 
arden625
join:2001-07-10
Haledon, NJ | SP2 Beta I'm liking the beta of SP2 right now, and I have a good feeling the final release would be a good one.
--
.: www.pixel6.net :. | |
|
 | 
Camelot One
Premium,MVM
join:2001-11-21
Sarasota, FL
clubs:
 ·VoicePulse
| Re: SP2 Beta I'm pretty pleased with it to, but the current beta certainly doesn't stop spyware. Blocks a lot of ActiveX objects I need, but hasn't stopped a single piece of spyware/hijackers.
--
AMD 2600+M @2684mhz/ DFI Infinity II Ultra/ 2x 512Mb Kingston HyperX PC3500/ WD 120Gb on serial/ Gainward GF4 4600/ Antec 550 True Control/Custom water cooler | |
|
| purwater
Premium
join:2002-10-25
Swords Creek, VA | I'm liking SP2 beta as well. It wouldn't run stable on my laptop, but my desktop has been perfect. The firewall and pop up blocker have worked as they should. I'm hoping the final release will run smoothly on my laptop as well. | |
|
| | |
| | |
Camelot One
Premium,MVM
join:2001-11-21
Sarasota, FL
clubs: | Re: SP2 Beta It is, has program level settings. Unfortunately they still haven't set it up to allow specified port ranges, you have to punch in each port one at a time. | |
|
| | | 
TexasGuy
49 States And Texas
Premium
join:2002-12-02
Houston, TX | Tiny firewall 4.5 | |
|
| | | | 
trparky
Bite My Shiny Metal Ass
Premium,MVM
join:2000-05-24
Cleveland, OH
clubs: | Re: SP2 Beta Again, you know that this is available, but "Joe Somebody" doesn't. "Joe Somebody" is the person who Microsoft is targeting this Service Pack to.
--
WedgeAntilles250 | |
|
| | 
NPGMBR
join:2001-03-28
Arlington, VA | The article is wrong. MS put out a pop-up blocker about two months or more ago. | |
|
| | | 
Jeremy341
Bye
Premium
join:2000-01-06
localhost
| Re: SP2 Beta said by NPGMBR  :
The article is wrong. MS put out a pop-up blocker about two months or more ago.
I'm almost positive that they're referring to Microsoft's "public" browser (IE6 SP1).
Either way, the pop-up blocker was included in the first beta release, back in December. So it's more like six months. | |
|
|
| |
| 
jplove71
IBEW 113
Premium
join:2001-03-16
Colorado Springs, CO
| said by digiblur :
I've been enjoying the no popups and the ActiveX free browsing experience for quite some time!
»www.mozilla.org/products/firefox/
Same here. I only use IE when poorly coded websites don't work properly or at all. | |
|
| | 
TheSaint
join:2002-01-25
Atascadero, CA
clubs: | Re: ActiveX See avatar for details.  | |
|
| | 
inteller
Sociopaths always win.
join:2003-12-08
Tulsa, OK | oh f*** that....so every website doesnt work with mozilla is "poorly coded"? That is horse shit. some companies design sites with IE in mind because the MAJORITY of their customers use it.....so they are all poorly coded too? | |
|
| | | |
dadkins
Go For It
Premium,MVM
join:2003-09-26
Hercules, CA | Is there going to be a way to disable ActiveX blocking? I have ActiveX filtering happening right now, If I want to block ALL ActiveX, it's just a click away. I just want to be able to choose myself...does that make sense? | |
|
|
Jeremy341
Bye
Premium
join:2000-01-06
localhost
| Re: ActiveX said by dadkins :
Is there going to be a way to disable ActiveX blocking?
ActiveX isn't blocked by default. I don't want to say too much about it because of NDAs and such, but I'm sure that your situation will be just fine. | |
|
vic102482
Premium
join:2002-04-30
Upper Marlboro, MD
 ·Verizon FIOS
edit:
May 13th, @10:46AM
| That they come with a server installation and some GPO options that can be edited. A firewall for PC isnt nessesary for the enterprise and it isnt feasable for system administrators to manually do it. I hope they are thinking server side as well.
Good job Microsoft!:)
--
I tie a rope around my penis and jump from a tree, don't you wanna grow up to be just like me!!!! | |
|
| astamand
Premium
join:2003-10-11
Temple, NH
| Re: I like it too but I hope said by vic102482 :
That they come with a server installation and some GPO options that can be edited. A firewall for PC isnt nessesary for the enterprise and it isnt feasable for system administrators to manually do it. I hope they are thinking server side as well.
Good job Microsoft!:)
I used to think this way as well, but with the latest run of Internet worms, I have changed my mind.
As IT Managers, we can patch all the holes and run the firewall on the outside of the building, but it's not enough. All you need is ONE USER to break the whole thing down.
An example with the last Sasser worm we had what we thought were all the required patches on our hosts. We checked with port scanning tools such as Retina to find systems on our network before the worms do. When we find them, we patch them. The systems with Firewalls always pass.
Anyway, since you don’t need to open a payload to get infected with Sasser, it managed to come into the build via some loser’s laptop (we assume). Once in, it had the run of the place because the latest virus definitions were not yet out and the patch was just being released.
We got a hold of it, but if everyone had a Firewall like ZoneAlarm or the new MS firewall it would have been a non issue.
Yes, the management of client side firewalls has been a pain in the past but the new MS Firewall will allow the settings of all clients to be part of a domain policy (see previous post), so it should be a piece of cake. | |
|
| | vic102482
Premium
join:2002-04-30
Upper Marlboro, MD
·Verizon FIOS
| Re: I like it too but I hope said by astamand :
Yes, the management of client side firewalls has been a pain in the past but the new MS Firewall will allow the settings of all clients to be part of a domain policy (see previous post), so it should be a piece of cake.
Yes now firewalls for corporate is a feasable plan. When there was no domain management before it was not feasable. You are right about the laptops, I use SUS and .MSI packages on AD to roll out patches, so any machine that is part of my domain (which is every machine on the network - except servers) is patched immediatly (after some testing).
That is good that MS allows for domain management of the firewall and popup blockers, it would be useless if they didnt. Just on DSLR I never read of any GPO managment or such.
I will research more into this. I need to find out if they have a template that will allow windows 2000 server to take control of the XP firewall.
--
I tie a rope around my penis and jump from a tree, don't you wanna grow up to be just like me!!!! | |
|
| | vic102482
Premium
join:2002-04-30
Upper Marlboro, MD
·Verizon FIOS
edit:
May 13th, @12:05PM
| Yup you are right:)!!! I found it!
»www.microsoft.com/technet/images···_big.gif
Now THAT is kick ass. No more worries about worms, wont even need to patch as fast (as in emergency 2:00AM upgrades) that firewall can be managed for every computer in the domain is sooooo SWEET now I cant wait for it to come out!!!
Edit: What about Windows 2k lol.
--
I tie a rope around my penis and jump from a tree, don't you wanna grow up to be just like me!!!! | |
|
| | | astamand
Premium
join:2003-10-11
Temple, NH
edit:
May 13th, @01:10PM
| Re: I like it too but I hope Yeah, aint that cool! I hear ya about the 2:00am emergency. I'll sleep better knowing the firewalls are working.
Now if we can just get everyone to log into the domain (mostly a lab issue here) and get rid of those last few 2K boxes we'll be all set.
On a side note, another thing we have started to do corporate wide is put all of our conference rooms outside of our firewall. We just get a little Linksys box in the computer room and punch it down to all of the confrence rooms and that's give them a basic firewall and DHCP.
This keeps all of our vendors OUTSIDE. They are the #1 were getting viruses in-house. I can't expect them all to check in with IT before plugging in. We have hundreds of vendors and OEM's in a month to our site alone.
Our users simply use the wireless in the building (which is off limits to all but full time employees and runs a rolling encryption code). If they don't have a wireless card they just VPN back in.
Things are looking better... | |
|
| | | | vic102482
Premium
join:2002-04-30
Upper Marlboro, MD
·Verizon FIOS
| Re: I like it too but I hope said by astamand :
Yeah, aint that cool! I hear ya about the 2:00am emergency. I'll sleep better knowing the firewalls are working.
Now if we can just get everyone to log into the domain (mostly a lab issue here) and get rid of those last few 2K boxes we'll be all set.
On a side note, another thing we have started to do corporate wide is put all of our conference rooms outside of our firewall. We just get a little Linksys box in the computer room and punch it down to all of the confrence rooms and that's give them a basic firewall and DHCP.
This keeps all of our vendors OUTSIDE. They are the #1 were getting viruses in-house. I can't expect them all to check in with IT before plugging in. We have hundreds of vendors and OEM's in a month to our site alone.
Our users simply use the wireless in the building (which is off limits to all but full time employees and runs a rolling encryption code). If they don't have a wireless card they just VPN back in.
Things are looking better...
Good call on the conference room. I understand the feeling on the viruses. Those laptops of theirs are like cheap hookers theyve been through so many networks so many different times who knows what kind of garbage is on there.
Also Im not sure if you saw it before, but I use SUS to update my machines. Its windows update for the internal network. It works great, and you can force every machine to manually update from your server via GPO.
Its free to, from Microsoft.
--
I tie a rope around my penis and jump from a tree, don't you wanna grow up to be just like me!!!! | |
|
| | | | | astamand
Premium
join:2003-10-11
Temple, NH
| Re: I like it too but I hope said by vic102482 :
Good call on the conference room. I understand the feeling on the viruses. Those laptops of theirs are like cheap hookers theyve been through so many networks so many different times who knows what kind of garbage is on there.
LOL!!!
said by vic102482 :
Also Im not sure if you saw it before, but I use SUS to update my machines. Its windows update for the internal network. It works great, and you can force every machine to manually update from your server via GPO.
Yes I just caught that. Our corporate office uses that and pushes all the critical updates to our office as well. We hope to build a local server soon to speed up the process. | |
|
| | | | | | |
| | | | wentlanc
You Can't Fix Dumb..
join:2003-07-30
Maineville, OH
| said by astamand :
Our users simply use the wireless in the building (which is off limits to all but full time employees and runs a rolling encryption code). If they don't have a wireless card they just VPN back in.
You can also firewall your wireless, and only allow access to your VPN. Anyone who caould connect to your wireless would only be allowed to connect to the VPN server. Adds another layer of authentication, and encryption, to the connection.
puritan | |
|
| | | | |
Jeremy341
Bye
Premium
join:2000-01-06
localhost
| Re: I like it too but I hope said by wentlanc :
You can also firewall your wireless, and only allow access to your VPN. Anyone who caould connect to your wireless would only be allowed to connect to the VPN server. Adds another layer of authentication, and encryption, to the connection.
It also adds something else that can break. I believe astamand 's wireless security practices are perfectly fine. No need to add another layer that is completely unnecessary. | |
|
linicx
Caveat Emptor
Premium
join:2002-12-03
United State | Much ado about nothing. I'd like to see a real improvement like changing the e-mail to a secure cross-platform system that can't be used to deliver destructive payloads.
--
Macintosh: no windows, no gates and the Apple inside | |
|
| 
Steve
ho ho ho dammit
Consultant
join:2001-03-10
Yorba Linda, CA
| Re: Ho Hum said by linicx :
Much ado about nothing.
Then you haven't been paying attention: XP/SP2 is an enormous improvement in security on many fronts, not just popup blockers. This should have happened long, long ago, but I don't know anybody who's really looked at this who says "it's nothing". Not even Microsoft haters.
Analysis here
--
Stephen J. Friedl * Security Consultant * Tustin, California USA * my web site | |
|
| | wentlanc
You Can't Fix Dumb..
join:2003-07-30
Maineville, OH
| Re: Ho Hum Who cares how improved this is? So MS incorporated something that you can get off the internet for free. And they did it two years too late. No thanks, I'll trust Ad-Aware, Spybot S&D, and 12-Ghosts. They've been doing it longer, and are already installed on my system. Combine those with a hardware firewall, and the obligatory lame MS firewall, and I'm pretty secure.
puritan | |
|
| | |
trparky
Bite My Shiny Metal Ass
Premium,MVM
join:2000-05-24
Cleveland, OH
clubs:
edit:
May 13th, @02:42PM
| Re: Ho Hum The main problem here is that most users are dumb and that they need to have everything spoonfed to them.
said by wentlanc :
I'll trust Ad-Aware, Spybot S&D, and 12-Ghosts. Combine those with a hardware firewall, and the obligatory lame MS firewall, and I'm pretty secure.
Well, thats fine and dandy, but I dare you to ask "Joe Somebody" what these programs are, what they do, how much they cost, and how to get them. I guarantee that you will get nothing but a 'head-scratch' in reply.
Face it people, people are stupid and they need the stuff practically handed to them. This is what Microsoft is doing with SP2, making the stupid people wake up and take notice. They are handing the tools to them and making it so that it is going to be very difficult for "Joe Somebody" to forget to enable a firewall or update their antivirus program.
There are people out there that don't even know the difference between a USB port and the power button! Those are the people who Microsoft is targeting with SP2, not you and me who know that those programs are available.
--
WedgeAntilles250 | |
|
| | | | 
yock
Eschew the False Dichotomy
Premium
join:2000-11-21
Fairfield, OH | Re: Ho Hum Not even just the stupid. Why should I download 3 programs that do something my OS should be protecting me from? Simplicity is devine... | |
|
| | | | wentlanc
You Can't Fix Dumb..
join:2003-07-30
Maineville, OH | And these same dumb users are going to manage to patch their OS also, huh? It is too little too late. Most people who would do it, already have software loaded to eliminate popups, spyware, and other regular nuisances.
puritan | |
|
| |
yock
Eschew the False Dichotomy
Premium
join:2000-11-21
Fairfield, OH
| I read your analysis a month or so ago, Steve, and I must say I like what's ahead for MS and Windows. I never knew that the NT security model was so complex, knowing that really brings light to the problems we all run into when trying to run programs as a non-administrator. With some of the features software developers will now be forced to use, hopefully we'll see better implementation on the part of software developers, rather than having to be an administrator to run everything.
Somewhat akin to all of those *nix docs telling you to 'chmod 777'  | |
|
| | |
| | |
Steve
ho ho ho dammit
Consultant
join:2001-03-10
Yorba Linda, CA
| Re: Ho Hum said by linicx :
What has this MS version done about the trojans and worms it attracts in email that is different from. or an improvement over, any other version of software that MS has released ... say .. in the last six years?
This is an absolutely fair question.
Outlook Express in XP/SP2 has an "Attachment Execution Service", which is much more fine-grained than the dopey "don't allow attachments" that OE used before. And if you do decide to open an attachment against its recommendations (by any of a half dozen ways), it is opened in a way that's guaranteed to trigger A/V software if it's installed.
The main beneficiaries are the n00bs who don't know anything - it will be much easier to be secure without knowing what you're doing. Those who want their own firewall or popup blocker or the like can still use them, but the default users is much more protected.
Really: this is not an incremental set of minor features. This is a complete overhaul of security, and I don't believe I've found anybody who has studied well who wasn't impressed.
Steve
--
Stephen J. Friedl * Security Consultant * Tustin, California USA * my web site | |
|
astamand
Premium
join:2003-10-11
Temple, NH
| One of the nice features with the Microsoft Firewall is that IT managers will be able to set a global policy in the domain which affects the rules. Since the default is strict, we could use this to open up certain ports for, say, tools used by an engineering group for example. Otherwise, once everyone in that group updated they would come running and say "X" doesn't work anymore! And we would have to go around one by one and allow the ports or send an email with instructions on how to do so. | |
|
|
See 8 replies to this post |
|
Zunger
join:2003-08-24
Fayetteville, AR
| "You're not going to get rid of it altogether, but at least we'll be able to say to people, 'Look, just install Service Pack 2 and your problems will go away.'" good luck, isnt that what they told most people for blaster? It didnt help any. SP2 might be a sign from god...but with the exception of those that realize what it will do, it WONT be updated. | |
|
|
trparky
Bite My Shiny Metal Ass
Premium,MVM
join:2000-05-24
Cleveland, OH
clubs: | Re: wtf Yep, and it will be our job to get SP2 out to the masses and MAKE THEM INSTALL IT!
--
WedgeAntilles250 | |
|
insomniac84
join:2002-01-03
Schererville, IN | Thats all I ever wanted. SP2 is going to be great. | |
|
| 
m7dt428
join:2004-02-16
West Chester, OH | Re: Never Install! will the products specified to work in only windows 2000 and XP SP1 work in SP2?Its backwards compatible right? | |
|
| |
insomniac84
join:2002-01-03
Schererville, IN | Re: Never Install! yes sp2 is just all the security and critical patches with new windows features, its still windows xp. Just hopefully more secure. | |
|
oldTDNickell
Premium
join:2000-12-19
Federal Way, WA | I will wait until they release the final software.:) | |
|
FauxReal
join:2001-12-11
00000
| Beautiful, I've been wondering why that wasn't an option. It would help against those stupid reoccurring activex popups that you come across from time to time.
I mean they have a "always trust" option... why not a "screw those bastards" option? | |
|
| 
dyslektic
join:2002-07-25
Montreal, QC | Re: Never Install Option I've always had a pop-up blocker with SP1. I don't know why you guys are saying there is no pop-up blocker. | |
|
missyfox
@rr.com
| For admins with laptop users, the firewall changes are a godsend. They allow us to define (via GPO) two configurations, so you can have one set of firewall rules when the laptop is in your office behind your perimeter firewalls, and another set of rules which is automatically used when the laptop is not connected to the corporate network. So I get the ability to easily manage the systems when they're in the office without sacrificing security when the user connects to the cable modem at home. Automatically. Cool.
Oh, and to the user who wondered why not make web pages totally cross-browser friendly..it's really not "a little extra work" but a serious task that takes great patience. Why? Because Internet Explorer does not render pages in accordance with the w3c recommendations. It is so infuriating that M$ will not fix things like their implementation of the box model, which leaves a web designer with three options:
1. make a page that looks right in IE, but a little off in most other browser
2. make a page that complies with w3c recs and looks good in most browsers but that isn't quite right in IE
3. spend a lot of time fiddling, testing, tweaking, testing, finessing, testing in order to work around IE's infuriating shortcomings (this is the option I choose, but it's only easy when the page design is very simple!) | |
|
Theo25
@attbi.com | Can't wait, this will be a HUGE improvement over anything they have put out before. | |
|
|
|
|
SP2 and Spyware
·
·
Re: SP2 Beta
