Well, well, well, looks as though Microcrap has struck again at the cords of computer users, with several damning reports of screwed up installations of SP2. Here for your reading enjoyment is a newsletter I get sent, which outlines all the shit a good 1/3 to half the people who have installed this piece of crap have had to deal with. Some people even had to reinstall their operating systems. Well here it is.
Problems mount with Windows XP Service Pack 2
Since first alerting you to the release of Windows XP Service Pack 2 (SP2) in the Aug. 19 issue of the Windows Secrets Newsletter, a number of glitches with the upgrade have surfaced. This isn't surprising. As we've noted repeatedly, people are going to have some problems with SP2, one of Microsoft's most intrusive and potentially disruptive updates ever. In today's issue, we'll examine some of these concerns.
Problems in XP SP2 — by the numbers
An Information Week story quotes an interesting statistic. According to asset-monitoring firm AssetMatrix, about 10 percent of the PCs upgraded from Windows XP to SP2 in their test universe experienced some problems. That figure comes from a study of over 44,000 upgrades at over 340 companies.
However, AssetMatrix qualifies those findings significantly. "10.3 percent of Windows XP-based machines will ... have the 'opportunity' for an issue to arise ... with SP2," says Steve O'Halloran, the managing director of AssetMetrix Research Labs.
Most of those issues are small. And O'Halloran says two facts uncovered by the study were unexpected.
First, the company thought the figure would be much higher than 10 percent.
Second, the rate of success varies widely between large and small companies. Small businesses — those with fewer than 100 Windows XP PCs — experienced problems with 11.9 percent of their SP2 upgrades. Meanwhile, larger companies — those with more than 100 XP-based PCs &38212; experienced problems with just 6.2 percent of upgrades.
Statistically, 10 percent might not sound like a particularly high number. But that will be of little comfort if you're among those who will experience these difficulties. For complete details, read the company's press release about its test.
SANS compiles self-reported numbers
A study by the SANS Institute is a little less positive. The company's Windows XP Service Pack 2 experiences page has at this writing received over 1500 responses. More than 28% of the respondents have experienced "big problems" with SP2. About one-third of those respondents had to actually rebuild some systems. However, 8 percent of the "big-problems" group described the problems as "solvable." Meanwhile, 23 percent reported just "small problems" and 43 percent reported "no problems."
This is, of course, an unscientific sample and reflects only those participants who chose to send in their findings. The survey updates in real time, so look at the latest figures if you like, and you're invited to report your own experience.
Anecdotal evidence pours in
Fred Langa of Information Week has brought together a collection of user experiences with XP SP2. After wading through hundreds of e-mails from pioneers who wrote to him, Langa says, "readers reported more SP2 successes than failures by about a two to one margin. But a number of the reports of successes with SP2 involved multiple machine installations (in some cases, hundreds of PCs), so the actual success/failure ratio is even higher."
The SP2 update can be uninstalled, but in some cases this is difficult to do. So Langa recommends that companies not roll out SP2 until they've conducted a pilot program on the upgrade and backed up the machines that will be upgraded. His full report (which begins with several negative stories and progresses to the more positive experiences) was posted by Information Week on Sept. 6.
Pop-up blocker interferes with Windows Update
Microsoft acknowledged on Aug. 31 that the browser's pop-up blocker in SP2 can cause the Windows Update site to halt with "HTTP error 500." (Other pop-up blockers can cause this, as well.)
The solution is to add the Windows Update site to the browser's list of sites that are allowed to use pop-up windows. This is explained in Knowledge Base article 883820.
Command-line files run without warning in SP2 Hello!!! Welcome Hackers
According to a Heise Security report, there's a flaw in a new SP2 security feature. This feature is designed to protect users from executing programs they've downloaded from the Internet.
In SP2, the security zones in Internet Explorer are configured a bit more securely than in the original XP release. Users are generally warned if they're about to run a program that was downloaded from an untrusted source on the Internet.
But if you download a file and then execute it from a command line, that file will execute in SP2 as if it were created locally. That means it enjoys the full privileges of the current user and XP will not display a warning, as it would if you tried to execute the file in Windows.
Microsoft says in its defense that this issue is not particularly problematic. The company states that the exploit would require a convoluted series of steps to accomplish, and a malicious sender of such a program would need to convince the user to run the file in precisely that way.
SP2 installs IIS?
We've seen some reports claiming that SP2 installs Microsoft's Web server, Internet Information Services (IIS), by default. This could be a problem because IIS is an obvious attack point for hackers.
However, Microsoft claims this isn't the case, saying: "IIS 5.1 is one of the optional components in Windows XP with SP2 and by default is not installed."
We'd be interesting in hearing whether anyone has seen IIS installed during an SP2 upgrade.
Slow SP2 uptake
Last week, Microsoft revealed that between 15 and 17 million people have updated to SP2. This is far short of the more than 300 million Windows XP users in the world and the 100 million people Microsoft hopes will upgrade by the end of October.
At least two publications are investigating why companies are taking the slow track to SP2. eWeek reports that many IT managers are delaying the installation of SP2 for months because it may break too many applications.
Meanwhile, a survey of 32 IT managers published in Computerworld on Aug. 30 reveals that none have yet installed SP2, except for two who were part of Microsoft's early-adopter program.
The reason for the delay is the requirement for application-compatibility testing. This shouldn't be surprising, as application compatibility was known to be needed prior to SP2's release. Businesses interested in testing their own applications against SP2 should check out the Application Compatibility Testing and Mitigation Guide for Windows XP Service Pack 2.
Final thoughts
As the weeks wear on, hackers will no doubt discover vulnerabilities in XP SP2 and other problems will emerge. But nothing we've seen so far changes our initial assessment of SP2.
For individuals, the security improvements in SP2 outweigh the small probability of problems. That's still true now, several weeks after SP2 started shipping.
Hello back to me again, what a crock of fucking shit. "For individuals, the security improvements in SP2 outweigh the small probability of problems". Yeah so the good third of users out there with problems is not anything to worry about and we should all stress less and do the whole Feng Shui thing. These guys would lick the shit from Bills ass, and say it was great, so apart from the figures, I wouldn't believe a thing they said. Well that is really only picking on the last statement actually... Hope you all found this entertaining reading, I know I did. Well whilst all you peoples are out there sweating over reinstalling your crappy operating systems, I will sit at my Mac and smile - :-)
Cheers Big Ears...
You can ping this entry by using http://members.iinet.net.au/~jamiek/weblog/cgi-bin/mt-tb.cgi/7 .