From today, Microsoft is downloading SP2 into computers that have XP's Automatic Update feature turned on. But such has been the apprehension among IT managers about the 80-100MB upgrade flooding into their users' desktops that Microsoft was forced to issue a tool that temporarily blocks the auto-update feature. This is supposed to give businesses more time to test their internal applications for compatibility. More than 40 applications (including several of Microsoft's own) have so far been identified as breaking under SP2, although many of these are mended simply by opening the relevant port in the new Windows Firewall (which is turned on by default in SP2).
There have also been questions raised about the quality of Windows Firewall (specifically, it lacks outbound blocking, which protects against spyware and is supported by almost all third-party firewalls). Meanwhile, security flaws are beginning to emerge in SP2 that will sow further seeds of doubt in the minds of potential upgraders.
So is SP2 more of a spent round than a magic bullet? Clearly, there are a lot of useful new features in SP2 and it's free, so once you've made sure that all your applications work under it, there's little reason to give it the cold shoulder. But equally clearly, it's no panacea, and unless Windows can overhaul some of its evolutionary baggage to make it less structurally susceptible to malware of all kinds, then it's still going to catch a cold on a regular basis.
If Service Pack 2 turns out, as is likely, to be a plucky but ultimately doomed stand against the forces of darkness, what's next? In the short term, we'll have to carry on regularly patching our systems to counter new threats -- and SP2 will help in this respect. Perhaps Longhorn will provide Windows with a fully functional immune system, but getting there might involve even more delay and a longer list of incompatible applications than Microsoft may feel comfortable with.
What's certain is that the question marks against Windows' security aren't going away anytime soon, and sensible companies and individuals should be evaluating all OS alternatives in the meantime.
Talkback
XP SP2 is NOT at my service - I downloaded yesterday and now Windows won't load. So I can't get rid of it.
Yet.
Where there's a will...
Let me start of by saying that Windows XP SP2 update is the best thing to come out of Microsoft in a long time.
Microsoft Senior Vice President, Windows Client Group, Will Poole, who was in Bangkok to attend the ICT expo recently, an event that coincided with "the final stages of lift-off" for SP2 was interviewed at which time he stated that the SP2 would be available to all Windows users even those with pirated copies.
Now something seems to be wrong here. It dismays me that I legally purchased six full copies of Windows XP Professional recently, for an Internet Cafe that my wife opened a year ago and now the upgrade will be available for all users, whether or not they have purchased their software or pirated it.
Have I been struck by Robin Hood? In my case, I went so far as to remove all illegally installed software that was placed on the computers hard drive by the outlet where I purchased the units.
Now I truly believe that I and many others have been duped. I did the right thing and purchased six full legal copies of the Windows Operating software. You can hardly comprehend what trouble I went though to get the original software, due to me living in Asia, where it is actually difficult to find the original software for sale in the first place. And on top of that I now find myself to be an object of ridicule by the very pirates that everyone pretended to be battling.
I feel that people without proper software should have been blocked from the net totally until they can demonstrate that they do have a legal copy of an operating system on their computers. I understand about Microsoft's fear that they will embrace other operating systems, but, I would be more concerned about the people with money that have actually bought Microsoft's products in good faith an are now being told they are the fools. For if they migrate to other operating systems then Microsoft will be in financial trouble within a very short period of time
What are the implications of this action by Microsoft; If their update is as resilient as stated, then they should not be concerned as to who upgrades and who does not, for the users of the system i.e the paying customers will be secure. Those that choose another route will not be. But to tell me that my purchase was in vain is insult added to past injury of having to spend time and money in remaining updated.
Was this done in the name of security or due to greed? How I am to teach my children to be honest and not pirate software when Microsoft seems to now encourage such acts?
What a stupid and simplistic piece. Let's start with the opening assertion "It was supposed to solve the gaping holes in Windows XP's defences almost at a stroke". Says who? Certainly not MSFT. Certainly no one with even a rudimentary understanding of systems. The you go on with "But such has been the apprehension among IT managers about the 80-100MB upgrade flooding into their users' desktops that Microsoft was forced to issue a tool that temporarily blocks the auto-update feature". Of course, you fail to point out that any competent IT administrator tests major changes before pushing them out to their user base and/or that it's actually an expression of historical confidence in MSFT's patches that these folks have auto-update turned on in the first place. Bottom line, this piece is like so many that I read these days - laden with opinion but provided as fact. There's a lot more that MSFT can do to improve the robustness of their products in light of the additional challenges that they face (from legacy and from external challenges), but how about giving them credit for the efforts they are making and trying to provide some balance despite the current de rigeur of trashing them?
I'll give M$FT credit for trying, SP2 is free and helps novices secure their machines. No one would be silly enough to promise a 'magic bullet', that's rediculous. There is always a balancing act between security and apps working, and this is a great start. When XP came out the firewall was off by default because people were more concerned with app compat (moving from 9x to NT) then security. Now that security is the latest thing to bash MS about, they're putting some effort into that.
It seems ZDNET is once again intent on giving only the negative side of things.
First of all, about 83% of all Windows XP users up until now were not running ANY kind of firewall and thus Windows XP SP2's enhanced built-in on by default firewall is a good thing to keep malware out in the first place.
Second it is too easy to simply forget all the other items that went into Windows XP SP2 such as the enhanced DCOM and RPC protection which significantly reduces the attack surface of a standard Windows XP system. Admittedly this will require some testing for enterprise users, but for home users this is a great free enhancement.
Third, the IE enhancements, while a bit late, are still more than worthwhile. The pop-up blocker works very well, is unobtrusive (unlike some other implementations) and reduces another attack vector to nearly zero.
Fourth, the Outlook Express enhancements also make sure that end-users are much better protected against attachement based attacks even if they don't have a virus scanner installed and updated.
But of course it is easier to just ignore all this since it would mean some actual investigative reporting.
Pierre
It's true that SP2's firewall functionality is improved one, and other security patches could protect Windows from known type of network attacks. But, how many average home users, mostly XP Home Edition users, could understand how to manage their built-in security mesures effectively? My recommendation to Microsoft is here: discontinue Xbox, and develop all-in-one security appliance for home users, instead.
XP2 is great.
However it is adding BACK a bug that had been previously fixed.
The GDI Handle leak in MFC Applications, first described in KB 319740, has resurfaced.
:-(
I spent considerable time downloading & installing SP2 and I have just spent considerable time UNINSTALLING SP2. Not only did it slow down internet connection (tolerable) but after installatlion I could only connect with 3 websites from my favorites list. I could NOT connect by favorites list OR BY TYPING IN A SPECIFIC WEBSITE ADDRESS for sites such as Google, MICROSOFT, Dell, PC Magazine, MSNBC, Nortons, USA Today, and many others. The 3 sites i could acess are Everyone's internet EV-1, TX Lottery & Discount Magazines)
I have a Dell Inspiron 8600 with a 1.4 gz chip and 512 mb of memory running Win XP pro.
I don't recommend that anyone install SP2, regardless of what it is supposed to do.
This bug, noted in KB 319740, has been reintroduced into SP2.
The fix is to get the version of UXTHEME.DLL from your SP1 CD, and copy it to your SP2 System.
The file %systemroot%\system32\uxtheme.dll should be the SP2 Version.
See:
http://tfl09.blogspot.com/2004/08/re-appearance-of-gdi-bug-in-xp-sp2.html