0
   

XP SP2 - Windows XP Service Pack 2

 
 
Walter Hinteler
 
  1  
Reply Mon 9 Aug, 2004 01:58 pm
Seems, the new download link is online:

link to Beta News: Windows XP Service Pack 2 (SP2) Network Installation Package
0 Replies
 
Walter Hinteler
 
  1  
Reply Mon 9 Aug, 2004 02:02 pm
link to 'neil's world' Windows XP SP2 Official Download link
0 Replies
 
timberlandko
 
  1  
Reply Mon 9 Aug, 2004 02:48 pm
I go along with the "Wait and see" crowd on this one. The CD will be along before too long, I'm sure, and in the meanwhile, let other folks figure what's gonna break and how to go about fixin' it.
0 Replies
 
Monger
 
  1  
Reply Mon 9 Aug, 2004 06:47 pm
Walter's link does lead to an official download. Still, here's the same link on Microsoft's release page for it: Windows XP Service Pack 2 Network Installation Package (266MB).

If you're on dial-up, you should probly wait at least until it's released on the WindowsUpdate site ( http://windowsupdate.microsoft.com ), as using that method you'll only need to download the parts specific to the version of Windows you're using (you'll be downloading less than a third as much).
0 Replies
 
Monger
 
  1  
Reply Mon 9 Aug, 2004 06:53 pm
Incidently, I just finished downloading the full SP2 release package with a broadband connection. Took me just under 15 minutes, with it coming in at near 320 KBps.
0 Replies
 
Monger
 
  1  
Reply Mon 9 Aug, 2004 09:33 pm
Craven de Kere wrote:
Sigh, I avoided Active-X altogether because I wanted to avoid web-install. I didn't think signing an .exe installer was important. I guess it will be.


I just installed SP2 (went very smoothly, btw). I intentionally disabled my virus scanner beforehand & SP2 was smart enough to catch that & turn it back on.

I had the a2k toolbar when I installed it...SP2 didn't break it. Removed the toolbar then reinstalled. Worked fine. I was first asked "Do you want to run or save this file?"...I clicked Run, then I was asked "The publisher could not be verified. Are you sure you want to run this software?"....I clicked yes & it worked fine.
0 Replies
 
Walter Hinteler
 
  1  
Reply Mon 9 Aug, 2004 11:47 pm
Glad it worked with, Monger.


(And after I'll hear of some tenthousands positive installations and find no negative reviews, I'll join the crowd and install it, too :wink: )
0 Replies
 
Thok
 
  1  
Reply Tue 10 Aug, 2004 02:04 am
As a member of the Linux commuity ( I use Mandrake ) , I have a few questions about garbage, er, sorry, Microsoft XP Windows SP2.

Are the facts below right ?
Quote:

Pop-up ads blocked
Revamped firewall on by default

Outlook Express, Internet Explorer and Windows Messenger warn about attachments
Origins of downloaded files logged
Web graphics in e-mail no longer loaded by default
Some spyware blocked
Users regularly reminded about Windows Updates
Security Center brings together information about anti-virus, updates and firewall
Protection against buffer over-runs
Windows Messenger Service turned off by default


How about in general, for those that installed it ?

But I guess new viruses will be coming..

I want not start a flame discuss, but : Linux and OpenSource are the very best.
0 Replies
 
timberlandko
 
  1  
Reply Tue 10 Aug, 2004 09:37 am
Thok, the reason the M$/Windows family gets attacked more than do other browsers and OS's is simply and plainly that it offers a much bigger target. The open-source nature of Linux itself would make it a very entertaining playground for bullies and creeps if more kids played there. As it is, there are exploits out there directed against Apple's OS, its Panther browser, Linux, and the Firefox, and related, browsers. You don't hear much about 'em only because far, far fewer folks are affected by the attendant inconveniences.
0 Replies
 
Thok
 
  1  
Reply Tue 10 Aug, 2004 10:47 am
however, even if Linux has more user this OS would be safe. Just more work for the members..
0 Replies
 
Craven de Kere
 
  1  
Reply Tue 10 Aug, 2004 11:41 pm
Monger wrote:
Craven de Kere wrote:
Sigh, I avoided Active-X altogether because I wanted to avoid web-install. I didn't think signing an .exe installer was important. I guess it will be.


I just installed SP2 (went very smoothly, btw). I intentionally disabled my virus scanner beforehand & SP2 was smart enough to catch that & turn it back on.

I had the a2k toolbar when I installed it...SP2 didn't break it. Removed the toolbar then reinstalled. Worked fine. I was first asked "Do you want to run or save this file?"...I clicked Run, then I was asked "The publisher could not be verified. Are you sure you want to run this software?"....I clicked yes & it worked fine.


Thanks! Good news, as I didn't know if I'd be willing to spend a few hundred bucks over the next two years to sign it.

It's not really generating any revenue, so it wouldn't be worth it from a financial standpoint.
0 Replies
 
timberlandko
 
  1  
Reply Tue 10 Aug, 2004 11:50 pm
Downloaded SP2 onto a machine this AM ... Toolbar seems to be working fine on my XP Home machine (though there have been a couple other inconveniences revolving around other 3rd Party software, notably NAV 2004, ZoneAlarm Pro and Spybot S&D's TeaTimer - but easy enough to resolve so far), but I haven't installed SP2 on my XP Pro machine yet ... and I'm still gonna wait a while on that just to see what shakes out.
0 Replies
 
Craven de Kere
 
  1  
Reply Tue 10 Aug, 2004 11:52 pm
Thok,

Linux isn't really inherently more secure then MS (well maybe in a few areas that SP2 will go a long way toward addressing).

MS can be configured to be just as secure as linux, but the default settings aren't that secure.

Thing is, MS users are not as technically adept as Linux users.

The biggest security advantage linux has is a more technically inclined userbase.

If Windows users never ran admin accounts (it would be like using superusers on Linux) and took security precautions they'd have as secure a box as a Linux one gets.

I use all OSes right now except Macs, I run XP and Windows 2000 on some workstations, Linux on some of A2K's servers, Windows/IIS and windows servers for my new comoany as well as Free BSD for them as well.

With each of the setups, I can harden the boxes and have security. It's not like I ever have any of my windows boxes rooted.

This new service pack is really going to help toward an MS security culture, and just about every single major MS exploit over the last year would have been prevented if the default settings shipping with SP2 were implemented beforehand (for e.g all the RPC exploits are easily foiled with the firewall that was there, but that n00bs never used).

Ever since I learned the very basics of network security I have not only never been compromised but have never had a vulnerable box that wasn't intentionally so (e.g. exposing a box to get a copy of exploit code).

It's easy to talk trash about MS products, but the bottom line is that they can be used in just as secure a fashion.

With this new service pack and the MS trustworthy computing initiative, this security mantra from anti-MS folk will be more and more baseless.
0 Replies
 
Thok
 
  1  
Reply Wed 11 Aug, 2004 01:09 am
well, yes.

But it is not only the factor security. Linux is OpenSource. That's an advantage compared to Microsoft and other CSS. Many possibilities, good software and quality.
0 Replies
 
Craven de Kere
 
  1  
Reply Wed 11 Aug, 2004 01:28 am
Thok wrote:
well, yes.

But it is not only the factor security. Linux is OpenSource. That's an advantage compared to Microsoft and other CSS. Many possibilities, good software and quality.


I don't think an open source model is an inherent security upside (or downside), despite the advantages (and disadvantages) of open source code auditing.

I do, however, think it makes a big difference in people's feelings about the software (as in people are less likely to get pissed about free stuff with fewer liscensing restrictions.
0 Replies
 
Thok
 
  1  
Reply Wed 11 Aug, 2004 01:34 am
Each to their own, of course.

But however, eSoftware patents, what plan the EuropeanUnion at present, should be forbidden!
0 Replies
 
tkedgley
 
  1  
Reply Thu 12 Aug, 2004 05:41 am
when does this sp2 come out?? for single pc?
0 Replies
 
Thok
 
  1  
Reply Thu 12 Aug, 2004 06:14 am
look on the articles above.

The problem with Windows XP SP2

Quote:
Teething troubles hit Windows XP SP2

The DivX problem is going to be repeated on quite a few applications.

Anything that generates machine code into a memory buffer and then calls it will be hit, until the authors modify their software to tell Windows what they're doing. The calls for this have existed since the introduction of the Win32 API - it's just that until now, nothing went wrong if you didn't use them.

The technical details go like this. Since x86- compatible CPUs acquired memory protection, at the 386, it's been possible for operating systems to mark memory segments as readable or writable - much like filename permissions under UNIX/Linux. But until AMD introduced the NX bit, it hasn't been possible to control if segments were executable. If memory could be read, you could try to execute it.

Buffer overflow attacks work in just this way: upload a large packet, stuffed with machine code and with trickery to get the target computer to execute it. For more gory details, see Jon Erickson's Hacking: the art of exploitation, from No Starch Press, or doubtless any one of dozens of website.

DEP marks stack and data memory as non-executable, so that if you try to execute it, you get an error: see dep.gif, attached.

DivX will be generating machine code into a buffer and calling it. This is a recognised trick for accessing screen memory extremely quickly: you generate code that implicitly knows about the screen memory layout, the logical operatings you want to do on the image, and so on. They you call it. It runs a load faster than code that's full of "if (24bitscreen) {} else {}" idioms, because all those questions were answered while it was geing generated.

To avoid DEP biting you when you do this, you need to allocate the memory that will hold the code with the correct flags. With a quick look in MSDN, it seems that VirtualAlloc with the appropriate flProtect option is what you need. Windows will set up a memory segment that's execute-enabled, and give you back a pointer to it. You do need to use VirtualAlloc: malloc() doesn't know a thing about this stuff.

As for why the DivX install is giving trouble, I don't know. I'd suspect an installer which generates machine code for its own operatings on the fly, or something like that. Other things that could easily get bitten by DEP include naive Java JITs and similar programs. Straight C or C++ code that doesn't try to get clever with the guts of the hardware doesn't seem to do this.

Like the DivX answer page says, you can turn off DEP for individual programs under XPsp2. My Computer=> Properties=>Advanced=>Performance, then see dep2.gif, attached. If you want to see what DEP looks like on your own systems, use NXTEST, by Robert Schlabbach, from here


Link with images
0 Replies
 
Tomkitten
 
  1  
Reply Thu 12 Aug, 2004 08:05 am
XP SP2 - Windows XP Service Pack 2
Sounds like the cure is worse than the disease. Confused
0 Replies
 
Craven de Kere
 
  1  
Reply Thu 12 Aug, 2004 10:44 pm
There are growing pains, but shutting down buffer overflow exploits eliminates what is probably the largest pool of possible exploits that could be addressed.
0 Replies
 
 

Related Topics

Clone of Micosoft Office - Question by Advocate
Do You Turn Off Your Computer at Night? - Discussion by Phoenix32890
The "Death" of the Computer Mouse - Discussion by Phoenix32890
Windows 10... - Discussion by Region Philbis
Surface Pro 3: What do you think? - Question by neologist
Windows 8 tips thread - Discussion by Wilso
GOOGLE CHROME - Question by Setanta
.Net and Firefox... - Discussion by gungasnake
Hacking a computer and remote access - Discussion by trying2learn
 
Copyright © 2020 MadLab, LLC :: Terms of Service :: Privacy Policy :: Page generated in 0.04 seconds on 09/27/2020 at 04:20:53