is sp2 for xp a must install

[clamum]

Originally posted by: MrChad

Originally posted by: clamum
I've been using SP1 since it came out, never install updates from Microsoft, and have had zero problems... then again I could just be lucky.

:roll:

What's that for?

 

[Bassyhead]

you should install it, no problems with any of the computers i've installed it on

 

[MrChad]

Originally posted by: clamum

Originally posted by: MrChad

Originally posted by: clamum
I've been using SP1 since it came out, never install updates from Microsoft, and have had zero problems... then again I could just be lucky.

:roll:

What's that for?

Why do you "never install updates from Microsoft"? You realize that worms and viruses rely on users like yourself who don't keep their systems up-to-date. You do a disservice to the entire computing world by being a potential catalyst for malicious software. Just because you've been "lucky" so far doesn't mean you aren't vulnerable to future attacks.

 

[rgavel]

Originally posted by: MrChad

Your logic baffles me. SP2 corrects a multitide of critical security flaws within the operating system.

And I've not found a specific one that pertains to my computer systems the way I have them set up. Can you point out some specific fixes I should be aware of?

It's people who refuse to install critical security updates who "don't know how to secure their computer."

One could argue it's people who run around waving their hands proclaiming the sky is falling that are causing a great deal of the FUD in the computer industry.

The changes in SP2 go well beyond the built-in firewall and added nags about updating virus definitions and installing ActiveX controls.

I'm well aware of the changes introduced by SP2, most of them address specific flaws in faulty software. Have you thoroughly investigated the list of fixes found here?
http://support.microsoft.com/default.aspx?scid=kb;EN-US;811113

Which do you think pertain to my computer systems?

Again, your logic is absurd. People who are "secure in their computing habits" keep their software and operating system up-to-date with the latest patches and fixes.

If you want to download the latest patches/upgrades 'cause it makes you feel better, I won't stop you. Personally, I choose to judiciously download/update only those patches that are absolutely necessary for the smooth operation of my computer system. If the upgrade/patch don't apply to my system, I ain't gonna waste my time.

There are countless viruses and worms specifically designed to exploit security flaws within Windows. Keeping your OS as up-to-date helps protect you from these malicious programs.

Instead of painting with a generic brush, can you give me some specific examples of viruses and worms that will exploit my systems if I choose not to update? I'd really like to know, maybe I'm missing something.

 

[MrChad]

How about Data Execution Protection, which prevents buffer overflow attacks? Or the TCP/IP connection queue, which slows the spread of new worms? Or changes to DCOM and Remote Procedure Calls (RPC), two commonly exploited features in Windows?

Instead of the bug list you listed, take a look at this article. The bottom line is that there a number of changes that affect not only you, but the entire internet community. Virus and worm writers thrive on users who do not keep their systems up-to-date. It allows them to easily exploit documented weaknesses in the operating system. By not patching your system, you put yourself and everyone else on the internet at risk. It's irresponsible, plain and simple.

 

[mechBgon]

Originally posted by: rgavel

Originally posted by: MrChad

Your logic baffles me. SP2 corrects a multitide of critical security flaws within the operating system.

And I've not found a specific one that pertains to my computer systems the way I have them set up. Can you point out some specific fixes I should be aware of?

It's people who refuse to install critical security updates who "don't know how to secure their computer."

One could argue it's people who run around waving their hands proclaiming the sky is falling that are causing a great deal of the FUD in the computer industry.

The changes in SP2 go well beyond the built-in firewall and added nags about updating virus definitions and installing ActiveX controls.

I'm well aware of the changes introduced by SP2, most of them address specific flaws in faulty software. Have you thoroughly investigated the list of fixes found here?
http://support.microsoft.com/default.aspx?scid=kb;EN-US;811113

Which do you think pertain to my computer systems?

Again, your logic is absurd. People who are "secure in their computing habits" keep their software and operating system up-to-date with the latest patches and fixes.

If you want to download the latest patches/upgrades 'cause it makes you feel better, I won't stop you. Personally, I choose to judiciously download/update only those patches that are absolutely necessary for the smooth operation of my computer system. If the upgrade/patch don't apply to my system, I ain't gonna waste my time.

There are countless viruses and worms specifically designed to exploit security flaws within Windows. Keeping your OS as up-to-date helps protect you from these malicious programs.

Instead of painting with a generic brush, can you give me some specific examples of viruses and worms that will exploit my systems if I choose not to update? I'd really like to know, maybe I'm missing something.

Why don't you go ahead and tell us how you do have your computers set up, since you want a critique

I read every virus description published on McAfee's or Norton's new-threat lists, and there are countless variants of W32.Spybot, Gaobot, and others that are specifically on the hunt for more computers to infect that are vulnerable to a whole list of popular Windows vulnerabilities. McAfee recently remarked that they see an average of 25 new Gaobot variants per day.

Want an example, I'll hunt down a representative of the breed here...

http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.jpb.html

Read the whole description, and notice that Symantec is up to a three-letter designator on the end of that family's name (showing how many variants have surfaced so far). This is the kind of threat that makes me glad I've got almost 100% Restricted Users, most ports blocked on the router, good centrally-managed antivirus software, up-to-date patches, and our email server running interference for us by blocking certain categories of attachments by default, including ZIP.

Besides patching the vulnerabilities that that family of worms is looking for, SP2 also puts a lid on how many outbound connections the computer can initiate simultaneously, reducing the DDoS capability of an infected system and reducing its supply of ammo for infecting other systems using a random-IP approach.

You might say "well sure, but my proof is in my track record," and I can see that, but that's what my colleagues were saying before their WAN got overrun by a network-aware worm exploiting an easily-fixed security vulnerability. I think someone brought in an infected laptop and plugged it into their network over there, but we'll never know Personally, I had assessed the threat and deployed an EXTRA.DAT using McAfee ePO, and the systems were patched and had strong Administrator passwords, and we had nothing to worry about, whether we knew it here or not.

An ounce of prevention... yeah

 

[stash]

Personally, I choose to judiciously download/update only those patches that are absolutely necessary for the smooth operation of my computer system. If the upgrade/patch don't apply to my system, I ain't gonna waste my time.

Well, there's been a massive amount of IE critical updates released for XP since RTM. I would definitely include those in the absolutely necessary category. That's why they're ranked critical. Any update that shows up when you go to WU that is critical is absolutely necessary for your machine. There is only one exception to this rule: if your machine never ever ever ever connects to a network. Any network. Like if you had an offline root certificate authority, you don't need to patch, because by design that machine should never connect to the network. It should not even have a NIC.

 

[stash]

I'm well aware of the changes introduced by SP2, most of them address specific flaws in faulty software. Have you thoroughly investigated the list of fixes found here?
http://support.microsoft.com/default.aspx?scid=kb;EN-US;811113

Have you? How do the following not apply to you?

MS03-005: Unchecked Buffer in Windows Redirector May Permit Privilege Elevation
MS03-005: Unchecked Buffer in Windows Redirector May Permit Privilege Elevation
MS03-015: April, 2003, Cumulative Patch for Internet Explorer
MS03-008: Flaw in Windows Script Engine may allow code to run
MS03-024: Buffer overrun in Windows could lead to data corruption
MS03-045: Buffer overrun in the ListBox and in the ComboBox Control could allow code execution
MS04-023: Vulnerability in HTML Help could allow code execution
MS02-054: Unchecked buffer in file decompression functions may allow attacker to run code
MS04-007: An ASN.1 vulnerability could allow code execution

There are plenty more. Not to mention that RTM is technically no longer a supported OS (or won't be very soon, N-1 service packs is the general rule).

 

[RVN]

Originally posted by: Aenslead
Service Pack 2 is not an upgrade for windows. Its rather another new Windows. Think of it as Win98-WinME.

Not analogous.

 

[rgavel]

Originally posted by: MrChad
How about Data Execution Protection, which prevents buffer overflow attacks?

Do you mean Data Execution Prevention?

DEP works alone or with compatible microprocessors to mark some memory locations as "non-executable." If a program tries to run code from a protected location, DEP closes the program and notifies you, whether the code is malicious or not. -- http://support.microsoft.com/kb/875351

Or the TCP/IP connection queue, which slows the spread of new worms?

Got some more info on this? How did SP2 specifically address this?

Or changes to DCOM and Remote Procedure Calls (RPC), two commonly exploited features in Windows?

How are my systems open to RPC exploits? How do you know what measures I have taken?

Instead of the bug list you listed, take a look at this article.

My 'bug list' as you refer to it, seems quite detailed compared to the overview you provided. My list itemizes each 'fix' that Microsoft included in SP2, and includes a link to the specific page for each 'fix'.

The bottom line is that there a number of changes that affect not only you, but the entire internet community. Virus and worm writers thrive on users who do not keep their systems up-to-date.

I would add "and do nothing to secure their systems."

It allows them to easily exploit documented weaknesses in the operating system. By not patching your system, you put yourself and everyone else on the internet at risk. It's irresponsible, plain and simple.

No one has yet pointed out an exploit 'patched' by SP2 that is able to compromise any of my computer systems.

 

[mechBgon]

How are my systems open to RPC exploits? How do you know what measures I have taken?

You're asking us to critique your "measures," so lay your cards on the table and tell us what they are, bro What are they, per-system firewalls or antivirus or keyboards and mice submerged inside an aquarium full of electric eels, or what you got there?

Got some more info on this? How did SP2 specifically address this?

SP2 queues the TCP/IP connections if there are more than ten.

 

[ProviaFan]

Originally posted by: mechBgon

Got some more info on this? How did SP2 specifically address this?

SP2 queues the TCP/IP connections if there are more than ten.

Since he's going to nitpick this one to death rather than admit that installing SP2 is worth anything, we'd better clarify that those are "TCP/IP connection attempts." You can have more than 10 TCP/IP connections going at once, but you can't be trying to initiate more than 10 connections at the same time.

 

[mechBgon]

Originally posted by: ProviaFan

Originally posted by: mechBgon

Got some more info on this? How did SP2 specifically address this?

SP2 queues the TCP/IP connections if there are more than ten.

Since he's going to nitpick this one to death rather than admit that installing SP2 is worth anything, we'd better clarify that those are "TCP/IP connection attempts." You can have more than 10 TCP/IP connections going at once, but you can't be trying to initiate more than 10 connections at the same time.

Thanks for the refinement to that I don't actually disagree that he could be safe from worms and viruses if he's careful... I could probably run Win2000 RTM with nothing but a router (if I actually had broadband instead of this crummy dialup ), two or three electric eels, and a tinfoil deflector beanie.

But if a pal came over, let himself in, found me away, and proceeded to plug his worm-infested ThinkPad into my router to access the IntarWeb, my system would be down for the count. Or if he grabbed my system, and went to some innocent website, and encountered something like the infamous The Register ~ Bofra Incident.... Oh gee, look what this says...

Reader with Windows XP SP2 are protected from the Bofra /IFrame exploit

Granted, a patch eventually covered the rest of the flavors of WinXP/IE, but at the time... nope.

(edited to reflect the hypothetical situation where I had broadband )

 

[clamum]

Originally posted by: MrChad

Originally posted by: clamum

Originally posted by: MrChad

Originally posted by: clamum
I've been using SP1 since it came out, never install updates from Microsoft, and have had zero problems... then again I could just be lucky.

:roll:

What's that for?

Why do you "never install updates from Microsoft"? You realize that worms and viruses rely on users like yourself who don't keep their systems up-to-date. You do a disservice to the entire computing world by being a potential catalyst for malicious software. Just because you've been "lucky" so far doesn't mean you aren't vulnerable to future attacks.

I never install them because I have no problems. Have never had a problem.

I do a disservice to the whole computing world? HAHAHAHAH

 

[rgavel]

Originally posted by: mechBgon

Why don't you go ahead and tell us how you do have your computers set up, since you want a critique [/quote]

I've not asked for a critique. I've seen lots of encouragement to install SP2 but with no explanations how my specific systems might be exploited. In reading some of the subsequent posts I see people pointing out how they think my systems might be compromised, but I've also seen some basic security mistakes presented as possible risks. (plugging in laptops, etc.)

 

[rgavel]

Originally posted by: STaSh
Well, there's been a massive amount of IE critical updates released for XP since RTM. I would definitely include those in the absolutely necessary category.

IE is not used on any of my systems.

 

[mechBgon]

Originally posted by: rgavel

Originally posted by: STaSh
Well, there's been a massive amount of IE critical updates released for XP since RTM. I would definitely include those in the absolutely necessary category.

IE is not used on any of my systems.

It can still be invoked You can go to Add/Remove Programs > Add/Remove Windows Features, "uninstall" IE completely, and still if you double-click My Computer and type a URL into the address bar at the top where it says My Computer, guess what the window turns into...?

Yeah.

I've not asked for a critique.

Yes you did. Go re-read your own posts, you're challenging everyone to show you where you have a weakness in your armor. Not that I'd bother looking for one myself, you've made your mind up and you seem to think it makes you l33t to run the old, vulnerable kernel and etc. Have your way, then

 

[rgavel]

Originally posted by: STaSh

Have you? How do the following not apply to you?

MS03-005: Unchecked Buffer in Windows Redirector May Permit Privilege Elevation

The risk is MEDIUM. This vulnerability cannot be exploited remotely. An attacker would require the ability to log onto the system interactively in order to run programs that use the Windows Redirector. http://www.ciac.org/ciac/bulletins/n-039.shtml

MS03-015: April, 2003, Cumulative Patch for Internet Explorer

IE is not used on any of my systems.

MS03-008: Flaw in Windows Script Engine may allow code to run

The risk is MEDIUM. For an attack to be successful, the user would need to visit a website under the attacker's control or receive an HTML e-mail from the attacker.
http://www.ciac.org/ciac/bulletins/n-063.shtml

MS03-024: Buffer overrun in Windows could lead to data corruption

The risk is MEDIUM. In order to exploit this vulnerability, an attacker would need a valid user account, and be authenticated by the server prior to sending an SMB packet to it. http://www.ciac.org/ciac/bulletins/n-115.shtml

MS03-045: Buffer overrun in the ListBox and in the ComboBox Control could allow code execution

The risk is MEDIUM. An attacker with a user account could elevate their privileges to the Administrator level. http://www.ciac.org/ciac/bulletins/o-009.shtml

MS04-023: Vulnerability in HTML Help could allow code execution

The risk is MEDIUM. A remote attacker may execute code and gain root privileges by hosting a malicious website and enticing a user to view the site or access the site via an HTML email message. http://www.ciac.org/ciac/bulletins/o-182.shtml

MS02-054: Unchecked buffer in file decompression functions may allow attacker to run code

The risk is LOW. The most serious vulnerability could allow an attacker to potentially run code of his/her choice. The vulnerabilities could not be exploited without user intervention. The attacker would need to entice the user to receive, store, and open the zipped file provided by the attacker.
http://www.ciac.org/ciac/bulletins/n-001.shtml

MS04-007: An ASN.1 vulnerability could allow code execution

The risk is HIGH. A local or remote attacker could gain root access or cause a denial of service. http://www.ciac.org/ciac/bulletins/o-065.shtml

Of those you listed, only one is considered a HIGH risk, though it may indeed affect my systems, and has given me cause to pause.

I truly wonder how severe the risk is though when secunia.com still lists 21 of 87 advisories for Windows XP as unpatched, at least one of them rated highly critical which Microsoft has been aware of for at least 10 months. According to secunia, "...the vulnerability has been confirmed on fully patched systems running Windows XP and Windows 2000." http://secunia.com/advisories/11482/

A list of the remaining unpatched advisories for WinXP can be found here: http://secunia.com/product/22/#advisories

There are many additional advisories on the secunia website that pertain to Microsoft products, such as IE6.

In this highly critical advisory for example, secunia states: "...since the plugin is digitally signed by Microsoft, it may be silently installed through Internet Explorer by any website." http://secunia.com/advisories/9534/

Of the 78 advisories for IE6, secunia lists 19 that remain unpatched.
http://secunia.com/product/11/

OE6 fares a little better, there are only 6 unpatched advisories, the worst being rated as moderately critical. http://secunia.com/product/102/

For a complete list of unpatched Microsoft products that may be placing your computer at risk: http://secunia.com/vendor/1/

A fully patched, updated system will not be protected against any of the unpatched advisories listed on the secunia website.

 

[mechBgon]

IE is not used on any of my systems.

Until a Downloader or Trojan invokes it, you mean. And yes, there are some that do precisely that, they will auto-launch IE as part of their dirty work. Look at McAfee's site for some LowZone and Downloader variants if you want to check them out. Here's one on McAfee's current new-virus list: http://vil.nai.com/vil/content/v_131696.htm

You do seem to have a strong case of backwards vision. Look at how many new threats come out every day. What about tomorrow's, or a month from now? You want to wait 'til you're in an auto accident, and then put your seatbelt on as you sit in the wreckage? Think about this.

 

[rgavel]

Originally posted by: mechBgon

How are my systems open to RPC exploits? How do you know what measures I have taken?

You're asking us to critique your "measures," so lay your cards on the table and tell us what they are, bro What are they, per-system firewalls or antivirus or keyboards and mice submerged inside an aquarium full of electric eels, or what you got there?

Actually, it was a rhetorical question.

 

[rgavel]

Originally posted by: ProviaFan
Since he's going to nitpick this one to death rather than admit that installing SP2 is worth anything...

I've already said SP2 is a worthwhile upgrade for those using IE, OE, and other programs it affects. I just don't consider it worth installing on MY systems.

 

[rgavel]

Originally posted by: mechBgon
I don't actually disagree that he could be safe from worms and viruses if he's careful... I could probably run Win2000 RTM with nothing but a router (if I actually had broadband instead of this crummy dialup ), two or three electric eels, and a tinfoil deflector beanie.

Why thank you. Aluminum foil is the key.

But if a pal came over, let himself in, found me away, and proceeded to plug his worm-infested ThinkPad into my router to access the IntarWeb, my system would be down for the count.

Some pal. That's what pitbulls are for.

Reader with Windows XP SP2 are protected from the Bofra /IFrame exploit

As are those that have taken alternate precautions.

 

[CQuinn]

Of those you listed, only one is considered a HIGH risk, though it may indeed affect my systems, and has given me cause to pause.

The flaw in your analysis is that MS has been known to underestimate the severity
of risk of given exploits, and has in the past raised the risk level of given patches
based on user feedback, and been required to release new patches because they
did not sufficiently address a (LOW to MEDIUM) rated security issue the first time around.

I just don't consider it worth installing on MY systems.

Which is your perogative, but that does not address the OP question, which is
that it is highly recommended for the average user... both for the security issues
that SP2 addresses, and the minor improvements to the OS which are designed
to aid in the use and longevity of the average system.

 

[rgavel]

Originally posted by: CQuinn

Of those you listed, only one is considered a HIGH risk, though it may indeed affect my systems, and has given me cause to pause.

The flaw in your analysis is that MS has been known to underestimate the severity
of risk of given exploits, and has in the past raised the risk level of given patches
based on user feedback, and been required to release new patches because they
did not sufficiently address a (LOW to MEDIUM) rated security issue the first time around.

It's not the risk level I worry about as much as it is the required actions by the attacker. I look at things like:

"...vulnerability cannot be exploited remotely. An attacker would require the ability to log onto the system interactively"

"...user would need to visit a website under the attacker's control or receive an HTML e-mail from the attacker."

"...an attacker would need a valid user account, and be authenticated by the server..."

"...An attacker with a user account ..."

"...attacker may execute code and gain root privileges by hosting a malicious website and enticing a user to view the site or access the site via an HTML email message."

"...vulnerabilities could not be exploited without user intervention. The attacker would need to entice the user to receive, store, and open the zipped file"

I just don't consider it worth installing on MY systems.

Which is your perogative, but that does not address the OP question, which is
that it is highly recommended for the average user... both for the security issues
that SP2 addresses, and the minor improvements to the OS which are designed
to aid in the use and longevity of the average system.

I've already agreed that SP2 is a good idea for someone unconcerned about security, but the topic subject was: is sp2 for xp a must install

I don't believe it is a must install for ~everyone~.






[/quote]

 

[Rommie2006]

Originally posted by: ProviaFan

Originally posted by: mechBgon

Got some more info on this? How did SP2 specifically address this?

SP2 queues the TCP/IP connections if there are more than ten.

Since he's going to nitpick this one to death rather than admit that installing SP2 is worth anything, we'd better clarify that those are "TCP/IP connection attempts." You can have more than 10 TCP/IP connections going at once, but you can't be trying to initiate more than 10 connections at the same time.

In that case what is the max TCP/IP connections a XP SP2 camputer can establish?
Even initiating 10 connections max at one go is undesired! Is there anyway to work around this damn "improvement" when I install SP2? Stupid microsoft...