Why are people so desperate to install WinXP SP2?

[jagec]

You know what the worst thing about SP2 is?

It DIDN'T fix that $*&^# undeletable file issue! AAAAAHH!!!

Yes, of course I know how to delete them via command-prompt, but it happens to an OBSCENE number of files.

 

[stash]

Basically, the status-quo is actually worse than you or others have stated - if any rogue code gets to execute on your local machine, game over.

Yes!

Which was essentially my point, that given those problems, the existance of the SC itself is a security risk, as pertaining to the feedback given to the user, and therefore how the user configures the security policy on the machine because of that (potentially faulty) feedback.

But it isn't a security risk. If you get the user to download and execute code, you can no longer trust that machine. So yes, the security center may provide you with misleading information. But that is not a flaw with the security center! If you can get a user to download your code to their machine and then run it, you can do whatever you want.

 

[NINfool]

me thinky i'll just wait, don't wanna risk it

 

[VirtualLarry]

Originally posted by: STaSh

Basically, the status-quo is actually worse than you or others have stated - if any rogue code gets to execute on your local machine, game over.

Yes!

Which is one of the reasons that I, unashamedly, run as Administrator 100% of the time on this box.

(Which is also unfortunately a necessity of modern versions of Windows, because they don't support concurrent console-session logins like most *nix boxes do, and you have to log out and shut down all of your open apps in order to switch users, and because so many apps, MS's own included, simply don't operate properly as non-admin. I also do development work, and things like the debugger need advanced privs too.)

However, I am very careful about what I actually run on this box, and don't run just any random dodgy game off of the internet, I don't use IE (but have it installed, as the IDE users IE for html help features), etc. Haven't picked up any trojans or spyware yet, at least not that I've ever noticed...

Originally posted by: STaSh

Which was essentially my point, that given those problems, the existance of the SC itself is a security risk, as pertaining to the feedback given to the user, and therefore how the user configures the security policy on the machine because of that (potentially faulty) feedback.

But it isn't a security risk. If you get the user to download and execute code, you can no longer trust that machine. So yes, the security center may provide you with misleading information. But that is not a flaw with the security center! If you can get a user to download your code to their machine and then run it, you can do whatever you want.

More or less, yes. I'm still not all that happy with MS for providing even more "idiot lights" to confuse non-clueful users, especially ones that don't use a securely-authenticated channel for communications between components.

 

[MrChad]

Originally posted by: VirtualLarry
(Which is also unfortunately a necessity of modern versions of Windows, because they don't support concurrent console-session logins like most *nix boxes do, and you have to log out and shut down all of your open apps in order to switch users, and because so many apps, MS's own included, simply don't operate properly as non-admin. I also do development work, and things like the debugger need advanced privs too.)

XP has support for fast user switching. You don't have to log off to switch users. Just hit Windows Key + L.

 

[stash]

More or less, yes. I'm still not all that happy with MS for providing even more "idiot lights" to confuse non-clueful users, especially ones that don't use a securely-authenticated channel for communications between components

Not sure what you mean here. The channel is secure, and does require authentication. The article even makes mention of that (albeit at the very end of the article). You run as administrator, of course you can access the WMI database. If you run as a user, you get access denied.

 

[spyordie007]

run as...

you can use it to run applications that require higher privilages (yes even the mmc or explorer)

 

[bsobel]

especially ones that don't use a securely-authenticated channel for communications between components.

There is no such thing on a non NGSP platform if you allow code to run with administrative/system privs.
Bill

 

[elkinm]

Just wondering exactly what the TCP/IP connection limit does and what is that limit. Despite some P2P use I use my internet and many internet programs regularly.

Multiple IE or other active browsers, multiple downloads, multiple email, telnet, ftp, ssh clients and others may run. Norton update, weatherbug, VPN, terminal services, and a telnet and web server on my PC, and possibly multiple multisource download clients and programs, by own or something like steam or fileplanet.

Sounds insane doesn't it but I might use all of these at once. I am the kind of person who opens and runs everything with maybe one P2P client open among all of them which may be used for legit purposes which it is indented to stop.

And at work I may have a-lot more and specific mission critical connections. So many windows that I am forced to utilize the group taskbar icons and then scroll through the multiple groups.

So the basic question is would I fall victim to the TCP/IP limit and most certainly to other SP2 problems.

On a smaller note, I believe SP2 installs WMP9. I personally never install it simply because it installs the new piece of crap IE activeX client which simply put sucks. And I can register the old activeX control but with that many content types do not work.

Anybody know of a way to prevent the WMP9 update or to properly switch to the old IE interface.

Thanks

 

[bsobel]

Just wondering exactly what the TCP/IP connection limit does and what is that limit. Despite some P2P use I use my internet and many internet programs regularly.

The people claiming that their is a TCP/IP connection limit in SP2 are spreading FUD (this isn't directed at you elkinm, I'll explain what MS did in a second). I've seen this 'limit' quoted on a zillion sites, and it simply not true.

What was added was a queue (not a limit) of the number of uncompleted TCP connection outstanding. The default queue size is 10. Which means you can attempt to establish 10 TCP connection at once and their is no change in the behaviour. If you try to establish 20 at once, the first 10 are put on the wire while the next 10 are queued and released as those first 10 either complete or fail (e.g. first connection is built, #11 is put on the wire, #4 fails, #12 is put on the wire, and so on).

In 'normal' usage, TCP connection establish quickly and you simply won't notice any difference. Where you will see a difference is if you try to create a large number of connections to sites which are not listening/responding to your requests (so in your examples "Multiple IE or other active browsers, multiple downloads, multiple email, telnet, ftp, ssh clients and others may run. Norton update, weatherbug, VPN, terminal services, and a telnet and web server on my PC, and possibly multiple multisource download clients and programs, by own or something like steam or fileplanet." there are all services which will respond quickly and even if you tried really hard, I do not believe you would ever be able to determine if the queuing happened.)

So, why the change? Flash worms that utilize TCP connections typically sit and loop while connecting to a random IP (they then attempt to infect that machine and they go back to picking another random target). Some of these worms can literally eat up your entire connection while they sit and pump packets out, since many of the destinations are not going to be valid targets (since the selection was random) this queue will kick in and help throttle how quickly the worm can leave the box.

Even throttled the worm will still spread quickly, but more importantly (and the reason for this feature), your connection will not become so unusable that you will be unable to access updates/repair tools/patches/etc.

Bill

 

[stash]

If only more people would see Bill's post here. The FUD that has been reported by "journalists" and others on this issue is ridiculous.

 

[oldman420]

Originally posted by: bsobel
<blockquote>quote:
<hr>Just wondering exactly what the TCP/IP connection limit does and what is that limit. Despite some P2P use I use my internet and many internet programs regularly. <hr></blockquote>

The people claiming that their is a TCP/IP connection limit in SP2 are spreading FUD (this isn't directed at you elkinm, I'll explain what MS did in a second). I've seen this 'limit' quoted on a zillion sites, and it simply not true.

What was added was a queue (not a limit) of the number of uncompleted TCP connection outstanding. The default queue size is 10. Which means you can attempt to establish 10 TCP connection at once and their is no change in the behaviour. If you try to establish 20 at once, the first 10 are put on the wire while the next 10 are queued and released as those first 10 either complete or fail (e.g. first connection is built, #11 is put on the wire, #4 fails, #12 is put on the wire, and so on).

In 'normal' usage, TCP connection establish quickly and you simply won't notice any difference. Where you will see a difference is if you try to create a large number of connections to sites which are not listening/responding to your requests (so in your examples "Multiple IE or other active browsers, multiple downloads, multiple email, telnet, ftp, ssh clients and others may run. Norton update, weatherbug, VPN, terminal services, and a telnet and web server on my PC, and possibly multiple multisource download clients and programs, by own or something like steam or fileplanet." there are all services which will respond quickly and even if you tried really hard, I do not believe you would ever be able to determine if the queuing happened.)

So, why the change? Flash worms that utilize TCP connections typically sit and loop while connecting to a random IP (they then attempt to infect that machine and they go back to picking another random target). Some of these worms can literally eat up your entire connection while they sit and pump packets out, since many of the destinations are not going to be valid targets (since the selection was random) this queue will kick in and help throttle how quickly the worm can leave the box.

Even throttled the worm will still spread quickly, but more importantly (and the reason for this feature), your connection will not become so unusable that you will be unable to access updates/repair tools/patches/etc.

Bill

:beer::beer:
thanks for helping me to understand that bill i agree fully with you and your explaination was quite good!!!
jerome

 

[VirtualLarry]

Ironically, news outlets (at least ones partially-owned by Intel), are reporting that there is a conflict between XP SP2 and AMD 64-bit CPUs
http://news.com.com/Microsoft+...00-1016_3-5326707.html
...when in fact, the real conflict, is between XP SP2 and Intel's new, upcoming, Prescott PIV CPUs...
http://cquirke.mvps.org/sp2intel.htm
Thankfully, there is a workaround involving disabling both L1+L2 cache in the BIOS setup.

Talk about horribly biased reporting! Why isn't CNet telling the truth here? I suppose the answer to that is so obvious as to make the question rhetorical.

 

[elkinm]

Thanks Bill, that is a really great explanation. I feel a little better now.

 

[TechnoPro]

Originally posted by: bsobel

Originally posted by: tm37&amp;lt;BR&amp;gt;Kills NOAH so the hearing aid industry is freaking little.

&amp;lt;BR&amp;gt;&amp;lt;BR&amp;gt;Just curious, have a link or something (the site STaSH mentioned doesn't seem to report any SP2 issues)&amp;lt;BR&amp;gt;Bill

From their main support site, click on "NOAH System and Windows XP Service Pack 2" under the Support News column.

 

[bsobel]

Originally posted by: VirtualLarry
Ironically, news outlets (at least ones partially-owned by Intel), are reporting that there is a conflict between XP SP2 and AMD 64-bit CPUs
http://news.com.com/Microsoft+...00-1016_3-5326707.html
...when in fact, the real conflict, is between XP SP2 and Intel's new, upcoming, Prescott PIV CPUs...
http://cquirke.mvps.org/sp2intel.htm
Thankfully, there is a workaround involving disabling both L1+L2 cache in the BIOS setup.

Talk about horribly biased reporting! Why isn't CNet telling the truth here? I suppose the answer to that is so obvious as to make the question rhetorical.

How is this biased or ironic? The article documents an issue with a certain common application on the AMD chip. How is CNet not telling the truth here?

I think your looking way to hard for some consipracy...

Bill

 

[stash]

Hmm, I swear that when I saw that article for the first time last week, it didn't mention Realmagic at all.

Hence the overwhelmingly negative response to the article at the bottom of the page.

 

[oog]

Originally posted by: bsobel

Just wondering exactly what the TCP/IP connection limit does and what is that limit. Despite some P2P use I use my internet and many internet programs regularly.

The people claiming that their is a TCP/IP connection limit in SP2 are spreading FUD (this isn't directed at you elkinm, I'll explain what MS did in a second). I've seen this 'limit' quoted on a zillion sites, and it simply not true.

What was added was a queue (not a limit) of the number of uncompleted TCP connection outstanding. The default queue size is 10. Which means you can attempt to establish 10 TCP connection at once and their is no change in the behaviour. If you try to establish 20 at once, the first 10 are put on the wire while the next 10 are queued and released as those first 10 either complete or fail (e.g. first connection is built, #11 is put on the wire, #4 fails, #12 is put on the wire, and so on).

In 'normal' usage, TCP connection establish quickly and you simply won't notice any difference. Where you will see a difference is if you try to create a large number of connections to sites which are not listening/responding to your requests (so in your examples "Multiple IE or other active browsers, multiple downloads, multiple email, telnet, ftp, ssh clients and others may run. Norton update, weatherbug, VPN, terminal services, and a telnet and web server on my PC, and possibly multiple multisource download clients and programs, by own or something like steam or fileplanet." there are all services which will respond quickly and even if you tried really hard, I do not believe you would ever be able to determine if the queuing happened.)

So, why the change? Flash worms that utilize TCP connections typically sit and loop while connecting to a random IP (they then attempt to infect that machine and they go back to picking another random target). Some of these worms can literally eat up your entire connection while they sit and pump packets out, since many of the destinations are not going to be valid targets (since the selection was random) this queue will kick in and help throttle how quickly the worm can leave the box.

Even throttled the worm will still spread quickly, but more importantly (and the reason for this feature), your connection will not become so unusable that you will be unable to access updates/repair tools/patches/etc.

Bill

While I agree with everything in the explanation, it is very possible to still see the results of that queueing, at least in events that show up in the event log. I found the associated event log entry in my event log while using bittorrent.

That being said, I didn't find any big change in behavior, even while using bittorrent.

 

[Adam8281]

After installing SP2, I can no longer right-click on icons. When I do the system hangs for a couple minutes, and they explorer restarts. Has anyone else experienced this or found a solution? I am running Norton Internet Security 2004, and I disabled the windows firewall and kept the norton going.

 

[VirtualLarry]

Originally posted by: bsobel

Originally posted by: VirtualLarry
Ironically, news outlets (at least ones partially-owned by Intel), are reporting that there is a conflict between XP SP2 and AMD 64-bit CPUs
http://news.com.com/Microsoft+...00-1016_3-5326707.html
...when in fact, the real conflict, is between XP SP2 and Intel's new, upcoming, Prescott PIV CPUs...
http://cquirke.mvps.org/sp2intel.htm
Thankfully, there is a workaround involving disabling both L1+L2 cache in the BIOS setup.

Talk about horribly biased reporting! Why isn't CNet telling the truth here? I suppose the answer to that is so obvious as to make the question rhetorical.

How is this biased or ironic? The article documents an issue with a certain common application on the AMD chip. How is CNet not telling the truth here?

I think your looking way to hard for some consipracy...

Bill

The problem, is that the CNet article about XP SP2 and AMD64 CPUs, is that it paints the problem as clearly the result of the AMD CPUs, when using SP2, when the facts are, that the CPU is performing completely correctly, in terms of the DEP feature added to SP2. The fact that it flags an (apparently) untested-with-SP2 driver file installed with fairly-common RealMagic hardware, doesn't make the fault lie with either the AMD64 CPU, nor XP SP2's DEP feature. Again, both are working correctly here.

However, the problem with the Intel Prescott CPUs are a different story, they are not operating correctly, there is a clearly-malfunctional issue here, and last I checked, there was no CNet article about that.

CNet is partially owned by Intel. They used to mention that in their articles, I guess not anymore.

As far as conspiracies go, I submitted information (and links to the documents right on Intel's site) to CNet about the fact that the 0.25-core PII CPUs have the same sort of "CPU ID" (or in Intel-speak, "PSN") as the then-new PIII CPU chips. This was during the heyday of the furor about the CPU ID and tracking issues and idiotic statements made about the use of the CPU IDs (for identification during online transactions? Totally insecure! Bruce Schnier did a piece about that), along with a (senator) I think, from AZ, threatening to ban Intel CPUs altogether from the state, unless they rescinded their plan to go with unique IDs in CPUs.

You would think, that evidence that existing CPUs, already on the market, also containing this CPU ID feature, although not highly-publicised by Intel, would be *big news*. Especially with a state senator threatening to ban their products.

Strangely, no article, no follow-up, no feedback e-mail, nothing.

I believe now that I witnessed a media black-out, first-hand. The power of the mass-media to inform, is nothing, compared to the mass-media's power to censor. Never forget that fact. I know I won't.

So clearly, yes, the CNet article is biased, if only because it is so over-the-top technically inaccurate. The irony is that they would be reporting such issues as serious flaws in AMD CPUs, when truthfully, the serious flaws are apparently in Intel's newest CPUs, and the fact that CNet hasn't reported that, and is partially-owned by Intel.. Well, I'm not stupid. Nor should anyone else be, that is informed about this little 'incident'.

PS. The issue isn't even with an application, it's an MPEG system driver (MPEGPORT.SYS). I'm guessing that you didn't even read it, given your comments. If you did, you would see how horribly biased it really is.

PPS. If you are at all technically curious about the PII CPUID issue, search Intel's site for "PI-ROM" documentation. They used to make available the actual bitfield descriptions for it even, including such things as thermal parameters and frequencies characterized during mfg test procedures. The docs are for the 0.25 PII Xeon chips, but they share the same core as the regular Slot-1 0.25 PII CPUs, so the PI-ROM must therefore also exist on-die. The biggest difference is that the PIII added an architectural software way to read out that info, or a subset, using CPUID opcode functionality, but the same data is still accessable via hardware means. 'The Register' also documented a batch of mobile PII chips, that apparently went through a faulty mfg test procedure, and they failed to properly disable the "PIII features" of the CPUID-accessable PSN and SSE opcodes. This also lends strong credence to the 0.25 PII die containing the PI-ROM/PSN/CPUID information.

 

[redfishbluefish]

Originally posted by: Adam8281
After installing SP2, I can no longer right-click on icons. When I do the system hangs for a couple minutes, and they explorer restarts. Has anyone else experienced this or found a solution? I am running Norton Internet Security 2004, and I disabled the windows firewall and kept the norton going.

Right-click hanging explorer could be a problem with DivX, strangely enough. There's a discussion about this in the NTBugTraq archive for August.

rb.

 

[bsobel]

The problem, is that the CNet article about XP SP2 and AMD64 CPUs, is that it paints the problem as clearly the result of the AMD CPUs, when using SP2, when the facts are, that the CPU is performing completely correctly, in terms of the DEP feature added to SP2. The fact that it flags an (apparently) untested-with-SP2 driver file installed with fairly-common RealMagic hardware, doesn't make the fault lie with either the AMD64 CPU, nor XP SP2's DEP feature. Again, both are working correctly here.

Technically you are correct. But in the Intel case you can argue that SP2 and the Pentium are working properly also (not "clearly manfunctional issue") and the MB and/or bios providers are at fault. To an end user, they are very unlikely to understand the difference.

PS. The issue isn't even with an application, it's an MPEG system driver (MPEGPORT.SYS). I'm guessing that you didn't even read it, given your comments. If you did, you would see how horribly biased it really is.

Again, I think your being too technical. The issue is with RealMagic Hollywood plus, which does include drivers. When there is a problem with say NAV and it's drivers, I still call NAV an application

You would think, that evidence that existing CPUs, already on the market, also containing this CPU ID feature, although not highly-publicised by Intel, would be *big news*. Especially with a state senator threatening to ban their products.

Actually, I wouldn't. The PSN feature is only interesting if everyone has it. If Intel already decided to default off the idea, the fact that some systems somewhere already had it (presumably in a default on mode from your description) isn't really that important with a security point of view.

I believe now that I witnessed a media black-out, first-hand. The power of the mass-media to inform, is nothing, compared to the mass-media's power to censor. Never forget that fact. I know I won't.

Yep, this was clearly as important as Watergate (do I add a smiley or rolling eyes here, not sure...., I'll go with smiley ) I think we are just going to have a difference of opinion on this one.

Bill

 

[Codyz28]

For a serious New-B to windows XP, (like myself), I never even used XP yet, but I am getting it on my new rig, would it be best to wait to install SP untill all the bugs are out? I dont know what I would do if something went wrong, plus, I only have a 56k connection, and if its a long download, I usualy get cut off. And I heard one doesnt want an interuption in the middle of downloading this sp2 thing?

 

[randumb]

I'm still rolling with SP1, I think I'll wait a while until some of the bugs get fixed.

 

[nealh]

I got SP2 on cd in like 3 days from MS but I am staying away from it for now