XP SP2 glitches to trip up one in 10 upgrades - report

The Register (U.K.) ^ | September 2, 2004 | John Leyden

[Stoat]

One in 10 corporate PC users will encounter difficulties in upgrading to Windows XP Service Pack 2, according to AssetMetrix. Smaller firms will be hit hardest by compatibility problems between their applications and the much anticipated update of Microsoft's flagship operating system, the Canadian asset management firm says.

Microsoft has issued a list of applications that require modification in order to work properly with XP SP2. The list has been in a state of flux since XP SP2 was released. But based on the current list of approximately 60 applications with SP2 compatibility problems, AssetMetrix reckons that an average company using Windows XP will encounter problems with SP2 on 10.3 per cent of its Windows XP-based PCs.

Win XP SP2 made its debut as a beta in March. It bundles major security revisions and a new Windows update procedure, and additions include: Windows Security Centre; automatically turning on Windows Firewall; and browsing enhancements to Internet Explorer (providing far more control of ActiveX controls, for example).

Problem application require "unblocking" (or manual reconfiguration) because XP SP2 sets Windows Firewall on by default. Other applications suffer a loss of functionality after SP2 is installed. Both types of problems were considered in AssetMetrix's study.

The analysis reviewed the installation of specific software - identified by Microsoft as having various compatibility and functionality issues with SP2 - on more than 44,000 Windows XP-based PCs from over 340 companies. AssetMetrix study showed that companies with less than 100 XP installations had an average impact of around 12 per cent, while larger companies tended to have closer to six per cent of their Windows XP PCs affected.

[Bush2000]

So you're saying that you don't have a single machine in the building (or buildings) that has a floppy, cd-rom, or other removable drive (ie. USB thumbdrive)? Your users can't map or address network shares?

[SoDak]

Exactly. They have only the software I load. They are there to work.

[Leroy S. Mort]

So far the only glitch I found was, when Windows XP Professional starts the spash screen it doesn't show Professional anymore, it's simply Windows XP.

That's by design since the same upgrade applies to both Pro and Home. System properties will still show you have XP Pro.

[Bush2000]

Exactly. They have only the software I load. They are there to work.

And how do you load the software? I presume you have a computer that's attached to the network...

[Bush2000]

Exactly. They have only the software I load. They are there to work.

And how do you load the software? I presume you have a computer that's attached to the network...

[Edit35]

I upgraded with Service Pac 2, and my computer freaked out. Everything locked up.

I had to use the restore button, and ended up uninstalling the whole upgrade.

What a pain.

[rintense]

FYI!

[melkor]

I'm a senior technician for a large computer service company, I have installed sp2 on hundreds of machines, we even slipstream it into our new installs. On EVERY SINGLE machine that we have had a problem with sp2, it wasn't sp2's fault. We go back and do a kaspersky scan and sure enough, theres viruses and malware on the machine. On the machines that are running sp2 we have seen a DRAMATIC (90%ish) cut in spy/mal/adware and viruses on the machines. Seems people are stupid enough to click yes on every activex popup but not smart enough to right click on the toolbar and choose install activex plugin. If you are having problems with sp2 i suggest a full scan with kaspersky demo version (its full, just limited to 30 days) then remove kaspersky (yes remove it, it kills performance to a crawl) and run spybot 1.3 and adaware SE, then hijack this. Once you get the system nice and clean (and assuming you don't have a jacked product id) sp2 will load nicely. Every application thats mainstream (nero, norton, zone, etc) has put out a update that brings it to compliance with the WMI needed to run with sp2. Norton makes you run live update like 4 times and then uncheck a box blocking sp2 from communicating with it "Allow other programs to communicate with symantic products (not recommended)", (not recommended pretty much sums up all of symantics problems, with nav2k4 you know you have a virus when the autoprotect icon stops working)
Every program thats listed as being incompatible that ive run into will generate a popup from windows with the url for the update from the software maker. FYI office 97 was listed as having problems with xp in general along time ago. Maby its time to move to star office since you dont want to update your office. sp2 rocks, plain and simple, the firewall is very nice (people just dont realize its running and their apps may not get out on the net, its that low profile). Windows update 5 with the new BITS system makes getting those crit updates easy. If you seriously have a problem with sp2 in your business due to compatibility with certian obscure or custom software titles, then you should make sure that you are running wus server (its free) so that all your systems are getting the security updates they need. no firewall = fool, no computer usage policy at work = fools, no backups = fools, no updates = fools, etc etc etc. Computing safely is a responsibility. In 8 years I have never seen a person or a company that computed responsibly and been bitten by computer problems.

[Incorrigible]

Oh how I wish there were more network admins like you!!

I hope you're getting a premium wherever you are!

[melkor]

I had a long chat with a guy today that wanted to move his whole company to mozilla because of problems with stuff being downloaded by employees (spy/mal/adware/viruses/etc) and i simply told him, "well..... why dont you stop your employees from going to those sights, it seems to me that any site they need to visit to get their job done wouldn't have that problem" ISA server rocks..... most proxy servers let you block all and then use an explicit allow list of sights.... /sigh.... heres an idea... "hey, you looking at porn at work, YOUR FIRED!!!!, hey you, reading forums on ricer race cars, YOUR FIRED!!!!, hey you, you there... yeah you downloading mp3s off some "top 50" list... YOUR FIRED!!!!" you read and signed the computer usage policy.. have a nice day

[Dr.Zoidberg]

Still running Windows 98 on this box. Works fine for what I do and I have no plans to upgrade any time in the foreseeable future. It's a perfectly serviceable OS.

And this is the original 98 not the second edition. As long as they continue to manufacture peripherals that will plug into my board and run under 98, there's nothing wrong with it and I am not shelling out 100 dollars for a whole new set of headaches.

[Incorrigible]

You are right on....

I'm a database guy but at home I have ISA Server with an approved list of sites so my kids and their counsins don't inadvertantly click the wrong way. I admit it's a pain to administer since I'm the bottleneck when they want to go somewhere new but it's a small price to pay.

However, I do get kind of ansy at one of my accounts that blocks FreeRepublic.com though!

[melkor]

lets see.. what was added in 98se... oh yeah.. full usb support.. full agp support.. ndis5 networking... lots of nice things there just to name a few :) and since 98 is at end of product life... THERE ARE NO MORE SECURITY UPDATES OR PATCHES....

unpatched systems are the promiscuous 17 year olds spreading our cyber STDs without protection..... (dont take this as an attack against you.. its far from it.. its an attack on windows 98 and all computers running out of date and support operating systems) hey dood check me out, im gonna hack this 98 box!!! (presses esc at login)

[Euro-American Scum]

I am not upgrading until they get this crap fixed. There is no excuse for releasing garbage with that many issues.

Neither am I. I'm hearing that SP2 will scramble SQL Server and Visual Studio.NET. And I'm not in the mood to shell out another $1600 for an upgraded version of either one.

I get the sense that Microsoft is setting itself up for a fall in the same way IBM did in the 80s. I don't know if Linux or some other OS will challenge MS, but I do know they're ripe for a fall.

[Dr.Zoidberg]

Well, be that as it may.

This box isn't carrying any viruses, Norton A/V makes sure of that, I've never found any malware when I run Spybot S&D and I use Zonealarm Pro in addition to the routers integral firewall.

I feel confident that this obsolete, promiscuous, venereal disease threatened machine is safe. I'm the only one who ever touches it so I know where it's been.

[Bush2000]

Here's an article that discusses what to do regarding SQL Server and XP SP2: Windows XP SP2 Defaults Break SQL Server Connections

Here's another article on how to enable remote debugging between Visual Studio and another XP SP2-firewalled box: Description of the DebuggerFirewall utility that makes the Visual Studio Remote Debugger work through the Windows XP Service Pack 2 firewall

As for whether MS is "ripe for a fall", I can only say that these changes were absolutely necessary. One of the reasons why Code Red, Nimda, and similar worm variants were allowed to propagate is because of unpatched SQL Server boxes and unnecessarily exposed ports. Microsoft is taking a broader approach to security than just applying individual patches. Vulnerabilities in SQL Server and other server products can be devastating. You, as a server admin, need to be aware of how deploying these servers impacts security on your network. It isn't good enough anymore to simply deploy a server and roll the dice. Microsoft (rightly so) has taken the brunt of complaints for this in the past. I don't blame them for trying to address these issues NOW. Yes, this creates some short-term pain. Admins are going to have to become more knowledgeable about what they're deploying on their networks -- and how it affects network security. But in the long run, we will all be better off.

[Bush2000]

... the routers integral firewall ...

This is your most potent defense against worms and port probers. Make sure that you have the latest firmware on your router, though. Firewalls on routers aren't invincible. Periodically, there are holes found -- and hackers *will* find you if you don't apply the firmware patch. Same deal with software firewalls. Stay up to date -- or you're toast.

Regarding Spybot, etc: The newest forms of malware are getting very, very smart about the kinds of damage that they do. Many of them are actively hiding from and altering programs such as Spybot, Ad-Aware, ZoneAlarm, Norton, etc so that they don't get reported. So, while you may think that you're safe, you may not be. It's a constant arms race between malware producers and spyware detectors. Your best bet is to simply use caution when you use your computer. Don't download and run software from an unverified source; if you must, run it with a lower privilege (not Admin). Don't install ActiveX controls. Don't use HTML mail. Turn off scripting. Don't visit malware-oriented websites (ie. p0rn, war3S, hacx0rz, etc).

One very easy (and most often overlooked) thing that people can do is to download a new HOSTS file (see Blocking Unwanted Parasites with a Hosts File and (Skallas' Ad Blocking Hosts file). The nice thing about this approach is that it works on practically EVERY operating system in use (Windows, Mac OS X, Linux, etc). This makes it easy to redirect known bad sites to 127.0.0.1 (your own machine). So your browser, when it sees references to IMO bogus sites like doubleclick.net, won't even hit the network at all. It will ignore those entries. Depending on the content of HOSTS, this has the added advantage of blocking a lot of ad traffic -- which makes your browsing experience more pleasant (heh heh).

[melkor]

you talking about treating the symptoms, ive never needed the bogus hosts file, i make sure the systems dont get the parasites...

and as far as norton being used, the stated os was 98 first edition, nav2k4 doesnt run correctly on first edition... thats a fact published by norton. go run kaspersky, choose the extended def files.. do a full scan, im sure it will find something. kaspersky has 10x the virus defs that norton does and kaspersky will run the newer versions on the older windows 98.

i commonly hear this when i call a customer to tell them they are totaly infested with viruses.....

"But i have norton 2002 and ive been paying for the subscription" yes, you got new defs for an old program, they release new versions to be able to detect new types of threats....

i run studio on my system, i write small custom automation scripts and apps for administration.. works fine with sp2 the new WMI stuff is great.

theres a workaround for the sql problem... check technet

and you dont have to shell out 100$, there are used copies of windows 2000 on ebay for 10$ at least 2k is still a supported os plus you get NT security, not 9x windows over a shell.

sorry, my soapbox got steped on on this one... i guess i should shut up.. fools keep our company in business. i should see sp2 as a bad thing since it cuts down on 90% of problems

[SoDak]

Obviously

[SoDak]

The problems I've had with SP2 aren't the installation. We run java-based application servers to a gui-based graphical front-end for banking databases, and SP2 will not leave that application alone unless the new firewall is disabled. I've stopped loading SP2 and am instead looking to extend Citrix to each desktop.