View the Articles concerning XP-SP2
Your
Next Gen OS, Code Named Longhorn
|
|
Welcome to Microsoft Windows XP Service Pack
2 Page
What you should know be fore you upgrade
The next generation
| Home | Browsers | Microsoft Office 97 | Site Search | Windows |
Windows XP's Service Pack 2 is here.
Are you ready for it?
Go directly to our index
Windows
Vista: Here's the new stuff (photo gallery)
TechRepublic-offsite
Windows XP Service Pack 2 is Here, but, is it
ready?
Are you ready for it?
Be sure to check back often for all of the latest updates and
concerns on this story:
Our Take on WXP SP 2
Be sure
to read other concerns from the major publications
Windows
XP SP2's Tools
Our Take
on WXP SP2
We have bitten the bullet, closed our eyes and clenched our teeth and
installed WXPSP2 on our test machines and our working machine. Read how it went
for our test so you can determine if SP2 is something that is right for
you.
Please click
here to see our review.
Be sure
to read other concerns from the major publications
Microsoft
Internet Explorer and the Pluggins
Outlook Express Changes
SP2's
information bar
Windows XP Web Site
One other notable item: the Windows XP site has been significantly
redesigned, incorporating content on Windows XP Media Center Edition,
Windows XP Tablet PC Edition and other related topics that were
previously spread out over 11 separate areas. It now features all the how-to
content in one spot, and organizes all downloads
by type such as software updates, desktop enhancements, tools and
utilities.
July 7, 2004 A
pair of new Internet Explorer threats are currently unpatched
Two new Internet Explorer threats haven't been patched. Since one of
them is addressed in Windows XP Service Pack 2, it may not be patched
until the release of that Service Pack.
Microsoft has compiled a list of incompatible applications that are "broken" by Windows XP Service Pack 2. SP2 was released to manufacturing on August 6.
You
receive a "Data Execution Prevention" error message in Windows
XP Service Pack 2
Some programs seem to stop working after you install Windows XP Service Pack 2
Your
computer stops responding when you restart to complete the installation
of Windows XP Service Pack 2
You
receive a "Stop: c0000135" and "winsrv was not
found" error message after you install Windows XP Service Pack 2
Your
CD-RW drive is not recognized as a rewritable drive in Microsoft Windows
XP Service Pack 2
With Zone Lab's Zone Alarm Firewall
Installed:
If you install this program, you receive a "PAGE_FAULT_IN_NONPAGED_AREA" error every time your computer starts.
Or, If you install this program, you receive a Stop error every time your computer starts.
Or This program does not install. If you try to install it, you receive an "8e" Stop error every time your computer starts.
Or When you try to remove ZoneAlarm, you receive a Stop error message or your computer restarts before the uninstall
program finishes.
See: http://www.zonelabs.com
Update: September 5, 2004; We have taken the plung and downloaded and run Windows XP SP2. The only problem, which is explained in this section link: FAQ: Windows XP Service Pack 2 and your Norton security products.
The news from Redmond is that SP2 is
not just a collection of patches, it's a more comprehensive addition of security code as
well as other software bits and bobs--like an overhaul of the wireless LAN user
interface--that will turn up on users' desktops as well.
SP2 will trumpet the change to a system generally known as 'delta patching'--a term that Microsoft says will be changed to something "more fluffy" when the pack is eventually released--whereby patches will only download changes to a file, not the entire file itself. It's a change that Microsoft reckons will cut download times by 80 per cent and is aimed as a nod to the dial-up populace.
So, what's in it? Well, let me tell ya,
Security:
Security in Windows XP SP-2 is the primary goal of Redmond which means backward
compatibility is going to suffer. Microsoft Patch Jobs are risky in any event, but this
one is going to be really tough. Yes, you have heard right, the release date has been
moved back, then back again, and now it is back even further, but most
of the features are now ready for a download. Our tests indicate that
SP2 is now ready for prime time. Of course, as with any Microsoft
Update, be sure to take all of the proper precautions.
I want an OS that will work at least as good after the patch as it did
before the patch. Am I asking too much?
What does Security mean for you?
Well, to put it point blank, if backward compatibility is going to suffer then some of
your applications are going to crash and some may crash hard. If your lucky, then the
programs will be fixable, if your not, then those programs are going to become history. It
also means that some hardware that worked before the install, won't work after the
install. So I say, go ahead and take your time Microsoft, take as long as you need, I'm in
no great hurry..
The Firewall Saga:
The Windows firewall will benefit from the new release, with the firewall--newly renamed
Windows Firewall from Internet Connection Firewall in a nod nod wink wink Marathon-style
piece of corporate geekology naming--default switched to on, unless there's another one
already in place. Got ZoneAlarm or one of the myriad of other third party firewalls
already installed. We believe that one can never have to much protection, in this case,
you'll need to tell Windows that the firewall should be on. Bog change? Bog deal!
Well, the firewall will be the
first thing to load when Windows boots up. I suppose that is a plus though just barely.
It's a lesson that Microsoft got from Blaster, where the delay between a machine loading
and the firewall kicking in was just long enough for malware writers' creations to get a
foothold
The default settings will also have
all ports closed, except when an application needs to send data through--with the idea of
scuppering the zombie-making virus plagues of late.
Things to watch out for include clashes
with any alternative firewalls you have installed and disappearing hardware, such as print
servers or network storage devices, on a network.
Windows Firewall is much more
configurable and has the added advantage of springing into action during Windows boot up,
protecting your system right from the start.
Another note
should be taken here. While Win XP's SP2 Firewall protection is much
improved, it doesn't stop outgoing data. This means that if your machine
is infected by a key logger or Trojan Horse Virus, they will still be
able to phone home with your credit card information. Best advise, grab
a copy of Zone
Lab's ZoneAlarm. The basic package is free but the pro and
premium versions are pay for play.
View a video from
Lockergonme on setting up the WXPSP2's new firewall [Click
Here]
Popup Blocking:
Adware and spyware
writers' favorite tricks will be banned by the pack: Microsoft have promised no more
pop-unders, no more unwanted Flash ads, no ads bigger than the screen so that you can't
find the close box, that kind of thing.
For those of you using Flash,
there are settings to enable certain pops with the use of "Permission Lists".
Think of it as a built in challenge for the spyware writers. Like anything else in the
virtual world, it will be circumvented before SP-2 hits the download center.
Microsoft, after the
competition were off licking their wounds, allowed Microsoft Internet Explorer to rest on
its laurels. In SP-2 however, MSIE is getting a face lift with the afore mentioned popup
blockers and spyware blocking. For my money, the MSIE add on called MyIE2 already
has light-years over the current MSIE 6.0 version. We have been using MyIE2 for about
eight months now and aside from a program bundled with it called UCMore (If you download
and install MyIE2, be sure not to install UCMore...loaded with spyware) which should be
avoided like the black plague, we have grown to love it and it has become our exclusive
browser now.
In our never say never department:
Sense we wrote the above advise, more Microsoft Internet Explorer flaws
have been found. Big surprise? If so, where the heck have you been cyber surfing?
Okay, it shouldn't be any surprise to us least of all but, we got caught
with our pants down and it was indeed drafty around here for a time.
Okay, so what is the scoop now? Our plan is, to of course, test
Microsoft Internet Explorer 6 SP2 when we get the nerve, but for now, we
are advising anyone who will listen, to switch to another browser. Our
current favorite is Mozilla's FireFox and our favorite email client,
other than Outlook which is another lesson in security, is Mozilla's
Thunder Bird. Learn more of what we speak [ here
]. Another good choice is Netscape's new browser package, Netscape 7.2.
Learn more about this browser from the Netscape website [ here
]
Best advise now? Skip MyIE2, it is simply a pretty face for MSIE which is anything if it isn't secure; which of course, it isn't.
Outlook Express:
"Outlook Express in Windows XP SP2 will now block images automatically in messages from people who are not in your address book."
While I applaud Microsoft's efforts, I am not sure that it is a good idea to make this a sticky problem by default.
According to Microsoft's Knowledge Base, they have an article on this topic and a solution to turn off the new default:
"Images are blocked when you open an e-mail message in Outlook Express on a Windows XP Service Pack 2-based computer"
http://support.microsoft.com/default.aspx?kbid=843018
There are 3 work arounds to this problem:
1. Educate your email list members to add you to their address book (You should be doing this already anyway)...
2. Educate your email list members on how to turn off the "Block images and other external content in HTML e-mail" option.
Here's how:
1. Click Start, point to Programs, and then click Outlook Express.
2. On the Tools menu, click Options, and then click the Security tab.
3. Click to clear the Block images and other external content in HTML e-mail check box.
4. Click Apply, and then click OK.
3. This last one you may not like, but here it is: Don't publish in HTML emails. By sending plain text emails, you will improve your email deliverability rate because most spam scoring systems rank html emails as "closer to spam" than plain text. It's just an ugly, but true fact.
I personally lean towards option #1 above as the more friendly approach to this problem.
If your email list members are B2C (Business to Consumer focused), perhaps this won't be a big deal for you as your end users may not be using the corporate standard of Microsoft Outlook for their email program.
Administrators Rule, in 2:
Corporate networks will also be
able to gain greater control of policies to stop the security slackers bringing in viruses
via connections to infected work laptops or home PCs. As system administrators often
vocally testify, end users are still a key area of security weakness; Microsoft is banking
on dialogue to conquer the problem. Neglecting to reboot a machine after installing a
patch is one bugbear - it leaves users thinking they're patched and leaving their machine
wide open as ever.
Microsoft Internet
Explorer and the Pluggins
While security experts applaud Microsoft's recently released Service Pack 2, some companies that distribute their software over the Web are watching the product's introduction with dread and suspicion.
For years, software developers have offered applications to the world in Microsoft's Internet Explorer Web browser through the company's powerful proprietary API (application programming interface) called ActiveX. The technology starts up external applications, or "plug-ins," within a Web page.
But a tool that can run good software in a browser can also run bad software, and as a result ActiveX has been implicated in a wide array of security scenarios, most recently in the surreptitious installation of adware, spyware and worse.
Microsoft's long-delayed and glitchy Service Pack 2, the security-focused update for the Windows operating system released this month, clipped ActiveX's wings with a more cautious alert system that springs into action when a Web site tries to run an ActiveX control, sprout a pop-up window or run other code.
In the past, IE prompted users with a simple "yes" or "no" option on a security screen before allowing plug-in installations. With SP2, Microsoft blocks ActiveX controls from running by default and flashes an explicit warning that unknown software can cause harm to a PC. Users who still want to install a plug-in must now take a series of complex steps to override the protection scheme.
The changes have alarmed some software vendors that depend on ActiveX and has aroused suspicion that Microsoft is using security imperatives to further its strategic ends.
The good news?
Well, sorta!
Microsoft says the dialogue boxes
will be "more persistent"--one item will see the 'Remind me later' option for
the post-patch reboot disappearing altogether. The number of times such rebooting is
needed has also shrunk, the theory goes.
When will SP-2 be out? It
hasn't been decided, but word from Redmond is; the Microsoft team was working on a
provisional timetable that would see the service pack hit users at the end of July. Of
course they are very careful not to say of what year.
The question isn't if to switch to SP2 but when. The prudent course is to wait a few weeks after the final public release of SP2 - let other people and companies be the guinea pigs. Give other software makers a chance to update their products to full SP2 compatibility and install those updates before you install SP2.
Before you install any version of SP2, follow some basic precautions:
When the final release of Service Pack 2 does arrive, you'll find it's no mere patch. In fact, SP2 is no mere service pack. It's a major upgrade and installing it is not dissimilar to upgrading from, say, Windows Me to Windows XP. The service pack, as it currently stands, weighs in at about 275 megabytes and you'll need around 800M of free disk space to install it -- appreciably more if you want to create an uninstallation folder, which is a must.
Update:
Rough patches for
Microsoft's SP2
Roundup: Redmond puts
automatic updates on hold to let businesses uncover glitches. Also:
Some security work remains to be done.
C|Net | Read
Full Story
I don't want to be an I told you so, but........................
The Conflab About XP-SP2:
Don't update without it
Q&A
For more on SP2 see this Microsoft Beta News article: Service Pack 2
for Windows XP
Microsoft extends block to SP2 auto update
Corporate customers now have until early 2005 to tinker with things
before ingesting XP's Service Pack 2.
C|Net | Read
Full Story
PC makers: Look before taking SP2 leap
Many PC makers have a list of drivers and other patches that should be
in place before installing the OS update.
C|Net | Read
Full Story
Ready
to install SP2?
 |
Microsoft
recommends uninstalling SP2 to some AMD users
Microsoft has published an article in its online Knowledge Base that addresses
an incompatibility between a security feature in SP2 and AMD64-based systems in
certain configurations. The article says that the normally prescribed method for
dealing with such incompatibilities "may" work, but goes on to say
that the only guaranteed fix is to uninstall SP2. READ
FULL STORY | ZdNet
ZDNet
tests uncover SP2/VPN conflict
ZDNet's tests of Microsoft's Service Pack 2 for Windows XP have uncovered a
conflict between SP2 and virtual private networks that rely on both the L2TP
and Network Address Translation (NAT) standards. In tests, installation of SP2
resulted in the disruption of previously functioning VPN connectivity.
Microsoft officials claim that the change in Windows' default behavior was
intended, but will be adding a document to its online knowledge base that
explains how to restore connectivity. George Ou reports on this issue, and has
the fix.
READ
FULL STORY | ZdNet
See
also: Stumbling over SP2
 |
 |
Security
Watch: Windows XP SP2 more secure? Not so fast
by Robert Vamosi
It's late. It's large. But Microsoft's much heralded Windows XP Service Pack 2 has finally arrived. Right now, manufacturers and large-systems operators are getting their first look at the final version of SP2. By the end of the month, automatic desktop downloads will be available via Windows Update, then on free CDs. At first glance, the release suggests that Microsoft has finally gotten serious about upgrading Windows' security. But before you get too excited, please take a moment with me to slice through some of the hype and hoopla coming out of Redmond, Washington. Toward eliminating Internet threats, there's still a lot of work yet to be done--both by Microsoft and by you and me.
Microsoft lists SP2 conflicts
The company has issued a list of nearly 50 software applications and games that may encounter problems with its Windows XP Service Pack 2 update.
Related items:
|
IE
flaw under SP2: User’s problem or Microsoft’s? READ
FULL STORY | ZdNet Special
Report: SP2 on the hot seat
SP2's
new firewall: Better than nothing, but not good enough
Even before Microsoft's XP Service Pack 2 (aka *Security* Pack 2) was released
to manufacturing Friday, Zone Labs had jumped on the new Windows security API
with compatible versions of its personal firewall products. Are the third-party
products from Zone Labs, Sygate and others better than the new Windows firewall?
Absolutely. Are they as good as they can be? Hardly. With so much work to be
done on personal firewall technology, the dedicated vendors may indeed stay
ahead of Microsoft. But, should Microsoft go out and buy a big security
provider, the entire game will change.
READ
FULL STORY | ZdNet.com
Keystroke
loggers must send Microsoft back to firewall drawing board
Are you as scared as I am? Neither Internet Explorer nor the best
anti-virus defenses were well-prepared to do a thing about one of
the two keystroke loggers that dominated this week's tech headlines.
Here's one thing this disturbing news made clear to me: Microsoft
will be making a critical mistake if its new personal firewall
included with Service Pack 2 to Windows doesn't have a facility for
outbound blocking. Here's why your security could depend on it.
READ
FULL STORY | ZdNet.com
Internal
IBM memo: 'Don't install SP2 yet'
IBM last week told employees to hold off installing SP2 until the
company can fully test and customize it. IBM's technology
department, which maintains about 380,000 desktop PCs, said the
delay is "due to known application problems and
incompatibility with IBM workstation applications." While
testing new software may be standard operating procedure for any
conscientious IT shop, SP2's stew of new Windows components mixed
with patches, bug-fixes, and critical security updates released
since SP1 complicates the regression testing that large
enterprises must go through to ensure the compatability of
software. Could IBM's leaked memo affect the approach that other
companies take to SP2?
READ
FULL STORY
PLAY
AUDIO
Windows XP SP2 RC2 and the New Windows Update |
||||
|
Microsoft
Windows XP Service Pack 2 (SP2) Release Candidate 2 (RC2) is now available for testing in
both downloadable "network installer" and Windows Update-delivered "single
machine update" versions. If you are only updating one machine, you should install
Windows XP SP2 RC2 through Windows Update. In most cases, your download time will be
greatly shortened, and you will also have the Release Candidate version of the Windows
Update V5 client installed. If you are updating multiple machines, download the full
installation package. Read more. |
|||
Here is a list of the tools modified and/or updated by SP2, as provided by Microsoft, and a brief description of their functions:
To add rules to existing IPSec policies, you would use the default dynamic mode available with this tool. The typical syntax to add a rule using ipseccmd.exe follows this pattern (which is also available in the Support Tools Help File that installs with the tools by default):
The ipseccmd.exe tool is updated by SP2 to include, among other things, improved online help that can be accessed using the /?switch.
The syntax lines used in this article are displayed using the typical Microsoft conventions, shown in this table:
|
Format |
Meaning |
|
Italic |
Information that the user must supply |
|
Bold |
Elements that the user must type exactly as shown |
|
Ellipsis (...) |
Parameter that can be repeated several times in a command line |
|
Between brackets ([]) |
Optional items |
|
Between braces ({}); choices separated by pipe (|). Example: {even|odd} |
Set of choices from which the user must choose only one |
|
Courier font |
Code or program output |
The HTTP Configuration Utility was originally part of the Windows Server 2003 set of support tools, but it has been brought over to XP with the release of SP2. Here is the basic syntax for this tool:
This utility allows the user to communicate over HTTP without using Microsoft Internet Information Services (IIS).
SP2 updates this tool to resolve an inability to display more than 200 replication partners. The Active Directory Replication Monitor has a graphical user interface with context-sensitive menus and can be used to generate general status reports, display topology, etc.
SP2 updated this tool to resolve a problem in which the GetDirectPartnersEx function did not support more than 200 ConnectionObjects. You can use the ladstools.dll in combination with Visual Basic Scripts to extract Active Directory information and to access the associated APIs.
The extract.exe tool is basically the same after SP2, except that additional parameters for bounds-checking have been added to the available options.
Originally part of Windows Server 2003, the command-line utility BITS is used to transfer files asynchronously between a client and a server. SP2 added several new command-line options to the utility, including an option that transfers a single file by using a single command, and another option that repairs a corrupted BITS installation.
The netdom.exe tool has been updated by SP2 to include options for adding a computer to a domain or workgroup and for renaming computers already in the domain. The general syntax for this command-line utility follows this pattern:
Microsoft recommends that you uninstall any previous versions of the Support Tools before you run the SP2 Tools installation program. You should also keep in mind that the XP Support Tools will install only on a system with the XP operating system.
Will ZoneAlarm work with Windows XP
SP2?
Q: I already have the ZoneAlarm Pro firewall. Is it better to use the
SP2 firewall and turn off ZoneAlarm or the other way around? Thanks.
Question posted by: Tobias
A: Use them both. The Windows XP SP2 firewall blocks only incoming
traffic; it does nothing against spyware or Trojan horses that will try to
broadcast your Web surfing habits or credit card information out to the
Internet. A good third-party firewall such as ZoneAlarm will stop malicious
traffic that's both inbound and outbound.
Windows XP won't boot after installing SP2
– a BIOS update may be necessary
Installing Microsoft Windows XP Service Pack 2 on a PC with a "Prescott" CPU and certain chip sets can cause it to fail to reboot completely. The problem can be solved with a workaround or a BIOS update.
Depending on the chipset, motherboard manufacturer, BIOS version, and CPU, installing Microsoft Windows XP Service Pack 2 can result in an unbootable computer system. The problem is generally associated with Intel "Prescott" CPUs and its chipsets, but not every such combination will cause a problem. As of this writing, motherboards exhibiting the behavior include:
* Albatron PX865 PE Pro
* Shuttle SB61G2
* Jetway i875P
* Soyo P4I865P
* Aopen AX4SG Max
* Asus P4P800-E deluxe
* Abit IS7-V
* Foxconn 865A01-G-6EKRS
Technically speaking, the problem revolves around the machine's BIOS not installing a production level microcode update. To check whether the BIOS is at the correct level, download the
Intel Processor Frequency ID
utility. The microcode version is identified by this utility as CPU Revision, which should equal at least 8.
Solution 1
If the Intel utility shows that you have the wrong microcode version, the primary solution to the problem is to update the system BIOS for your motherboard before you install SP2. Here are some motherboard manufacturer links:
BIOS updates
BIOS updates can be dangerous—please follow the manufacturer's instructions very closely to avoid a major catastrophe.
Solution 2
If you have already installed XP SP2 and have a PC that will not boot because of this microcode version problem, there are two workarounds you can try to get to a bootable state.
In the BIOS setup you should temporarily disable the L1 and L2 cache. On some motherboards, this will allow the computer to boot. You should then remove SP2, turn the L1 and L2 cache back on, and then update the BIOS to reflect the correct microcode version. After completing these steps, you should be able to re-install SP2 without running into this particular problem again.
If disabling L1 and L2 cache does not work, you can use a second workaround suggested by a representative at Intel: Boot the problem computer with an alternative OS or to the safe mode command line if possible. Assuming you can get to the Windows directory on the boot partition, navigate to this file and change its name so that it does not load the next time the machine is booted:
windows\system32\drivers\update.sys
After rebooting you should be able to install XP SP2, but keep in mind this is a temporary fix—the system will be unstable until you update the BIOS and reactivate the update.sys file
