Perhaps because I frequent web news outlets with a geeky bent, I’ve seen a lot of negative reaction to Microsoft’s Service Pack 2 update to Windows XP. Much of this criticism is understandable. Microsoft has been pushing the security issue hard, and it will be near impossible for them to live up to their promises.
That said, let’s be fair to Microsoft. They’ve been criticized for a delayed roll-out of SP2 and for a slew of applications that “break” after it is installed. Well, rolling out a major (free) update to the worlds most popular operating system is not easy. The amount of backwards compatibility issues that Microsoft deals with dwarfs that of competing operating systems given their install base. Upgrading the install base of Windows XP is a massive engineering undertaking.
As for some applications “breaking” after SP2 is installed - sure, there may be (and likely) are bugs in SP2. However, much of the “breaking” I’ve heard of is due to new security policies that Microsoft has been criticized for not having in the past. For example, their Firewall is now turned on by default. This will wreak havoc on all kinds of applications (it messed up some online gaming software for me in the past). However, it is a necessary change. Sure, it will cause some annoyances in the short term - but it will make computing safer in the long term.
We can’t criticize Microsoft for shipping an operating system with no firewall turned on by default, then not give them credit when they finally do ship with a firewall on by default.
SP2 probably doesn’t make Windows secure. From my (admitted limited)understanding, there are fundamental architectural decisions that will prevent Windows from ever being as secure as the more network aware alternatives (Linux and Mac OS X). However, SP2 helps - if only a bit.
I now run Linux as my primary operating system. I run Windows XP occasionally, and I updated my XP partition on my laptop to SP2 today. When an application started to load up in the background, XP with SP2 told me about it, and asked me if it was ok for it to run. If I make legitimate software that runs in the background, this will be an annoyance and may make for a slew of calls to my support line. However, it will make it a hell of a lot easier to find all of that spy-ware running on your moms computer.
Bottom line: SP2 will help make home computers a little bit less annoying for our families to use. I think Microsoft deserves at least a bit of credit for that.
Comments
Thomas Baekdal - September 4, 2004 3:50 pm
It is amazing what Microsoft has to put up with. As you pointed out, first they get criticized for not having a firewall, then they add that, then they get criticized that it is not activated (the reason was that it would create yet-another monopolistic issue with other firewall manufacturers), then they activate it, then they get criticized that it is activated and programs that use the network/internet cannot connect any-longer (with the user agreeing that it must do so).
Outlook? First they get criticized that the preview pane is "spammer-friendly" because spammer embed small images that can track an email. Then Microsoft block that, then Microsoft is criticized that html emails no longer show images without the user's consent (BTW: Most other email programs is at this point far more insecure than Microsoft outlook).
Pop-up blocker in IE: Every other browser includes this - with much celebration. Then Microsoft finally include it as well - but with the result that people criticize them for being monopolistic, and "toolbar" user have no reasons for making the toolbars any longer. They are also criticized for breaking certain sites (those who use pop-ups...).
ActiveX: There has been very very few security related problems with this technology - and an insane amount of people-related problems. The problem is that when visiting a "bad" site an activeX window appears asking "do you really want to install this long distant dialer program, that takes over your computer, and makes your life a living hell (or as Microsoft puts it: Are you sure you want to run this unsigned ActiveX)"... then a lot of people choose "yes, make my life a living hell". Microsoft did implement that pop-up warning, after being criticized that it was too easy to run ActiveX code, then they got criticized that the pop-up did not change peoples bad behaviors, then Microsoft changed that so that you had to actively activate an activeX in order to run it (not just agree that it could run). Now they are being criticized for not allowing activeX code to run automatically.
Automatic Updates: First they got criticized that it was too hard to update your computer, then they introduced a helper program that would download and prompt for you to update. Then they got criticized that they downloaded updates to your computer. They also got criticized that it was too much work to update the system all the time. Then they introduced automatic download and installation, then they got criticized that they would install the updates automatically (PCWorld is recommending that you disable automatic installation).
Security Center: First they are criticized that it was too hard to see that status of your system's security. So they introduced Security Center. Then they are criticized that it is there, by competing systems (BTW: McAfee has shown that any competitor is free to use their own security center - instead of Microsoft's)
At the same time, anti-Microsoft companies proclaim that they have found a security issue with the Security Center. The issue is that if you have administrator access to a computer, you can fake the Security Center messages. The media is all over Microsoft. Well, if you got administrator access to a computer, regardless if it is on a Linux, Mac or Windows - you can change any part of the system. But that does not make it a security problem - an intruder has to get into the system first.
Sigh...
Evan - September 4, 2004 10:19 pm
I'm curious Steve, what Linux distro do you run?
angelday true - September 5, 2004 6:16 am
Evan, AFAIK Fedora + GNOME.
Steven Perry - September 5, 2004 2:00 pm
If future install cds of Windows XP come with Service Pack 2 already built in, the world will be a better place. At least you'll be able to go more than 15 minutes after a fresh install without getting a virus or two.
Dave - September 5, 2004 9:29 pm
Evan, Steven's running Fedora Core 2 & Gnome.
Evan - September 6, 2004 3:11 am
Alright, thanks. Fedora is one of the few distros I haven't tried yet. I've been running SuSe 9.1 but theres aspects of it that are getting on my nerves, so I'm trying to find some good alternatives.
Joe - September 7, 2004 10:37 am
It's "wreak", dude.
"This will wreck havoc"
Joe - September 7, 2004 10:38 am
"It is amazing what Microsoft has to put up with. "
Oh, shut up. Like they are this poor, wittle company who is onwee twying to help.
Steven Garrity - September 7, 2004 10:50 am
Fixed the wreck/wreak typo. Thanks, "dude".
Jeff Walden - September 9, 2004 12:39 am
Actually, I was surprised by the number of non-MS-bashing posts I saw with good scores on Slashdot. There were a bunch of jokers (~25%?), but the good messages outweighed the bad.
Ah, whatever. I used to read Slashdot a bunch, but I don't too much any more for a combination of reasons (one of which is the problem that their digest sender doesn't recognize my new email address that I registered there).
James - September 10, 2004 10:36 pm
Linux all the way man!
When our family computer broke down because of a Direct X update - and Microsoft's failure to issue a proper fix for the problem (Go reformat & reinstall), I installed Linux on the family computer. I haven't have any problems with that computer since then. :-)
I just installed Debian on my Mom's computer and she likes it.
("No, really, Mom. You can open an email and a virus won't take down the computer now.")
I think that while SP2 is a step in the right direction, the evil empire still has a long way to go till Windows is secure. I think that some employee mentioned a 10 year security timeline. Hopefuly by then, most people will have gotten tired of all the crap they have to put up with when using microsoft's products and will have switched to something better.
Terry - September 29, 2004 3:15 pm
James:
A Google search reveals over 100,000 pages containing ways to bypass Linux security.
No OS is perfect. If Linux had the user base that Windows has, then there would be just as many people trying to find vulnerabilities in it rather than the 3 or 4 that are now. This would result in Linux being widely known as "insecure" just as Windows is now, because the vulnerabilities DO exist and would be common knowledge.
Don't put all of your eggs in one basket. Understand that every flavor has it's positives and negatives. If you're going to post on a tech site, then try just a bit to think like one.
ZinX - October 21, 2004 11:45 am
Lol Terry, I was thinking that.
Oops! - October 23, 2004 1:00 am
Terry conveniently ignores the fact that Linux dominates the corporate computer room. But hey, nothing of value to be had there, so why would people bother looking for Linux vulnerabilities?
Karthik - April 22, 2006 8:11 am
Oops!
Oops conveniently ignores that it is usually other corporates who look to exploit vulnerabilities in corporate Linux boxes, and are less likely to propogate their virii to other unnecessary targets as compared to the "have no life" geeks who usually spread Windows virii as if they were spreading their seed.