oil tanker could hide in but cannot find the weaknesses in their own patches or service packs.
Hmmm
Spy-ware is not an MS only problem. Most of the syp-ware that I clean off of people’s computers, are installed by that rediculous active-x auto-install feature (that you irritatingly cannot turn off). However, Mozilla also has such an option. It is not utilized very much, but it will be if Mozilla is able to snatch enough of the market.
In Mozilla’s defense though, they are quite good at correcting problems like this within a very reasonable amount of time (not the 5 years it took MS to half address the issue, by changing the default action to “no [don’t install]” rather than “yes [install spy-ware]” – Mozilla is still defaulted to “Yes”).
What do you think?
heh, i have run into some spy-ware laden pages with mozilla nad what i get is a popup saying that the install failed “you have to press yes”. seems that while it support autoinstall it defaults no on all options so javascript or similar cant be used to fool your way around the system…
Mozilla still defaults to asking the user when it comes to xpi installs. I have never once seen an xpi install on mozilla without any user interaction. In Firefox theres a couple second delay after the window comes up asking to install before you can click ok. Hopefully that’ll make people read the warning.
I haven’t had a single app break. This story is a troll and I was suprised to see it here, but not to see it at Trolldot.
“Mozilla is still defaulted to “Yes”).”
As of Mozilla 1.7 RC3, there’s an XPI whitelist facility that’s on by default. You have to explictly whitelist a site in order for an XPI to be run from that location. [Note: at least, it *was* on by default in that release candidate. Some were advocating that it be switched off by default in the final release unless a more user-friendly UI for editing the list was checked in, but since I don’t have 1.7 final installed I can’t actually check.]
Anyway, when asking whether or not to install a given XPI, the Cancel button is now the default on the dialog (http://bugzilla.mozilla.org/show_bug.cgi?id=149478).
These changes will likely be working their way into Firefox soonish.
“That said, I’ve found a lot of Windows XP machines run better when down-graded to Windows 2000 which, even running a third-party firewall and AV scanner has a lower memory imprint than XP Pro default setup ”
Shouldn’t that be UPGRADED to Windows 2000?
Yep, you’re right about this. Much better to build your own system using 2k as a core than use XP which always feels to big and cumbersome for any job you throw at it.
If your install SP2 every java app stop working …. thats strange …. ;0)
From the article [on NX protection]:
“The biggest problem will come for applications that use just-in-time code creation.”
Personally, I think MS should let SP2 be installed on pirated copies. Not like anyone running a pirated copy has a right to service packs, but just the mere fact that these machines will still be online poses a potential security risk to everyone else. I mean, if one of these boxes get hacked and someone uses it as a spam relay or a D.O.S. zombie, we all suffer for it, and since MS is the one who created this monster in the first place, IMHO .. they should be responsible for killing it as well, even if it means some people using a pirated copy will benefit from the security enhancements.
Too true. But they aren’t going to change their minds, unfortunately.
i’ve been running sp2 since the very first public release candidate. installed rc2 about a week ago and i’ve run into zero problems. everything i run runs fine (ranges from several games, to 3dsmax, to vs.net2003, etc). rc2 even seems a bit ‘snappier’. no problem with java apps either. i *do* disagree with microsoft making sp2 even more intrusive than windows is already, but everything is easily ignored and shut off if you know what you’re doing.
a coworker has a dual processor amd64 machine and pretty much everything he uses often isn’t able to start without crashing. firefox, vs.net, etc. not good news.
just remove xp and use something else
this is not a “use linux” troll, but most of the malware targets xp or 2000
so either use linux, os/2, beos, win9x whatever, but not 2k or xp… no matter what service packs
just remove xp and use something else
And perhaps why? I have _never_, and I mean _never_ got any virus or spyware on my XP installation and _never_ ever needed to reinstall it. Last crash was 5-6 months ago because of buggy ATi drivers. That one single problem fixed with new drivers.
In 110% of virus/spyware cases the problem is between monitor and chair.
And for sidenote: I don’t have single pirated [read: Illegal] piece of software on my computer. Those warez-teenagers who run Kazaa 24/7, download cracked crap-virus software and stuff like that shouldn’t even wonder why their Windows doesn’t work.
how do you know you have no spyware ? the whole point of spyware is that the user does not know it is there ?
what do you use to check for spyware and virus ?
I am asking this because there is a guy in my work who has been using xp since it was released and he said he has never had spyware/virus/trojan but when we checked his machine it was riddled with them.
the rc2 of sp2 is actually worth installing. it makes windows noticeably speedier. as for installing win2k, i prefer xp. sure it takes a days worth of registry hacking and service tweeking to get it to b stable reliable an fast. but once u get it tweeked it is far supierior to win2k. the built in firewall while being adaquet for what it was designed for…still fscking sux.
how do you know you have no spyware ? the whole point of spyware is that the user does not know it is there ?
what do you use to check for spyware and virus ?
I use Ad-Aware, though I don’t run it resident .. only scan occassionally. Only once have I gotten spyware on my machine (my own fault) and the way I found out is that my firewall flagged it immediately as soon as it tried to access the Internet. As soon as I took a look at the running processes, I knew immediately which ones were the spyware.
With the release of WineX/Cedega 4.0 I’m now able to play all of the videogames I’ve been wanting to play on Linux. No more Windows for me.
I’ve had SP 2 installed for months now and it actually corrected an error induced by a hotfix that brought my memory footprint up by 100 MB.
It is safer, it is snappier, and it hasn’t broken anything. I run regular business apps and half-life type of games.
Install it, it runs fine. Don’t listen to the hype. If you are surfing with Internet Explorer, which somewhat pales to firefox, or you are forced to if you want to do online banking, please ensure you install Spybot and run immunize. takes a couple of minutes per pc, and spyware is gone.
Microsoft Fanboy
SP2 was the straw that broke the camel’s back for me. After installing it (RC 2, though I’d tried RC 1 on a previous installation), application start-up time skyrocketed, and PuTTY took forever to actually connect — even after I’d disabled Microsoft’s firewall (I use Kerio 2.1.5, which I’ve found to be the best personal software firewall around).
Power management still didn’t work on my laptop, and I lost multimedia key support. Memory usage skyrocketed.
Now I’ve switched to Windows 2000 (SP 4) and it runs like a dream.
Were I in charge over at MS, I’d set it up so that SP2 could be installed on a pirated copy, but on reboot wiped the partition table on the boot drive or deleted the %systemroot% folder or something like that. That would take those machines offline, fixing the pirated issue.
why do people have to rag so hard on 2000 and xp just because they’re the target of worms and virii and whatnot? if you know the very few simple steps to take to protect your computer, you have nothing to worry about. i’ve been running xp (including sp1 and sp2rc) since it came out, and i’ve never had a worm or virus hit me. spyware is a bit harder to completely block (especially if you’re like me and don’t like to run resident cpu/memory-chewing programs to detect it), but simply not using the outdated ie and running a scan once a week takes care of everything.
know your machine, and you’re fine. so what’s the problem?
“And for sidenote: I don’t have single pirated [read: Illegal] piece of software on my computer. Those warez-teenagers who run Kazaa 24/7, download cracked crap-virus software and stuff like that shouldn’t even wonder why their Windows doesn’t work.”
Sure, but if you wan’t to have a PC just to look at it, you can buy a painting, or something else.
By the way, you say you haven’t got a crash in 6 months, but I bet you have rebooted a thousand times for program installations.
Try Unix.
Darius stated:
“I use Ad-Aware, though I don’t run it resident .. only scan occassionally”
Though Ad-Aware is good, it doesn’t catch everything. I use it myself but have found that there are other apps that do detect things that Ad-Aware doesn’t. Try Spybot Search and Destroy and Webroot’s Spy Sweeper. You might find that there are somethings lurking that you might not be aware of.
Which firewall are you using? I personally like Sygate’s (bidirectional protection unlike the crappy built in firewall packaged with Windows). I have been considering getting ZoneLabs new firewall and security suite since I have read some good things about it.