Windows XP forum: Do I need XP2

A little opinionated?? You? lol. Sure that was a typo right *smiles*. YES you did indeed FIGHT and a good one i might add... but now you did it! May i ask WHY? What changed your mind? Just curious as I havent installed yet.
Thanks.

Thanks Wayne..(OK,I wont tell! lol)Will look into the NAV later,however,have used it for over 10 yrs and No troubles.Things change over night though.I have to wait now to install "SP2" til i KNOW PC is CLEAN..Had "tracking cookie" dialer from Media Player,my (PP found it)last evening,deleted it.Had a gut feeling then and decided to run scans one more time,and there it was!Did a post here last evening..This morning pc not acting right! Can dialup fine, but then its dead,after about the 5th try(dialing up) i got a *live* connection and could come here.
Ive used everything possible scanning (safe mode) and it comes up *clean*
Just have that GUT feeling again!! grrrr

....and i am still fighting - but alas another rat deserts the sinking ship!!!
Suppose there is nothing left now but to drown alone

Peter

Hi Glen,
You sure you dont work for "John West" - but did you know the Aussie Salmon are fighting little buggers!
Peter
PS the trout are even better

reasons to install SP2:

In Windows XP Service Pack 2, Microsoft is introducing a set of security technologies that will help to improve the ability of computers running Windows XP to withstand malicious attacks, especially those from viruses and worms. The technologies include these improvements:

Network protection

Memory protection

E-mail handling

Web browsing security

Computer maintenance

Together, these security technologies will help to make it more difficult to attack Windows XP, even if the latest updates are not applied.

In addition, this service pack also includes updates designed to improve the performance and stability of several Windows features.

Whats New in This Version

Added new sections: Distributed Transaction Coordinator, Internet Information Services.


Revised sections: Windows Firewall, Setup, Resultant Set of Policy, Windows Update, Internet Explorer Feature Control Settings in Group Policy, Internet Explorer URLAction Security Settings in Group Policy, Internet Explorer MIME Handling Enforcement, Internet Explorer Network Protocol Lockdown, Internet Explorer Local Machine Lockdown.

Overview of Windows XP Service Pack 2 Security Technologies

In Windows XP Service Pack 2, Microsoft is delivering several improved security technologies that help protect customers against malware and other risks to their computer. These technologies are not intended to replace periodic security updates as they are released, but rather to help strengthen Windows XP's overall defenses against malicious attacks.


Network protection. These security technologies help to provide better protection against network-based attacks, like MSBlaster, through a number of innovations, including enhancements to Windows Firewall and a reduced RPC attack surface. These enhancements include turning on Windows Firewall in default installations of Service Pack 2, closing ports except when they are in use, improving the user interface for configuration, improving application compatibility when Windows Firewall is on, and enhancing enterprise administration of Windows Firewall through Group Policy. The attack surface of the Remote Procedure Call (RPC) service is reduced, and you can run RPC objects with reduced credentials. The DCOM infrastructure also has additional access control restrictions to reduce the risk of a successful network attack.


Memory protection. Some attacks by malicious software leverage software security vulnerabilities that allow too much data to be copied into areas of the computers memory. These vulnerabilities are typically referred to as buffer overruns. Although no single technique can completely eliminate this type of vulnerability, Microsoft is employing a number of security technologies to mitigate these attacks from different angles. First, core Windows components have been recompiled with the most recent version of our compiler technology, which provides added protection against buffer overruns. Additionally, Microsoft is working with microprocessor companies to help Windows support hardware-enforced data execution prevention (DEP) on microprocessors that contain the feature. Data execution prevention uses the CPU to mark all memory locations in an application as non-executable, unless the location explicitly contains executable code. This way, when an attacking worm or virus inserts program code into a portion of memory marked for data only, an application or Windows component will not run it.


E-mail handling. Security technologies help to stop viruses (such as SoBig.F) that spread through e-mail and instant messaging. These technologies include default settings that have enhanced security, improved attachment control using the Attachment Execution Service (AES) API. This results in security and reliability enhancements for communications applications such as Microsoft Outlook, Outlook Express and Windows Messenger. As a result, potentially unsafe attachments that are sent through e-mail and instant messages are isolated so that they are less likely to affect other parts of the system.


Browsing security. Security technologies that are delivered in Microsoft Internet Explorer provide improved protection against malicious content on the Web. One enhancement includes locking down the Local Machine zone to help prevent the running of malicious scripts and fortifying against harmful Web downloads. Additionally, better user controls and user interfaces are provided that help prevent malicious ActiveX controls and spyware from running on customers systems without their knowledge and consent.


Computer maintenance. A very important part of any security plan is keeping computers updated with the latest software and security updates and understanding the role they play in protecting your computer. Ensuring that you have current knowledge of security attacks and trends is also important. For example, some software updates that mitigated known viruses and worms were available days or weeks before any significant attacks began. New technologies are being added to help the end user stay up-to-date. These technologies include Security Center, which provides a central location for information about the security of your computer, and Windows Installer, which provides more security options for software installation.

Microsoft understands that security technologies are only one aspect of a sound defense-in-depth security strategy. The security technologies outlined here are the next steps being taken in the Trustworthy Computing initiative to make customers systems more resilient to malicious attacks.

http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/sp2chngs.mspx

The following Microsoft Security Bulletins are included in Service Pack 2.


MS04-025 (867801) - Cumulative Security Update for Internet Explorer


MS04-024 (839645) - Vulnerability in Windows Shell Could Allow Remote Code Execution


MS04-023 (840315) - Vulnerability in HTML Help Could Allow Code Execution


MS04-022 (841873) - Vulnerability in Task Scheduler Could Allow Code Execution


MS04-018 (823353) - Cumulative Security Update for Outlook Express


MS04-016 (839643) - Vulnerability in DirectPlay Could Allow Denial of Service


MS04-015 (840374) - Vulnerability in Help and Support Center Could Allow Remote Code Execution


MS04-014 (837001) - Vulnerability in the Microsoft Jet Database Engine Could Allow Code Execution


MS04-013 (837009) - Cumulative Security Update for Outlook Express


MS04-012 (828741) - Cumulative Update for Microsoft RPC/DCOM


MS04-011 (835732) - Security Update for Microsoft Windows


MS04-007 (828028) - ASN.1 Vulnerability Could Allow Code Execution


MS04-004 (832894) - Cumulative Security Update for Internet Explorer


MS04-003 (832483) - Buffer Overrun in MDAC Function Could Allow Code Execution


MS03-051 (813360) - Buffer Overrun in Microsoft FrontPage Server Extensions Could Allow Code Execution


MS03-049 (828749) - Buffer Overrun in the Workstation Service Could Allow Code Execution


MS03-048 (824145) - Cumulative Security Update for Internet Explorer


MS03-045 (824141) - Buffer Overrun in the ListBox and in the ComboBox Control Could Allow Code Execution


MS03-044 (825119) - Buffer Overrun in Windows Help and Support Center Could Lead to System Compromise


MS03-043 (828035) - Buffer Overrun in Messenger Service Could Allow Code Execution


MS03-041 (823182) - Vulnerability in Authenticode Verification Could Allow Remote Code Execution


MS03-040 (828750) - Cumulative Patch for Internet Explorer


MS03-039 (824146) - Buffer Overrun in RPCSS Service Could Allow Code Execution


MS03-034 (824105) - Flaw in NetBIOS Could Lead to Information Disclosure


MS03-032 (822925) - Cumulative Patch for Internet Explorer


MS03-030 (819696) - Unchecked Buffer in DirectX Could Enable System Compromise


MS03-027 (821557) - Unchecked Buffer in Windows Shell Could Enable System Compromise


MS03-026 (823980) - Buffer Overrun in RPC Interface Could Allow Code Execution


MS03-024 (817606) - Buffer Overrun in Windows Could Lead to Data Corruption


MS03-023 (823559) - Buffer Overrun in HTML Converter Could Allow Code Execution


MS03-021 (819639) - Flaw in Windows Media Player May Allow Media Library Access


MS03-020 (818529) - Cumulative Patch for Internet Explorer


MS03-018 (811114) - Cumulative Patch for Internet Information Service


MS03-015 (813489) - Cumulative Patch for Internet Explorer


MS03-014 (330994) - Cumulative Patch for Outlook Express


MS03-013 (811493) - Buffer Overrun in Windows Kernel Message Handling Could Lead to Elevated Privileges


MS03-010 (331953) - Flaw in RPC Endpoint Mapper Could Allow Denial of Service Attacks


MS03-008 (814078) - Flaw in Windows Script Engine Could Allow Code Execution


MS03-007 (815021) - Unchecked Buffer in Windows Component Could Cause Server Compromise


MS03-005 (810577) - Microsoft Security Bulletin MS03-005


MS03-004 (810847) - Cumulative Patch for Internet Explorer


MS03-001 (810833) - Unchecked Buffer in Locator Service Could Lead to Code Execution


MS02-072 (329390) - Unchecked Buffer in Windows Shell Could Enable System Compromise


MS02-071 (328310) - Flaw in Windows WM_TIMER Message Handling Could Enable Privilege Elevation


MS02-070 (329170) - Flaw in SMB Signing Could Enable Group Policy to be Modified


MS02-068 (324929) - Cumulative Patch for Internet Explorer


MS02-066 (328970) - Cumulative Patch for Internet Explorer


MS02-063 (329834) - Unchecked Buffer in PPTP Implementation Could Enable Denial of Service Attacks


MS02-062 (327696) - Cumulative Patch for Internet Information Service


MS02-055 (323255) - Unchecked Buffer in Windows Help Facility Could Enable Code Execution


MS02-050 (Q329115) - Certificate Validation Flaw Could Enable Identity Spoofing

http://www.microsoft.com/technet/security/news/XPSP2.mspx

http://support.microsoft.com/default.aspx?scid=kb;%5bLN%5d;811113

Thanks Peter, I think I will wait a little longer too for the version that will not make me pull my hair out and howl at the moon. Maybe someone will publish a "How to install XP 2 for Dummies"!!!

Dont know what things you must be reading because every net site or computer magazine I read talks about problems with people installing sp2. If you are referring to headline news on say CNN I hardly think so - even when some of the large viruses have been floating around and millions of people have been affected its hardly been worthy of a mention in most cases.
I dont know where you get your 0.5% from - i doubt whether you have conducted a detailed risk analysis on the subject.
In any case i dont want to be that 0.5% as I use my computer for work and it's working quite well up till now so i see no real rush.
As for patches, one could also surmise that there have been that many problems its taking longer to fix and test - but I must say you have a valid point with this item. Never-the-less I also dont think anyone can dispute that sp2 is causing more problems than any prior MS service pack.
Anyway its my computer and my call.
Thank for being a worthy sparing partner
Regards,
Peter

....Actually I would bet Bill Gates probably uses Linux......

it aint over yet with SP2, maybe more to come!!!! Bet you didn't think of that!!
Peter
2 to Peter
1 to Bob

RE: "I dont know where you get your 0.5% from - i doubt whether you have conducted a detailed risk analysis on the subject."

Hmmm...... now I question if my US english is written well enough for you to comprehend with the OZ english. Please re-read.
Ok, will try again....There are198 Million computers with WinXP operating system. "....if of 1% of those were disatisified homeusers (aprx 1 million computers)......". Notice the word "if" which may mean something else in OZ. Of course I have not conducted a detailed risk analysis on the subject. Was giving an example of 'suppose' only 0.5% of those 198 million had problems.

BTW, I had more problems when WinXP first came out with a new computer I bought, getting it to accept some old programs, my scanner, and printer from my Win98 computer. Then SP1 gave a lot more problems to many people, but not me.

I have paid subscriptions to PC Magazine, PC World, Computer Shopper, Popular Science, Popular Mechanics, Consumers Reports, and visit many technical web sites. Yes, SP is discussed, but so far the problem is primarily with people who have screwed up their own computer, or have programs that need compatablility updates with the program originators..like in the past. If (repeat IF) something is wrong with a computer then SP2 will 'BARK'. I guess that is what scares people who have no confidence with their computer that they have probably screw up along the way. Notice SP2 has no installation problems on new & 'clean' (well maintained) computers.

Well, it has been over a month and still looking for those MS patches/updates for installation huh.

Yes, it is your compute and your call.

Cheers,

JR
SW Texas

Stick to your guns, Peter. Youre a man with a SP-2 plan, most embrace random chance alone when they dive into the SP-2 billabong.

With your particular multi-HD computer assemblage, you're probably smart to keep your toe out of the Billygeebong for awhile, 'cuz the Win XP Crocs might be waiting under that quiet surface to get you.

As you said it's "Not a matter of if but when." I had a clean & green install, and obtained added performance and quicker response times from SP-2, but my machine is running lean and mean, and is relatively pristine as regards legacy and extraneous S/W-H/W.

All I can say is, Come on in, mate, the water in Billys billabong is fine.

There have been two patches issued for SP2 and SP2 related problems are running at 10 to 15% of installs, depending on whose information you use.
I my opinion the odds are not good enough to install it yet.

Anyway, Microsoft will continue supplying updates to non-SP2 patched systems until mid April next year.
So if your anti spyware, anti-virus & firewall are kept up to date, and you don't use Internet Explorer or Outlook Express, you can delay installation until Miscrosoft patches the SP2 patch.

Correct URL for the MS GDI+ Detection Tool KB 873374:

http://support.microsoft.com/default.aspx?scid=kb;en-us;873374

With Windows XP SP1 I could not run CHKDSK on USB 2.0 hard disks. It was becoming a real concern since one couldn't check the integrity of those external 160, 250 and larger gigabyte drives.

This fix wasn't noted (I looked and may have missed it) but it does seem to be in there.

I won't run anything less.

Bob