Windows XP SP2 is here... what you need to do

[Asher]

Due to the anticipated overwhelming swarm of people who want SP2, it's not going to be available in Windows Update or as a standalone exe until the end of the month. The way you're supposed to get it is via Automatic Updates -- so enable them now. Even if your copy isn't legal, don't worry, it's safe -- they don't check keys or anything like that.

If you're using Internet Explorer, click this link to turn on Automatic Updates.

Otherwise, follow these instructions.

Information on SP2:
FAQ: http://www.winsupersite.com/faq/xpsp2.asp
Review: http://www.winsupersite.com/reviews/windowsxp_sp2.asp

A summary of some of the new features:

• Security Center. A
  new front-end, or dashboard, to XP's security features, including
  Automatic Updates, Windows Firewall, and virus protection. Microsoft
  doesn't offer any antivirus protection software directly, but Security
  Center integrates with third party software such as McAfee VirusScan.
  
  
• Windows Firewall. The
  new Windows Firewall replaces Internet Connection Firewall (ICF) and is
  on by default. Windows Firewall boasts several new
  administration-related features, including a full set of configuration
  options, Active Directory (AD) administration capabilities through
  Group Policy, command-line support that's compatible with logon scripts
  and remote management, and multiple-profile support. It is also enabled
  earlier in the boot process, eliminating the possibility that intruders
  could insert errant code over a network before the system fully comes
  up.
  
  
• IE security improvements. XP SP2
  provides an improved Microsoft Internet Explorer (IE) version that
  contains several new features. A new opt-in pop-up ad blocking feature
  announces itself the first time you access a page that tries to open a
  pop-up window. (IE won't block pop-ups you enable by clicking a
  hyperlink.) This feature is configurable, so you can create a list of
  trusted sites if needed. The new IE also removes the capability of Web
  sites to open child windows that have certain features removed. For
  example, it's no longer possible to open a pop-up window with the
  address bar, title bar, status bar, or toolbars removed. Microsoft
  added this feature so that users can close any pop-up windows that do
  open. Furthermore, scripts can't position windows so that the title bar
  or address bar are above the top of the display or so the window's
  status bar is below the bottom of the display. IE also includes a new
  locked-down Local Machine security zone to help prevent malicious
  scripts and other dangerous Web downloads from compromising the system.
  
  
  Microsoft has also overhauled IE's add-on subsystem, a move
  that will require plug-in makers to revamp their products. The end
  result, however, is better safety for users. Inadvertently installing
  spyware or malicious ActiveX controls will now be more difficult, and
  the programs will also be easier to remove. The add-on manager also
  monitors IE crashes caused by add-ons, letting you disable unstable
  add-ons. Perhaps most important, the IE add-on manager is fully
  manageable: You can centrally configure IE's crash-management options
  and which add-ons are allowed or denied.
  
  
• Outlook Express and Windows Messenger improvements. The
  Microsoft Outlook Express version in XP SP2 includes more secure
  default settings and isolation of potentially unsafe attachments,
  helping to ensure that email-borne attacks can't affect the system.
  Outlook Express also picks up a neat feature from Microsoft Office
  Outlook 2003: It won't download images in HTML email by default
  (spammers often use tracking devices in HTML images to ensure you're
  getting their email). Like Outlook Express, the Windows Messenger
  version included with XP SP2 isolates any transferred files that might
  be unsafe.
  
  
• Memory protection. Over the
  years, an amazing number of buffer overrun errors have been at the root
  of various Windows compromises. Although Microsoft sought to find and
  remove any potential exploits during its infamous 2002 Trustworthy
  Computing code review, many problems remain. So XP SP2 includes several
  new security technologies, originally designed for Windows Longhorn,
  that battle buffer overruns. Some of these changes are software based
  and will aid all XP users; others require the new "no execute" (NX)
  microprocessor feature that's built in to all modern Intel and AMD
  microprocessors. The NX feature uses the computer's microprocessor to
  separate application code from data, ensuring that an electronic attack
  won't be able to insert virulent code into memory reserved for data.
  
  
• New Windows Update. XP
  SP2 connects to a new version of Windows Update, which offers a
  convenient Express Install feature that automatically selects and
  installs all critical updates. You can also use a new optional updates
  section to choose features, including software updates (e.g., Microsoft
  Windows Movie Maker 2, Microsoft Windows Journal Viewer) and
  system-specific drivers. XP SP2 contains many other
  computer-maintenance-related technologies, but Microsoft says it will
  document them in the future. Expect a second beta release by the end of
  March: I'll have more information about other new features as they
  become available.
  
  
• Network attack protection. In
  addition to the new ICF version, XP SP2 includes a refined version of
  the remote procedure call (RPC) technology, which reduces the attack
  surface of XP machines attached to remote resources. RPC also runs
  under reduced privileges in XP SP2, reducing the chance that errant
  code can gain a foothold in your system and cause problems.

Oh yeah -- and this is free, not $129 like some other companies would do.

[Dis]

when I click that link I get this:

This automated page requires Internet Explorer 6.0 or greater and Windows XP. For information about Internet Explorer, visit the Internet Explorer Web site. If you are not using Windows XP, please go to http://www.microsoft.com/security/protect/default.asp and choose your operating system. If you don't know which operating system your computer uses, go to http://www.microsoft.com/security/protect/checkos.asp.

I'm assuming that is because I don't use Internet Explorer

many of those features don't interest me. Except perhaps that memory issue.

[Lawrence of Arabia]

heres what you really need to know -

its overpriced and crashes all the time and is inferior to everything apple.

[Asher]

Other misc. enhancements:

• Completely redesigned wireless internet and device support
  
• Enhanced Bluetooth support
  
• A cleaner Add/Remove Programs dialog
  
• DirectX 9.0a (bugfix release)
  
• Windows Media Player 9

[Asher]

Originally posted by Lawrence of Arabia
heres what you really need to know -

its overpriced and crashes all the time and is inferior to everything apple.

There's the Mac user logic:

$0.00 is overpriced, while $129 is justifiable.

[Asher]

Screenshots!

[Zopperoni]

Ehm, why are you posting this when you can't get it yet?

[alva]

DirectX 9.0a (bugfix release)

Huh, wasn't 9.0c released just a couple of days ago?

I just checked my version and it indeed say 9.0c

[Solver]

That sucks, about it not being a standalone exe. I don't need it myself, but there are a few computers to which I wanted to take SP2 and which only have 64 Kbit connections. Guess I'll have to wait...

[Ted Striker]

How'd you get it so quick?

[Asher]

They're not my screenshots.

You can find SP2 on bittorrent/edonkey/emule/kazaa, or if you're a beta tester you can download it from MS' beta site.

There will be a standalone available for everyone, just not til the end of the month.

MS plans to push SP2 out to 100M computers via automatic updates over 2 months.

The ones that'll get patched first are the ones online the most.

[Asher]

Originally posted by Zopperoni
Ehm, why are you posting this when you can't get it yet?

Because you CAN get it, just via autoupdate (which needs to be enabled), or downloading it from another source like BitTorrent.

The standalone EXE is around 260MB.

[Zopperoni]

I didn't realize that those were final builds...

[Asher]

Build 2180 is the final.

[JohnT]

Thanks Asher!

[Verto]

Does this automatically install to C: ?

[Zopperoni]

Originally posted by Asher
Build 2180 is the final.

Cheers, mate, I *ahem* found it.

[Ted Striker]

/usr/local/linux/sucks

[Solver]

OK, I hope this will help some systems that are plagued with spyware and virus problems, with users who don't really use security.

[Agathon]

There's the Mac user logic:

$0.00 is overpriced, while $129 is justifiable.

Not quite: $129 is justified for a new OS with hundreds of new features.

$0.00 is what Apple charges for security updates (the few that are needed).


Selling an OS that works, has no virus threats in the wild and needs very little in the way of patching: Mac

Selling a swiss cheese, virus ridden OS that still doesn't work properly after four years: Windows.

[Q Classic]

i'm not having any problems after four years with my windows xp install...

it's not virus-ridden either, and doesn't have spyware, either.

[alva]

Not the Mac <--> Windows thing again...

Please

[Zero]

Mac rules! Apple can suck my dick!

yeah I know exactly what im talking about! PWNZED!

[Natalinasmpf]

Linux sucks? No way...its far better, I don't have to constantly get patches, reboot my PC, content with games, actually immune to 99.999% of viruses....(yes, there is one or two worms for Linux, but very rare for 3% of the market)...so hah, beat that!

i'm not having any problems after four years with my windows xp install...

it's not virus-ridden either, and doesn't have spyware, either.

You probably have some, but its secretly lurking.

Like the Magic Lantern virus the FBI installs on a lot of computers to "monitor" you for "safety" purposes. Guess this is one of the ways for pre-emptive strike, so they can find out whether you are a thought criminal for posting or spreading "bad thoughts" like dissesion on the net.

Selling an OS that works, has no virus threats in the wild and needs very little in the way of patching: Mac

Mac programs usually aren't open source, have no way for kernel upgrades (non critical, but many times nice, to keep up with actually useful features)....

Use Linux! Same stability, actually truly immune to most viruses since the networking component is IN the kernel, and not fragmented and cannot be hijacked, with iptables (a connection firewall, with masquerading capability) to boot.....

LINUX!!!

[Asher]

Originally posted by Agathon
Not quite: $129 is justified for a new OS with hundreds of new features.

$0.00 is what Apple charges for security updates (the few that are needed).

This isn't just a collection of security patches, silly.

In fact, it was such a big update that MS pulled most of the developers off Longhorn for an entire year to work on it...

Wait, how often does Apple usually release OS X updates? Yearly?

[Asher]

Originally posted by Natalinasmpf
Linux sucks? No way...its far better, I don't have to constantly get patches

I would kill for some patches that would let me install Linux. Linux won't install on my desktop or laptop -- being only a year old, it's too bleeding edge.

By the way, you do have to get patches if you want to stay secure. For example, the six libpng vulnerabilities that were announced the other day. The problem is, no one really talks about them (there are actually WAY more Linux program vulnerabilities, just less publicity about them in general, and less people looking to exploit them).

reboot my PC

I leave my PC on 24/7 and I only reboot about once a month, for the security updates. It's not too bad, really,

content with games

A lot of people want more than TuxRacer and a cheap Civ clone that looks worse than Civ1.

I actually immune to 99.999% of viruses....(yes, there is one or two worms for Linux, but very rare for 3% of the market)...so hah, beat that!

I've never, ever, had a virus on my Windows computers. And I've been using the internet since 91/92. I'm "immune" to 99.999% of viruses because 99% of them rely on social engineering, and the other 1% are caught by standard A/V software.

Like the Magic Lantern virus the FBI installs on a lot of computers to "monitor" you for "safety" purposes. Guess this is one of the ways for pre-emptive strike, so they can find out whether you are a thought criminal for posting or spreading "bad thoughts" like dissesion on the net.

You're a model for Linux zealots everywhere -- God bless you and your tinfoil-hat-wearing kin for giving Linux a bad name.

It's also awesome how you'll spread FUD like this, then blast "M$" for spreading FUD by saying Windows is cheaper than running Linux in the longrun.

Mac programs usually aren't open source, have no way for kernel upgrades (non critical, but many times nice, to keep up with actually useful features)....

Open Source means jack **** for security -- it's even more obvious now. How many vulnerabilities has Firefox had in the past two months? Here's a hint: twice as many as IE.

And I love Firefox.

Let's own up to it -- Open Source software is not inherently more secure than Proprietary software. Further, security through paranoia is far better than assuming you're safe.

Use Linux! Same stability, actually truly immune to most viruses since the networking component is IN the kernel, and not fragmented and cannot be hijacked, with iptables (a connection firewall, with masquerading capability) to boot.....

ROTFLMAO...

You have no idea how ridiculous this sounds to anyone with the most basic OS knowledge.

How the f*ck does having networking components in the kernel make it immune to viruses?! Hey, do you know which other OSes have networking components in the kernel? Windows NT, BSD, OS X...

What does "not fragmented" mean? Surely it doesn't mean that Linux is not fragmented, in the sense that there aren't hundreds of distros with similar yet painfully different configurations?

"Cannot be hijacked" -- the hell it can't, there are many Linux root vuln's for one, plus every system in existence is vulnerable to the most effective virus -- social engineering.

The iptables/masq features are standard fare as well.

Kudos to a stunning post.

[Skanky Burns]

Mac and Linux have low numbers of viruses written for them due to their low market share compared to windows.
They also have low numbers of games available for the same reason.

[Natalinasmpf]

They also have low numbers of games available for the same reason.

Actually, its "below average"...if you didn't know, a whole arrival of Linux ports of intense 3D games like SMAC, Savage, Simcity and the like (as well as somewhat like a myriad of them)....so no, they don't have low numbers of games.

But Linux has more market share than Mac, and thats at least 3.5%...now, pray tell me, thats very significant, so shouldn't there at least be 1% of the number of Windows viruses?

then blast "M$" for spreading FUD by saying Windows is cheaper than running Linux in the longrun.

Ooh, zero dollars on tech support, software spending, and hmm....I'd say TCO is quite cheaper. Unless you're so petty to count the 5 dollars worth of CD's I burnt...

A lot of people want more than TuxRacer and a cheap Civ clone that looks worse than Civ1.

Smax/smac? Freecraft? Bzflag? Savage? Tuxracer, yes....have you heard of Loki? They are one of the many porting companies that have recently brought a flood of games in to Linux.

Open Source means jack **** for security -- it's even more obvious now. How many vulnerabilities has Firefox had in the past two months? Here's a hint: twice as many as IE.

Initially, but peer review roots them out faster. Vulnerabilities on firefox? I don't see them as often (well generally because firefox on Linux is hard to hijack).

How the f*ck does having networking components in the kernel make it immune to viruses?! Hey, do you know which other OSes have networking components in the kernel? Windows NT, BSD, OS X...

Yes, you mentioned Unix components. As for Windows, they seem to be fragmented into dll's....hey at least the kernel can have them built-in.

What does "not fragmented" mean? Surely it doesn't mean that Linux is not fragmented, in the sense that there aren't hundreds of distros with similar yet painfully different configurations?

Like how the kernel in Win32 is fragmented into io.sys, msdos.sys, kernel32.dll....

"Cannot be hijacked" -- the hell it can't, there are many Linux root vuln's for one, plus every system in existence is vulnerable to the most effective virus -- social engineering.

As of kernel 2.6.7, I cannot see any root vulnerabilities anywhere. Any root vulnerabilities are normally fixed within a few hours.

And the social engineering includes what? Paranoia? You know, I want to visit any site I want, and not be oversuspicious at any time. Even generally clean sites (ie. geocities) has been known, when I used Windows to infect my PC through general loopholes.

[Ari Rahikkala]

[Asher]

Originally posted by Natalinasmpf
But Linux has more market share than Mac, and thats at least 3.5%...now, pray tell me, thats very significant, so shouldn't there at least be 1% of the number of Windows viruses?

The stupidest logic I've ever heard -- virus writers write to cause damage and to get famous for doing so. Why would they bother writing a virus for an OS with 2.2% marketshare?

Ooh, zero dollars on tech support, software spending, and hmm....I'd say TCO is quite cheaper. Unless you're so petty to count the 5 dollars worth of CD's I burnt...

See, there's your problem. Windows didn't cost me a damn penny. And it's legal. Didn't even need to burn a CD!

Smax/smac? Freecraft? Bzflag? Savage? Tuxracer, yes....have you heard of Loki? They are one of the many porting companies that have recently brought a flood of games in to Linux.

Ohhh...another great argument. Let's list a bunch of 5 year old games, then a company that went bankrupt. You did know that Loki went under because the game market for Linux is not supportable, right?

Initially, but peer review roots them out faster.

This is a myth that is easily debunked by common sense and reality...

Vulnerabilities on firefox? I don't see them as often (well generally because firefox on Linux is hard to hijack).

That's bullshit -- since Firefox 0.9 was released, there have been 6 security vulnerabilities fixed in it. It was released just over a month ago. And yes, they affect Linux as well.

Yes, you mentioned Unix components. As for Windows, they seem to be fragmented into dll's....hey at least the kernel can have them built-in.

What's the point? Linux has a "monlithic" kernel -- which is something that was declared obsolete by researchers and academics over a decade ago. It's a horrible architecture, everyone else is onto microkernels because they scale and port far better.

It doesn't matter if it's static or DLL, in the end it's running in kernel userspace... dynamic is just the better, more efficient approach.

Like how the kernel in Win32 is fragmented into io.sys, msdos.sys, kernel32.dll....

Err...you're taking an advantage of Windows (modularity) and trying to make it out to be a disadvantage. Read up on monolithic kernels versus microkernels -- Linus and his cronies are the only people left in the world who advocate monolithic kernels, and that's just because he didn't know any better when he started it as a student, and it's too late to change it now.

It's an advantage to have a dynamic/modular/"fragmented" operating system.

As of kernel 2.6.7, I cannot see any root vulnerabilities anywhere. Any root vulnerabilities are normally fixed within a few hours.

I don't see any root vulnerabilities for Windows XP SP2, either. Don't see your point.