Why are people not using SP2?

Discussion in 'other security issues & news' started by zapjb, Jan 22, 2006.

Thread Status:
Not open for further replies.
  1. zapjb

    zapjb Registered Member

    Joined:
    Nov 15, 2005
    Posts:
    3,518
    Location:
    USA - Back in a real State in time for a real Pres
    Just read another security thread here. Really like this forum btw. Anyways the poster lists all their apps then says XP with SP1. I understand if one never connects to the net. Or a mission critical app in a work enviroment has issues. But 1 of the first things I was taught was to keep an OS updated. My belief is that most of the people who don't run SP2 or even SP1, don't meet either of the exception criteria I mentioned.o_O
     
  2. Not true. XP SP1 can still updated with all the latest security patches. SP2 only adds additional <i>features</i> that may well improve security, but third party apps may also do it just as well.
     
  3. hollywoodpc

    hollywoodpc Registered Member

    Joined:
    Feb 14, 2005
    Posts:
    1,325
    Think what you will but , I have to go with zap here . Anything that has to do with M$ should be updated to their latest . Not that the latest is worth a damn but , you know what I mean . Just an opinion but , I would certainly use SP2 because it is available and stable . Staying with SP1 seems ridiculous . Unless , it somehow runs better on your system but , again , with M$ , you should update the SP . Again . That is my opinion . Anyone using SP1 is fine . No bother to me . I , like zap , do not understand the thought behind staying on SP1 while SP2 is stable and well functioning . :cool:
     
  4. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    SP2 actually has a lot of security (as well as stability and performance) fixes, not just features.. many of which were long overdue. This is particularly evidenced by the numerous vulnerabilities that don't affect systems with SP2.

    I don't get it.. so many people spent so long being angry at MS for not fixing all these things, then when MS does put out the fix they don't want to use it. I'd bet money that this is especially going to be the case with Windows Vista. I haven't had any problems with SP2, and at this point pretty much all incompatible software has been updated to work. I can understand if there's something that really doesn't work with SP2 that is critical to your work, but I haven't encountered anything like that.
     
  5. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,042
    I agree. I've had no problems from SP2. I suspect more and more vendors are going to stop trying to support older stuff.
     
  6. houseisland

    houseisland Registered Member

    Joined:
    Jan 12, 2006
    Posts:
    107
    There are a few business that I know of who will roll out SP2 because some of their proprietary business applications will not run with SP2.
     
  7. Slovak

    Slovak Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    515
    Location:
    Medina, Ohio
    My guess as to why most people are not using sp2 is because they have a hacked copy of WinXp.
     
  8. sp2hater

    sp2hater Guest

    Oh sure, there are couple of people running around this forums, that won't
    convert because of problems with printers drivers or something.

    They also think they don't need SP2, which they think is for fools who don't know how to protect their computers anyway, and they are perfectly safe with Processguard (PG), NOD32 and so on.

    I've noticed that these people who don't upgrade also tend to be the ones who have more problems with other software. Because like it or not, particularly in the software world today (particularly security software!), most vendors are working on the assumption that the user is on XP SP2 like all security conscious people. Sad but true.

    Take PG 3.2. It went through a whole beta testing stage, and nobody thought to even test it on XP SP1. Melee was enraged when she discovered it didn't work properly on XP SP 1, I can tell you that.

    But really, we should wait for Melee to arrive with an answer, she's hates XP SP2 with a venegence.
     
  9. SpikeyB

    SpikeyB Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    478
  10. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    Useing sp1 and not updating to sp2 in my opinion is just like not updating to a newer version of an antivirus program to get the extra protection it affords. and sp1 can not be updated to have the same security protection of sp2. if it could they would not have spent the time and money developing sp2.
     
  11. sukarof

    sukarof Registered Member

    Joined:
    Jun 22, 2004
    Posts:
    1,714
    Location:
    Stockholm Sweden
    I have asked my self that question too: "why dont all use SP2"
    Sure, there were som issues way back in the beginning when SP2 arrived, some programs and drivers didnt work correctly with SP2. I remember me having problems with NOD32 and Outpost FW, but beeing the customer oriented companies they are they came up with new versions quickly. Surely any serious buisness have updated their programs/drivers to comply with SP2 by now?
     
  12. Bob D

    Bob D Registered Member

    Joined:
    Apr 18, 2005
    Posts:
    1,150
    Location:
    Mass., USA
  13. Again, SP2 offers security FEATURES that are often just duplications of third-party applications. If you don't run these other applications, it IS better to upgrade. The actual FIXES in SP2 are **not** security-related in any way. If they don't "fix" anything I use, why should I allow the security forum police to intimidate me into going with SP2? Again - ALL SECURITY FIXES and updates have already been patched in SP1, and are continued to be patched with each update. SP2 does not play nice with several things that are important to me. I am surprised that so many here believe that we need a "Security Center" with an *inbound* firewall, and annoying notifications that an AV isn't running is ridiculous. That's not a reason for a power-user to upgrade to SP2. Why do so many jump when MS says "jump?" SP2 is in many ways, the Windows ME answer to Windows 98 and delays in Windows XP. Except this time, it's to coddle those who have patiently awaited the delays in Longhorn (Vista).

    Many of you are giving SP2 WAYYY more credit for being something useful than it deserves.
     
  14. Fernando Villegas

    Fernando Villegas Registered Member

    Joined:
    Dec 3, 2005
    Posts:
    55
    Location:
    Santiago de Chile
    If you think Windows XP SP2 is just adding a security center and inbound firewall, you are sadly mistaken.
     
  15. sukarof

    sukarof Registered Member

    Joined:
    Jun 22, 2004
    Posts:
    1,714
    Location:
    Stockholm Sweden
    If your system works fine without SP2 no one is "intimidating" you to do anything.
    If some dont want SP2 then they just have to live with some programs not playing well on their system.
    Programs and OS´s evolve. One cant demand compability backwards forever. People just need to accept that fact.
    I still would like to know more specific what the problem is with SP2 and peoples systems. What programs or maybe hardware do not work with SP2. If there are any, isnt it up to the vendor of that program/hardware to fix it? MS has done some fixing with major program inkompabilities, but they cant keep track of every obscure program and hardware. Imo it is up to the vendor to fix the compability issues, wich any serious (even small companies) vendor has done.
    Or is it just an attitude like: "No one is gonna force me to install anything just because the big evil MS suddenly decides to publish useless service packs filled with lies that only are designed to cause trouble for the users...." ?
    I live "overseas" and it was no big deal installing and using SP2, there were some glitches but they were fixed pretty fast.

    It´s useful in that sence that SP2 users doesn´t have to worry about program/driver/hardware inkompabilities like some (remember: not all) people who hasn´t installed SP2 does.
     
  16. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
    there are lots of "point and click" exploits just like this which can attack people running SP1 in under a minute - about 3 mouse clicks. all you need is the address of the person you want to attack :eek:

    all i've done is edit the name alittle and left out the address

    i had to delete what i had written because no matter how i editted it it took me to a howto to exploit SP1 when looked up on google. that's how easy it is to do and shows how many sites show you how to do it :eek: :eek: and it's not just people who haven't updated to SP2 it's any software which isn't up-to-date.

    i've never tried the exploits, but i've seen videos carrying them out. if you trust me and you are running SP1 give me your address and i'll try it out. the videos i've seen give the attacker full control of the PC in about a minute with a few mouse clicks.
     
    Last edited: Jan 23, 2006
  17. sowhat

    sowhat Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    31
    1)No Raw Sockets,no SP2 here.
    If Microsoft doesn't want people to know how TCP/IP works,that's their problem,not mine.
    Nmap's author Fyodor said about that matter:
    "Pick your poison...cripple your OS or remain vulnerable to remote code execution and DoS."
    Well,with complete respect to Fyodor,i'll have to disagree:
    you're vulnerable no matter what poison you choose!
    (For the record...land attack successful against SP2's TCP/IP stack?Wasn't this solved back in...Win98?)

    2)Backwards Compatibility,in 2 words:No Way!
    In more words:Time is very precious to spend it to find out which software will be broken by SP2.
    I've lived that in the past,a loooot of times....oh no,thanks,no more,sir.
    I've seen a lot of people's OSes to have been broken after SP2,i 'd say:
    1/3 no problem,1/3 some (probably fixable) problems and final third a lot of "not fixable" problems.
    In this case,i won't just say:"if it ain't broken,then don't fix it".
    I say:"If it's that much broken,there's little point trying to fix it".

    3)To my eyes,SP2 is about as secure as SP1.Period.
    Most of the exploits found where affecting almost the same both SP1+SP2.
    Main difference is that some of them could affect SP1,IF(as Microsoft states):
    "the attacker could authenticate/log on locally".
    If an attacker can log on locally in your windows machine...
    then there's no point of fixes-or windows ;-) at all:
    he/she can pretty much do/install/delete whatever he/she wants,
    with an effort limited in 2-3 console commands.

    Something like a MacOSX,Red-Hat,Mandrake-like solution simple enough for everyday use,
    but also enough secure without requiring advanced knowledge from end-users,
    is pretty much possible in the nearby future,in 6-7 years maybe...
    So,I strongly believe Microsoft has lost the "game",no matter what they'll do...
    SP2,SP-whatever,Vista,.Net,DRM,software patents,big deals with hardware/game/video vendors etc...
    they pointed all their efforts on the average Joe;and even he/she has already got bored with all this.
    It's a really funny thing,because in the end...a fairly common secret,
    at least the 70% of their main target group are actually...the ones that they're chasing(!):
    people who like to a)do "music file-sharing",b)play games and c)rip/manipulate DVD-video related material.
    The last two reasons are also the main reasons that might convince/purge people to upgrade to Vista...
     
    Last edited: Jan 23, 2006
  18. jayzzz

    jayzzz Registered Member

    Joined:
    Mar 23, 2003
    Posts:
    367
    Location:
    California
    I’m still using SP1 because I decided it’s most practical for me. The sites I visit are low-key. I stay current on hotfixes and use protective applications I learned about here at Wilders with current definitions. It’s as well locked down as it can be. I use Firefox for searches and opening links, with AdBlocker and a Java disabler extension.

    :cool: I don't want to spend time working on the system while I could be enjoying it, paying attention to my husband or cats, or getting to know my first grandchild due April 3. I’ll do a reformat & clean install w/ SP2 if/when I must, but right now, it ain’t broken (at least, nothing that appears relevant to my Service Pack) and I don’t see a benefit to me in doing anything.

    :cautious: My XPHome is legal but I won’t entrust it to the M$N update site nowadays. I read (quite awhile back) that M$N updates would use their permissions as a Trusted site to install SP2 on machines not yet in compliance, whether wanted or not. When I bought this computer, the software stopped being the property of M$N or of Dell and the idea angered me enough to keep it off my hard drive until it becomes easier for me to have it than not to. Approval is nice, but my own convenience is nicer.

    :) mj
     
  19. Here are Microsoft's reasons to upgrade to SP2:
    http://www.microsoft.com/windowsxp/sp2/topten.mspx

    They are all about features.

    Microsoft has left no *security* fixes unpatched in SP1. Period.

    As for the features, I don't need ActiveX warnings, I don't need to be told my firewall is not running, I don't need to be told about the status of my antivirus. In fact, if I use something other than IE, I don't need much of anything SP2 offers. The "fixes" don't affect me at all.

    Microsoft has given the masses something to make them THINK they have done something while working (and working) on the long overdue Longhorn (Windows Vista).

    Can anybody say Windows ME?
     
  20. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    Probably because the average person doesn't care about fixes, features are the only thing to entice most people. If you order the SP2 CD in the mail, the packaging it comes in looks very much like some of the minimal security software packs that you buy in a store.. make them feel like they're actually getting something, and they're more likely to use it.

    Sure, after the fact.
     
  21. NGRhodes

    NGRhodes Registered Member

    Joined:
    Jun 23, 2003
    Posts:
    2,331
    Location:
    West Yorkshire, UK
    For me (funnily stuck on a win 2k machine in the office), IE enhancements are great. Wireless works MUCH better, I have a Linksys wireless card and a Belkin card and their own wireless configuration utilities suffer issues (one does'nt work in limited user account and the other suffers massive disconnects), SP2's wireless configuration utility works flawlessly for me, this is the main reason for me using SP2.
     
  22. Alec

    Alec Registered Member

    Joined:
    Jun 8, 2004
    Posts:
    355
    Location:
    Dallas, TX
    I'm going to quote what I wrote nearly a year ago about this very subject:
    I would add several additional points:
    • Raw Socket Support / Limitation on outbound "half-open" TCP connections. There are some real limitations Microsoft has added to the TCP/IP stack that do affect certain apps, such as network scanning tools and P2P applications. Personally, I agree with those opposed to the changes. All you Steve Gibson supporters can probably thank him for being so clueless on this issue and making a mountain out of a molehill. It just amounts to needless IP stack crippling. In any event, there are workarounds and patches to avoid these limitations as well. There is an "unofficial" patch to correct the "half-open" TCP issue, and as for raw sockets... developers have discovered they can work around it by going one abstraction layer lower and working straight with raw ethernet frames. So, in summary, I agree with you SP2-avoiders on this one point; but it's not a reason to avoid the whole upgrade, IMHO.

    • Lack of anything beyond Security Center and firewall. I sort of addressed this in my previous comments, but I thought I should elaborate again for some like ILikeLemonPie. Nearly every executable in Windows has been re-compiled with stack guards and other security compile-time options. Many, many registry and application defaults have been tightened. Many bug fixes have been introduced. Hardware and software Data Execution Provention (DEP) mechanisms have been added. Many APIs have been altered to emphasize security concerns. Some kernel modifications have been introduced. Wireless networking has improved. In summary, just because you as a user don't immediately notice anything other than Security Center and the firewall, that doesn't mean that nothing else has been done. :rolleyes:
     
  23. ~*Nat*~

    ~*Nat*~ Registered Member

    Joined:
    Jul 9, 2004
    Posts:
    8,129
    Location:
    Germany/Ohio-USA ~ between two worlds
    I haven't downloaded SP2 yet, simply because "they" must make everything so difficult. http://bestsmileys.com/angry1/14.gif

    It says, bla bla...go to your pc's website and download the latest DRIVERS.

    Well...then I do exactly what they tell you to....and they present me with a
    humangous list of Drivers, or whatever it is....and expect ME to figure out
    WHICH one I need. :doubt:
    How would I know ??
     
  24. Ailric

    Ailric Guest

  25. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    I understand and you are right, but women are the worst DRIVERS in the world or is it just a rumour ?
     
Loading...
Thread Status:
Not open for further replies.