Why are people not using SP2?

Discussion in 'other security issues & news' started by zapjb, Jan 22, 2006.

Thread Status:
Not open for further replies.
  1. ~*Nat*~

    ~*Nat*~ Registered Member

    Joined:
    Jul 9, 2004
    Posts:
    8,129
    Location:
    Germany/Ohio-USA ~ between two worlds

    Ailric,
    I didn't complain that they are "Evil".
    Only that they don't make it very easy for people like me, that
    gets grey hair if I have to do anything technically that I don't understand.
    It's just something Not for me.
     
  2. ~*Nat*~

    ~*Nat*~ Registered Member

    Joined:
    Jul 9, 2004
    Posts:
    8,129
    Location:
    Germany/Ohio-USA ~ between two worlds
    It's a rumor ! :D
     
  3. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,638
    i still find that a poor excuse
     
  4. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    Do you have a brand-name PC like a Dell? If so, many have automatic updaters for your drivers.. on Dell systems it's called the "Support Center". If nothing else you can go to Windows Update and install the Microsoft drivers from there, only ones that apply to your specific hardware will be listed.

    Very very well put, Alec, awesome post! :)
     
  5. hollywoodpc

    hollywoodpc Registered Member

    Joined:
    Feb 14, 2005
    Posts:
    1,325
    There are also some software programs ( shareware ) that will do it for you . Driver Genius , Driver Detective ;just to name a few
     
  6. zapjb

    zapjb Registered Member

    Joined:
    Nov 15, 2005
    Posts:
    5,248
    Location:
    USA still the best. But barely.
    Excellent post Alec.:thumb:
     
  7. micronauts

    micronauts Guest

    we never install any of that junk crap. don't need it. we just surf n check email so really dont need any updates. xp spun right off cd onto fat32 works fine and does everything we need it to. xp detects drivers for all our old hardware scanner, printer, modem, video card, etc so thats cool. we do stuff and install stuff to make it safer everything works so theres no need to download 150mb worth of microsoft-only-knows -what's-in-em updates all we know is what the windows update claims or people in forums like these try to convince us is in it. when i see people brag "i'm fully patched" i think there goes another dunce conned by cops posing as security experts to instal sony symantec zonelabs type rootkit on their computer. makes their job easier. now that wmf hole is exposed and the bad code removed, youll see the cops pushin hard for install new updates containing new backdoors. ask yourselves "why am i updating? i bet most people do so out of fear cause they heard of some virus on tv, or some friend. why do you think microsoft calls all their updates critical? its to scare people into installing them. dont do it.
     
  8. Brinn

    Brinn Registered Member

    Joined:
    Aug 5, 2004
    Posts:
    181
    Location:
    Canada
    I didn't install SP2 when it came out because of all the bugs I was hearing about. Then I was just plain procrastinating. I only installed it for the first time last month. =\
     
  9. ghodgson

    ghodgson Registered Member

    Joined:
    Dec 20, 2003
    Posts:
    835
    Location:
    UK
    I'm still on SP1 [legal], I didnt want SP2 to scupper everything thats running fine presently. So why fix it when it aint broken?
    ................and I dont like media player 10 :D
     
  10. sowhat

    sowhat Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    31
    Quotes from Alec 's post regarding SP2,
    https://www.wilderssecurity.com/showpost.php?p=666188&postcount=22,
    and my point-of-view:

    "Contrary to some people's apparent belief,there are in fact many serious security vulnerabilities,
    that exist in SP1 that do not exist in SP2..."

    1)Vulnerability in the Indexing Service Could Allow Remote Code Execution

    Taken from Microsoft's site:
    "Even when the Indexing Service is installed,by default it is not accessible from Internet Information Services (IIS).
    Manual steps are required to enable (IIS) to become a Web-based interface for the Indexing Service...
    Web-based query pages must be created or installed manually,
    that will allow IIS to receive queries from anonymous users and pass those queries to the Indexing Service...
    Only users with permissions to access the manually created or installed queries pages,
    would be able to attempt to exploit this vulnerability through IIS.

    ...Two extra notes:
    a)Why in the world would a simple end-user install IIS in his/her PC?
    b)Furthermore,Indexing Service is a well-known "useless" resource hog,
    disabled/uninstalled by most of casual end-users.

    2)Vulnerability in Cursor and Icon Format Handling Could Allow Remote Code Execution

    Ok,that is true,and it's also only a 1.5 Mb fix,with no risk of crippling your OS.

    3)Multiple vulnerabilities in Internet Explorer

    True,but...
    a)Internet Explorer is unsecure BY NATURE.With fixes or not,why should anyone use it?
    b)I bet there are hundreds of exploits designed specific only for Internet Explorer on SP2.
    In any case,a Cumulative Update for most of Windows platforms will "solve" any problem.
    Note also that there are lots of them already released...

    4)Vulnerability in Windows Shell Could Allow Remote Code Execution

    Again,this is a 4.2 Mb...
    and i bet that some of the files included in this fix are gonna get replaced in later fixes.

    5)Vulnerability in Compressed (zipped) Folders Could Allow Remote Code Execution

    Every once in a while,there's a new advisory regarding a "buffer overflow" in XP 's zip capabilities.
    Either don't use it at all,as most people do...(i have never used it myself),
    or as many people already found,just disable it from the registry.
    Funny thing is,that this is also Microsoft's suggested workaround....

    6)Vulnerability in NetDDE Could Allow Remote Code Execution

    If there are still people/software depending on NetDDE,please,inform me.
    It's a very old protocol,almost never used nowadays,except from...exploits maybe!
    Delete the Default (!) NetDDE shares,
    (who asked for that?seems like Microsoft really has a problem with "Shares",
    NetBIOS-another archaic protocol-,"Simple file-sharing and Permissions" etc.).
    And one can also safely disable the two corresponding services:
    or should i better say,disable them to be safe?

    7)Vulnerability in WebDAV XML Message Handler Could Lead to a Denial of Service"

    It's a denial of service against IIS (explained before...),that also must have WebDAV enabled.
    Meaning:no concern again for daily users.
    Regarding WebDAV only,it's a fairly new protocol,(actually an extension to http),
    and who ever makes network-accessed WebDAV folders in Windows,is probably looking for trouble.
    Also,this is one more service that can be disabled with no daily annoyances at all.

    Quote regarding the disabling/removal of Raw Sockets:
    "...Developers have discovered they can work around it,
    by going one abstraction layer lower and working straight with raw ethernet frames.
    So,in summary,I agree with you SP2-avoiders on this one point;
    but it's not a reason to avoid the whole upgrade,IMHO."

    In my summary...I am not a developer.I'm just an end-user.
    Something breaks software I daily use?
    And to be more precize,mainly breaks "security tools"?Like sniffers,scanners etc?
    Does it also use some fairly ridiculous "security" excuses about that?
    Then,that makes it a perfect reason to avoid the "whole upgrade/crippling".

    "Nearly every executable in Windows has been re-compiled,
    with stack guards and other security compile-time options."

    That re-compilation is something to note,yes:
    people will find more incompatibilities and hackers more buffer overflows.
    Although i doubt they actually done something serious when re-compiling:
    the wmf exploit took advantage of code that was written back in '89-90...

    "Many registry and application defaults have been tightened."

    I kind of prefer to handle this for myself;we all know Microsoft's "tighten" features usual workflow:
    the OS has some broken/risky "features",MS issues some patch/fix,
    the fix breaks some other things,then MS posts some "workarounds" for their mistakes etc.

    "Many bug fixes have been introduced."

    And how many new bugs have been introduced... ;-)

    "DEP mechanisms have been added"

    And they are known to cause problems,and also to not protect you from 0-day exploits.

    Conclusion,what i have already said...:SP2 is about as secure as SP1.Period.
    If someone doesn't like the "Period" quote of mine,he/she should note the "about" in this statement.
    There are some exploits that work only in SP1 and some that work only in SP2.
    And since SP2 is newer and more testing now is taking place in it,
    I bet they will find even more...exactly because they made so many changes.
    Even,and i repeat that,even if there were found 2,3 or 5 more "holes" in SP1,
    why should i really give a damn...people should start comparing Windows' security with Unix,
    that 's the only way to have a clear view of what is going on behind (?) the scene:
    Microsoft updates,hardware updates,software compatibility updates,
    and money makes the world go round...(but not more secure).

    So,in a very distant future,i might evaluate Vista,
    but ONLY if there will exist special incompatibilities,
    with newer versions of software REQUIRED for my job and living.
    In the meanwhile,i'm just gradually moving to Unix for daily tasks.
     
    Last edited: Jan 27, 2006
  11. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    131,849
    Location:
    Texas
    Let's get back on topic in this thread please.
     
  12. HandsOff

    HandsOff Registered Member

    Joined:
    Sep 16, 2003
    Posts:
    1,946
    Location:
    Bay Area, California
    Hmmm 70% of XP users have not upgraded to SP2.

    I wonder what percentage of XP users think Microsoft is responsible for more privacy compromises than all other adware and spyware combined?

    And who even uses Internet Explorer anymore?

    Yes, I use XP-SP1, yes it's legal. Most software that I use comes down to which works best for me. If some software will make my life easier, I don't mind paying for it. I use some freeware, but mostly commercial programs. My choices are based on how much I like the features. SP2 crashed my system twice resulting in days of extra work for me. I just don't feel like rolling the dice again.

    Secondly, since you asked why, my personal philosophy for securing my computer is to have as few services and products from Microsoft as possible. I don't use Word, Wordpad, Windows Media Player, Windows Firewall, Task Scheduler, automated updates, timeserver, Windows Explorer, Internet Explorer, Indexing Service, Windows Paint program...and on and on. If I do have a security problem, I will seek a solution from a company that is dedicated to providing security solutions. And that's not Microsoft!

    BTW - Some of you might want to try SoftMakers TextMaker2006. If you are as student you can pick it up for $12. It has all the features of Word, except that it opens as fast as WordPad, it doesn't spy on or nag at you, doesn't Require over 50 MB of security fixes...and it works. But, no, better to keep to Word product and updates....?



    - HandsOff
     
  13. Milken

    Milken Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    20
    How about this. . . . BSOD, immediately after upgrading to SP2 to two different computers, both a little older, the BLUE SCREEN OF DEATH started popping up. Today I removed SP2 from both PC's and everything is fine now. Not only that but ALL the updates except SP2 are still my PC.
    Who needs the Windows Firewall? It's a huge false sense of security. It should be called the Windows Waterwall.
     
  14. peewee

    peewee Registered Member

    Joined:
    Jan 31, 2006
    Posts:
    30
    Mostly people (such as myself) aren't using sp2 because it is spyware CRAP. That's just my own little opinion so we can all feel however we want.
     
  15. SwordOfSecurity

    SwordOfSecurity Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    108
    Location:
    Canada
    i'd have to agree with your guess there, although people are also finding ways to even get the hacked SP2 o_O

    as for my personal opinion on SP2...well i think its fine. the whole security center thing they implemented obvioiusly isn't the main thing they added. it was just one of the main features shown to Windows users since thats all they would really want to hear (the bug fixes, security additions and everything would probably get too technical for them) as said previously. SP2 does provide several fixes, which is why i found it important to add in (as for the security center, well you can easily turn that off).

    i don't know why people would rather not download it due to it complication, size, mediocre download time, etc. and would rather download a movie or game that is even bigger than it and requires probably more configuration (well not for movies i guess). when i did the simple upgrade to SP2 a long time ago on two other computers i owned, it was accomplished simply with a few clicks on the mouse.

    well anyway theres my 2 cents on the topic.:p
     
  16. HandsOff

    HandsOff Registered Member

    Joined:
    Sep 16, 2003
    Posts:
    1,946
    Location:
    Bay Area, California

    Can anyone confirm this to be true? Personally, I doubt even Microsoft would be this stupid. Installing software without the user's permission would would make them guilty of installing spyware. I suppose Ad-Aware would have to come up with an update to remove sp-2...Or would they?


    -HandsOff!
     
  17. jayzzz

    jayzzz Registered Member

    Joined:
    Mar 23, 2003
    Posts:
    367
    Location:
    California
    If I could remember where I read it, I'd post a link...will do so, if I'm able to relocate it. I was apalled, but having been burnt by comcast when they took over attbi, it didn't seem so far-fetched. They installed tgcmd.exe, and set up all sorts of hidden folders with their Transition Wizard and changed their TOS to give themselves the right to install what they wished ON MY COMPUTER at the same time.

    After seeing that, I'd have been an idiot to think, "Oh, no...Microsoft would never do that!"
     
  18. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,638
    for a while, microsoft offered a patch you could download to prevent SP2 from being downloaded by automatic. after a specific date however, it disabled itself to reallow download of sp2. i could be wrong tho.
     
  19. jayzzz

    jayzzz Registered Member

    Joined:
    Mar 23, 2003
    Posts:
    367
    Location:
    California
    Thank you. I'm a little under the weather today and don't have time to search, but it's nice to know that sounds familiar to somebody else, too. :)
     
  20. hollywoodpc

    hollywoodpc Registered Member

    Joined:
    Feb 14, 2005
    Posts:
    1,325
    Huh ? Everyone is confusing all of this ! It is NOT spyware . And , the bottom line is , you do not have to use it . But , I have yet to see anything fruitful in here that would make me keep it off . The person that got the BSODs obviously has something that is conflicting . I can assure you that SP2 works fine with almost everything windows . Of course , if your updates are on the machine BEFORE installing SP2 , that can cause a problem . I hate M$ as much as the next person but , SP2 only adds features . Not spyware or other crap that you need to be afraid of . The paranoia in here is frightening :cool:
     
  21. tuatara

    tuatara Registered Member

    Joined:
    Apr 7, 2004
    Posts:
    777
    I've seen one good reason a few weeks a go,
    the person was running windows Xp with a 2GB harddisk !

    No, NOT a USB-stick a HARDDISK.

    It was not possible to install SP2, because that would need some extra 200MB

    :D
     
  22. hollywoodpc

    hollywoodpc Registered Member

    Joined:
    Feb 14, 2005
    Posts:
    1,325
    Lol . Ok . You got me . ONE reason .
     
  23. Alec

    Alec Registered Member

    Joined:
    Jun 8, 2004
    Posts:
    480
    Location:
    Dallas, TX
    I believe this is correct, however SP2 is automatically installed only if you have "Automatic Updates" selected and enabled. It is totally optional. It is not mandatory. And, as I recall, it is made quite obvious to the Administrator when Windows is initially configured and set-up; at which time the Administrator is given the clear choice. This, by no means, qualifies as spyware, IMHO. The patch alluded to was made available at the request of large enterprise customers who had configured Automatic Updates as enabled on their employees' systems, and who wanted the automatic security patches and bug fixes in general, but who nevertheless needed additional time to fully test SP2 because it was such a large update. Technically, no one is forced to use SP2 against their wishes, although certain future updates and applications will likely be made available only for those that have updated their system to the latest service pack (eg, Internet Explorer 7 Beta 2).

    As for the extra 200MB required for SP2, I'm not even absolutely sure that is the amount of extra space technically required for SP2. The download itself is approx 200MB as I recall and the actual new executables must be unpacked and likely take about twice that amount of space during the install process itself. However, if you choose to delete all of the saved, old executables and make it so that a pre-SP2 reversion is not possible (or if you were to install SP2 onto a harddrive straight from a slipstreamed Windows XP SP2 CD-ROM), then I doubt SP2 really takes up that much additional space. I am curious, though.

    A couple of specific comments:

    @jayzzz: In my opinion, it's a little misguided and disingenuous of you to lambast Microsoft and hold them responsible for something that Comcast actually did to you. Yes, I understand your point that it may have "opened your eyes" (so to speak) as to what large companies may do, however unless and until the unrelated company actually commits the wrongdoing... you have no case to be made against them. Scream at Comcast. Scream at Sony for their rootkit DRM music CDs. But scream at Microsoft only for those boneheaded things they have actually done (and, I admit, there are some; however, spyware isn't generally something I personally would accuse them of).

    @HandsOff: Your level of paranoia is something to be proud of, I suppose. :blink: If you really are so fearful and anti-Microsoft as to not run Notepad and Paint, I'm not quite sure what you are doing running a Microsoft OS at all. Seriously. Perhaps you would be better suited to Linux or OS X? I can recommend both as quality alternatives (albeit not for everyone, IMHO).

    @sowhat: Those vulnerabilities previously listed were only mere examples of security problems discovered post-SP2 that were found to affect SP1 systems and, not SP2 systems. I do not wish to be distracted into a long conversation about each, that was not the point. However, I would say it is not a proper characterization to say that most of these were "fixes" implemented by Microsoft in SP2 and not SP1; but, rather, it was the fact that SP2 included certain defaults, re-compilation optimizations, and other tweaks that made SP2 resistant to the vectors later discovered. Do you understand the difference I am trying to convey? We are not talking about specific one-offs discovered and fixed, rather we are talking about general classes of vulnerabilities made less likely. As to your commentary about re-compilation in general and your pointing out the WMF exploit... you obviously do not understand the difference between a stack overflow vulnerability and a heap overflow vulnerability. Yes, re-compilation did do something; however, I never claimed it was a panacea. [EDIT: Actually, I don't believe that the WMF vulnerability is properly a heap overflow either; but rather reflects a vulnerability in the actual file format and what what the API was originally designed to allow. In any case, still not something addressable through stack guards and re-compilation alone... which was my point.]
     
    Last edited: Feb 2, 2006
  24. jayzzz

    jayzzz Registered Member

    Joined:
    Mar 23, 2003
    Posts:
    367
    Location:
    California
    "@jayzzz: In my opinion, it's a little misguided and disingenuous of you to lambast Microsoft and hold them responsible for something that Comcast actually did to you. Yes, I understand your point that it may have "opened your eyes" (so to speak) as to what large companies may do, however unless and until the unrelated company actually commits the wrongdoing... you have no case to be made against them. Scream at Comcast. Scream at Sony for their rootkit DRM music CDs. But scream at Microsoft only for those boneheaded things they have actually done (and, I admit, there are some; however, spyware isn't generally something I personally would accuse them of)."

    I lambasted nobody...merely expressed a lack of faith in corporate good intentions, generally. And after the wrongdoing has been committed, it's too late to undo it. Screaming at comcast for something they gave themselves the right to do (and I'd agreed to, per them, by using their broadband to go see the new TOS) would be a complete waste of my time and energy. Almost as much so as justifying my decision to keep SP2 off my machine with its legal XPHome for as long as I can.
     
  25. HandsOff

    HandsOff Registered Member

    Joined:
    Sep 16, 2003
    Posts:
    1,946
    Location:
    Bay Area, California
    Alec said:
    @HandsOff: Your level of paranoia is something to be proud of, I suppose. If you really are so fearful and anti-Microsoft as to not run Notepad and Paint, I'm not quite sure what you are doing running a Microsoft OS at all. Seriously. Perhaps you would be better suited to Linux or OS X? I can recommend both as quality alternatives (albeit not for everyone, IMHO).


    Alec,

    I must say I found your amusing comments very entertaining. On the off chance that you really had a hard time understanding my post, and are not just clowning, let me try to clarify a couple points for you.

    Let's start with your belief that my level of paranoia is something to be proud of. Firstly, it seems to me that the only reason one would have for being proud of having a great deal of paranoia with respect to an issue would be if their paranoia turned out to be justified. But in that case would it be paranoia, or would it be perceptiveness?

    Far from being paranoid, I am a pragmatist. While I am not an expert in computers, I would say that I have skillfully avoided many of the pitfalls I have seen others fall victim to, simply because I am less inclined to parrot every cliche piece of security advice than others seem to be. If something does not seem right to me, and it's not to inconvenient, I will put it to the test. You may have read earlier in this thread that Iceni60 refered to assertions on certain websites that there are one-click exploits which will enable the clicker to take over the computer target which is running SP1. This is news to me. If true I may have to rethink my views. You may also recall he said words to this effect: If you trust me you can give my your address and I will see if it works. So I did. Rather than checking my mailbox to see if it was a success, I am sitting here trying to convince you I am not paranoid. Does that seem paranoid to you?

    Okay, I am going to give you enough credit for intelligence that I will drop the subject of correctness of your assertion that I am paranoid. You still may not be clear as to why I for instance do not run WordPad. If you read just a little further in my post, you may have notice that I was recommending a new word processing program made by German software giant, SoftMaker, called Textmaker 2006. I have been using it for months. I beta tested it for months. The reason is fairly simple. I read an article comparing word processing programs and Textmaker 2005 (at that time) was the highest rated product. Here is the significant part to me. It is more powerful that MS Word, is fully compatable with Word, and can even open files that were password protected in Word and...IT OPENS INSTANTLY. Sorry for the capitals, but that to me is very big news. All the power, and more, of Word, all the speed of Wordpad. Not to belabor the point, but Wordpad, even notepad, no longer serve any function.

    I did not re-read my post, but hopefully I mentioned that Explorer² does far more than windows explorer...and I have timed file operations and searches that are OVER TEN TIMES FASTER. 18 seconds versus 221 seconds!

    Someone mentioned vulnerabilities with the Indexing Service. I guess some people would give me credit because I have never used it. Again, based on what I read about its horrible inefficiency. But my dislike of it goes beyond the fact that it slows and "thrashes the hard drive". I am put off by the way that it cannot seem to respect my settings. Example: I have have unchecked using the the indexing service on each and every one of my fifteen hard drive partitions. I have disabled the service in "Services.msc". I have gone to Set Programs Access and Defaults - Add/Remove Windows Components and specified to remove the indexing service from my XP implementation. Yet if I for instance, resize or reformat any of the partitions, then XP checks the indexing service and impliments this with not so much as word notifying me of this action. One would have to check properties in order to know that the service is back. But how did I catch it, you may ask? Simple. There almost forgotten sound of the hard drive thrashing, even when I wasn't doing anything was so conspicuous that I checked.

    Then there is Internet Explore. Enough said.

    WinRAR or XP's zip. Enough said.

    Perfect Disk or Defrag. Enough said.

    Paint. A very annoying program for someone that has a full featured graphics program. Previews? Not if you use an image viewer. Why not just leave it. Well experience has shown that it, or MS Windows and Fax viewer will cause problems with opening multilpe files in a specified, or even default program handling an image file type. In other words, you highlight ten .psd images to open with photoshop. What happens is that only the first will open. This in turn leads to more problems.

    The thread that ties this all together should be clear. If you don't like frustration, inefficiency, defiance of users settings, endless exploits and security patches you can take one of two approaches.

    1) You can put yourself through hell with each and every aggrivating Microsoft program, or

    2) At some point just decide to give yourself a break. If you want a desktop search, or an "indexing" program that works, just do a search and pick one with good reviews. Same thing for firewall. Same thing for encryption (I am happy to say that I never used microsoft compression. It is an unlikely enough thing to do that I can't take much credit for it. If you are using software encryption and compression, then you do not want to use xp's).

    Anyway, sorry for the long post. Still, I almost hope that you will make some statement or other about Microsoft not being evil. Maybe even being (ha, ha, ha) ethical. Perhaps that the jury is still out on their software, their business practices, treatment of customers and privacy, and so on. In fact, anything that puts them in a positive light, or suggests that they are believable in any way at all would be such a bold move that I just might find myself at a loss for words.

    Not. Please, keep 'em coming!

    BTW - If I was compromised by the exploit, I will be glad to post that fact. Experience is the best teacher, and no reason everyone should have discover this by themselves. I tend to think I am safe, but nothing surprises me anymore, so I will not be amazed if it does work.



    -HandsOff
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.