Link to story: http://www.computerweekly.com/articles/article.asp?liArticleID=129328&liArticleTypeID=1&liCategoryID=2&liChannelID=22&liFlavourID=1&sSearch=&nPage=1

-{ Quote: "Friday 19 March 2004

Microsoft urges users to protect themselves better from viruses

In the latest update to Windows XP, Microsoft has focused on helping people become more aware of what they need to do, and encouraging them to actually do it, said lead program manager for Service Pack 2 Ryan Burkhardt.

A test version of Service Pack 2 (SP2), called Release Candidate 1 (RC1), was made available to beta testers and the completed update will be released in mid-2004.

In RC1, if someone received an e-mail with an .exe attachment, or other file type that is regularly used to spread so-called malware, it will be identified and either blocked or the receiver will confirm that he wants to open it, Burkhardt said at the CeBIT trade show in Hannover.

.
.
." }-
Read the source article for full details.

Once again M$ trying to force their policies on the public.....

A lot of the problems that microsoft gets blamed for can be traced back to the personal user or business networks users that have failed to update there software with security patches or failed to keep there av products up to date. Microsoft would like the users of their products to improve their diligence in keeping their systems updated and patched so that they will have less problems. And with less problems Microsoft doesn't look quite as bad as it did . It is just good business to help the users of your product have less trouble with it.

Good point. While Microsoft has caused many of their own problems, more of their reputation of being a problem-prone OS is due to user ignorance. An educated user will have, through their own effort, a stabler, safer system, and anything that Microsoft can do to help bring this about is a positive.

MUST respectfully and politely disagree. M$ by its very nature is a screwed-up operating system . For year after year mircrosoft completely ignorred countless warning when advised of newly found security risks. Even tryed to prevent news of the risk from getting out.
Year after year microsoft has bundled UN-WANTED items in their so-called security patches to the point that M$ can no longer be trusted. One very perdictable behavior of M$.
Microsoft year after year released security patches only to find that THE RELEASED PATCHES NEED PATCHING!
Microsoft itself made BRANDED products with no concern for users privacy.....an still does today.
Courts have ruled against microsoft on more than one occassion. Most recently the European Union. Mainly microsoft has shown a total dis-concern for the public needs an placed its own needs and wants at the head of the class.
AGREED....computer users need more education. AGREED computer users should make an aggresive effort to secure their systems. A step in that direction may come when microsoft STOPS its un-trustworthy practices. Or when microsoft stops trying to dominate Users and world markets. Or when microsoft presents users with SELECTIVE CHOICES and not bundled crapware. Is microsoft concerned about its reputation....has microsoft Seen The Light and The Glory of rightous behavior?

NOTEWORTHY

All ready reports are coming relating to the patch.
The patch enables the windows firewall even if a user has another firewall install....TWO FIREWALLS RUNNING AT THE SAME TIME CAN CAUSE LESS SECURITY....the firewalls will be fighting for Stack placement.
Right at this forum its been posted that the trojan scanner TROJAN HUNTER is not compatible with the new patch. So what now...does this imply that the all so awful computer user is a bad person because they don't have a trojan scanner? Or, does it imply that once again microsoft had no consideration for computer users.
Pay good money for a trojan scanner only to have it suddenly conflict and become useless.
Why didn't M$ inform software vendors?

Will I just plain give-up...an throw in the towel...

It's not like SP2 was a big secret or anything - I'm sure all software developers who asked were probably able to find the beta's of SP2 to play with/test against.

However, after reading that page indicated about all the "features" contained in the RC, it occurs to me that anyone with a personal home computer that is already well-secured would probably be better off leaving SP2 alone - at least for six months or so, and perhaps forever.

Hope everyone got their SP1 CD from M$ already (I just got mine today). Pete

As with any other patch or update, it's best to wait a bit before grabbing it for yourself. Wait and see what the short-term effects are going to be ... on someone else's machine(s).

Pete
You are correct..there was a beta...thank you for correcting that issue.


DangitAll

An you imo are also correct...in that people should wait.....that is what I am trying to advise.........


Comment: Contary to what some people would have people believe the internet is not coming to an end anytime soon or if ever. Such statements do nothing other than play on the public fears. The fears of people ..many of whom have no understanding of computers or computer security, but may have and often indicate a willingness to learn. The people of the world deserve credit for having worked through many difficult situations...an they will again.
An give dis-credit where it is rightly due instead of making attempts to pass the buck by blaming the public. People have the ability to grow.....they have the ability to reason....an no one and no company should take that away from them

XP SP 2's not been a secret. Information has been made available to developers by MS at their site. SP2 betas have also been available for download from MS to beta testers as well as leaked copies. I would imagine that an app developer even could apply to be a beta tester? Commercial application developers haven't been left out entirely in the cold unless they have made and are making no efforts to see if their apps may have issues with SP2. If they haven't done so before, a public beta is an opportunity to do so now before it's released as a final.

Also, how can one complain about MS insecurity and how they leave unknowledgeable users unprotected and then also complain of the steps MS is taking as a result of that criticism that its OS is insecure by default? And then further characterize those steps as big bad MS forcing itself on the poor user. That's a Catch 22 criticism.

For example, well before and certainly after things like MS Blaster and other exploits, MS was criticized for not having its firewall enabled by default. So it enables the firewall by default. Then people (who no doubt already have firewalls or routers or whatever and can readily turn off MS' firewall) complain? It's on by default for the many people who don't have firewalls and those who buy PC's and hook them up directly to the net without realizing the danger of infection they run without running any sort of firewall. We've seen their posts here and in other security forums when they find themselves infected within a matter of minutes if not seconds. Those who have other means of protection can simply disable MS' firewall.

It also looks from one analysis I've read that with SP2 MS is actually taking steps to have LAN related services not run on the internet. If this means what I think it means it's about bloody time.

Email borne worms are a major problem and one of the easiest to avoid really if the user exercises caution. But obviously a vast number of users don't. So OE 6 SP1 came with attachments blocked as a security measure. The user had to work to get at an attachment which made automatic click and infect not readily possible. So what's the first thing people asked in various forums? How to disable this attachment blocking, ignoring the reason it was there. So want to bet how many of these people (who couldn't figure out for themselves why they couldn't readily access attachments and how to do so) subsequently became infected via opening email attachments that turned out to be malware? Or even more unbelievably recently went to the lengths of using a password to open a password protected zip that was malware? (But for goodness sake, MS don't make it harder for me to infect myself by blocking attachments by default, LOL.)

The average user wants features and functionalities but often doesn't realize that these also often include potential vulnerabilities and risks. Just try to get some repeatedly spyware-infected folks to eliminate the problem simply by disabling ActiveX and scripting in IE"s internet zone. Most won't take steps that would prevent such infestations because they want their functionalities and don't want to have security considerations inconvenience them. Instead, they'll call on others to clean up their mess or post at security forums for help and then go on their way as before.

MS historically opted, like users, for functionalities over security. Now they are at least taking some steps to address some of the security problems users have had as a result of default installs and settings. Those who are computer knowledgeable can change or disable the settings to suit themselves, as they always do. But at least the vast majority of not very knowledgeable users will have some way of not being infected immediately just by hooking up their machine to the internet.

I'd still like MS to deintegrate IE/OE from the OS. They can do it of course, despite their public claims to the contrary.

Sig that was a good reply to the issue Done well without any flaming good to see those. Karma for you.

I think I should get points for brevity! <g> Pete

I agree: great response, Sig!

Microsoft's basic problems, as I see it, are basically twofold. First, they've tried being everything to everybody. Rather than 'just' concentrating on making a stable and secure OS, they've thrown everything else into it as well, like a browser, a media player, graphics editors, etc. While this has gotten them market share because of the 'one-stop shopping syndrome', it has led directly to their second problem, that being that they're the biggest target and the easiest to hit.

Yes, this is a gross simplification; there is far, far more to it than this. But the fact remains (for the very points Sig made) that, in many ways, Microsoft is in a no-win situation.

SIG

I am not in Total dis-agreement nor Full dis-agreement with your reply. Honestly I fail to see the catch 22.......M$ is garbage...always has been and always will be. One tactic used by M$ is to Turn On Everything right out of the box....not for user protection but not to bother by the users....but did you ever see M$ advise users that everything is on or give a booklet explaining the purpose of any application?
This entire issue is about money not security.
Complaing about what people do or don't do wont solve the problem..thats been complained about for years...with no result
No one forces a person to moderate and no one forces a person to continue helping friends. Thats a personal choice. If they dis-like the situation they don't need to face it.
Nice point you made about iM$ intergrating their products into the system..was that done for the safety or security of the User or for the financial benefit of M$?
Now before you begin thinking that I oppose your statement entirely...no, I do not! I am simply saying that all this has been said many times before with no positive results. An now asking.....what is the answer? No, I firmly believe that placing M$ in complete control is not the answer.


BIG C

You mentioned the word "flame"...why? People can talk without childishness.

I realize that everyone has an opinion on any given subject and should be able to discuse it in a civil manner. But even though we all know that microsoft products do seem to have problems from time to time here at wilders product bashing is not encouraged.

Sorry folks..the "page" is showing so Large on my monitor that I am having a difficult time following the context of the replies. So I post perhaps another time. Hey, was enjoyable sharing the points of view..thanks to all.

BigC

Did you think I was new to this forum ? I've been coming here for many, many years,,,,just rarely posted. Bashing..huh? Go through the archives....an see how many times M$ has been mentioned in a negetive like.
Now, if because I dis-agree with you ..suddenly that is bashing or breaking the TOS....thats a new matter.

-{ Quote: "One tactic used by M$ is to Turn On Everything right out of the box....not for user protection but not to bother by the users...." }-

Yes, this does tend to be the default, and Microsoft does it this way because that's the way that John Q. User tends to want it. Microsoft is in business to sell their products and, if Windows doesn't do what John Q. wants, he'll take his money elsewhere.

Face it: most users don't want to think about security: that would take thought, and generally interfere with their blithely going about their online business. While it would be nice if the Web were safe, it isn't, and it's not really Microsoft's responsibility to make it so. They are simply giving their customers what they want and, if said customer gets hit with some nasty, well .. caveat emptor!

Having been accused of "bashing" I believe it best that I not post again on this topic.

Shun

-{ Quote: " quoting: Shunned link=board=18;threadid=25136;start=15#msg147266 date=1079829232]


BigC

Did you think I was new to this forum ? I've been coming here for many, many years,,,,just rarely posted. Bashing..huh? Go through the archives....an see how many times M$ has been mentioned in a negetive like.
Now, if because I dis-agree with you ..suddenly that is bashing or breaking the TOS....thats a new matter.
" }- I don't disagree with you on the integrity of MS or there not so wise decisions they make sometimes. I am just not as vocal on the subject. Sorry if I offended you.

Well if your position is simply that an MS OS is garbage and always will be, there's nothing to discuss because there's nowhere rhetorically to go from that position in terms of a useful discussion. One either agrees or disagrees.

But your complaints/criticisms that app developers didn't or don't have an advance opportunity to see if their programs have issues with SP2 prior to final release and that specific default security measures are being "foisted" on users without recourse (when they can be disabled by the user) have been answered.

I notice that everyone's been kind of close-mouthed about how easy - or difficult - it is to disable all the little "reminders" and "urgings" to get this or that with the new service pack. Anyone want to clue me in?

I'm seeing a lot of posts around that say that if you haven't got one of the major companies' A/V's or firewall's, that SP2 doesn't recognize the ones that you DO have, and thus keeps delivering "warnings" (I have no direct knowledge of this as I'm avoiding SP2 like the plague at the moment).

Concerning firewalls like OutPost, that could definitely be a problem. (OP doesn't play well with other firewalls, generally-speaking - M$ or non-M$).

Thoughts or experiences, anyone? Pete

Unfortunately, no, but it's at times like this that I'm glad I'm still running W98!

BigC

No problem...I was more concerned that I had offended you. You may recall that just last night I said that you were a very nice person...I still feel that you are....an you will find me to be most respectful to you as will as others here.......thank you for the reply.


SIG
Yes, not much reason for discussion. Spy1 had already corrected my error on the vendors and was thanked. The issue of the M$ OS.......I can respect your opinions with an open mind.......an believe you capable of the same.

Spy1

Pete as yet I have not seen any information on the dis-abling. Have spoke with several people who removed the patch wothout problems.

DangItAll

Really enjoyed your replies. Thank you

OT

Pete.......how have you been...haven't shared a thread with you in years......last time was when you were a mod for spyblocker.....is paul K still around? Take care of yourself...have always enjoyed your posts.

Yeah, he's still alive and kickin', has brought out a couple more programs, up to version 7.3 on SB now.

Shoot me an email if you want - my addy is in my profile here.

And - thank you! I enjoy my posts, too! <g> Pete

Presented In Fairness: more information about the sp2

Note that File Sharing Will be enabled by default once the firewall is enabled. Would also say that its not "all bad" (never said it was) an does offer several much needed fixs.
Would M$ offer the "fixes" selectively.....

http://www.winnetmag.com/Article/ArticleID/40766/Windows_40766.html


_________________________


Pete......Am not on one of my machines right now but will remember your e-mail offer.
Wow, last version I recall of spyblocker was 4.6.......got it around somewhere packed away.
Good seeing you again Bud,,,took a look at your link in tenforward.....will drop in on you there sometime....

I have seen a couple of references to XP SP2 in this thread and thought this link might be helpful... not sure if it has been mentioned before.

http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/winxpsp2.mspx

Also important to note... "This preliminary document applies to the beta release of Service Pack 2 for Microsoft® Windows® XP for the 32-bit versions of Windows XP Professional and Windows XP Home Edition. It does not describe all of the changes that will be included in the final release of the service pack."

Just FYI: This page is sort of a "front end" to the page rerun2 posted. It has links to other info, including info for developers and notes that MS has newsgroups on SP2. http://www.microsoft.com/technet/prodtechnol/winxppro/sp2preview.mspx

Disclaimer: While the page apparently has a link to a network (apparently XP Pro? ) install of SP2 I personally wouldn't mess with it unless you've got a spare PC or partition and are knowledgeable enough to deal with any potential issues that may result from using a beta of an MS SP release. (For me it's enough of an adventure to install a final release version of an MS SP. ;) )