Why are people so desperate to install WinXP SP2?

[n0cmonkey]

Originally posted by: VirtualLarry

Originally posted by: bsobel

And now, with XP SP2, it's not doing that. Only a single IP within that block is allowed access.

The important part of that quote was "The third sentence, which says that 127.0.0.1 with a bitmask of 32 is the common implementation for loopback- a bitmask of 32 means that only 127.0.0.1 is loopback, not 127.0.0.x. The second sentence can be taken to imply that 127.x.x.x could all loopback, but the third says that this is not the ordinary implementation." Not saying MS shouldn't restore the previous functionality (doesn't appear it was intentionally removed), I was just commenting that I don't think the RFC is as clear as you suggested on the issue. The hotfix is available and that will migrate into a public fix after it gets regressed.

I was just trying to point out, that even as you quoted, the standard calls for the entire block of 127.x.x.x IPs to be considered the localhost loopback.

The fact that it also mentions that a common implementation only supports 127.0.0.1, doesn't make that the actual standard, IMHO, just an example. The actual standard reserves that entire IP range/block, and that fact is well-understood among networking people. The fact that otherwise legitimate and working networking apps broke because of MS's code changes also tends to support that.

A lot of RFCs are left intentionally vague so that implimentations can differ a bit. I'm guessing that the whole 127.0.0.0/8 range is used for loopback on Windows OSes, just that only 127.0.0.1 is implimented. I don't think I've seen an OS that sets up 127.0.0.2 or any other by default.

 

[EULA]

I've had absolutely no problems whatsoever with SP2. All my applications work just fine, however, I did a clean install of XP and loaded applications afterward.

 

[imported_Phil]

Originally posted by: EULA
IMPORTANT: THIS SOFTWARE END-USER LICENSE AGREEMENT ("EULA") IS A LEGAL AGREEMENT BETWEEN YOU (EITHER AN INDIVIDUAL OR, IF PURCHASED OR OTHERWISE ACQUIRED BY OR FOR AN ENTITY, AN ENTITY) AND CONSR TECHNOLOGIES. READ IT CAREFULLY BEFORE COMPLETING THE INSTALLATION PROCESS AND USING THE SOFTWARE.

What?

 

[Skipholiday]

Sp2 changed my ctrl alt delete. It now only shows the cpu usage graph and history.
No biggy..

 

[bsobel]

Originally posted by: SKipholiday
Sp2 changed my ctrl alt delete. It now only shows the cpu usage graph and history.
No biggy..

Double click on the border (and SP2 didnt' do this...)
Bill

 

[bsobel]

No, I don't do any portscanning, I'm just bothered by MS putting arbitrary limits on basic features of the OS. What's next? Only being allowed to run three programs at a time? (Oh wait, they already did do that...)

You do understand this isn't a connection limit, it's an outstanding connection queue. I'm thrilled that MS put this in, it will help slow the next worm that hits. Do you believe you this change is affecting your usage somehow? (I'm just curious why this bothers you (honestly) as I don't think the change is arbitrary).

As for 3 programs, are you refering to PE or something else?

Bill

 

[bluehorizon]

Originally posted by: oldman420

cons.
1, breaks most apps that depend on activex and it also breaks some auto update features on some programs.
2, limits the number of tcpip connections making it much harder to do peer to peer file sharing
3, breaks some games Dependant on tcpip
4, for the expert it is annoying to have to deal with the security center and some other warnings that must be replied to.
5, as a beta it broke every single machine i put it on.
6, its a hassle to dl it though win update will automate most of that.

Jerome

1. Where do you get that info from? Never broke any apps on any of the systems I've installed it on. It's worked like a charm.
2. That can be changed with a little tweaking, and really, I have no sympathy for people who have a little harder time downloading all of those pirated apps from peer to peer networks.
3. huh? Where did you get that from?
4. It's VERY simple to turn that feature off. Just a couple mouse clicks and no more security messages. How's that a con?
5. Is that a con? This isn't beta, it's the final release. You should expect a beta to break things. How is that related to the final release version?
6. You can get it on CD for free. You can download it with broadband in a matter of minutes. If you have dial-up, get it off of CD. Not a big deal at all.

I don't see any of your cons being cons. I'm not a SP2 advocate, but if I see some misinformation, I'm going to point it out

 

[oldman420]

Originally posted by: bluehorizon

Originally posted by: oldman420

cons.
1, breaks most apps that depend on activex and it also breaks some auto update features on some programs.
2, limits the number of tcpip connections making it much harder to do peer to peer file sharing
3, breaks some games Dependant on tcpip
4, for the expert it is annoying to have to deal with the security center and some other warnings that must be replied to.
5, as a beta it broke every single machine i put it on.
6, its a hassle to dl it though win update will automate most of that.

Jerome

1. Where do you get that info from? Never broke any apps on any of the systems I've installed it on. It's worked like a charm.
2. That can be changed with a little tweaking, and really, I have no sympathy for people who have a little harder time downloading all of those pirated apps from peer to peer networks.
3. huh? Where did you get that from?
4. It's VERY simple to turn that feature off. Just a couple mouse clicks and no more security messages. How's that a con?
5. Is that a con? This isn't beta, it's the final release. You should expect a beta to break things. How is that related to the final release version?
6. You can get it on CD for free. You can download it with broadband in a matter of minutes. If you have dial-up, get it off of CD. Not a big deal at all.

I don't see any of your cons being cons. I'm not a SP2 advocate, but if I see some misinformation, I'm going to point it out

like i said in my experience. however i may be wrong here and there. i had to get somewhat creative in order to find ANY cons at all so try to cut me a little slack. i run sp2 no prob myself and really only had problems in the beta stage.

 

[HOOSDAMAN]

There is something called "testing". You are not supposed to put something like SP2 or any major service pack of any operating system on a "production" day-to-day machine right away. You are supposed to test it on a non-critical machine first. When you test all of your applications out, and get all updates for those pieces of software to work with SP2, then you can update the "production" day-to-day machine. Unless this "testing" was done, your friends should not complain too much. Just to inform people here, I have installed this on a machine that has a bunch of apps installed, and so far, no problems. Here is a list of some of the apps that I use for work:

Remedy User
DBArtisan
Secure Shell
Cisco IP/TV Viewer
ER/Studio
Toad
Oracle Financials
Photoshop
Illustrator
Lotus Notes v5 and v6.52
PVCS
SameTime
ACDSee
PowerDVD
CloneCD
GrabitPro
Hummingbird
UltraEdit
VMWare Workstation
WinZip
WinRAR
Sybase Client
SpyBot
Palm Desktop
McAfee 7.1 Ent.
Office Suite 2003
Other misc software.

None of it has given me any problems. Full functional.

Originally posted by: txxxx

Originally posted by: Mem

When it currently causes more damage than good?!

Hmmm what damage?Working great on both my PCs,SP2 has security improvements which is one good reason to install it,besides it`s free to download .

I've already have 2 friends moan about applications that dont work - which they need for day to day use.

Now here's some scary results although a sample of 900 is a little small.

Needless to say, I do wish whoever throw's themselves in SP2 did list their PC spec + main apps that did fail.

 

[VirtualLarry]

Here's a new one, XP SP2 breaks VPN connections to servers (or is it the clients, I just skimmed the article) that are NAT'ed.

ZDNet
MSKB article

 

[HOOSDAMAN]

You sure about that? I use Nortel's VPN client and it has no issues. I am able to stay on VPN for an entire day. I know that the web-based VPN, Juniper Networks, has issues.

 

[bsobel]

Originally posted by: HOOSDAMAN
You sure about that? I use Nortel's VPN client and it has no issues. I am able to stay on VPN for an entire day. I know that the web-based VPN, Juniper Networks, has issues.

The article is specifically talking about MS's own L2TP client.
Bill

 

[tm37]

Kills NOAH so the hearing aid industry is freaking little.

 

[bsobel]

Originally posted by: tm37
Kills NOAH so the hearing aid industry is freaking little.

Ok, I'll ask, what is NOAH?

 

[stash]

I think it's this:

http://www.noah3.com/frames/NOAH3_whatis.html

 

[bsobel]

Originally posted by: tm37
Kills NOAH so the hearing aid industry is freaking little.

Just curious, have a link or something (the site STaSH mentioned doesn't seem to report any SP2 issues)
Bill

 

[VirtualLarry]

http://www.pcmag.com/article2/0,1759,1639276,00.asp

More issues - XP SP2 "Security Center" spoofing exploit. Pretty-much expected, which is why the addition of the new "Security Center" actually in fact can do more harm than good. ("A false sense of security is worse than no security at all.")

One more good reason to immediately disable that service on all new XP SP2 installations.

 

[stash]

One more good reason to immediately disable that service on all new XP SP2 installations

No, this is one more reason to not run your computer as an admin for everything. The article says that if I get you to click on something, and you are an administrator then I can do anything I want. What makes you think this is isolated to the Security Center?

Does Microsoft need to do more to get Windows users to stop logging in as an administrator? Yes. Do third-party programmers need to stop writing lazy code that only works as an admin or power user? Yes. But this "flaw" isn't anything new. If something gets on your box and has administrative access, you no longer own that box.

 

[bsobel]

Originally posted by: STaSh

One more good reason to immediately disable that service on all new XP SP2 installations

No, this is one more reason to not run your computer as an admin for everything. The article says that if I get you to click on something, and you are an administrator then I can do anything I want. What makes you think this is isolated to the Security Center?

Does Microsoft need to do more to get Windows users to stop logging in as an administrator? Yes. Do third-party programmers need to stop writing lazy code that only works as an admin or power user? Yes. But this "flaw" isn't anything new. If something gets on your box and has administrative access, you no longer own that box.

Amen.

 

[eastvillager]

Some of the apps broken by SP2 needed to be broken, imho. Too many lazy programmers out there used to coding in a security vacuum.

 

[eastvillager]

Some of the apps broken by SP2 needed to be broken, imho. Too many lazy programmers out there used to coding in a security vacuum.

 

[spyordie007]

Originally posted by: bsobel

Originally posted by: STaSh

One more good reason to immediately disable that service on all new XP SP2 installations

No, this is one more reason to not run your computer as an admin for everything. The article says that if I get you to click on something, and you are an administrator then I can do anything I want. What makes you think this is isolated to the Security Center?

Does Microsoft need to do more to get Windows users to stop logging in as an administrator? Yes. Do third-party programmers need to stop writing lazy code that only works as an admin or power user? Yes. But this "flaw" isn't anything new. If something gets on your box and has administrative access, you no longer own that box.

Amen.

I couldnt agree more

Some of the apps broken by SP2 needed to be broken, imho. Too many lazy programmers out there used to coding in a security vacuum.

again, I couldnt agree more

 

[bigpow]

Defrag my hard drive(s).

Did you install the SP2 over your Windows 3.11?

 

[MmmSkyscraper]

I installed the beta a few months ago on a previous install and no problems. Yesterday I installed the new version and all seemed fine until the reboot.

1. Got stuck on the intermediate screen you normally see when checking disks or converting to NTFS with a "Please wait..." message. Gave it 15 minutes but that seemed pretty terminal to me.

2. Got past that on the third reboot, crashed after the option to turn on Automatic updates.

3. After that it wouldn't boot past logon, just an hourglass.

4. Had to safe mode and uninstall. I tried removing devices etc (there was a lot of miniport stuff in the networking, I guess that's part of SP2?) but it wouldn't let go of anything.

I'm not complaining btw, just posting my experience. Think I'll slipstream and reinstall from that.

Edit: Actually this is the first time I've ever had a problem using a service pack and I must have done over 200 by now.

 

[VirtualLarry]

Originally posted by: STaSh

One more good reason to immediately disable that service on all new XP SP2 installations

No, this is one more reason to not run your computer as an admin for everything. The article says that if I get you to click on something, and you are an administrator then I can do anything I want. What makes you think this is isolated to the Security Center?

Does Microsoft need to do more to get Windows users to stop logging in as an administrator? Yes. Do third-party programmers need to stop writing lazy code that only works as an admin or power user? Yes. But this "flaw" isn't anything new. If something gets on your box and has administrative access, you no longer own that box.

This has nothing to do with running as Admin. The point is, if the user is clued enough to realize that they don't need a flashing "idiot light" to tell them to run an AV and a firewall, because they already have installed one - then the "idiot light" is pointless, annoying, eye-candy. For those users are that are not clueful enough to know about AV and firewalls, then they are likewise not clueful enough to detect that the "idiot light" is showing "green" erroneously, due to some malware setting some registry entries or accessing APIs that all applications are (AFAIK) allowed to access.

The problem is one of security policy and design. MS piggybacked the channels between the user and the "Security Center's" alerts, and between the SC and the application(s), using existing APIs that were not designed to be used as truely secure communications channels, only as an informative data-store for purposes of desktop management. The two are not the same, and MS made a fatal mistake here regarding the real security benefits of the situation. (Big surprise... not.)

Btw, people running XP Home, have no choice but to run effectively as Admin all of the time, AFAIK. (No, I don't run XP Home, haven't tested personally.)

Edit: Apparently I didn't read fully enough, their spoofing test did require Admin privs. However, the "silent trojan" scenario, to simply read WMI SC status, apparently does not. I wouldn't doubt for a moment that it will be possible to undermine the WMI database trivially, without Admin privs. Not to mention, how many "local privilege elevation" vulnerabilities are present in Windows' already anyways. Basically, the status-quo is actually worse than you or others have stated - if any rogue code gets to execute on your local machine, game over. Which was essentially my point, that given those problems, the existance of the SC itself is a security risk, as pertaining to the feedback given to the user, and therefore how the user configures the security policy on the machine because of that (potentially faulty) feedback.

While we are not aware of any malware exploiting this, we think it will only be a matter of time. The one mitigating factor that we found is that to change the WMI, and spoof the Security Center, the script has to be running in Administrator mode.