Fog Creek Software
g
Discussion Board

Developers, WinXP SP2 will break your apps.

http://www.extremetech.com/article2/0,3973,1413766,00.asp

Time to start recompiling your apps. Read Microsoft's document.

Tons of changes in the what XP will allow your apps to do.

Many bad practices that were simply frowned upon are now stopped by default.

Your apps may break during installation or during operation.

heads.up.peeps
Tuesday, December 16, 2003

Which aspects of the service pack do you feel have such wide reaching impact? I hardly see anything of concern for typical applications.

Brad Wilson (dotnetguy.techieswithcats.com)
Tuesday, December 16, 2003

This will be a good acid test of Microsoft's committment and ability to secure Windows.  If this sucks, I think we can see the writing on the wall as far as security is concerned

Running with scissors
Tuesday, December 16, 2003

I thought Microsoft learned that service packs aren't a good place to introduce functionality? This SP looks like it introduces a wide slew of functionality.

Dennis Forbes
Tuesday, December 16, 2003

I can see many apps that integrate with Internet Explorer breaking immediatly based on the info Microsoft's document.

The good part is that it will prevent stealth BHO's, but the bad part is that many legitimate IE helper apps will have to be fixed by their developers.

heads.up.peeps
Tuesday, December 16, 2003

Okay I read all of that, and it looks like a very promising group of steps for Microsoft -- it is, quite literally, about time.

I don't see anything that will require the recompiling of apps (they mention that they recompiled the Windows components to better detect buffer overruns (i.e. the /GS cl.exe option), as well as to use the process no-run directive, presumably based upon the fact that the overwhelming majority of exploits are in Microsoft code. Whether you recompile your own app to use these features is not required (or such is my interpretation).

Dennis Forbes
Tuesday, December 16, 2003

"Whether you recompile your own app to use these features is not required (or such is my interpretation)."

That's the impression I got from the article, too.  Doesn't sound like you'd need to change/recompile anything in your apps unless you're relying on some specific API functionality that they've altered. 

Even then, it doesn't sound like legit apps will be too affected in the vast majority of cases.

John Rose
Tuesday, December 16, 2003

Well, the only way to know for sure is to download SP2 and test your app(s) against it. This is basic QA, people.

another dev
Tuesday, December 16, 2003

Uh...thanks for the (misplaced) QA lesson, but not even the beta of SP2 is available yet, and our comments were specifically relating to the original poster's comment that it would require rebuilding.

Dennis Forbes
Tuesday, December 16, 2003

more likely it will break web sites that rely on opening new windows for functionality.

read the last section of the document.

HTML Dude
Tuesday, December 16, 2003

One huge change will be enabling "no execute" by default.  This prevents areas of the stack and heap from being executed on processors that support this ability (only AMD at the moment?).  The obvious advantage is that buffer overrun attacks that rely on placing code on the stack and then executing this code won't work. 

You might think that things like self-modifying code and on-the-fly code generation are rare but it's a popular technique to associate HWNDs with language-level structures by building a custom WndProc for each new window that hard codes the structure pointer.  This will primarily affect applications that use the ATL windowing classes.  Borland also uses this technique but they had the forethought to call the appropriate Win32 function to give the memory execute permissions. 

SomeBody
Tuesday, December 16, 2003

The various changes to IE are going to break lots of rich-UI IE based Intranet apps. I know the main app I worked on for the last four years will need some fairly non-trivial changes to work round Microsoft's "fixes".

Andy Norman
Wednesday, December 17, 2003

The SP2 beta has just been released:

http://www.neowin.net/comments.php?id=16037&category=main

Test away....

divide by zero
Thursday, December 18, 2003

*  Recent Topics

*  Fog Creek Home