Why are people so desperate to install WinXP SP2?

[txxxx]

?! Are people that bored?

 

[Hossenfeffer]

Well, I believe that, all-in-all, it's a good thing. That being said, it's going to sting.

 

[Mem]

When it currently causes more damage than good?!

Hmmm what damage?Working great on both my PCs,SP2 has security improvements which is one good reason to install it,besides it`s free to download .

 

[txxxx]

Originally posted by: Mem

When it currently causes more damage than good?!

Hmmm what damage?Working great on both my PCs,SP2 has security improvements which is one good reason to install it,besides it`s free to download .

I've already have 2 friends moan about applications that dont work - which they need for day to day use.

Now here's some scary results although a sample of 900 is a little small.

Needless to say, I do wish whoever throw's themselves in SP2 did list their PC spec + main apps that did fail.

 

[Looney]

Four systems here, and no problems with any of them.

 

[bulldawg]

No problems on 6 different machines. Must say it has surprised me!!

 

[RVN]

All Anandtechers are desperate people ...we can't help it.

Diehard IE users are benefitting from sp2's built in pop up blocker among other things.

I'm getting one more clean install with sp1(slipsteamed) and the updates before they go away and preserving a "backup" image (before I "sp2" the primary box), while they're still available. Before long we won't have a choice to go that route and we'll be forced to adopt the sp2 if we are to remain safe. Perhaps us "desperados" are just making sure we can live with it, sooner instead of later.

 

[oldman420]

you have a valid point sir,
lets further try to answer your query.

pros and cons of xpsp2

pros
1,security center will bug all of those lazy non firewall/anti virus people to secure there systems thereby protecting us all.
2, internet explorer is much more secure stopping most malicious code and pop ups from occurring. it is now so secure it makes you give permission to do almost any INTERNET file related task. pia but important from a security standpoint.
3, windows firewall is much better and now includes outbound protection as well. not the best but everything helps.
4,sp 2 includes a new wireless connection tool and much improved support for wireless networking.
5, win update v5 is much more efficient.
6, xpsp 2 also hardens the OS against some future attacks i think.

cons.
1, breaks most apps that depend on activex and it also breaks some auto update features on some programs.
2, limits the number of tcpip connections making it much harder to do peer to peer file sharing
3, breaks some games Dependant on tcpip
4, for the expert it is annoying to have to deal with the security center and some other warnings that must be replied to.
5, as a beta it broke every single machine i put it on.
6, its a hassle to dl it though win update will automate most of that.
so you have some of the pros and cons from my standpoint
my final analysis is that security is paramount and prob most of the apps that don't work are prone to vulnerabilities.
they will work out patches for all of the games and other critical apps that break in time so thats only a temp issue.
it is time for this as the laypeople not us anandtechers are the ones responsible for the proliferation of web based attacks this sp will put a stop to that as it will annoy the amateur to the point of getting av and firewall up and updated.
so by everybody i am assuming you must mean everybody here at AT forums. we are the fools that aren't afraid to break windows for the sake of mankind we are the best test subjects and as a bonus also the most eager to try out new ideas in tech
god bless AT and all of you helpful smart people .
have fun
Jerome

 

[spyordie007]

It's inevitable that installing a service pack is going to cause problems for some users, after all it updates a hellofalot of system files. Just because there are a handfull of people who have problems doesnt mean it "does more harm than good."

<-Already installed SP2 on about a dozen machines without any unanticipated problems.

 

[chsh1ca]

Originally posted by: spyordie007
Already installed SP2 on about a dozen machines without any unanticipated problems.

The key word. With a bit of research you can overcome most app breaking hurdles.

 

[ELopes580]

upgraded 2 PCs to SP2, no major probs here, yet....

 

[jadinolf]

Windows update delivered it to me last week, I believe. I certainly have not had any problems.

 

[bsobel]

1, breaks most apps that depend on activex and it also breaks some auto update features on some programs.

Wrong. User may have to put some sites into the trusted zone OR specifically allow the active-x to load. But to say it breaks most apps using active x is simply not true.

2, limits the number of tcpip connections making it much harder to do peer to peer file sharing

Completely false.

3, breaks some games Dependant on tcpip

Please name them. Games that don't use the FW api's may have to be manually added to the FW.

Bill

 

[bsobel]

Originally posted by: txxxx
?! Are people that bored?

Because the sooner we get this out to the majority of XP users the better, it will have a positive effect in reducing the effect of some types of future worms.

Bill

 

[earthling30]

Originally posted by: Hardcore
Four systems here, and no problems with any of them.

Same here but tonight I'm re-installing it on one of them to test out my WIN XPPro SP2 Slipstream CD.

 

[drag]

You want to know why people are trying to get SP2 isntalled?

Because they don't want to get their @ss handed to them by a cracker or a worm, that's why.

Remember mydoom? Lets not do that again shall we.

There are numerious security tweaks, patches, and updates with SP2 you can't get anywere else. It means that if your not running XP using SP2 you might as well be using a unpatched machine. Windows has problems enough, and it's not going to help out any running a machine with out the latest fixes installed.


The firewall breaking apps is freaking retarded. It's not MS fault, if a application crashes when it tries to poll the network and ports are block, when that app has no business accessing the network in the first place, then programmer responsable for that application crashing was a moron.

 

[earthling30]

Originally posted by: earthling30

Originally posted by: Hardcore
Four systems here, and no problems with any of them.

Same here but tonight I'm re-installing it on one of them to test out my WIN XPPro SP2 Slipstream CD.

I guess it all depends on how you install it as a upgrade.

I have personally done the following before installing it:
Made sure my system was free and clear of Viruses, Spyware, Malware, Trojans, etc.
Disabled the screen saver and power options.
Shut down everything in the task bar including the virus scanner.
Turned off my internet (installed SP2 from the full download).
Defrag my hard drive(s).

The idea here is to keep the system from doing any unnecessary work while installing the update and this will hopefully make a better install. BTW, I've seen the list somewhere on this forum the M$ has posted with a list of programs that are having trouble running after installing SP2. Out of what I've read, I have the following on my pc that was on that list: AutoCad 2004, Nero 5.5, Adobe Photoshop Elements, just to name a few and I'm not having any problems with either program. I know that some of these tips that I listed may not be necessary, but it doesn't hurt it!

 

[txxxx]

I can see a lot of these are security based, but if using a decent firewall with NAT based qualities, and alternative browser, it seems at the moment SP2 is more trouble that its worth. I've not been hit by any of these worms.

bsobel : There is a TCP/IP connection limit with SP2 now, widely documented, so its actually true.

 

[n0cmonkey]

Originally posted by: txxxx
I can see a lot of these are security based, but if using a decent firewall with NAT based qualities, and alternative browser, it seems at the moment SP2 is more trouble that its worth. I've not been hit by any of these worms.

bsobel : There is a TCP/IP connection limit with SP2 now, widely documented, so its actually true.

NX.

Plus, the firewall built into XP SP2 should have been written by the people that know the most about the OS/stack.

 

[VirtualLarry]

There is actually *is* a problem with XP SP2 breaking apps that talk to themselves over a localhost IP address other than 127.0.0.1 - all other 127.x.x.x IPs are outright blocked in XP SP2, which doesn't sound very RFC-conformant to me. It may have been an accidental outcome of their new IP-subnet anti-spoofing features. There is a hotfix available to "open up" the other 127.x.x.x IPs for use, but you have to call MS for it, it's not freely downloadable. So XP SP2 *does* break at least a few things, and it's not the app's fault at all.
On the whole, I still think XP SP2 is a Good Thing, but definately Ghost your system before installing it. Who knows what it will break. I haven't upgraded yet, mostly because I'm still running W2K SP2.

(And there is actually another issue in XP relating to 127.0.0.1, but I don't think that issue started with SP2 - network stack traffic on the localhost loopback adaptor from/to 127.0.0.1, *cannot* be blocked nor controlled by 3rd-party firewalls, due to changes that were made in the TCP/IP stack in XP. I am not sure if the built-in SP2 firewall can control that traffic, but I have a feeling that it has a "free pass rule" too. This is a real security risk, for malware to get out, by piggybacking onto a local HTTP proxy running and listening on localhost.)

Oh yeah, legitimate security tools don't work on XP SP2 now either - MS broke NMAP, by removing "raw sockets". (Which, IMHO, was never a security risk to begin with, and I blame Steve G.'s ranting about it for why MS removed it.)
http://seclists.org/lists/nmap-hackers/2004/Jul-Sep/0002.html

So there are a number of significant changes made to the networking "guts" of XP in SP2, unrelated to the firewall, that may break things.

 

[bsobel]

There is a TCP/IP connection limit with SP2 now, widely documented, so its actually true.

Repeating misinformation does not make it true. There is NOT a new TCP/IP connection limit in SP2. What has changed is a queue (not a limit) for unestablished new connections. This *in no way* puts a cap on the number of connections that can be established at one time. The effect of the change is that port scanners and flash worms will propigate slower (as they tend to hit lots of addresses where the tcp handshake will not complete). You can turn the behaviour off via a registry change if you need to (say) run a portscanner for valid reasons.

which doesn't sound very RFC-conformant to me

Stolen from another site since I'm being too lazy to retype it "According to RFC3330, 127.0.0.0/8 - This block is assigned for use as the Internet host loopback address. A datagram sent by a higher level protocol to an address anywhere within this block should loop back inside the host. This is ordinarily implemented using only 127.0.0.1/32 for loopback, but no addresses within this block should ever appear on any network anywhere. The third sentence, which says that 127.0.0.1 with a bitmask of 32 is the common implementation for loopback- a bitmask of 32 means that only 127.0.0.1 is loopback, not 127.0.0.x. The second sentence can be taken to imply that 127.x.x.x could all loopback, but the third says that this is not the ordinary implementation.

So, actually, the behaviour IS rfc compliant.

MS broke NMAP, by removing "raw sockets

Well, they didn't fully remove it, they changed the functionality, specifically "The ability to send traffic over raw sockets has been restricted in two ways: TCP data cannot be sent over raw sockets.
UDP datagrams with invalid source addresses cannot be sent over raw sockets. The IP source address for any outgoing UDP datagram must exist on a network interface or the datagram is dropped."

Bill

 

[VirtualLarry]

Originally posted by: bsobel
You can turn the behaviour off via a registry change if you need to (say) run a portscanner for valid reasons.

From my reading of the posts over on Neowin.net, the registry entry, or at least the previously-documented "TCPConnectionLimit" one, does not affect/mitigate the new TCP limitations introduced with XP SP2. If you are aware of a simple registry tweak to "turn off" that feature, I would be interested. I would much rather use a registry tweak than a hacked/patched system binary to fix that issue.

Originally posted by: bsobel
Stolen from another site since I'm being too lazy to retype it "According to RFC3330, 127.0.0.0/8 - This block is assigned for use as the Internet host loopback address. A datagram sent by a higher level protocol to an address anywhere within this block should loop back inside the host.

And now, with XP SP2, it's not doing that. Only a single IP within that block is allowed access.

Originally posted by: bsobel
So, actually, the behaviour IS rfc compliant.

I don't see how that is. Hopefully MS will fix their code glitch.

Originally posted by: bsobel

MS broke NMAP, by removing "raw sockets

Well, they didn't fully remove it, they changed the functionality, specifically "The ability to send traffic over raw sockets has been restricted in two ways: TCP data cannot be sent over raw sockets.
UDP datagrams with invalid source addresses cannot be sent over raw sockets. The IP source address for any outgoing UDP datagram must exist on a network interface or the datagram is dropped."
Bill

Well... ok... but in a manner of speaking, "raw sockets" in XP SP2, are no longer "raw", if they have those limitations placed upon them. So they did indeed remove (true) "raw" sockets.

I'm actually a bit disappointed in that, I was hoping that such functionality could be used to implement some interesting networking tools, running in user-mode, but I guess that will never happen now. Oh well. :|

 

[bsobel]

And now, with XP SP2, it's not doing that. Only a single IP within that block is allowed access.

The important part of that quote was "The third sentence, which says that 127.0.0.1 with a bitmask of 32 is the common implementation for loopback- a bitmask of 32 means that only 127.0.0.1 is loopback, not 127.0.0.x. The second sentence can be taken to imply that 127.x.x.x could all loopback, but the third says that this is not the ordinary implementation." Not saying MS shouldn't restore the previous functionality (doesn't appear it was intentionally removed), I was just commenting that I don't think the RFC is as clear as you suggested on the issue. The hotfix is available and that will migrate into a public fix after it gets regressed.

From my reading of the posts over on Neowin.net, the registry entry, or at least the previously-documented "TCPConnectionLimit" one, does not affect/mitigate the new TCP limitations introduced with XP SP2. If you are aware of a simple registry tweak to "turn off" that feature, I would be interested. I would much rather use a registry tweak than a hacked/patched system binary to fix that issue.

I might be wrong on this, there was a key (or at least I was told there was) during the beta. I didn't followup us (as I actually see this generally as a welcome change, it will help slowdown future worms). I'll have dig some more when I get back into the office. Curious tho, why do you feel that you need this? (I suspect your one of the folks who legitmately use portscanners/etc but thought I'd ask if there was a different reason)

Cheers,
Bill

 

[Cadaver]

SP2 appears to have killed Adobe Acrobat 6.0 Pro on one of my two PCs, and I'm unable to reinstall it without errors (after uninstalling via the usual routine).

I'd get a "...application needs to shutdown" error when launching. And uninstalling and reinstalling from original (legal) CD results in an error during the PDF Print Driver install module. Can't figure it out.

Machine #2 however, seems to be holding up just fine.

 

[VirtualLarry]

Originally posted by: bsobel

And now, with XP SP2, it's not doing that. Only a single IP within that block is allowed access.

The important part of that quote was "The third sentence, which says that 127.0.0.1 with a bitmask of 32 is the common implementation for loopback- a bitmask of 32 means that only 127.0.0.1 is loopback, not 127.0.0.x. The second sentence can be taken to imply that 127.x.x.x could all loopback, but the third says that this is not the ordinary implementation." Not saying MS shouldn't restore the previous functionality (doesn't appear it was intentionally removed), I was just commenting that I don't think the RFC is as clear as you suggested on the issue. The hotfix is available and that will migrate into a public fix after it gets regressed.

I was just trying to point out, that even as you quoted, the standard calls for the entire block of 127.x.x.x IPs to be considered the localhost loopback.

The fact that it also mentions that a common implementation only supports 127.0.0.1, doesn't make that the actual standard, IMHO, just an example. The actual standard reserves that entire IP range/block, and that fact is well-understood among networking people. The fact that otherwise legitimate and working networking apps broke because of MS's code changes also tends to support that.

Originally posted by: bsobel

From my reading of the posts over on Neowin.net, the registry entry, or at least the previously-documented "TCPConnectionLimit" one, does not affect/mitigate the new TCP limitations introduced with XP SP2. If you are aware of a simple registry tweak to "turn off" that feature, I would be interested. I would much rather use a registry tweak than a hacked/patched system binary to fix that issue.

I might be wrong on this, there was a key (or at least I was told there was) during the beta. I didn't followup us (as I actually see this generally as a welcome change, it will help slowdown future worms). I'll have dig some more when I get back into the office. Curious tho, why do you feel that you need this? (I suspect your one of the folks who legitmately use portscanners/etc but thought I'd ask if there was a different reason)

Cheers,
Bill

No, I don't do any portscanning, I'm just bothered by MS putting arbitrary limits on basic features of the OS. What's next? Only being allowed to run three programs at a time? (Oh wait, they already did do that...)

I know that I am vigilant enough in knowing my system's behavior and performance, that my system is not at risk from spreading any sort of network-borne worms or malware. I agree though, just like the firewall being enabled by default now, it is generally a positive change for the majority of users out there, who either can't or don't properly administer their machine.

(Remember when the NT4 Workstation betas had an enforced limit of 10 incoming/listening TCP/IP connections? Thankfully MS listened to the harsh criticism at the time, and changed it from a technical limit to a EULA-imposed limit by release, and therefore most people totally ignored it in practice. MS was just trying to prop up their monopoly and destroy their competitors in the emerging Win32-based web-server market. I beleve that O'Reilly was very outspoken about this, because they also offered a Win32-based web server platform at the time that competed against the "free" IIS. Gotta love monopolies at work.)