http://www.theinquirer.net/?article=17722

AS WE REPORTED yesterday, a version of Windows XP service pack 2 is available for download on MSDN. It's a lotta download.

This, according to sources, is the schedule for rolling out the pack, which Microsoft hopes will stop everyone carping about lack of security and the like.

The software will appear in the MS download centre tomorrow, while a few customers will get the software on Tuesday as a critical update, using automatic update.

On the 25th of August, Microsoft will start making the software available as a critical update, while CD orders will also be accepted that day. If you've got a dial up connection, this may be the wise way to proceed.

The number of downloads will be limited to 2.5 million a day, until the 25th, when all hell will break loose on the servers.

So, I was going to ask if there would be a critical security hole found before it's even released to the general public, but that's just about a given. Rather... how many critical security holes will be found by the time they release it to everyone on the 25th?

That would certainly be a well-deserved kick in the nuts to people who insist on using Windows. Download 400-some MB of service updates, FINALLY finish, only to realize you have an extra 20 MB of security patches on top of that.

:no:

I would guess they'll find a hole in IE within 2 weeks of being released to the public.

I'm less worried about the security holes that are sure to be there, and more worried about this breaking EVERYTHING. I can't wait to see the amount of people who install SP2, and reboot to an unusable computer because the only thing that runs is the OS.

Just wait, come this week, the Windoze world will be worse off than it already is.

Six days.

i like it when VVickes does these threads more because if we win we get a prize :lol: im saying 1 week

i was a bit nervous to hear of the number of machines that got SP2 only to not boot properly afterwards. i've got about 200 PC users in my area, of that perhaps 75 or so are using XP. come the 25th, i have a distinct feeling i'm going to be really, really busy.

i like it when VVickes does these threads more because if we win we get a prize :lol: im saying 1 week
Okay. Whoever is the winner of this thread gets a cookie.*

http://d21c.com/wal9/info/chocpics/101.gif






*Winner determined by me. Winner of thread is not necessarily the one who makes the most accurate prediction. In fact, when I declare myself the winner, I probably won't even remember to go out and get a cookie for myself.

Yep, I'm the resident computer geek in my family, and on the block where I live here. All my neighbors are gonna be callin me next week. I'll just let the answering machine pick up, it'll say, "I won't say I told you so, but you shoulda got a Mac."

What I don't get for the life of me is, why do they turn the firewall on by default? Why don't they just default a bunch of the services to off instead? So they are going to leave services running, but then use packet filtering to deny access to those services. Sounds like a waste of resources to me. If you're machine isn't listening on any ports, you don't really need a firewall. Its like the lazy way to secure a database system. Either you can turn on a firewall to deny access on a certain port, or you turn it off in the config files. Am I missing something?

it's like leaving your front door, windows, porch door and garage door all open. then building a 8' fence around your property. :D

it's like leaving your front door, windows, porch door and garage door all open. then building a 8' fence around your property. :D

And, it takes resources to keep the doors/windows open, and to keep the fence up. Intstead of just closing the door and being done with it. Stupid Windows. :no:

Any holes or major glitches yet?

Not so far. Heise Security reported that cmd.exe will execute a file even if it does not have an executable extension (.exe), but that's not really a security hole. If a user overwrites a file with a file from a different security zone, the new file will inherit the security zone from the overwritten file until explorer.exe is restarted. That's a more serious bug - but not really a security hole.

This is the latest on what I've seen:
http://www.eweek.com/article2/0,1759,1637609,00.asp

Microsoft's Windows has more holes than that cheese that has holes. When longballs arrive and it's gonna be the same... like a old rag, invaded buy moths.

It's that time again... Time for the PC users to switch. The Mac community may gain a few new members if not, then Linux will.

When I installed XP SP2 on our Alienware machine, it crashed halfway through and b0rked half the files on the HDD. Luckily the restore sort of worked (although a ton of apps and critical files were missing), and reinstalling SP2 fixed it all, it didn't crash the second time. This is how it is with Windows, always walking on eggshells, always praying to the gods that nothing goes wrong, holding your breath, wincing, quietly screaming inside your head, pacing, chewing on fingernails, random expletives, slight nausea and ulcers. What a rewarding experience.

"Windows Update causes headaches" (http://news.bbc.co.uk/2/hi/technology/3570636.stm) from the BBC Aug 16th.

So... they say that Macs suck because they don't have compatability with everything... and then Windows updates stop all the apps on there from working.

I guess you just can't win.

Two of my coworkers today were discussing what protection software to buy when getting a new computer. They asked me what they should get and I said, "a Mac, what else? No viruses have been created for OS X, no Mac spyware exists and the UNIX base makes for an inherently more secure system."

They actually realized that running Windows is in itself a liability, and that an Apple computer might be the smarter choice for them. I just may have made 2 more sales for Apple. :)

We are disabling auto-updating on all our XP machine in the run up to the XP2 release.
There is no way anyone can sanction massive downloads like this all at the same time without testing and assessing. Imagine several hundred phone calls all at once saying "My machine doesn't work any more." There will
be huge disruption if Microsoft get their way and auto-update.
We will be watching and waiting and if I get my way moving to Apple Macs. :)

Even Microsoft is now providing SP2 update blockers. story (http://www.crn.com/sections/breakingnews/breakingnews.jhtml?articleId=29116931)

Listed as a crater (http://www.pcmag.com/article2/0,1759,1639276,00.asp), not just a hole.

Sweet -- not even two weeks!

However, it's almost like Microsoft has given attackers the path, door and keys, Windows itself contains a test utility, WBEMTEST.EXE, that allows you to view, add and edit the values in the WMI. In addition, files associated with the utility provide the namespace, classes, and data types associated with the Windows Security Center, all in plain text. The danger in this utility is not that it can edit the WMI, but it lets a malicious developer learn the data and fields needed to do the spoof.

While we are not aware of any malware exploiting this, we think it will only be a matter of time.


So, a new gauntlet has been thrown down by MS... foot, meet mouth... new round of betting.

Tougher, I think, since plenty of script kiddies will want to be 'first' to hack XP SP2, but a truly effective virus/trojan/worm/ddos built to exploit SP2 would require a critical mass of machines running the update to really impress, and the peak of patching may be delayed if news of the hole spreads.

Still... if this has been /.'d already, put me down for creation of targeted malware yesterday. Methinks its release might await a larger target pool, though.

We are disabling auto-updating on all our XP machine in the run up to the XP2 release.
There is no way anyone can sanction massive downloads like this all at the same time without testing and assessing. Imagine several hundred phone calls all at once saying "My machine doesn't work any more." There will
be huge disruption if Microsoft get their way and auto-update.
We will be watching and waiting and if I get my way moving to Apple Macs. :)

You are aware of Software Update Services, right? The machines don't have to all download it on their own; you can have your server sync with Windows Update, and then have your clients download it from your server.

Let me say this: I work with a company that uses another company's POS software. They called us imediately before the SP2 release and pleaded with us to NOT install it. Apparently, Microsoft has screwed the SP2 package so tightly that the POS software will not work on it! However, all things considred, I think that MS is already filling the holes in SP2 and simply not saying anything about it. Yet.

LOL SP2 is a security hole in itself.. after all it IS Windows! http://forums.applenova.com/images/smilies/lol.gif

From the PCMag article (http://www.pcmag.com/article2/0,1759,1639276,00.asp)

Windows XP Service Pack 2 promises to raise the security bar for the sometimes beleaguered operating system. Unfortunately, one of the new features could be spoofed so that it reports misleading information about system security, or worse, lets a malicious program watch for an opportunity to do damage without being detected. The feature is the Windows Security Center (WSC), which displays the status ( (Figure 1) )of the key elements of your defenses: Firewall, Updates, and Antivirus. If your firewall has been disabled, or your antivirus is out of date, that news will display here. The information is stored in an internal database managed by the Windows Management Instrumentation (WMI) subsystem built into Windows.

Funny how Win XP is called beleaguered in this article. :lol:

yeah lol. Is beleagured even a word?

yeah lol. Is beleagured even a word?
http://www.yourdictionary.com/ahd/b/b0168200.html

There, fixed my spelling for ya.

yeah lol. Is beleagured even a word?
For those (obviously) unaware of why "beleaguered" is funny, the word was used to describe Apple almost every time the company was mentioned in the mid-90s.

Barto