Security in different XP versions - breaking news

  • Thread starter Thread starter Fr. Gregory Hallam
  • Start date Start date
Now that MS has announced that it will only protect XP SP2 browsers ....
see here ...

http://news.zdnet.com/2100-3513_22-5378366.html

.... will it only be SP2 that delivers the fixes or the humble "old"
original XP Home as well for users such as myself who don't want to
upgrade to SP2?
Click to expand...

Also here:

http://news.com.com/2102-1032_3-5378366.html

I think the sidebar from the above link with this quote pretty much sums it
up:

"Should Ford have gone back and retrofitted every Pinto with anti-lock
brakes when the technology came out? Should OnStar be available for 1989
Dodge Aries K cars? If you want the new technology, you have to stay current
with the new products."
--unknown

Note there are third party solutions. Avant offers a nice shell that offers
pop-up blocking, tabbed browsing and many other security and user
enhancements. Many people will say just use Firefox.
 
Fuzzy said:
@tk2msftngp13.phx.gbl:




Also here:

http://news.com.com/2102-1032_3-5378366.html

I think the sidebar from the above link with this quote pretty much sums it
up:

"Should Ford have gone back and retrofitted every Pinto with anti-lock
brakes when the technology came out? Should OnStar be available for 1989
Dodge Aries K cars? If you want the new technology, you have to stay current
with the new products."
--unknown

Note there are third party solutions. Avant offers a nice shell that offers
pop-up blocking, tabbed browsing and many other security and user
enhancements. Many people will say just use Firefox.
Click to expand...

Dear Fuzzy Logic

My policy is always, where prudent, to keep my OS uptodate. However,
SP1 and to a greater extent SP2 introduced features and issues that I
just don't want or need. This is especially the case with SP2 where MS
seems to have made a judgement that if the pack breaks some other
software; well, too bad.

Software companies make money through the upgrade cycle. Why should I
upgrade an OS that forces me to upgrade other software when I can get
the really crucial security patches from the Windows Update site
separately? In SP2 is, in effect, a new OS (as some have said and
weighing in at nearly 80Mb that seems to be the case) why are MS using
the vulnerabilities of their own software as a stick to beat their
customers back into the upgrade merry go round? Do I have confidence
that SP2 is staying one step ahead of the game in the battle for
security? That has been a promise made and broken before. Meanwhile
the hapless consumer keeps on throwing good money after sub-standard
products. If we were getting a new IE browser rather than a patchworked
quilted old browser, I might be persuaded. I am not. MS and the other
software companies might make more money if it followed through on
licensing software rather than outright selling it.

My original question remains unanswered though.

Will regular non-service-packed XP users be able to download patches (as
hitherto) separately from the Update site or will they HAVE to upgrade
to SP2 (with all the attendant problems) to get them?

This is a binary answerable question.
 
Dear Fuzzy Logic

My policy is always, where prudent, to keep my OS uptodate. However,
SP1 and to a greater extent SP2 introduced features and issues that I
just don't want or need. This is especially the case with SP2 where MS
seems to have made a judgement that if the pack breaks some other
software; well, too bad.
Click to expand...

There are lots of situations where 'upgrades' get you things you don't
want. If you've ever bought a new vehicle you know it can be quite
infuriating when, for example, you to have to get the heated seats with
the sunroof when you really only want the sunroof.

I also work with VMS systems and the situation for various patches is no
different. Occaisionally a patch breaks another product and we need to get
an update from another vendor (generally free) to correct the problem the
patch created. You cannot realistically expect the makers of the OS to
test for every possible piece (and version) of software that may run on
their systems.
Software companies make money through the upgrade cycle. Why should I
upgrade an OS that forces me to upgrade other software when I can get
the really crucial security patches from the Windows Update site
separately? In SP2 is, in effect, a new OS (as some have said and
weighing in at nearly 80Mb that seems to be the case) why are MS using
the vulnerabilities of their own software as a stick to beat their
customers back into the upgrade merry go round? Do I have confidence
that SP2 is staying one step ahead of the game in the battle for
security? That has been a promise made and broken before. Meanwhile
the hapless consumer keeps on throwing good money after sub-standard
products. If we were getting a new IE browser rather than a patchworked
quilted old browser, I might be persuaded. I am not. MS and the other
software companies might make more money if it followed through on
licensing software rather than outright selling it.
Click to expand...

Microsoft doesn't sell their software. They sell you a license to use
their software.
My original question remains unanswered though.

Will regular non-service-packed XP users be able to download patches (as
hitherto) separately from the Update site or will they HAVE to upgrade
to SP2 (with all the attendant problems) to get them?

This is a binary answerable question.
Click to expand...

I can't really answer for Microsoft but I suspect the answer is, it
depends. Some new patches will require features that were added in
previous service packs and won't be available unless you have the required
components.
 
Microsoft doesn't sell their software. They sell you a license to use
their software.




I can't really answer for Microsoft but I suspect the answer is, it
depends. Some new patches will require features that were added in
previous service packs and won't be available unless you have the required
components.
Click to expand...

I stand corrected ... but they could still lease the licence.

Your comment about the updates makes sense. It would have been better
though if MS had been a little more specific in their references to XP
and XP SP2. Maybe they want the ambiguity to drive people towards SP2.
Now I am getting paranoid! :-)
 
I stand corrected ... but they could still lease the licence.

Your comment about the updates makes sense. It would have been better
though if MS had been a little more specific in their references to XP
and XP SP2. Maybe they want the ambiguity to drive people towards SP2.
Now I am getting paranoid! :-)
Click to expand...

FWIW we have installed SP2 on 200+ systems here at work and have very little
in the way of issues with this 'upgrade'. I have heard issues with possible
performance hits on laptops but haven't seen it myself. I personally have
had no problems whatsoever with SP2.
 
Fuzzy said:
FWIW we have installed SP2 on 200+ systems here at work and have very little
in the way of issues with this 'upgrade'. I have heard issues with possible
performance hits on laptops but haven't seen it myself. I personally have
had no problems whatsoever with SP2.
Click to expand...

I am pleased for you (I am not being sarcastic). However, I am a
domestic user with a limited budget. Looking at those applications that
have problems with SP2, I spotted a few that I have. I suspect that
there will be others not listed. Why would I want to spend money on
updating many applications that are no more than 2 years old so I can
have a pop up blocker, wireless improvements, a better configurable
firewall (which I don't use anyway since I am sitting behind a damn good
router firewall)? I don't mind being hectored to have SP2 so long as I
can still update XP's critical patches without it. That's the issue
with me, (also the absurd but necessary preparations listed here were I
to go ahead with SP2 which I am not ....)

http://www.fixyourwindows.com/winxpsp2install.htm

Anti-MS rant ... skip this if appropriate ...

I never thought I'd be thinking about Linux ... but I am. Trouble is
.... I don't have the expertise to install and configure it and it isn't
well enough resourced with applications yet as far as I can see. When
we had the 95/98 architecture we were told that everything would be OK
when we moved over to NT+. Well it is a much more stable OS but just as
vulnerable to attack as anything that has gone before. This garment
will never be adequately patched and Service-Packed I fear. Add to that
the fact that Longhorn is being delayed because of problems and where
does this leave us?
 
I am pleased for you (I am not being sarcastic). However, I am a
domestic user with a limited budget. Looking at those applications that
have problems with SP2, I spotted a few that I have. I suspect that
there will be others not listed. Why would I want to spend money on
updating many applications that are no more than 2 years old so I can
have a pop up blocker, wireless improvements, a better configurable
firewall (which I don't use anyway since I am sitting behind a damn good
router firewall)? I don't mind being hectored to have SP2 so long as I
can still update XP's critical patches without it. That's the issue
with me, (also the absurd but necessary preparations listed here were I
to go ahead with SP2 which I am not ....)
Click to expand...

The actual MS article about applications and SP2 says they may behave
differently not that they wouldn't work. This is primarily related to the
firewall and simply disabling it or making a minor change will generally
correct the issue. If not you can always uninstall SP2.
http://www.fixyourwindows.com/winxpsp2install.htm
Click to expand...

Pretty well all the tasks listed there I would consider routine
maintenance and should be done on a regular basis in any case.
Anti-MS rant ... skip this if appropriate ...

I never thought I'd be thinking about Linux ... but I am. Trouble is
... I don't have the expertise to install and configure it and it isn't
well enough resourced with applications yet as far as I can see. When
we had the 95/98 architecture we were told that everything would be OK
when we moved over to NT+. Well it is a much more stable OS but just as
vulnerable to attack as anything that has gone before. This garment
will never be adequately patched and Service-Packed I fear. Add to that
the fact that Longhorn is being delayed because of problems and where
does this leave us?
Click to expand...

Security is a moving target and unfortunately that means patches and
updates as new exploits are discovered.

If you are looking for the perfect OS you will be waiting a long time.
Linux is not a panacea and if you are not prepared to do the tasks
involved to prepare for SP2 don't even think about Linux. Here is an old,
but still valid, article on Linux for the desktop:

http://www.wired.com/wired/archive/9.10/linux_pr.html
 
Pretty well all the tasks listed there I would consider routine
maintenance and should be done on a regular basis in any case.
Click to expand...

Dear Fuzzy Logic

.... but you are an IT professional (I assume from your posts) and I have
a certain degree of intermediate knowledge self taught over 15 years.

My friends who do not have these skills want a PC to do what it says on
the box. Maintenance (except for major incidents) should be easier to
handle and less time consuming ... BIOS, uninstall this, that and the
other, run anti-spyware, disable this, that and the other, update
drivers etc. etc. .... totally unrealistic for most of the market.
 
Dear Fuzzy Logic

... but you are an IT professional (I assume from your posts) and I have
a certain degree of intermediate knowledge self taught over 15 years.

My friends who do not have these skills want a PC to do what it says on
the box. Maintenance (except for major incidents) should be easier to
handle and less time consuming ... BIOS, uninstall this, that and the
other, run anti-spyware, disable this, that and the other, update
drivers etc. etc. .... totally unrealistic for most of the market.
Click to expand...

Basically you are saying why can't my computer be like a TV or Telephone?
Simply plug it in and use it. Sadly we are not at that stage yet. I realize
that some of these tasks can be daunting (at first) but much like driving a
car they can become second nature. Regardless of the operating system these
things must be done if you wish to keep your computer runnning well and free
of unwanted/hazardous software. Much like the commercials with the mechanic
talking about oil changes "You can pay me now or you can pay me later" The
point being that if you don't do the routine maintenance you are asking for
bigger problems down the line.

I would suggest you allocate a little time each week to investigate some of
the things you don't feel comfortable with. Generally the answers are easy
to find on the web these days and by all means keep asking questions.
 
Fuzzy said:
@TK2MSFTNGP14.phx.gbl:




Basically you are saying why can't my computer be like a TV or Telephone?
Simply plug it in and use it. Sadly we are not at that stage yet. I realize
that some of these tasks can be daunting (at first) but much like driving a
car they can become second nature. Regardless of the operating system these
things must be done if you wish to keep your computer runnning well and free
of unwanted/hazardous software. Much like the commercials with the mechanic
talking about oil changes "You can pay me now or you can pay me later" The
point being that if you don't do the routine maintenance you are asking for
bigger problems down the line.

I would suggest you allocate a little time each week to investigate some of
the things you don't feel comfortable with. Generally the answers are easy
to find on the web these days and by all means keep asking questions.
Click to expand...

Dear Fuzzy Logic

I am sorry but I thought my post was clear ... I was speaking for my
friends who do not have the knowledge I have and for whom the SP2
preparations would simply be out of their range. They are not out of my
range. For me it's simple equation ... risk screwing my OS and other
software after spending the greater part of a day in preparation ....
and for what? A pop up blocker (which I have in Firefox), a
configurable software firewall? (I have one already - hardware),
wireless augmentation, (I don't use wireless). However, Microsoft would
have us believe that we simply MUST have SP2. I shall recommend to my
low tech friends that they keep IE / Windows via Windows Update patched
(better still, move to Firefox until MS develops a comparable browser)
but steer clear of SP2 unless they really have the time, commitment and
expertise to do these preparations ... which they don't.
 
Dear Fuzzy Logic

... but you are an IT professional (I assume from your posts) and I have
a certain degree of intermediate knowledge self taught over 15 years.

My friends who do not have these skills want a PC to do what it says on
the box. Maintenance (except for major incidents) should be easier to
handle and less time consuming ... BIOS, uninstall this, that and the
other, run anti-spyware, disable this, that and the other, update
drivers etc. etc. .... totally unrealistic for most of the market.
Click to expand...

I was going to include these links in my previous post:

http://www.pcmag.com/print_article/0,1761,a=130551,00.asp
http://www.cert.org/tech_tips/home_networks.html
 
I am sorry but I thought my post was clear ... I was speaking for my
friends who do not have the knowledge I have and for whom the SP2
preparations would simply be out of their range. They are not out of my
range. For me it's simple equation ... risk screwing my OS and other
software after spending the greater part of a day in preparation ....
and for what? A pop up blocker (which I have in Firefox), a
configurable software firewall? (I have one already - hardware),
wireless augmentation, (I don't use wireless). However, Microsoft would
have us believe that we simply MUST have SP2. I shall recommend to my
low tech friends that they keep IE / Windows via Windows Update patched
(better still, move to Firefox until MS develops a comparable browser)
but steer clear of SP2 unless they really have the time, commitment and
expertise to do these preparations ... which they don't.
Click to expand...

There is much more to SP2 than a pop-up stopper and a firewall that's turned
on by default. The complete installation is something like 276MB. All the
tasks required for preparation are things everyone should be doing on a
regular basis and shouldn't take less than an hour. I would argue that SP2
is more important for peoply who are less computer savvy than those who are
so you are making the incorrect recommendation. The longer they put it off
the more likely they are likely to become a victim of the various
vulnerabilities that have been patched in SP2.
 
Back
Top