Do you hate Windows XP

[VirtualLarry]

Originally posted by: JackNaylorPE
When I want to look at what is stable, I look at what the Fortune 500 IT guys are doing and for the most part they still weren't doin XP as of earlier this year when the lst study was published. XP sales were so bad in the corporate sector that to keep wall street happy, MS redefined a Win2k sale as a purchase of a WinXP with a "free Win2k downgrade".

LOL. I believe it. The "uptake" of XP into the corp desktop sector has been absolutely abysmal for MS. Gee, I wonder why... and for some reason, most of the other people just keep parroting MS's marketing materials, even in spite of evidence to the contrary.

Originally posted by: JackNaylorPE
The fact remains if XP were faster / better / more secure than previous OS's (as actually deployed, not as it comes from MS), IT directors throughout the Fortune 1000 would be all done putting it in place by now.

That IS true, by and large. MS is trying to force them to adopt XP, though, by yanking W2K SP5. As a big fan of W2K personally, I think that "really sucks".

Originally posted by: JackNaylorPE
No one in a corporate environment asks the boss for budget increases to "upgrade" existing box to XP because it will have a positive ROI. The reason is ina work environment you have to priduce more than a subjective result, you gotta have facts and figures. They are goinna have to show a "facts and figures" return on that investment and it is obvious that such will not materialize. If it did, it would be being done wholesale across the country.

If it ain't broke, why "fix" it, and the fact that, under the hood, W2K and XP are so similar, and run apps with similar stability and feature-sets, and can use the same hardware and drivers for the most part - well, there's NO compelling reason to move to XP from W2K, that I can see. Worse yet, with XP SP2, there are a HUGE number of compatibility issues with apps, worse yet for the in-house developed ones.

Most of the much-vaunted "security improvements" in XP SP2, were aimed solely at the home user ("Security Center", firewall enabled by default, etc.). In a locked-down corp. environment, the desktop user isn't the one in charge of administering the firewall and the AV software. XP SP2 is mostly just one huge ball of potential incompatibilities, for the corporate crowd. Why do you think that MS is trying so very hard, to be allowed to override the administrative upgrade policies on many corporate networks, by pushing through SP2 via Windows auto-update, etc. It's disturbing. Who owns the computers? The company, or MS?

Yes, XP SP2's system binaries were also compiled with "software DEP" enabled, which is effectively no different than using the "/GS" switch in Visual C. In fact, there is absolutely no reason why MS couldn't have done the exact same thing for W2K SP5, and offered similar security "improvements" for the corporate crowd that is still on W2K.

Originally posted by: JackNaylorPE
1. The more time a company has had to deal with fixing things, the more stable the platform will be.

That's one thing that the MS fans seem to selectively ignore, in their attempts to tout MS's "latest and greatest". The truth is, tested code is trusted code. Statistically, empirically, this is so. It seems almost conspiratorial, in a way, that MS is encouraging a rate of change, that by and large has NOT been accepted by their corporate customers, that ensures that customers are always running software with a new crop of bugs in it - providing a constant need to upgrade, in an apparent (but ultimately futile) quest to free themselves from the bugs. It's like running on a treadmill, and the entity controlling the treadmill, keeps on changing the scenery, in order to make it seem like you're getting somewhere, but you're really just standing still, stuck in the same place all the time.

Originally posted by: JackNaylorPE
3. It's all "been done" . All the encessary or useful computing taks have already been developed.

That I actually strongely disagree with, but that's another discussion for another time. I do think that is the "style of computing" that MS is espousing though, as though their OSes and technology are somehow the ultimate pinnacle, when the cruel reality is, they are quite limited in capabilities, in fact even to the point of being "crippled", compared to what could be done with the personal-computer systems of today, in terms of actually empowering the user, instead of serving as a vehicle for the delivery of new GUI-toy widgets, kind of like those things that they put in the crib of a preschool child to play with, that have lots of pretty colors and make noises when manipulated. Yes Windows' users - you are still "in the crib" as far as computing experiences go. Time to learn how to stand up and climb out of it.

 

[VirtualLarry]

Originally posted by: STaSh

NT4 may be done with MS support soon but is it not still the only MS OS approved by the National Security Agency ?

Windows 2000 is also approved for government use, and at a higher level than NT 4 (EAL4). XP embedded was submitted for EAL4 certification back in the Spring of 2004, and I'm pretty sure it got it. I say this because I work on a highly critical government network that is comprised entirely of XPe devices.

That's kind of the painful irony of this whole thing - XP Embedded actually looks pretty nifty, from a technical POV, although I've never directly used it. Things like the "enhanced disk write-filter", that allows you to overlay a writeable filesystem on top of a read-only filesystem - that would be a darn cool feature to allow for the creation of an XP-E "LiveCD". So why don't we see more of those sorts of things? Why does MS keep them all "locked up"?

I remember the whole NT 3.5 (I think it was 3.5 and not 3.1, right?) C2-level eval that MS heavily touted, and their misleading advertising regarding NT4 that somehow it was "secure" because 3.5 (without a network connection - not even a floppy drive), had proven secure according to those guidelines in gov't testing.

If W2K and now XP are so much *more* secure than those old versions of NT, why haven't they been submitted, or why haven't they also passed, C2-level security evals? (I've never heard of EAL4 - how does that compare to the older C2-level nomenclature? Is it at all similar?)

 

[VirtualLarry]

Originally posted by: MrChad
How did they "rush" this release? SP2 was available for months and months in beta form specifically so that it could be tested "in the wild." You have no basis for your statement.

They dropped all of their current work on Longhorn, to instead work on getting XP SP2 out the door. I call that a "rush" to develop and deploy XP SP2, if they dropped their current development roadmap in order to do that. (The fact that the initial XP SP2 estimated release date/deadline was missed, doesn't somehow imply that they weren't "rushing" to complete it - they were.)

Originally posted by: MrChad
Go ahead and read those articles. First of all, Microsoft should be commended for being open about SP2 issues and helping its user community resolve them. Secondly, almost all SP2-related issues that I've heard of can be resolved by tweaking the Windows firewall or DEP settings.

Well, it would have been nice, had they documented the blackholing of the entire 127.x.x.x address range, save for 127.x.x.1, rather than let their users find out when their (properly-written - according to the RFCs) applications suddenly stopped working under XP SP2. I don't recall MS ever announcing with XP SP2 "we broken localhost IP routing! Trust us, it was for security." Even more asinine, is that they still haven't reverted the change that they made to XP's networking stack, which as I understand it, doesn't expose localhost traffic at the NDIS driver layer. This time they claim that it is for performance reasons, but it also means that the user has no way of instituting an effective network security policy/control over localhost using a local software firewall. That's a serious loss of control, which leads to worse security.

To say nothing about the XP SP2 VPN breakage issue.

Originally posted by: MrChad
It's Microsoft's fault that Logitech and Saitek have products that are difficult to install? And I'd hardly call a bluetooth keyboard "as simple as you can get."

Well, XP SP2 includes support for BlueTooth, I expect that there will be some teething pain with bleeding-edge tech like that. But what's with the bustage that XP SP2 causes with firewire devices? Hmm.

Originally posted by: MrChad
The computing world is a LOT more complicated than it was 10 years ago.

That's true - but it should be the job of the vendor to make it simpler for the user to operate. MS has been promising that with every new OS upgrade. Has it ever been true? Hardly!

You really have to hand it to Apple here, they've done wonders with configuration with MacOS X stuff.

 

[stash]

If W2K and now XP are so much *more* secure than those old versions of NT, why haven't they been submitted, or why haven't they also passed, C2-level security evals? (I've never heard of EAL4 - how does that compare to the older C2-level nomenclature? Is it at all similar?)

C2 was part of the TCSEC criteria (Orange Book), and it was retired in 2000. It was replaced with the Common Criteria, which assigns evaluation assuarance levels (EALs) to products. The Common Criteria is a standard that is recognized worldwide, whereas TCSEC was a DoD system, Canada had CTCPEC and Europe had ITSEC.

quote:
Originally posted by: JackNaylorPE
When I want to look at what is stable, I look at what the Fortune 500 IT guys are doing and for the most part they still weren't doin XP as of earlier this year when the lst study was published. XP sales were so bad in the corporate sector that to keep wall street happy, MS redefined a Win2k sale as a purchase of a WinXP with a "free Win2k downgrade".


LOL. I believe it. The "uptake" of XP into the corp desktop sector has been absolutely abysmal for MS. Gee, I wonder why... and for some reason, most of the other people just keep parroting MS's marketing materials, even in spite of evidence to the contrary.

Hi, welcome to 2002. Corporate adoption of XP has taken off since then. XP is simply far superior in the corporate environment and firms are realizing that they would be remiss in ignoring that. There are over 600 new group policy settings in XP SP2 alone. PKI with XP (and 2003) has far more functionality than 2000, and features like remote desktop and RSoP are huge in corporate environments. EFS is improved and more secure in XP (SP1 and higher) with 256-bit AES encryption and improved key management by way of PKI. There are big improvments with offline files in XP, including the ability to encrypt the CSC. This is a huge deal to corporations with legions of road-warriors. On and on....

 

[VirtualLarry]

Originally posted by: MrChad
HOW did we get from "I'm OK with Windows Update scanning my computer for updates" to "These kinds of attitudes will lead to a fascist police-state" ???

Let's not blow EndGame's comments out of proportion. In the age of the internet, a certain level of trust is required for all sorts of things. Trust in Windows Update, trust in sending error reports, trust in credit card transactions, even trust in digital rights management. As long as companies are honest and forthright in explaining what information the collect and how they use it, I'm usually comfortable trusting their word. Not in all cases but in many.

Well, FWIW, I don't trust any of those. I think that it would be a mistake to "trust" any large corporate entity that is hell-bent on making a profit at your expense, and at the expense of your hard-fought legal rights. I don't think that it can be denied, that their quest for profits, has indeed been eroding our rights as citizens and people. They would enslave us if they could make a buck out of it, and when you look at things like the terms in most EULAs, and how corporations attempt to unlawfully bind citizens to those terms in order to exploit them, well, that's just wrong, and it goes directly against well-established long-term legal principles.

Look at the existance of the DMCA, and the fact that the RIAA/MPAA have both killed off independently-operated internet radio due to an exhorbitantly-high fee structure, and that they had at one point wanted the right to electronically enter your property (your computer) to destroy anything that they considered 'contraband' - essentially digital mecenary reaper-men. MS also wants to have that same sort of power. People that say, "hey, I've nothing to hide - come on in, inventory my private space, do what you will" - those people are the enemy, just the same as those that want to invade my private space - together, both of them fight to destroy my rights, and I will fight against both of them the same.

Originally posted by: MrChad
It is important that people have a right to their privacy. But remember that the casual computer user is often less trusting than many enthusiasts. Enthusiasts fear spyware because of the performance implications, while many casual users fear that cookies are tracking their every move on the web. Enthusiasts were quick to embrace online shopping, while casual users are just recently beginning to trust the online credit card form. Companies have a difficult time winning users trust for even the most trivial activities.

Quite frankly, I don't believe that any company operating online today deserves the user's trust. Most uses that do trust, I think that their trust is naively mis-placed. It's rather eye-opening how many "trustworthy" commercial entities with an online presence, are involved in unsavory marketing practices such as: a) user tracking, b) distribution of unsolicited commercial e-mail, or of the selling of the user's e-mail address on the side to organizations that do, c) financially reward companies that engage in the distribution of spyware/adware, and a whole host of other things.

Originally posted by: MrChad
As with "offline" companies, software and online companies build trust on reputation. Microsoft may have used their corporate muscle to bully their way into markets and stifle competition, but I've never heard of them exploiting their monopoly to acquire private information secretly.

Well, they *have* been well-documented that they were collecting information from many sources, and in most cases, they've simply stated that they are collecting the information, but (currently), they do absolutely nothing with it. I don't know how true that is, but it could be true - they might simply be waiting for the legislative climate to change, in order to actually use and profit from that information. As far as "secretly", there are many cases in which they have been documented to be collecting information, without disclosing that fact up-front clearly to the user.

Originally posted by: MrChad
It's interesting that people (enthusiasts especially) tend to be more paranoid about Microsoft than about "geek friendly" companies such as Google. How can you be afraid of Windows Update and not Gmail (which admittingly scans the content of your inbox) or Google Desktop Search (which indexes the entire contents of your hard drive)? What makes a company like Google immune to these fears and doubts?

Well, personally, Google scares me more than MS when it comes to data-collection. While MS's main business (at least on the surface) is selling software - Google's main business, is information-collection itself, in an attempt to both collect and index and cross-reference and associate it in as many ways as it can, and in many cases in perpetuity, technology-permitting. Considering that Google is probably as big or bigger now an advertiser as DoubleClick was back in the day - well, that should definately scare some people. (Considering what DoubleClick wanted to do - collect non-personalized web usage data, which most people saw as acceptable - and then they went and purchased another company that had a large direct-mail database with real-world information, and DoubleClick was planning on integrating the two! Well, I'm sure that Google is probably planning things as bad or worse, whatever "worse" might be - I can't quite imagine right now.)

 

[VirtualLarry]

Originally posted by: STaSh
C2 was part of the TCSEC criteria (Orange Book), and it was retired in 2000. It was replaced with the Common Criteria, which assigns evaluation assuarance levels (EALs) to products. The Common Criteria is a standard that is recognized worldwide, whereas TCSEC was a DoD system, Canada had CTCPEC and Europe had ITSEC.

Ok, that helps, but how does "C2" compare to "EAL4", in terms of the big picture? Which one is more severe/more stringent, and is one a super-set of the other? Or totally unrelated and/or uncomparable?

Originally posted by: STaSh
Hi, welcome to 2002. Corporate adoption of XP has taken off since then.

Actually, I was referring to a rather recent article that I read about a survey that was done. Most corps had as many or more machines still running Win95-ish OSes than XP. W2K was edging out NT4 though. I agree that NT4 is getting a bit long in the tooth, but in standalone applications, there's really no need to change it out if it works. There certainly has yet to be a popular mandate for adoption of XP by corporations.

Originally posted by: STaSh
XP is simply far superior in the corporate environment and firms are realizing that they would be remiss in ignoring that. There are over 600 new group policy settings in XP SP2 alone. PKI with XP (and 2003) has far more functionality than 2000, and features like remote desktop and RSoP are huge in corporate environments. EFS is improved and more secure in XP (SP1 and higher) with 256-bit AES encryption and improved key management by way of PKI. There are big improvments with offline files in XP, including the ability to encrypt the CSC. This is a huge deal to corporations with legions of road-warriors. On and on....

I've read a lot of various marketing material over the years, but I haven't actually seen much on crypto-related improvements that were made specifically to XP. I'm not a crypto guru, but I'll check those out, thanks. I know that some changes were made in terms of default EFS key-escrow policies between XP and W2K, something about changes in the designated recovery agent, I think by default in W2K that is the Administrator, and there is no default in XP. (IIRC)

I also recall that thing about being able to use a W2K boot CD to access an XP installation using the recovery console, and not being prompted for a password. That was an interesting security faux paus for MS for certain. Did they fix that in XP SP2, by any chance?

 

[drag]

Data collection? Data collection? I can't beleive anybody is worried about data collection.

I probably have information about all of you sitting 15 feet away from me on the tape drives. Didn't you know that when you sign up for a driver's license or fishing license your states sell that information to private corporations? Bill collectors, morgatages, loan applications, credit card applications, online retailers , etc etc.

All of them gather information about you and sell it, and your worried about GOOGLE? People didn't know about this for freaking their entire lifetimes and here you guys are worried about google keeping track of your e-mail for you.

You want 5000 names of people that make over 35,000 dollars a year, hunt deer, are males between ages of 25 and 40, and live within certain counties in Michigian? Give my company a few thosand dollars and we can give you a list of names within a few days.

It's nuts how much is known about you. There is no such thing as privacy on the internet. Never was, never will be. It's not what the internet was designed for.

DRM is crap. DMCA is crap. There are no technical reasons why the average person needs this sort of crap, the problems have already been solved long ago about securing information, it's just that they aren't related to turning computers into the equivelent of TV sets for the 22 century.

Screw Itunes. Screw the ipod. I don't want none of that crap. I go down the store, buy a cdrom, rip it to my computer and get more songs per dollar then you can get thru Itunes. Hell BMG music warehouse mailing crap is a better deal. There are plenty of independant retailers online that sell non-DRM music, plus it's much higher quality (sound quality, not so much artistic quality, but you can find good stuff, none-the-less) then what you can get .
you can find links to some decent online music retailers here. Even free downloads of live shows and such. Perfectly legal.


Screw places like Suprnova.org, too. They had some good stuff, but too much of it was outright piracy. I believe in fair rights, not abuse of the internet. Screw the RIAA, screw hollywood. It's not our government's job to protect their 300% profit paychecks.

So on and so forth.

 

[stash]

Ok, that helps, but how does "C2" compare to "EAL4", in terms of the big picture? Which one is more severe/more stringent, and is one a super-set of the other? Or totally unrelated and/or uncomparable?

There isn't really a clear-cut comparison between the two. But I'll let you do some reading on that. It's a very large topic. You may want to pick up a CISSP book or something similar.

Actually, I was referring to a rather recent article that I read about a survey that was done

Link? Reference?

I also recall that thing about being able to use a W2K boot CD to access an XP installation using the recovery console, and not being prompted for a password. That was an interesting security faux paus for MS for certain. Did they fix that in XP SP2, by any chance?

I gotta give you credit...you really are pretty sneaky about getting FUD into your posts. This is not a flaw. Your linux, mac, <*> system is "vulnerable" in the same way. If someone has physical access to your machine, it is no longer your machine. You can use a boot floppy or some other similar program to view files on a 2000 paritition just as easily. The same floppy will allow you access to any other type of system.

 

[drag]

Yep. if a person has physical access to your computer then your security is shot. You will be able to keep them from network resources for a short time, but that is gone as soon as a different person logs into the machine and begins using some passwords.

There were a few machines back in the day that were "secure". If you forgot the root password then the only way to reset it was to reflash or soldier a new chip into the motherboard. People that had to use the machines and depend on the information stored in those machines quickly learned that its a realy realy bad idea.

I can take a flash drive or a miniture "business card" style cdrom running Linux applications and reset the password on almost any computer I come across. Weither it be Linux, BSD or Windows NT-based. If you want to protect your computer from physical attack, a locked room is your best bet. (don't forget about the plenum area, either)

 

[VirtualLarry]

Originally posted by: STaSh
I gotta give you credit...you really are pretty sneaky about getting FUD into your posts. This is not a flaw. Your linux, mac, <*> system is "vulnerable" in the same way. If someone has physical access to your machine, it is no longer your machine. You can use a boot floppy or some other similar program to view files on a 2000 paritition just as easily. The same floppy will allow you access to any other type of system.

Yes, but what I was talking about was an actual software defect. Booting to the Recovery Console, on any system, is supposed to prompt your for the Admin password. The fact that it apparently does not, when booting a W2K Recovery CD on a system with an XP NTFS partition, is a flaw, because it is not functioning as designed.

Now, there are tools to reset the password to nothing for the Administrator account, and then go in that way, or to simply use a different OS to read the filesystem and access everything (as long as it's not encrypted). I wasn't trying to suggest that one could prevent a determined attacker from accessing the filesystem if they had physical access to the machine. I would never suggest that; I hope that you would at least give me that much credit.

It wasn't FUD, you just mis-understood what I was saying - that MS's "most secure OS ever" had a silly little defect, that let people trivially bypass the password (as opposed to making them work for it by having to hack the SAM and bypassing it that way).

 

[EndGame]

Originally posted by: Link19
[q=Virtual Larry]Do you let the police drive by every night to shine a spotlight into your window to see if your up to something? Why or why not? Especially if you have "nothing to hide". Responses like yours bother me, because I know that the people that make them, are either "just saying that", or they are truely missing something upstairs, if they don't believe that privacy rights are important for individuals. If you want to be treated as a prisoner in your own home, then fine, go right ahead, but don't try to entangle others into that web of fascism.

I totally agree with you on that. It's that kind of attitude EndGame has that ultimately is one of the biggest threats to our freedom and a global police state like in George Orwell's 1984 becoming a reality!!! That kind of statement bothers me a HELL of a lot too!!! People have a right to their privacy no matter what you may think!! If you are one to believe "I don't care if I'm watched by governments or corporations because I have nothing to hide and don't do anything wrong, you are just demonstarting the attitude that will make global FASCISM become a reality!! So no one should try and drag someone into that so called web of FASCISM by making such statements like that. People have a right to their privacy and a right to know before any special interest or party is going to collect some identifying information about them. I don't care what kind of information it may be. People have a right to their privacy no matter what and no one should have the right to just obtain idnetifying information about someone without their consent or a clear and proper court order for a very good reason.[/quote]

Then stop using your computer!

LOL! If you have no trust in anyone/anyplace scanning your system for needed updates, etc., you need to unninstall all your AV software, Mozilla browser, Anti - Spam software, Spyware Detectors, etc. since they all scan for updates and also scan your system!

Also, you better watch it.. you don't know what info PAyPal, EBay, Amazon, even NewEgg have to gather to do a transaction. Stop using those also and forget about ever using a credit card online.

You can blow this out of proportion all you like but the truth is, unless you have some trust in mankind, you might as well stop now, sell off everything and move into a remote mountain region, live off the land, halt all contact with anyone in any way and shoot everyone whom comes within 1000 yards of your little settlement.

See, it's just as easy to blow things out of proportion from both sides! All I'm saying is, I have no problem with my system being scanned for software updates. If you do, perhaps it's you whom have the problem because a little hint.......it is being by some software right now or a few minutes from now, and it has been before....!

 

[Canterwood]

Originally posted by: VirtualLarry
I also recall that thing about being able to use a W2K boot CD to access an XP installation using the recovery console, and not being prompted for a password. That was an interesting security faux paus for MS for certain. Did they fix that in XP SP2, by any chance?

No, the flaw (and it IS a flaw) wasn't fixed in XP SP2.
We regularly use the 'hack' at work when using the recovery console to fix customers XP machines.
For us, its more of a 'feature' than a flaw.

 

[stash]

Yes, but what I was talking about was an actual software defect. Booting to the Recovery Console, on any system, is supposed to prompt your for the Admin password. The fact that it apparently does not, when booting a W2K Recovery CD on a system with an XP NTFS partition, is a flaw, because it is not functioning as designed.

It's not a flaw, it is working as designed. The 2000 recovery console does not recognize the XP SAM, which is why you don't get prompted. I can put a knoppix CD in a 2000 or XP system and it won't prompt for any password either, because knoppix could care less about the SAM. Is this a flaw too?

Likewise, I can put the same knoppix CD in a linux system and have the same access. This is not a flaw! This is security 101.

It wasn't FUD, you just mis-understood what I was saying - that MS's "most secure OS ever" had a silly little defect, that let people trivially bypass the password (as opposed to making them work for it by having to hack the SAM and bypassing it that way).

It is FUD, or at least ignorance. Why would any one with physical access to your drives hack a SAM file? If you had physical access to a linux box, would you be wasting your time trying to brute force the root password? Sensationalist journalism that crows "HUGE NEW XP HOLE! RUN FOR YOUR LIVES!!" does not make this an actual vulnerability.

 

[Phoenix86]

Which is false. Perhaps you meant "always" instead of "EVER"? Granted, he wasn't completely correct either, implying that media-swapping was always required.

Now the point is getting lost in semantics, which is, swapping media to install windows is not required. It never has been, as other options have been available.

TY for the USB driver info, noted, and along the lines with the couple of pages I read. I wonder why they produce these drivers at all? Esp. considering there have been problems with them, why not let the mobo/chipset vendors sort this out?

I guess the key word here would be "typical", but if you look at the scenarios that MS promotes in their advertising literature, with devices running WinXP, XP Embedded, or PocketPC Windows, then it doesn't seem so atypical after all, if you believe their hype.

Even then, 2 machines + pocket PCs on each is less than 5. Also, do pocket PCs count against the 5 machine connection limit? I'd bet XPE does, but I'm not sure other mobile devices count.

PS. Sorry, I failed to find the info about the de-activation of Office XP on that reporter on the airplane. I guess I'll keep looking. It had to have been an article from around 2000 or 2001.

I'd be REAL curious to see the details. I mean I could install 120 day killware and bitch on the 121th day. Or I could install XP and never activate it and bitch on the day after it's not active...

They dropped all of their current work on Longhorn, to instead work on getting XP SP2 out the door. I call that a "rush" to develop and deploy XP SP2,

The vendors has plenty of time to make their changes. *They* were not rushed. IIRC there were several months provided between RTM (release to manufacturer) and Gold. MS may have refocused a lot of people in a short time, and I'm sure they were rushed. Again, Mr.Chad's point is the vendors had time. Which is why I lay blame on them for THEIR software not working. MS widely advertised vendors would have to make changes in their code because of SP2. MS provided time. Vendors who STILL do not have patches available are to blame. SP2 was released, what 5-6 months ago. It was RTMed several months before that meaning they have had 9 months or MORE with the SP2 code. Why don't 3rd party vendors have a working patch after 9+months? (very rough dates, exact ones can be provided if needed).

To say nothing about the XP SP2 VPN breakage issue.

SP2 has cause a lot of changes, but again how long does it take companies to work around these?

I don't recall MS ever announcing with XP SP2 "we broken localhost IP routing!

Are you an app dev.? If not, why would you know? If so, was there no documentation available, or did you just not know about it? (all serious Qs)

OSX is nice, but that's a whole 'nother 300 post discussion.

STaSH, do you have any links about what's currently certified and what that certification means?

Well, FWIW, I don't trust any of those. I think that it would be a mistake to "trust" any large corporate entity that is hell-bent on making a profit at your expense, and at the expense of your hard-fought legal rights.

I'd argue, that if you have a MS OS installed you DO trust them. Afterall you don't have the source code, and not everything can be reverse engineered to figure out what it's doing... That doesn't mean keeping them honest isn't a worthy cause either.

Physical access=your a$$ is owned. You are SUPPOSED to be able to reset the admin password if you have physical access. *IF* it was a flaw, it was only allowing a different method that was ALREADY available. Physical access is the HIGHEST level of security, second only to access to the copper network wires (this is why wireless scares the hell out of me in genenral).

This thread has gotted 1000% better in the last few posts.

 

[JackNaylorPE]

Phoienix:

Don't mix quotes from different messages and we will be OK. I have several independednt networks that I manage and some non networks. In one message I spoke of the 9 machine network "here". In a completely different message I spoke of ANOTHER example (See 12/21 12:57). Again, the number of machines was stated to be 54 and the message you quoted and inappropriately inserted into THIS example referred to a 9 machine network. Er....(to borrow your phrasing) .... dude, 54 minus 9 means there's 45 other machines out there which I am drawing my experiences from. If you are going to quote, let's stick the the 12/21 12:57 message you are allegedly quoting from which says:

"As for the replacing media question, single machine, ****no network**** let's do the math.

Machine 1 - NT4 w/ 511 MB C partition w/ OS, Partitioning tools, and TBU software. Everything else on other partitions totaling 20 Gig of files.
Machine 2 - XP w/ 30 Gig C partition w/ everything. All the same files as above plus the extra 1.5 Gig of OS"

These are two actual machines which I have at two SEPARATE locations, many miles away from the 9 machine network.

That, and only that, is the stated example given to which you allegedly responded. If you want to address ***that*** statement go ahead, don't throw in quotes from other messages and expect it to be evaluated as a response to the stated question.

When judging a company and "trends" and behavior, it's appropriate to look at past perofrmance. Your position is like a defense attorney defending his client saying "I can't believe anyone would actually compare the 3 rapes my client committed in the 1990's in a discussion about his behavior in the year 2005".

Or someone trying to sell investors on his new 2005 product. "Yes, we have released a new product every two years since 1990 and yes every single one of those has lost more and more market share to it's competitors, but we shouldn't include our past performancefrom the 1990's with regard to our new product. " Past performance and historical performance IS a consideration in judging a product, vendor, girlfriend or whatever.

Consistent trends are indicative that your conclusion is not an anomoly. If I start testing "Shorthorn" (so named by me since they decided to pull many of the planned features out in order to make the release date), and I find it slower than XP, should I immediately think....gee it must be configured improperly or something else must be wrong ? No when considering that every Windows OS has been bigger, required more memory and more bloated than its predecessor, this is the expected result. Were that not true, I would start searching for OTHER reasons why it is slower but the trend, with the sole exception of a faster boot time for XP, is consistent thru MS's history.

 

[JackNaylorPE]

Chad:

Best I can find on the web is MS applying for NSA certification not getting it. XP, not even applied for.

Bsuiness satrted doing Win2k migrations AFTER XP was already out. There's plenty of documentation on the InfoWorld site in that regard. As for the Canadian study, it's almost 9 months old so web enginees are not putting it at the top of the list in searches like they did back in march. The story was originally on zdnet so I wills earch their archives and let ya know if I find it.

P2P is peer to peer.....that means no special hardware, no special software. It is just a regular windows PC with very fast hard drives. But I use those hard drives on every box anyway. It also serves as my CAD station as it runs CAD best. The BSOD's on my sons machine both occured while using Windows update. there are NO 3rd party drivers on this machine that I recall other than the video driver and Intel SATA / chipset driver.

As for XP's improvements / compatability issues, why not present a step thru procedure on next boot ? These were known before release so a procedure that went for example.

Clicking this box will turn on the Windows Firewall. If yoiu alreday have a firewall and would prefer to keep it, do not click this box. Press NEXT to go to next question. When you got to the one that breaks AutoCAd I'd get the chance to check the box that says "No don't do this".

On the memory comparison issue, I wasn't using a simplistic approach. We have done bench test comparisons using AutoCAD on an NT4 box and and NT5.0 box (haven't done full scale NT5.1 tests yet cause the machines available at this point are too far apart in hardware). The NT5.0 box had a 15% faster processor but everything else was the same. Yet the NT4 box, despite having the slower CPU) kicked butt on the NT5.0 box.

 

[JackNaylorPE]

Windows 2000 is also approved for government use, and at a higher level than NT 4 (EAL4). XP embedded was submitted for EAL4 certification back in the Spring of 2004, and I'm pretty sure it got it. I say this because I work on a highly critical government network that is comprised entirely of XPe devices.

That's good news about W2k. I remember reading about it being applied for but never saw the final announcement. I haven'tr seen anything about the desktop XP even being applied for.

 

[JackNaylorPE]

Drag:

I am not complaining at all that the drivers are included. What I am complaining about is I keep getting told on this board that it's a 3rd part driver issue. It's simply not true. I am complaining about that MS broke it when they released Sp2. Here's the situation.

Win2k - everything works
WinXPSp1 - everything works
WinXPSp2 - it's broken.

It's been stated over and over again that I should get a new driver from Intel. Neither Intel nor any other vendor has a 3rd party USB driver for XP. All I am saying is that MS has to now fix what they broke with SP2.

 

[JackNaylorPE]

Congratulations.

You are either:

a: A fantastic bull sh!tter.
b. An utterly incompetent sysadmin who hasn't patched his box in almost eight years.
c. All of the above.

If you do a little research, you'll find you have to add an option d. The fact is Windows Update is patching that NT4 system as I type.

As for b....yeah me and the > 50% of coprorate america who hasn't installed XP.

 

[JackNaylorPE]

How did they "rush" this release? SP2 was available for months and months in beta form specifically so that it could be tested "in the wild." You have no basis for your statement.

The only answer necessary is the 200 things listed as broken by MS on their web site.

Secondly, almost all SP2-related issues that I've heard of can be resolved by tweaking the Windows firewall or DEP settings

OK, tell me how to fix the USB problem....the one where the keyboard works on Sp1 but not SP2 and MS is the only source for the driver.

It's Microsoft's fault that Logitech and Saitek have products that are difficult to install?

Difficult to install ?.....it works on Win2k, SP0-4, It works on WinXpSp0-1 but it don't work on XPSP2.....MS provides the only USB driver and doesn't allow the installation of 3rd party USB drivers in XP...where else do I go for an answer ?

And I'd hardly call a bluetooth keyboard "as simple as you can get."

You may not be aware that the Logitech Bluetooth set works as a plain ole USB keyboard until you install the bluetooth driver to expand the functionality. The bluetooth stuff is not installed.....couldn't get into windows in order to install the bluetooth stuff as you can't log in unless the keyboard puts letters on the screen when you try and type in the password.

As far as tweaking to get something to work, in idiot proofing the OS for the newbs, they have made it more difficult for the knowledgeable user to do anything. You can't easily rename a driver for example to get it the heck out of the way to see if it is conflicting with something. TS should be more than "damned if I know, try spending 8 hours installing your OS and programs again."

Now the best way to work on a non booting Windows box is to make a Knoppix CD with an NTFS editor.

 

[JackNaylorPE]

really don't have the time or concern to address everything you posted, but, the one where you stated you ***MUST*** use NT4 to do business with the governement on ANY security matters was quite enough. That was all the Faux Paux I needed to read. I worked for several years as an aeronautics engineer for a civilian contractor in Hunstville AL. We worked DAILY with security sensitive material and frequently with NSA officials. Sorry to break it to you, but, they aren't on NT4 systems anymore and neither were we. When I left we were transitioning from 2K to XP and many of the gov. systems were already using XP. That was toward the end of '03.

Well it's already been posted that Win2k has now received its NSA certiifcation and that only XP "embedded" has even been applied for, so no more need be said there. I certainly can't find XP listed as having hi security certification on the NSA web site.

As for the illegal software comment, I don't play with software licenses.....I pay for shareware and donate to freeware that I use. I am not going to risk a $150k fine from BSA or Autodesk to skimp out on afew dollars of software.

I can not understand your support for an activation system that requires 20 minutes of arguing to install an OS on a hardware system where every single hash code generated by the process exactly matches the one from a few days before.

If you read thoroughly you'd note that I supply hardware to my employees / associates not software. Your position therefore postulates a deception for a supposssed gain that could not possible occur. Just exactly what would I be gaining by playing with software licensing ? I have site licenses for all the stuff I use here on my site. Because these other machines are off site and ownership is passed onto others, I can't qualify them for business licesning and thereby avoid the activation process. Be that as it may, it wouldn't make financial sense as 5 copies of WinXP with 5 CD's is significantly cheaper than a 5 seat business license.

 

[JackNaylorPE]

Chad:

I agree those are two ends of the sectrum and ,a s usual the truth lies somewhere in the middle. I don't allow those google thingies on any box and am alsways suspect of WHY people want to snoop. If they ask or if I can see what is being provided, no problem. But yes, I am more suspicious of MS than most.....after all it was MS who went into court with rigged videotape demonstrations and then lied about it. MS was caught lying in court numerous times, not as alleged by anyone else but by submitting as proof their own internal e-mails.

When Passport came out, two 15 year old kids were reading credit card info within 15 minutes. After it was fixed an Israeli security foirm broke in and obtained the same data with another 15 minutes of effort.

If there is an informed exchange of what information will be collected, when it will be collected and what will be done with that information, no problem. But this sneakie-do stuff, like when you disable WU it still looks at the HD and sends stufff to MS, makes me supsicious as to why they are doing it.

 

[JackNaylorPE]

Larry:

I believe that laptop story was from PC Magazine editor Bill Howard IIRC.

 

[Phoenix86]

JackNaylorPE, lots of posts, didn't realize you were talking different scenarios. I provided two, possible three solutions that do not require networks or swapping of media. However in that case I would not reimage a machine on site, unless there is a tech on site. If there is, the disk-disk solution would work. At any rate, who can't swap media?

Your rape anaolgy is riddled with holes. That's like saying XP is basically DOS (client of the atty is same, OSes are not).

Sure it's fair to look at trends and past performance when deciding wether to upgrade or not. There are also other considerations, like management, ease of use, ease of support, compatibility, etc. Performance is NOT the only consideration.

If you do a little research, you'll find you have to add an option d. The fact is Windows Update is patching that NT4 system as I type.

Give it 8 more days and it wont, see my previous post with link. Support ends 12/31/04, after which you will not be getting security updates unless MS feels like it.

The only answer necessary is the 200 things listed as broken by MS on their web site.

The only counter to that is the thousands of software that are working... Which had to be patched... Again your just spouting off the same remarks I already answered and you didn't reply to. Maybe you can answer why 3rd parties could create a SP2 compatible patch in ~9 months the code was available to them, or the ~5 months since it's been available from windows update?

 

[stash]

Originally posted by: JackNaylorPE

Windows 2000 is also approved for government use, and at a higher level than NT 4 (EAL4). XP embedded was submitted for EAL4 certification back in the Spring of 2004, and I'm pretty sure it got it. I say this because I work on a highly critical government network that is comprised entirely of XPe devices.

That's good news about W2k. I remember reading about it being applied for but never saw the final announcement. I haven'tr seen anything about the desktop XP even being applied for.

I find it amusing that you equate not having yet been certified with being insecure. Applying for, being evaluated, and achieving Common Criteria certification is a very long process. It took over two years for Windows 2000 to achieve EAL4.

Both Windows XP and Windows Server 2003 are being evaluated under the Common Criteria. There is absolutely no reason to assume that they will not achieve at least as high a certification as 2000.