If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
'SP2' a Must For XP Users (from the Washington Post)
washingtonpost.com
'SP2' a Must For XP Users By Rob Pegoraro The Washington Post Sunday, August 15, 2004; Page F01 To get an idea of how Windows got to be such a mess, think of it as a house that was built on an island in the middle of a lake, deep in the countryside. Because you're so isolated, you don't need to worry about keeping strangers out -- your security rests on being physically separate from the rest of the world. So it doesn't matter that the windows can only be latched shut with great difficulty, that locks were picked to match the decor (no ugly deadbolts here!) and there's an extra key hidden under the doormat. Now take that house and move it into the city. Shopping or socializing no longer requires a long drive; all the distractions you might want are right outside. But there are a few burglars in town, and they all know how easy your house is to break into. In this case, security means making sure that nobody can get in the house unless you open the door yourself. You need to hire a good locksmith. With a new update called Service Pack 2 for Windows XP, Microsoft is trying to perform the same repairs, making software once built for isolated desks safe on the crowded, bustling Internet. Service Pack 2, "SP2" for short, is Microsoft's most important release since XP itself. It aims to stop viruses, worms, browser hijackings and worse by including security features that people had to add and adjust on their own. (Users of Windows 2000, Millennium Edition, 98 and 95 will still need to do that, since Microsoft has no plans for a comparable update of those systems.) The most important part of SP2 is an new firewall program to stop break-ins by network worms such as Blaster. Unlike XP's earlier firewall, this one is turned on automatically and protects every connection on a computer -- even if you already have another firewall active. It also watches what your programs do; if one wants to open its own channel of communication with the Internet, you'll need to approve this action. The need to make this choice for potentially dozens of programs, even Microsoft's own, can be a drag, but the decision should be fairly simple: If you recognize and trust the program, it should be safe to "unblock" its access. But if you've never heard of it, keep blocking it unless things stop working. Automatic system updates are just as important in Service Pack 2. The first time you boot up a computer after installing SP2, a can't-miss, full-screen alert asks you to allow Windows to download and install Microsoft's security updates automatically. A new Security Center control panel provides quick access to firewall and automatic-update settings, and it checks for active, up-to-date anti-virus software. Though anti-virus protection is essential to Windows security, SP2 doesn't include any; you must install your own. As part of SP2, the Internet Explorer Web browser now -- finally! -- blocks unsolicited pop-ups. This overdue step eliminates many intrusive ads (yes, The Post's Web site runs its share) but also stops hostile Web sites from tricking users into downloading unwanted programs by barraging them with pop-ups. To police browser-hijacking attempts, IE now restricts the ability of Web sites to push "ActiveX" programs on visitors; the default choice is to decline an ActiveX program, and you can reject all future installations from a Web site with two clicks. ActiveX should be retired -- this inherently insecure Microsoft technology grants a Web site unrestricted access to your computer -- but these changes should at least make a hijacker's job tougher. When you use Internet Explorer to download new software, Windows will ask if you're sure you want to run each of these programs, even if that's days after its download. Because of these and other security fixes, I did sometimes have to reload a "download now" page to convince IE that I really wanted the file -- a small price for a safer browser, albeit one still behind such competitors as Mozilla Firefox in its capabilities. The Outlook Express e-mail program, meanwhile, no longer allows any access to programs sent as file attachments. Hiding a program inside a compressed "zip" file won't work either -- you can decompress the archive, but Windows won't let you run its contents. This may frustrate users who send greeting cards and other little programs in e-mail. I don't care. The cost of mail-borne viruses is too high, and Microsoft did the right thing in placing security over convenience. (Imagine if it had made this trade-off four years ago.) Many non-program attachments, such as Microsoft Word documents and MP3 audio files, also require a second click to confirm that you really want to open them. (Pictures didn't require that extra step.) Outlook Express also stops the display of Web images in messages, a common trick spammers use to see who opens their junk. Service Pack 2 does include one bonus feature that isn't strictly security-related; it now lists the signal strengths of each available WiFi wireless connection, an obvious feature that Microsoft inexplicably left out before. Beyond these visible changes, Service Pack 2 folds in numerous alterations to the inner plumbing of Windows. Such unneeded features as the Messenger Service, which spammers exploited to broadcast official-looking pop-up ads, are now shut off, and others are exposed only to a local network. With SP2's firewall shut off, however, I did find that it left two network ports open for no apparent reason. People running computers equipped with 64-bit processors get extra protection against "buffer overflow" errors, a common tactic used to sneak hostile programs onto a computer. Service Pack 2 can tell these chips to enforce "no execute" rules that prevent a program from running in a block of memory that isn't specifically reserved for use by programs. Despite all the surgery Service Pack 2 conducts in the guts of Windows, all four of my installations worked. A Dell desktop needed 30 minutes; two others took closer to an hour, and an older IBM desktop needed two hours, counting the time needed to start from scratch after a first install was halted by a mysterious reboot. The only program I found that did not function afterward was a specialized networking utility. Many of SP2's Internet features, such as its control over downloads and attachments, don't work in other Web and mail programs, but developers of those can add support for them. Service Pack 2 still can't save gullible users from themselves, though. And since it continues to grant people "administrator" access to a computer, any one mistake can take down the entire machine. This leaves Windows XP at a continued disadvantage compared with such competitors as Linux or Mac OS X. (Programmers call the idea of giving a user no more power than needed for the job "the principle of least privilege"; the same logic comes into play every time a parent gives a kid a $20 bill, not $50, before sending him out to pick up a pizza for dinner.) Service Pack 2 is a free update, but it's not easy to get -- yet. A 266-megabyte download is available at Microsoft's site (go.microsoft.com/?LinkID=806688), while users with automatic updates enabled will have a smaller version sent to their PCs over the coming weeks. Around the end of the month, SP2 will be available on CD-ROM; to Microsoft's credit, it will ship these CDs at no charge. Computer manufacturers should be able to add this update to their systems within a month or so, Microsoft says. I would like to suggest that any firm that isn't pre-installing SP2 by November has no business selling home computers at all. Individual Windows users bear the same responsibility: If you run XP, you need to install SP2. Period. Loading a system update this big is never risk-free, but the far bigger risk is to keep stumbling along with an unpatched copy of Windows XP. Ask a computer-savvy friend to install it if you must. But don't wait for the viruses and worms to stop coming. They won't. Living with technology, or trying to? E-mail Rob Pegoraro at . © 2004 The Washington Post Company |
#2
|
|||
|
|||
Interesting article. How about posting just the URL next time?
-- Ted Zieglar formerly "Rocket J. Squirrel" "Sparky" wrote in message et... washingtonpost.com 'SP2' a Must For XP Users By Rob Pegoraro The Washington Post Sunday, August 15, 2004; Page F01 To get an idea of how Windows got to be such a mess, think of it as a house that was built on an island in the middle of a lake, deep in the countryside. Because you're so isolated, you don't need to worry about keeping strangers out -- your security rests on being physically separate from the rest of the world. So it doesn't matter that the windows can only be latched shut with great difficulty, that locks were picked to match the decor (no ugly deadbolts here!) and there's an extra key hidden under the doormat. Now take that house and move it into the city. Shopping or socializing no longer requires a long drive; all the distractions you might want are right outside. But there are a few burglars in town, and they all know how easy your house is to break into. In this case, security means making sure that nobody can get in the house unless you open the door yourself. You need to hire a good locksmith. With a new update called Service Pack 2 for Windows XP, Microsoft is trying to perform the same repairs, making software once built for isolated desks safe on the crowded, bustling Internet. Service Pack 2, "SP2" for short, is Microsoft's most important release since XP itself. It aims to stop viruses, worms, browser hijackings and worse by including security features that people had to add and adjust on their own. (Users of Windows 2000, Millennium Edition, 98 and 95 will still need to do that, since Microsoft has no plans for a comparable update of those systems.) The most important part of SP2 is an new firewall program to stop break-ins by network worms such as Blaster. Unlike XP's earlier firewall, this one is turned on automatically and protects every connection on a computer -- even if you already have another firewall active. It also watches what your programs do; if one wants to open its own channel of communication with the Internet, you'll need to approve this action. The need to make this choice for potentially dozens of programs, even Microsoft's own, can be a drag, but the decision should be fairly simple: If you recognize and trust the program, it should be safe to "unblock" its access. But if you've never heard of it, keep blocking it unless things stop working. Automatic system updates are just as important in Service Pack 2. The first time you boot up a computer after installing SP2, a can't-miss, full-screen alert asks you to allow Windows to download and install Microsoft's security updates automatically. A new Security Center control panel provides quick access to firewall and automatic-update settings, and it checks for active, up-to-date anti-virus software. Though anti-virus protection is essential to Windows security, SP2 doesn't include any; you must install your own. As part of SP2, the Internet Explorer Web browser now -- finally! -- blocks unsolicited pop-ups. This overdue step eliminates many intrusive ads (yes, The Post's Web site runs its share) but also stops hostile Web sites from tricking users into downloading unwanted programs by barraging them with pop-ups. To police browser-hijacking attempts, IE now restricts the ability of Web sites to push "ActiveX" programs on visitors; the default choice is to decline an ActiveX program, and you can reject all future installations from a Web site with two clicks. ActiveX should be retired -- this inherently insecure Microsoft technology grants a Web site unrestricted access to your computer -- but these changes should at least make a hijacker's job tougher. When you use Internet Explorer to download new software, Windows will ask if you're sure you want to run each of these programs, even if that's days after its download. Because of these and other security fixes, I did sometimes have to reload a "download now" page to convince IE that I really wanted the file -- a small price for a safer browser, albeit one still behind such competitors as Mozilla Firefox in its capabilities. The Outlook Express e-mail program, meanwhile, no longer allows any access to programs sent as file attachments. Hiding a program inside a compressed "zip" file won't work either -- you can decompress the archive, but Windows won't let you run its contents. This may frustrate users who send greeting cards and other little programs in e-mail. I don't care. The cost of mail-borne viruses is too high, and Microsoft did the right thing in placing security over convenience. (Imagine if it had made this trade-off four years ago.) Many non-program attachments, such as Microsoft Word documents and MP3 audio files, also require a second click to confirm that you really want to open them. (Pictures didn't require that extra step.) Outlook Express also stops the display of Web images in messages, a common trick spammers use to see who opens their junk. Service Pack 2 does include one bonus feature that isn't strictly security-related; it now lists the signal strengths of each available WiFi wireless connection, an obvious feature that Microsoft inexplicably left out before. Beyond these visible changes, Service Pack 2 folds in numerous alterations to the inner plumbing of Windows. Such unneeded features as the Messenger Service, which spammers exploited to broadcast official-looking pop-up ads, are now shut off, and others are exposed only to a local network. With SP2's firewall shut off, however, I did find that it left two network ports open for no apparent reason. People running computers equipped with 64-bit processors get extra protection against "buffer overflow" errors, a common tactic used to sneak hostile programs onto a computer. Service Pack 2 can tell these chips to enforce "no execute" rules that prevent a program from running in a block of memory that isn't specifically reserved for use by programs. Despite all the surgery Service Pack 2 conducts in the guts of Windows, all four of my installations worked. A Dell desktop needed 30 minutes; two others took closer to an hour, and an older IBM desktop needed two hours, counting the time needed to start from scratch after a first install was halted by a mysterious reboot. The only program I found that did not function afterward was a specialized networking utility. Many of SP2's Internet features, such as its control over downloads and attachments, don't work in other Web and mail programs, but developers of those can add support for them. Service Pack 2 still can't save gullible users from themselves, though. And since it continues to grant people "administrator" access to a computer, any one mistake can take down the entire machine. This leaves Windows XP at a continued disadvantage compared with such competitors as Linux or Mac OS X. (Programmers call the idea of giving a user no more power than needed for the job "the principle of least privilege"; the same logic comes into play every time a parent gives a kid a $20 bill, not $50, before sending him out to pick up a pizza for dinner.) Service Pack 2 is a free update, but it's not easy to get -- yet. A 266-megabyte download is available at Microsoft's site (go.microsoft.com/?LinkID=806688), while users with automatic updates enabled will have a smaller version sent to their PCs over the coming weeks. Around the end of the month, SP2 will be available on CD-ROM; to Microsoft's credit, it will ship these CDs at no charge. Computer manufacturers should be able to add this update to their systems within a month or so, Microsoft says. I would like to suggest that any firm that isn't pre-installing SP2 by November has no business selling home computers at all. Individual Windows users bear the same responsibility: If you run XP, you need to install SP2. Period. Loading a system update this big is never risk-free, but the far bigger risk is to keep stumbling along with an unpatched copy of Windows XP. Ask a computer-savvy friend to install it if you must. But don't wait for the viruses and worms to stop coming. They won't. Living with technology, or trying to? E-mail Rob Pegoraro at . © 2004 The Washington Post Company |
#3
|
|||
|
|||
Ted Zieglar aka "Rocky" wrote:
Interesting article. How about posting just the URL next time? I understand where you're coming from with the "just the URL" request, Ted, but this might have been an intentional decision on the OP's part. I've had problems with articles and URLs from the Washington Post in the past. First, the URL often doesn't work unless you read the article *the same day* it was published on line. Second, you often have to register ("It's Free!") and log-in to read the Washington Post's on-line articles. I'm not saying it's this way for *all* articles the Post publishes this way; it certainly isn't. But it's also true that the Post makes it harder to read on-line articles, especialy ones other than the current day, than just about any other on-line paper I deal with on a more-or-less regular basis. Bob Pownall |
#4
|
|||
|
|||
|
#5
|
|||
|
|||
You're right, of course. Many online newspapers require prior registration.
-- Ted Zieglar formerly "Rocket J. Squirrel" "Bob Pownall" wrote in message ... Ted Zieglar aka "Rocky" wrote: Interesting article. How about posting just the URL next time? I understand where you're coming from with the "just the URL" request, Ted, but this might have been an intentional decision on the OP's part. I've had problems with articles and URLs from the Washington Post in the past. First, the URL often doesn't work unless you read the article *the same day* it was published on line. Second, you often have to register ("It's Free!") and log-in to read the Washington Post's on-line articles. I'm not saying it's this way for *all* articles the Post publishes this way; it certainly isn't. But it's also true that the Post makes it harder to read on-line articles, especialy ones other than the current day, than just about any other on-line paper I deal with on a more-or-less regular basis. Bob Pownall |
#6
|
|||
|
|||
Bob Pownall wrote:
Ted Zieglar aka "Rocky" wrote: Interesting article. How about posting just the URL next time? I understand where you're coming from with the "just the URL" request, Ted, but this might have been an intentional decision on the OP's part. I've had problems with articles and URLs from the Washington Post in the past. First, the URL often doesn't work unless you read the article *the same day* it was published on line. Second, you often have to register ("It's Free!") and log-in to read the Washington Post's on-line articles. I'm not saying it's this way for *all* articles the Post publishes this way; it certainly isn't. But it's also true that the Post makes it harder to read on-line articles, especialy ones other than the current day, than just about any other on-line paper I deal with on a more-or-less regular basis. While not disputing that, Bob, there is a little trick to these "technology" articles, that let me find them without a bit of trouble in one click just now. [Click on the "Technology" link in the left hand menu - it gets you a direct route to a lot of current [up to 14 days] and some special [an April WiFi set of articles] stuff.] The release of SP2 prompted the WP to print a spate of SP2-related articles in its regular Sunday Business Section's weekly look at computer technology. They are the afore said "SP2 is a Must ..." article at: http://www.washingtonpost.com/wp-dyn...2004Aug14.html "What a Tangled Web I Wove Computer Naivete Cost Me a Bundle And a Bit of Sanity", by a WP staffer on her trials and tribulations that resulted from not installing a firewall or using her AV program, at: http://www.washingtonpost.com/wp-dyn...2004Aug14.html "A Digital Doctor Treats Computer Contamination", by one of the WP's IT contractors who ended up getting the WP staffer's machine back into working condition, at: http://www.washingtonpost.com/wp-dyn...2004Aug14.html "Take Care to Guard Your Windows Free Firewalls, Patches, Anti-Virus and Anti-Spyware Software Enhance Security", a "special to the WP" article, at: http://www.washingtonpost.com/wp-dyn...2004Aug14.html "Skepticism Is the Message for E-Mail Avoid Attachments That Come With Spam", another "special to the SP" article, at: http://www.washingtonpost.com/wp-dyn...2004Aug14.html "Computer Users Need a Good Backup Plan", yet another "special to the WP" article in this SP2-instigated spate, at: http://www.washingtonpost.com/wp-dyn...2004Aug14.html All of the info in these articles will be pretty much old "I told you so" stuff to a lot of people here. But personally, I downloaded all of these articles and printed them out. Now I can make copies of them for those computer newbie friends of mine of the "why do I need a firewall program [AV program, to screen my email with a skeptical eye, to back up stuff] school of computing. Mebbe if they won't listen to me they'll heed these articles - particularly that "What a Tangled Web ..." one. ;- Yes, if you haven't registered with the Post [I have, it's one of my local papers, I subscribe to it, so don't mind being registered], they have increased the amount of demographic info they ask you before allowing you in. But it is just that, demographics - nothing of a personal nature that you can't tell them anything you want to. You don't get on an email mailing list. I let them set the cookie. Past technology stuff for a given period is always available at the main page, from the "Technology" link on the left hand menu. Articles *always* carry the annnnn-yyyymmmdd format, with date based on the first edition, done the previous evening - thus these Sunday articles are all dated 2004Aug14. They will be free access for 14 days, then you get into charges for archival access. -- OJ III [Email to Yahoo address may be burned before reading. Lower and crunch the sig and you'll net me at comcast.] |
#8
|
|||
|
|||
And those are only the ones that MS is admitting to for now. What a few weeks and that list will very likely "bloom". So, same here. We are going to sit this one out for a while. "Corse" wrote in message m... But what about this? http://zdnet.com.com/2100-1104_2-5311280.html I think I'll pass for now. Corse |
#9
|
|||
|
|||
"Alan S. Wales" wrote in message ... Ogden Johnson III Bob Pownall Second, you often have to register ("It's Free!") and log-in to read the Washington Post's on-line articles. Yes, if you haven't registered with the Post [I have, it's one of my local papers, I subscribe to it, so don't mind being registered], they have increased the amount of demographic info they ask you before allowing you in. Going off-topic here, but I find it a little disturbing that a paying subscriber to the print edition is required to register to read the on-line version. After all, you are a paying customer. They say they want your demographics to tailor their advertising for their on-line edition. I asked my local paper about this policy (Minneapolis Star Tribune) and they couldn't explain why a paying customer should have to register to read the same content on-line. In any event, they don't require the demographics for the print edition and in fact, have this information about me (name, address, phone number, etc.) because I subscribe to their paper. I don't know about the Wash. Post's registration questions but to register for the StarTribune they ask a ton of questions, so many that I simply won't do it. snip Going further off-subject.... Generally speaking, newspapers are slowly dying in their print form and are desperate to transition over to the needs of a time-starved 30-second attention span web culture. They're in a bind for revenue as circulations (again, generally) suffer while they must continue to increase ad rates and justify doing so to advertisers. I'd imagine that's a tough gig right now. So they're in a spot: they have to try to retain their print subscribers while finding a way to make their web-based versions generate revenue and profits. One way of doing that short of requiring web users to actually PAY for the online editions is to make readers register - information which I assume they ultimately use to charge their online advertisers some standardized rate. Not everyone can be the Wall Street Journal online and count on a paying web subscriber base. Stew |
#10
|
|||
|
|||
The WP article has a little too much hype for me, and not enough reality.
Unfortunately, many of the technology writers for mainstream newspapers do not have the time to pursue technology issues in depth, being under deadline to produce articles daily and often also responsible for economic and business aspects of computer technology news. I'd far rather rely on CNET, Ziff-Davis, and CMP printed and on-line publications for evaluations of new operating systems... Ben Myers |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
How do I set up usernames for eight different users on my PC? | Family Man | Homebuilt PC's | 4 | December 23rd 04 08:05 PM |
Ree: EyeToy Chat: Any chance will (eventually) be able to chat to PC users? | Paul Moloney | Webcams | 0 | December 6th 04 01:33 PM |
Need Users Manual | Ridin' 4 Jesus | Dell Computers | 3 | July 13th 04 01:55 AM |
To All HP & Compaq Laptop Users, please read this | Yvo | General | 4 | March 6th 04 02:43 PM |
Dutch and Belgian users of Marvel G450 eTV TT users | Linea Recta | Matrox Videocards | 0 | July 28th 03 10:55 PM |