Home > Windows > Microsoft lets companies block SP2 upgrade Microsoft lets companies block SP2 upgrade Eugenia Loli 2004-08-12 Windows 35 Comments Although Microsoft recommends that consumers turn on Automatic Update to get the latest version of Windows, the company is offering to let companies temporarily block such upgrades. About The Author Eugenia Loli Ex-programmer, ex-editor in chief at OSNews.com, now a visual artist/filmmaker. Follow me on Twitter @EugeniaLoli 35 Comments 2004-08-12 12:52 am That’s very nice of Microsoft to let the people that paid for it not update if they don’t want to. 2004-08-12 1:04 am If you want it you can get it but if I was running the IT dept of a 500+ desktop company I probably wouldn’t want to deliver SP2 before 100% compatibility testing is done. Temporarily blocking it is a wise move for some. 2004-08-12 1:06 am I was being sarcastic. 2004-08-12 1:37 am AK is right on the money though. I’m running an IT Dept with only 100 desktops and 10 servers but I won’t allow those desktops to have SP2 deployed all of a sudden without testing in my own workstation. 2004-08-12 1:50 am This is much better than offering mirrors and p2p links. Better in the sense that it gives potential customers that good wholesome feeling when they finally check out alternatives like Linux that offer not only free download of the OS but a distributed approach to updates. And the nicest things about Linux are that its free, stable, secure and efficient. No unwanted popups, viruses and almost always fewer bugs than the previous versions. It might be difficult to handle sometimes or maybe even hard to use, but these things are changing for the better very quickly and one day it will be easier and more responsive than its competition. But it will always be free. So try it now, try it later, try it anytime you get fed up with the richest monopoly on the planet that still can’t afford to supply the bandwidth, fix the bugs, add the security, and reduce the cost of the products its customers paid hundreds of hard earned dollars for. I feel so dirty, like a car salesman. But at least its not a used car, its like a car salesman trying to give away good average cars with lifetime warrantees to people who thumb their nose because they aren’t shiny new BMWs. Whee, fun. 2004-08-12 2:52 am I thought we were talking about SP2 for Windows XP, not Linux. Why does everyone always bring up Linux? It’s so obviously NOT related to the discussion of deploying an update to WINDOWS. 2004-08-12 2:58 am Andrew Ego said: “Why does everyone always bring up Linux?” Because they can. The M$ borg doesn’t take that right away from us… yet.. Be glad that people can bring up Linux. “It’s so obviously NOT related to the discussion of deploying an update to WINDOWS.” I love Linux. I see the word Microsoft and Windows almost everywhere on the web, if you find yourself discovering the word Linux more frequently well I can’t say I’ll shed a tear for you. I’ve heard enough of the words Microsoft and Windows to last me several lifetimes, regardless of the context and conversation. LINUX! Love it. 2004-08-12 5:10 am Y’all are just feeding the fuel into the fire… 2004-08-12 7:01 am Companies should be using SUS to roll out tested and approved updates while disallowing client machines from manually using Windows Update _at all_, not blocking them from downloading a particular update from the web site. SUS is trivially easy to setup, saves quite a bit of bandwidth and allows easy vetting of which updates are/are not installed. Even if you’ve only got half a dozen machines (or if you’re a serial reinstaller with another machine somewhere to spare), it’s well worth your time. 2004-08-12 7:53 am you can love linux all you want but it’s not going to run the windows apps that most people use and depend on. and the games -well some people’s lives depend on games too But that’s the whole point of blocking SP2-compatibility. If the few apps that won’t work are so essential to justify blocking SP2, then where does that leave linux and other OS’s? 2004-08-12 7:58 am A friend foolishly upgraded his system over the weekend to SP2. He brought it over yesterday to do some gaming. It never worked. He could not change the IP address, and when he’s set it to DHCP, it could not find the server. It locked several times during this process, to the frustration of all involved. Luckily the evening was not a total loss; he remembered that he’d set a checkpoint before the abyssmal upgrade. So, one uninstall later, and he was back. Back on SP1 and back in the game. This system is NOT ready for primetime folks. Let MS find others to do their beta work for them, and stay on SP1 until all the bugs are worked out. 2004-08-12 8:21 am <<The company says the blocking tool will give companies up to four months to perform the upgrade on their own before automatically installing SP2.>> It seems to me that they are saying – ‘like it or not you vill install this update mwahahahahahahaaaaaaaa’ That’s nice 2004-08-12 8:43 am Talking to someone today that works for the state goverment, they log onto a server a couple hundred miles away every day. They were told to NOT install Service Pack 2 a couple days ago when it came out because it would mess up their network/firewall settings and they would be unable to log onto the remote server. Same reason most other companies seem to be not updating. I feel sorry for the guy who gets to fix everything when they do update… 2004-08-12 1:18 pm I have installed SP2 on my two home boxs, no problems, great popup blocker. At work only the IT dept and laptops run XP, we will test it, as we do with every SP and get around to deploying it. Most our 300+ machines are Windows 2000 SP4 2004-08-12 4:24 pm It is very relevant to be discussing Linux here. When MS is offering us a broken update to “help” our security improve maybe it is best that we seek other alternatives. Windows needs a ground-up rewrite. MS thinks this is too much trouble so they just pile more bloat on top of the bloat that is already there. No surprise SP2 does not work well. Come on DOS is outdated now move on Microsoft. Under these conditions the spread of Linux is a given. Linux is a response to an increasing need. 2004-08-12 4:26 pm My favourite is still being able to disable the entire windows firewall with 3 lines of script: Set objFirewall = CreateObject(“HNetCfg.FwMgr”) Set objPolicy = objFirewall.LocalPolicy.CurrentProfile objPolicy.FirewallEnabled = FALSE Microsoft SP2: Making it easier to write malicious code 2004-08-12 5:01 pm Any ideas why I installed SP2 and my pc started to boot, then restarted at the Windows XP black start up screen, I ended up having to boot into safe mode and uninstalling it. Everything is working fine except windows media player won’t start now. I checked the Logs, or lack their of, and found nothing. This is in no way a troll, I am just not sure what the problem is. I have an athlon 64, so maybe it has to do w/ the No eXecution. It also could be some driver/software I have installed, I am not sure. Any ideas? I may format and install windows and install SP2 fresh, but still this should NOT have happened. 2004-08-12 5:58 pm As a security professional, I applaud the good natured bashing of Microsoft Operating Systems, HOWEVER… 1. This REALLY is a Windows thread 2. Most Linux implementations are as insecure as Windows (try OpenBSD). Introducing Linux into a Security thread doesn’t exactly invoke confidence. 3. Windows is not going anywhere I agree that compatibility testing should be done before a production rollout of SP2. As a matter of fact, it should have been done with the various Release Candidates as they were released to the public (So everybody already had this done, right?). I’ve found the majority of complaints (yes- even from gamers) REALLY end up being the fact that ICF is enabled by default. These are the same complaints that were generated from people who didn’t understand or know how to configure ICF in the original release of XP. Imagine that. That’s the equivalent of a Linux newbie not realing understanding iptables and wondering why their Quake won’t work. BTW, if you don’t already, trash iptables and utilize PF- much better firewall (Thanks IPF and OpenBSD!) Hope this didn’t read like a flame- that wasn’t the intention. 2004-08-12 6:35 pm “This REALLY is a Windows thread” Yes, a very appropriate place to discuss linux and it’s relative merits compared to Windows.” “Most Linux implementations are as insecure as Windows” That is a blatant troll. Linux’ security advantage over Windows (not OpenBSD or FreeBSD) is well known. WIndows inspires much less confidence among security minded individuals. “Windows is not going anywhere” You said a mouthful on that one. It has been sitting still since 98. 2004-08-12 7:16 pm So… he really isn’t a troll is he. 2004-08-12 8:13 pm I see I inadvertently came across as an instigator- that really wasn’t the intention. I was refering to people who run through their typical Red Hat install and set up a defualt workstation or server- which is the majority of the installs out there. I’ve got plenty of Linux explolits- the pick’ns ain’t exactly slim. Red Hat is the Microsoft of Linux. I can hear the “I use SUSE, or Gentoo, or Yellow Dog, or whatever”. The fact remians that most Linux installs out there are Red Hat. It’s “Blatant troll” only if I failed to make myself clear as to what I was talking about. My apologies, it should be pretty clear now. The reason I stated that this really is a Windows thread is because the people complaining of their SP2 nightmares are not generally empowered to switch their coporate platform to <insert favorite linux flavor>. Notifying them of the security wonders of Linux is going to solve their problem about as much as me shaking a voodoo doll at their workstation. I certainly applaud the effort- but I don’t know how much it will help. ANY Unix-like OS can be locked down, don’t make the mistake of thinking that the same can’t be appllied elsewhere. People stating things like “I’ve got 3 or 4 lines of java-script to disable ICF” should realize that the vulnerability is REALLY SIMPLE to mitigate. I’d rather help them mitgate the problem then bad mouth whatever OS their using. That doesn’t mean that you shouldn’t good-naturedly plug your OS of choice. You may want to consider the “sitting still since ’98” though. It WAS pretty funny, but I’m hoping you’re saying that sarcastically as opposed to actually believing it. Once again, I applaud using an alternative to Windows. I’m in Linux or OpenBSD 90% of the time- don’t think that I’m bashing Linux. I’m just saying that if you’re unfamiliar with system security and are service happy then you can be running ANY OS and leave yourself hangining in the breeze. 2004-08-12 11:13 pm Amid the complaints of SP2 is the perfect time to discuss alternatives. I am not instigating anything, but merely pointing out the flaws in your statements. To insinuate that Linux has the security and stability problems of Windows is pure misinformation. I DO have a Windows install on my wife’s computer, and I found that Microsoft’s patch only addressed security in a rudimentary and fairly obvious fashion. It also breaks several apps. You still need antivirus…and the firewall is not intuitive to use. The free Zone Alarm is much better…you would have thought they could have spent some cash and licensed that. By saying Windows has been sitting still since 98 expresses my feelings on Microsoft’s unwillingness to rewrite instead of just piling on more code. Come on, XP is just an expansion pack for 98…not a new game. 2004-08-12 11:33 pm Oh brother I have been using it since RC2 and installed it both on my work laptop and home pc no problems gaming, I tested it to see what changes would occur, I finally loaded the final version at work with no problems. It adds a ton of Group Policy settngs like altering the firewall settings, but I noticed if your on a domain it turns off the security center settings and gives the notice that your administrator should be implementing the security measures. Now I am assuming your friend has a home built system like my home pc and I play Doom 3 to Rainbow Six Raven shield with no problems, 3dMark 2003 also ran fine for my benchmarks. I think your friend is not that good with computers that is why his machine is having problems. 2004-08-13 2:36 am I DO have a Windows install on my wife’s computer, and I found that Microsoft’s patch only addressed security in a rudimentary and fairly obvious fashion. So what _should_ it address that it _doesn’t_ because it only does stuff that is “rudimentary and fairly obvious” ? It also breaks several apps. Hardly surprising. Major updates and configuration changes break apps on every platform. You still need antivirus…and the firewall is not intuitive to use. You’ll always need an Antivirus program for a paltform that virus writers are targeting. How is the firewall not intuitive to use ? By saying Windows has been sitting still since 98 expresses my feelings on Microsoft’s unwillingness to rewrite instead of just piling on more code. There is no need whatsoever to rewrite Windows NT. Come on, XP is just an expansion pack for 98…not a new game. XP is a completely different OS to Windows 98. They’re as different as Linux and FreeBSD. 2004-08-13 3:25 am “XP is a completely different OS to Windows 98. They’re as different as Linux and FreeBSD” That is false. Your earlier statement belies this: “There is no need whatsoever to rewrite Windows NT” I will concede that NT uses a different kernel, but it is still a DOS based operating system like 98 or XP. As far as virus protection goes the very nature of the Linux/BSD/Unix construction makes writing a successful virus very hard. It would need root privilege in order to bring down the system. I don’t care how many virus writers target your system if the system files are protected the virus’ would amount to a minor annoyance. SP2 did not even attempt to address this major security hole in Windows. In the meantime Linux is growing at a phenomenal rate and Longhorn is due sometime 2006 or 2007. By that time I see Longhorn in danger of becoming irrelevant. Security or no, the reason Windows acheived market dominance was that it was the cheapest price point. Now Linux is….the rest will be inevitable. 2004-08-13 3:36 am As far as virus protection goes the very nature of the Linux/BSD/Unix construction makes writing a successful virus very hard. Most UNIX people with half a clue (as you know) don’t use the root account for day to day tasks, meaning that (as you mentioned) viruses would have to be very clever in order to take the system down. However, you’re missing the larger issue. Most viruses don’t aim to take the system down. The point is to gain access to your personal information, files and contacts, which are all fair game to the malicious code that is now running with your privs. As most UNIX users tend to keep all of their files and personal information in a single, often used account, all you need is for one virus to take advantage of the wonderful scripting abilities that distribution makers are only too happy to provide, and wham. You’re no better off than you were in Windows. And I’ve encountered worms and trojans for Linux as well as Windows, and it frightens me how often there are kernel related security issues with Linux. Use what you like, so long as it does everything that you need, because ultimately, none are too much better than the others, generally speaking. 2004-08-13 4:10 am That is false. Your earlier statement belies this: “There is no need whatsoever to rewrite Windows NT” I will concede that NT uses a different kernel, but it is still a DOS based operating system like 98 or XP. Firstly, XP *is* Windows NT – Windows NT 5.1. Secondly, it’s not “DOS based”. If anything, it’s “VMS based” (but that sort of suggests there is code shared, when there isn’t). Windows 98 and Windows NT/2000/XP/2003 are completely different OSes. They are binary compatible and have mostly similar UIs, but that’s about it – much like Linux and BSD. As far as virus protection goes the very nature of the Linux/BSD/Unix construction makes writing a successful virus very hard. It’s no different than writing a virus for NT. It would need root privilege in order to bring down the system. And it needs (at least) Administrator privileges in NT, as well. I don’t care how many virus writers target your system if the system files are protected the virus’ would amount to a minor annoyance. In NT the system files are as protected as they are in a unix. SP2 did not even attempt to address this major security hole in Windows. That’s because it’s not a hole. To modify the “system files” in NT, you need elevated privileges – just like you need them in a unix. It appears you have a significant lack of knowledge about Windows NT. I suggest some light reading – pretty much any OS textbook these days should use NT as one of its examples. In the meantime Linux is growing at a phenomenal rate and Longhorn is due sometime 2006 or 2007. By that time I see Longhorn in danger of becoming irrelevant. Why ? Microsoft and every uninstalled copy of Windows could disappear tomorrow and Windows would still have a bigger marketshare than Linux in 2007. Security or no, the reason Windows acheived market dominance was that it was the cheapest price point. Now Linux is….the rest will be inevitable. No, it was the cheapest price point that was good enough. Linux (apparently) hasn’t hit that “good enough” point yet. Not to mention that for most people Linux isn’t any cheaper, because they get Windows “free” with their computer. 2004-08-13 11:35 am Nice option, always tricky with big updates like this, *with any OS*, things can go awfully wrong. Loosing hardware or software compatibilty can be annoying at home and a killer in larger, proffesional environments. On the securtity, I think there are more reasons to why windows has so much issues, unix/linux is a bit better, but I think it’s also the windows users that set all security options to ‘swiss cheese’, most (home users) work on an account that has administrative priveliges, most users obliviously click ‘yes’ on every popup box, and it’s much easier to shoot an elephant then a mouse, most home computers run windows, so if they want to do damage they write a windows virus. Running unix/linux already means (in most cases) that the user is more skilled with computers and thus will take more care in operating and maintaning his/her system, this awareness prevents a lot of damage. If you set up windows more secure, use more secure browser/mail/communication software, and be a littlebit more aware of what is going on on the machine (reading pop ups before clicking ‘yes’, not obliviously installing everything) you can cut back on issues dramatically without SP2 offcourse I think linux and especially unix (and it’s offspring) have other advantages over windows in terms of management, configuration, flexibility etc… and the opensource model, but that is beyond the scope of this thread. 2004-08-13 1:17 pm “And I’ve encountered worms and trojans for Linux as well as Windows” Tell me their names. I have NEVER heard of a linux virus except one that was meant to infect windows emails passing through a server. This is misinformation. 2004-08-13 1:29 pm “In NT the system files are as protected as they are in a unix” Then explain why the I Love You virus nuked my Win XP back in my Windows days. It screwed every image and sound file on the computer including those in the Windows folder. “And it needs (at least) Administrator privileges in NT, as well.” Any user in Windows XP has Admin rights by default. If you try to use a “user” level account the the system is nearly unuseable with no CDROM access for one. These arguments are very weak. It is a given that XP secuity is still, even with SP2, nonexistant. It is still not a true multiuser system. The multiuser capability is just a quick hack. 2004-08-13 2:12 pm While I do kinda agree in general with your “linux is more secure than Windows XP” statements … I must say that it is totally possible to have a pretty damn secure Windows XP box. I should know, I’ve been using the same Windows XP box (hooked directly to my SDSL modem) for 2.5 years. I have been clobbered by: Not one virus. Ever. Norton takes care of that. Not one hack via my broadband connection. Ever. Sygate SPF Pro and my wireless router takes care of that. Very *very* few crashes or lockups, and they’re usually always due to some flaky hardware I’m testing. An occasional cheapo game will lockup the system, too. Big deal, though — i never keep important apps/data open while I’m gaming. Now, I’ve installed the following distros on the same box: Lindows 4.5 SuSE 9.1 Slackware 8 Mandrake 10 All ran reasonably well, except when I tried updating the kernel for nvidia graphics cards. That worked 1/2 the time, otherwise it nuked the whole OS. Obviously, i didn’t have virus worries at all, when I was using Linux. But … my conclusion is this. For my home use (and many other folks) Linux just isn’t there yet. Mostly due to quality applications. (And don’t even start to spout the BS about “Moneydance” being an equal to “Quicken” or OOO equalling Office 2003.) But … for other folks who just want to surf the web (albeit with some strange, hard to read pages from time to time) a basic Linux install would work fine. For me, there’s no compelling reason to switch. 2004-08-13 4:23 pm Linux.OSF.8759 Linux.RST Worm.Linux.Adm Worm.Linux.Cheese Worm.Linux.Mighty Worm.Linux.Ramen Worm.Linux.Slapper 2004-08-13 4:27 pm I incorrectly wore: // (hooked directly to my SDSL modem)// Not so, my Xp box (and my XP laptop) are hooked into my wireless router, then to the modem. My mistake. 2004-08-13 4:51 pm “Then explain why the I Love You virus nuked my Win XP back in my Windows days. It screwed every image and sound file on the computer including those in the Windows folder.” The I Love You virus infected your machine so comprehensively for two reasons: -You were logged on as admin -You were stupid enough to open a vbs attachment (would you be stupid enough to open a file called “I Love You.sh”?) “Any user in Windows XP has Admin rights by default. If you try to use a “user” level account the the system is nearly unuseable with no CDROM access for one. These arguments are very weak.” I takes one mouse click to make it a limited account. It was your entirely choice. And you can access CDROMs with a limited account. Really, put some thought or research into your statements. “It is a given that XP secuity is still, even with SP2, nonexistant.” Absurd OS zealot nonsense. XP has file level security and encryption, security policies and auditing, user accounts and groups, a firewall and automatic security updates that would have prevented any worm created since it’s release. Many of those features are even better under SP2. Don’t blame MS if you’ve chosen (sometimes despite XP’s suggestions) not to use them. 2004-08-14 5:15 am Then explain why the I Love You virus nuked my Win XP back in my Windows days. It screwed every image and sound file on the computer including those in the Windows folder. You were probably running as an Administrator. Try running “rm -rf /*” as root on a unix machine and see what happens. Any user in Windows XP has Admin rights by default. If you try to use a “user” level account the the system is nearly unuseable with no CDROM access for one. Rubbish. I’ve been using NT daily as a regular user since 1996. The CDROM is perfectly accessible. The only things I need to venture into an Administrator level context for are system maintenance and some poorly written games. These arguments are very weak. It is a given that XP secuity is still, even with SP2, nonexistant. For someone as uninformed and ignorant as you, it probably is “a given”, yes. Some of us, however, have been running locked-down and secure Windows machines since the mid 90s. I don’t have – and have never had – any fear of a virus, worm or trojan compromising my machine. It is still not a true multiuser system. The multiuser capability is just a quick hack. NT has been fully multiuser since day one. Heck, with its ACLS, it’s more multiuser than most unixes.