Fog Creek Software
Discussion Board




Install SP2 or not?

I'm getting "New updates are ready to install" with SP2 (at work).

Should I install or not, considering people are saying it breaks stuff?

Alex
Wednesday, August 18, 2004

The vast majority of problems are caused by the firewall.  Since Microsoft's firewall is a worthless piece of crap anyway, just turn it off as soon as you install SP2 (and use a different firewall).

I've been running SP2 for almost 2 weeks now without a problem.

Gern Blaansten
Wednesday, August 18, 2004

Ask your IT manager!
That said, I've installed it on my home network with no problems, and I've checked some pretty complex things

SteveM
Wednesday, August 18, 2004


I'm not going to install SP2.

From what I can tell, it's not compatible with Fedora, Debian, or Slackware.

KC
Wednesday, August 18, 2004

Have you seen the list of affected applications?

http://support.microsoft.com/default.aspx?kbid=884130&product=windowsxpsp2

It's not just obscure stuff, the list includes Excel and Visual Basic!

Ged Byrne
Wednesday, August 18, 2004


Install it, try it, if it breaks your apps, uninstall it... It takes 20 mins to install, or less.

It works perfectly at mine's..

Q
Wednesday, August 18, 2004

Microsoft Knowledge Base Article - 884130
"Many of these issues are related to the introduction of the Windows Firewall and Data Execution Prevention features. "

Turn off the Microsoft firewall (and use one that actually works).

Gern Blaansten
Wednesday, August 18, 2004

Aside from the fact it breaks applications, what is fundementally wrong with the windows firewall?  Does it not take security far enough or something?

i like i
Wednesday, August 18, 2004

The fundamental problem is that the firewall is ON with almost all the ports closed BY DEFAULT.

In corporate environments, the users don't even need firewalls. There is likely already one or more sitting between them and the big bad internet anyway.

I don't know why in the hell they didn't release 2 SP versions... one for corporate and one for home. The difference being the default firewall config.

I am Jack's rage against the machine
Wednesday, August 18, 2004

"In corporate environments, the users don't even need firewalls. There is likely already one or more sitting between them and the big bad internet anyway."

Oh yeah. Unfortunately the clueless autonomous devision admins and their bunch of jolly lusers' 0wNd machines are hiiting everything from behind the nice corporate deluxe firewall.

Google on "defense in depth" or pick up a nice securtity primer someday.

Just me (Sir to you)
Wednesday, August 18, 2004

>The fundamental problem is that the firewall is ON with almost all the ports closed BY DEFAULT.

Great. Didn't the problem used to be that the security settings were OFF by default on too many pieces of software/hardware? Can't win for losing.

Ron Porter
Wednesday, August 18, 2004

Yes, there's nothing to prevent a hijacked machine behind the firewall from spreading a virus.

I've seen it. It's nasty. One person opens an Outlook Attachment and suddenly everyone loses a day's work.

www.MarkTAW.com
Wednesday, August 18, 2004

"The fundamental problem is that the firewall is ON with almost all the ports closed BY DEFAULT."

You're kidding, right?

This is the kind of protection everyone needs. And many of the applications the firewall "breaks" are broken because they depend on permissions and/or ports that really shouldn't be there.

Philo [Microsoft]

Philo
Wednesday, August 18, 2004

I have this small tool that measures incoming/outgoing traffic from my computer (NetPerSec, from PC Magazine).

It's always fun to see what traffic still exists when I have nothing open. I saw some fairly regular pinging one day when my internet connection was down, so I turned on Ethereal to see what it was.

It was ZoneAlarm phoning home.

The problem with Windows is that it was too wide open by default. Everyone said it. Now that it's closed everyone's saying that's the problem.

www.MarkTAW.com
Wednesday, August 18, 2004

Last month:  Windows security sucks!  How could they not include even a basic firewall for the lusers?

This month:  Turn off Windows' firewall!  It blocks too much from getting through!  How could they do this to us?

Next month: Windows security sucks!  I have SP2, and I still got infected by worm #8002 through some unchecked port!

sigh...

Greg Hurlman
Wednesday, August 18, 2004

If it ain't broken, don't fix it. I had SP2 on my laptop and didn't notice any difference, as a matter of fact, there were several more services loaded than before so I had less memory to work with plus an icon in the tray. There were no magic speed up of anything even thou there is all the talk how some parts were recompiled with the latest optimizations. It's like, should I do something useful or should I waste my time downloading the patch and then getting my PC back to how I like it.

Plus, if I am not mistaken, SP2 has been put on hold because there are couple of new holes.

Alex
Wednesday, August 18, 2004

"There were no magic speed up of anything even thou there is all the talk how some parts were recompiled with the latest optimizations."

I didn't see any mention of performance enhancements from the newly compiled code. In fact, the whole point was to do more checks, which take more time, not increase speed.

Brad Wilson (dotnetguy.techieswithcats.com)
Wednesday, August 18, 2004

> many of the applications the firewall "breaks" are broken because they depend on permissions and/or ports that really shouldn't be there.

Including fifty of Microsoft's own. You'd think they would have tested that, really, wouldn't you?


Thursday, August 19, 2004

"> many of the applications the firewall "breaks" are broken because they depend on permissions and/or ports that really shouldn't be there.

Including fifty of Microsoft's own. You'd think they would have tested that, really, wouldn't you?"

Why? If you're going to take security seriously AND you're going to 'eat your own dogfood' AND you're going to try to prevent the standard 'taking advantage of things you know that nobody else does' complaint, then even if you test against your other software, you only use the results to take care of that software, not to open things that may not need to be open in a particular configuration.

Ron Porter
Thursday, August 19, 2004

I just installed it on my secondary machine, and will be converting the primary machine in a few hours.
Why today? I monitored the reports and gut feeling says chances of getting caught by a reverse engineered exploit form the patchlist are much higher than those of SP2 messing up my machine.
I issued a "recommend install" to my friends and family.

Just me (Sir to you)
Friday, August 20, 2004

*  Recent Topics

*  Fog Creek Home