Is SP2 really necessary ? ......

[drummer]

I'm fixing both of my nieces laptops , because they got so corrupted with malware , spyware , and viruses , that I just figured the best way is to start from scratch , and try and make it as failsafe as possible . They used to have AOL installed , but my sister uses Roadrunner , and I told my sister that my nieces don't need AOL anymore , thus , the reformat . I have all of the factory software ( from Dell ) , and I installed the basic OS and Anti-virus , which worked just fine , until I installed SP2 , then it crapped completely out . So I am going to start all over again . I don't know what happened in the SP2 install . Should I still install it , or do the laptops really need it for the security factor ?

[M2]

SP2 sucks!!!!!!!!!!!!

Do not install it!!!!


the truth

[DiT]

m2 is right usually about once a year.
SP2 is trash.
scratch it.

[ElTaco]

I concur. SP2 is trash, but if they are just basic users, you can install it and then just make sure that you disable the built in firewall and security center and enable the automatic download of security patches. If you have time, you can instead just install all the required security patches and skip sp2 but they might install it later anyway and so its probably better that someone who knows what they are doing installs it so when things go boom after rebooting, you can fix it.

[Headhunter]

I'm interested in hearing why you guys say SP2 is trash. Seriously. I'm not trolling or being a Microsoft apologist. I've been working on a task force to deploy Sp2 enterprise wide (10,000 users). Target date is two weeks from now. I understand some of the trepidation by home users, or small offices, but in a international corporation, MS & IE are a necessity. Firefox just doesn't get the job done. Specifically with 3rd party web apps.

Are the problems you've seen driver related or system slowdown?

We've shut off the firewall and security in the package, and I've been running it for about 6 months on a production business machine. I haven't had a single SP2 related problem.

[PSUFAN]

If a large corporation has purchased XP tags for a huge pile of machines, SP2 makes perfect sense. It is a free upgrade to an OS that represents a major investment on the part of the company.

Now - SP2's firewall and popup blocking additions are not as good as other such products that have been available for a long time...so if a user is in a position to make use of those, it is probably not hard to understand...

in a international corporation, MS & IE are a necessity. Firefox just doesn't get the job done. Specifically with 3rd party web apps.

Now the thread has legs. What needs cannot be met by Firefox, specifically? Not doubting your assessment, just wondering as to specifics...

[ElTaco]

The problem with Mozilla and Firefox is that they handle certain things differently from IE. Its not their fault that 3rd party apps are written specifically for IE and won't always work correctly in them. Specifically certain dynamic stuff just won't work PSU. We see it all the time at university stuff as well.

My problem with SP2 is simple. It adds on a ton of extra stuff that isn't what it was promised to be. For example, as I stated on here before, I think the XP firewall is a lot worst then a lot of the desktop firewalls. Not to mention that half the time after installing sp2 and disabling the firewall, it still has problems until I re-enable it, reset it to the defaults and then disable/restart again.

The IE upgrades are still no where near to where firefox/mozilla are. Granted they are an improvement if you run IE by default but once again its mainly small changes.

I think you may want to test to see if you can get everything sp2 is with just the patches, including the IE upgrades and if it does what you want, you might want to hold off on sp2 until sp2.9 comes out. Just sayin.

As a note, we did install it on all the machines here but it was a headache, however, once it works, its just back to the usual windows infections and shit.

[Headhunter]

It's kind of hard to get into specifics, with posting some personal info, but a major vendor who's apps we use in many areas would crap out. Some were using Microsoft's Virtual Machine instead of Sun's JRE. See that's a problem with Large corporations. You inherit a lot lof legacy stuff that dictates what you do. We've still got MSVM apps, even though Microsoft has pulled VM out. By the time we get ourselves out of one legacy hole, we're in another. We've been looking at some Sun/Solaris stuff, as well as linux, but the reality is that MS is king. Another issue, is that security patches will become SP2 dependant. So we're pushing it, come hell or highwater.

As far as the firewall. MS's Firewall has been a fucking Joke for a while. I don't know why anyone was expecting anything out of it.

As a side note, I've been running SP2 at home for about the same time and have had no issues. But then again, I knew how to set it up in the first place.

[PSUFAN]

The problem with Mozilla and Firefox is that they handle certain things differently from IE.

This is where the rant stitches in for me.

The only way that client-side code will ever inch toward 100% platform independence is if all involved parties support W3C standards. You have a ton of stuff that is written specifically to run on the MSDN "standard"...which in the long term is a formula for instability.

Why? Because the MSDN codebase is heavily reliant on proprietary code, in the form of ActiveX. WHen there is a vulnerability in that code, it cannot be patched without the engineering team that authored it. In the open source community, patches and fixes can be issued rapidly, because of the much broader development resource base.

So? Well, how often have you seen patches and warnings that have to do with this stuff? On just about every bank site that I've seen that REQUIRES IE, there are also warnings that have to do with security flaws and vulnerabilities.

It's not that it's impossible to author 3rd party web applications securely. It's not that they can't be written within the MS codebase, or within the open source community...it's that the open source community can lead to a more secure offering in the long term.

However, like has been hinted at above, if you have spent 15 million smackers on a proprietary software package that is written SPECIFICALLY for IE, then you have to use it...but one has to wonder if it isn't wise to orient such systems to a more productive model. When flaws and vulnerabilities plague MS systems, there is a loss of productivity in the time that it takes for sysadmins to apply patches, and in the time that it takes to actually repair damaged systems. Moreover, these fixes don't arrive when you want them to...they arrive when MS can deliver them, not a minute sooner.

It's not that certain dynamic stuff won't work, rather it's that there needs to be a philosophical shift from the top of an organization down...and that, I grant you, is the most difficult part...but someday, someone will make use of it, because they will understand the benefits therein that would positively affect the bottom line...

[PSUFAN]

Moreover, these fixes don't arrive when you want them to...they arrive when MS can deliver them, not a minute sooner.

and in the case of the MS VM, support drops out entirely...

[Headhunter]

Microsoft aint the only dog to play that game. Sun can suck my fucking dick for what they do with their JRE's and Auto update bullshit that causes instablilty because developers write to Sun code specs and demand certain JRE's and only certain JRE's to function. But that's a different nightmare for a different night.

[ElTaco]

the problem with Mozilla and Firefox is that they handle certain things differently from IE.

This is where the rant stitches in for me. :shock;

the only way that client-side code will ever inch toward 100% platform independence is if all involved parties support W3C standards. You have a ton of stuff that is written specifically to run on the MSDN "standard"...which in the long term is a formula for instability.

Why? Because the MSDN codebase is heavily reliant on proprietary code, in the form of ActiveX. WHen there is a vulnerability in that code, it cannot be patched without the engineering team that authored it. In the open source community, patches and fixes can be issued rapidly, because of the much broader development resource base.

So? Well, how often have you seen patches and warnings that have to do with this stuff? On just about every bank site that I've seen that REQUIRES IE, there are also warnings that have to do with security flaws and vulnerabilities.

It's not that it's impossible to author 3rd party web applications securely. It's not that they can't be written within the MS codebase, or within the open source community...it's that the open source community can lead to a more secure offering in the long term.

However, like has been hinted at above, if you have spent 15 million smackers on a proprietary software package that is written SPECIFICALLY for IE, then you have to use it...but one has to wonder if it isn't wise to orient such systems to a more productive model. When flaws and vulnerabilities plague MS systems, there is a loss of productivity in the time that it takes for sysadmins to apply patches, and in the time that it takes to actually repair damaged systems. Moreover, these fixes don't arrive when you want them to...they arrive when MS can deliver them, not a minute sooner.

It's not that certain dynamic stuff won't work, rather it's that there needs to be a philosophical shift from the top of an organization down...and that, I grant you, is the most difficult part...but someday, someone will make use of it, because they will understand the benefits therein that would positively affect the bottom line...

I think we were saying the same thing. Maybe it wasn't the best way to say it. The problem isn't a problem with firefox. Its a problem with IE. Mozilla the company follows W3C standards fairly stringently as far as I can tell. They got rid of all the Netscape specific stuff when Netscape 6.0 came out and then Mozilla 1.0. As far as I can tell Mozilla fully supports the W3C standards, or does a good job of it, while MS IE picks and chooses when and where they support it in their usual MS style.

I should add that Virginia Tech's open source fans are forcing VT to write supported apps in house. Our apps division is very IE/MS oriented since they set up domains and MS Exchange but we are doing our part to keep them at least open source compatible.

[kcdave]

SP2 is trash, but if they are just basic users, you can install it and then just make sure that you disable the built in firewall and security center and enable the automatic download of security patches.

ET, why does the firewall and security center need to be disabled, for simple basic use? Trust me, I totally understand that you hate most anything associated with Microsoft, and if I were in your position, I might feel the same. But, for normal ol' Joe Schmo, that likes to fuck around on the puter for an hour a day, can we not trust Microsoft to do things for us, so that we dont have to worry about it?

[PSUFAN]

kcdave, the firewall that ships with SP2 allows users to block incoming traffic, but it doesn't allow you to control what goes out. To me, that's a big omission. I want to control every request to a DNS server that does through my pipe.

As for trusting MS or anyone else, I guess that it's up to you. If your computer gets jacked up, then trust goes out the window.

[Atomic Punk]

PSUFAN makes the distinction between the corporate world and the individual user. What I see at this financial institution is they IT team knows that I know what they're dealing with and they are stuck what they've been licensed.

They can't implement practical solutions due to that so they just deal with what they were given.

For the home user (or "XP Home" user), you have to know a little bit to avoid problems. If I could clone this IBM T-41 laptop's HD with this configuration, I would like to sell the HD image to some kind of broker to make installing/recovery CD's. This thing isn't perfect but it's close.

I even turned off Zone Alarm Pro since I have the security locked tight for the few sites I visit. I let my hardware firewall handle the bulk of the work under my current usage needs.

So kcdave, take the advice of those here that can help your individual situation. Much of the verbage you read has to do with overall LAN/WAN issues.

[DiT]

HH,google Problems with SP2.
you'll get almost 2 million returns.
that's my biggest prob with SP2:)

[Headhunter]

See, I guess my lack of problems with SP2 has a lot to do with knowing what the fuck I'm doing and having the ability to lock my PC down tighter than a ticks ass. Post SP2, I've almost stopped running spyware removal tools. I'll run them every now and again, but I just don't find anything. That kind of security, with ease of use isn't something most people are able to achieve.

[ElTaco]

ET, why does the firewall and security center need to be disabled, for simple basic use? Trust me, I totally understand that you hate most anything associated with Microsoft, and if I were in your position, I might feel the same. But, for normal ol' Joe Schmo, that likes to fuck around on the puter for an hour a day, can we not trust Microsoft to do things for us, so that we dont have to worry about it?

Like PSU said, we disable them for two reasons:

Firewall for a home user should now days be supplied by the router/firewall you are using like a linksys, d-link or even Cisco for home business owners.
If you don't go that route, then I would suggest you use one of the better software firewalls. We can argue about how good or bad they are, but most of them beat the pants off of the MS built in one purely because of some of the features they offer.
As far as the security center, its one of the most useless things I've ever seen. It doesn't detect Norton as an antivirus program on some computers and keeps saying you don't have virus detection. It allows you to tinker with your patch settings but you can do that in other places and it tells you that your firewall is enabled or disabled. Great. Useless and annoying and one more redundant shit you load into memory. I say disable it, set up your patches to download and ask you to install when they are done downloading (or just install automatically if you want that) and then make sure you have some type of firewall in between your machine or network and the internet and a virus protection running.

Does it hurt you if its not disabled? Probably not. The way I look at it is simple. Its redundant. It keeps giving stupid warnings to the point where you may ignore valid ones in the future.

In fact thats my biggest problem with all of this shit, including the desktop firewalls. They aren't bad for technical people but the average user just doesn't understand the concept of false positives. They start going online and accusing people left and right of trying to hack them when its just some bs that isn't even meant to hurt their PCs. After week 5, they just give up and ignore valid problems in the future or disable things to the point where they become succeptible.

[PSUFAN]

As far as the security center, its one of the most useless things I've ever seen. It doesn't detect Norton as an antivirus program on some computers and keeps saying you don't have virus detection.

To be Frank (I think he's reading this), this is the main effect that SP2 has had on me - annoying me with its inability to remain configured.

I see HH's point, that SP2 offers better security for users that don't care to learn how to secure their computing environment. However, I agree with ET that this can result in a false sense of security.

I have never had a major problem with viruses and other malware, however, I've helped folks whose computers have been messed up by it. No matter what firewall or configuration you go with, it's best to learn some stuff about security. It's not that difficult to do, and it makes a big difference.

[ElTaco]

See, I guess my lack of problems with SP2 has a lot to do with knowing what the fuck I'm doing and having the ability to lock my PC down tighter than a ticks ass. Post SP2, I've almost stopped running spyware removal tools. I'll run them every now and again, but I just don't find anything. That kind of security, with ease of use isn't something most people are able to achieve.

I think you don't really understand the points we are making. I ran my windows 98 machine without any problems and haven't had a virus since. You see I look at people and the way they deal with problems and its usually a kneejerk reaction, same way that MS is doing things now. Until recently, they didn't give a rats ass about security or even stability. If it was stable enough to make money for them, it was good enough. Thats no longer a good enough standard. In a kneejerk reaction ms goes out and forces all this shit on people who don't know crap. They go from a very open and abuse prone system to making some stupid decisions and throwing it on the users.
I have to tell you, I really love turning the firewall off so we aren't running 10 firewalls on each system and then when we update to office 2003, its good times going into the registry to disable the file blocking on every possible useful file. And since when is IE not suceptible to shit? We have sp2 installed just because I didn't care enough to not do it and yet we still get a ton of computers that get spyware through the net. IE is far from secure because it still accepts just about everything at face value.

[Headhunter]

I never said IE was secure. I said MY pc is secure. I've got a lot of third party shit that contributes to that security. Also, IE's whole security schema is based on Zones, with "Internet" being anything not defined in another zone. I've locked "Internet" down almost as tight as restricted and I religiously manage my zones. I've also run the Local Machine Zone Lockdown on my PC, so shit that does sneak through can't run as an admin. My user account on my own machine has restricted access so that things that slip by can't do shit anyways.

Now all that being said, we can't come close to that at work, because we'll lose functionality or be overrun by user request to open shit up.

Microsoft is in the unenviable position of having to balance between functionality and security. In the past, they've ALWAYS opted for functionality. That's beginning to change, but not fast enough. The security is there in IE. You just have to know how to manage and maintain it. That's something most "Users" aren't willing to do.

[DiT]

See, I guess my lack of problems with SP2 has a lot to do with knowing what the fuck I'm doing and having the ability to lock my PC down tighter than a ticks ass. Post SP2, I've almost stopped running spyware removal tools. I'll run them every now and again, but I just don't find anything. That kind of security, with ease of use isn't something most people are able to achieve.

well I guess you're just somebody now aren't ya?

[Headhunter]

I am! Thanks for noticing!

[drummer]

I may have to install it anyway , regardless of the issues . It might get downloaded and installed post my setup .

Best suggestions are welcome .

[DiT]

I may have to install it anyway , regardless of the issues . It might get downloaded and installed post my setup .

Best suggestions are welcome .

best suggestion:
don't
but if you have to,read:
http://www.microsoft.com/windowsxp/sp2/ ... oknow.mspx
http://support.microsoft.com/default.as ... ndowsxpsp2
http://support.microsoft.com/kb/842242

[drummer]

I may have to install it anyway , regardless of the issues . It might get downloaded and installed post my setup .

Best suggestions are welcome .

best suggestion:
don't
but if you have to,read:
http://www.microsoft.com/windowsxp/sp2/ ... oknow.mspx
http://support.microsoft.com/default.as ... ndowsxpsp2
http://support.microsoft.com/kb/842242

I installed SP2 after the primary install of XP , after loading the updates . I then installed all the other apps after . I have to have Auto Update turned on for them , because if they loaded SP2 on thier own , well , they would be hosed .

Thanks guys . This forum is golden .