Thumbs Up and Thumbs Down on XP SP-2

by Preston Gralla

I've been testing XP, and I'm impressed, despite some bugs. But system administrators and IT folks beware: There are some gotcha's here that might jump up and bite you.

On the up side, the new firewall is much easier to configure than the old one. It's easier to add exceptions and poke holes through it for specific applications, and I especially like the way it's easy to apply it on a connection-by-connection basis, for example automatically turning it on for WiFi HotSpots, and off if you're behind a corporate firewall.

The new WiFi client is far superior to the old one – amazingly enough, it actually makes WiFi configuration and use simple, compared to the brainteaser-like interface of the old client. And the pop-up killer works like a charm.

SP-2 is still buggy – for example, it still won't recognize that I run Norton Anti-Virus and keep it up to date. Presumably, though, that'll be fixed by the final release.

But if I were a system administrator or in IT support, I'd be prepared for the worst. The new firewall will be turned on by default, and that means a whole lot of tech support calls and nightmares. Users will be bombarded with firewall messages, and many of their programs will no longer work.

Also, SP2 automatically blocks file downloads in many instances. Sure, you'd like it if no user ever downloaded a file, but face it, that's not going to happen. And so they'll want to know what's broken with Internet Explorer, not realizing that the download blocking is a feature, not a bug.

The bottom line? It's more secure than existing XP, and adds some nice new touches. But it'll be tough for some users to get used to, and as usual, system administrators and IT folks will bear the brunt of the problems.

By the way, if you want a fuller report on SP2, check out Wei-Meng Lee's inside look.

Have you used XP-2 yet? What do you think? If not, what are your worries?


2004-05-11 15:23:39
IT folks, calm down
The firewall is NOT turned on and locked down when running in a Windows domain, so it won't be as much of a nightmare as many are predicting.
2004-05-12 06:24:36
I chose not to use
Why use an OS from a company that lets virus breakins and owns an antivirus company? (RAV)

Would you pay for a car to a company which makes locks very easy to break in and sells new locks and car alarms at the shop next door?

I remmeber an ad in the papers saying "Secure OS than ever". That falls very short from giving confidence. I only understand that I wasn't secure before.

My opinion is that the XP SP2 will mean new exploits. Just like the new viri showing up right after updates are released.
2004-05-12 20:57:16
I chose not to use
Why do you make your propaganda here? Isn't Slashdot the site for you? That's the only place where people take you seriously. It is a little stupid to make your propaganda here.
2004-05-15 06:20:56
I chose not to use
This is not a propaganda. This is what I figured out as a decent user. I behave like the most ideal user. Update every patch on-time, read the release info before doing so etc. etc. But everytime I update I get my face into mud again. The only 3rd. party application I use is my antivirus software and I'm not blaming for viri, I'm just pointing the lack of security and the precense of the open doors for worms. I did not mention any other software, I did not mention any other OS or hardware. I find the right to say so since I do use and I do pay for it.

The only thing I get when I see the list of security fixes, not that I'll be safe but I was'nt safe before which costed me my time and effort to clean up.

Therefore I give up my acceptance in EULA after figuring out that it is not suitable for me anymore.
2004-05-24 12:20:19
That "firewall" is more accurately called a "local packet filter" and really is worse than useless. If the brief and blunt summary on why isn't enough, read "Personal Firewalls" are mostly snake-oil.

If you actually want to secure a Windows machine in home use, buy one of those a hardware routers you can get for a dozen bucks or so nowadays, and enable its packet filter. All else amounts to nothing more than deluding yourself.