Interesting things spotted on a quick overview read of all comments
at the SANS XP SP2 page:
http://isc.sans.org/xpsp2.php
1.. It appears SP2 doesn't like the Prescott chip, AT ALL. Almost everyone with critical problems
was running a Prescott. (One suggestion by a poster was that Intel's NX technology is glitched, and
thus is not allowing the boot code to finish running.)
2.. Those with "issues" seemed to find these cleared up either with a fresh install, followed by
SP2, or by installing a version of XP that was slipstreamed with SP2. The problems might have been
caused by something running in memory (an uncaught virus, or spyware?).
3.. Recommendations are very, VERY firm about running a full antivirus scan, followed by a scan
for spyware (and other malware) before doing an install.
4.. Some drivers need to be re-installed, especially for devices using USB.
5.. Most all other "issues" were with programs that needed to be added to the Windows firewall.
Don't use the Windows Firewall. It is rather useless. Use a firewall such as ZoneAlarm.
6.. One major problem (for some) was the port speed limitation that Microsoft added. In other
words, if you have a single program that opens more than 10 simultaneous connections (Ie, some of
the newer file transfer protocols, or NMap to test your system for vulnerabilities), Microsoft
automatically limits the thru-put to around that of a 1200bps modem. Under normal conditions, you'll
never see this -- but if you try to run NMap (or other software that opens a TON of connections
simultaneously), you'll see this -- fast."
As always, Windows Service Pack installs require homework and testing. You could be one of the
lucky ones that downloads, installs and voila, no problems. But do you want to take that chance?
Do your homework. Send the bill for your time and effort to Microsoft Corp.

"RJ" > wrote in message
...
> Interesting things spotted on a quick overview read of all comments
> at the SANS XP SP2 page:
> http://isc.sans.org/xpsp2.php
> 1.. It appears SP2 doesn't like the Prescott chip, AT ALL. Almost
everyone with critical problems
> was running a Prescott.

No, one just needs the latest mobo BIOS with the proper Prescott microcode.
OR rename update.sys and SP2 works fine.

> (One suggestion by a poster was that Intel's NX technology is glitched,
and
> thus is not allowing the boot code to finish running.)
> 2.. Those with "issues" seemed to find these cleared up either with a
fresh install,

No, mobo BIOS flash.

>followed by
> SP2, or by installing a version of XP that was slipstreamed with SP2. The
problems might have been
> caused by something running in memory (an uncaught virus, or spyware?).
> 3.. Recommendations are very, VERY firm about running a full antivirus
scan, followed by a scan
> for spyware (and other malware) before doing an install.
> 4.. Some drivers need to be re-installed, especially for devices using
USB.
> 5.. Most all other "issues" were with programs that needed to be added
to the Windows firewall.
> Don't use the Windows Firewall. It is rather useless. Use a firewall
such as ZoneAlarm.

No, SP2's firewall is just fine along with any good virus checker. Lose
ZA.

Windows Firewall is only fine for those who have no concern about exporting
malware to those in their address book.

If you think Windows Firewall is 'fine' then I suggest you are no better
than the author of the malware as you will be one of their distributors.


"Ron Reaugh" > wrote in message
...
>
> "RJ" > wrote in message
> ...
>> Interesting things spotted on a quick overview read of all comments
>> at the SANS XP SP2 page:
>> http://isc.sans.org/xpsp2.php
>> 1.. It appears SP2 doesn't like the Prescott chip, AT ALL. Almost
> everyone with critical problems
>> was running a Prescott.
>
> No, one just needs the latest mobo BIOS with the proper Prescott
> microcode.
> OR rename update.sys and SP2 works fine.
>
>> (One suggestion by a poster was that Intel's NX technology is glitched,
> and
>> thus is not allowing the boot code to finish running.)
>> 2.. Those with "issues" seemed to find these cleared up either with a
> fresh install,
>
> No, mobo BIOS flash.
>
>>followed by
>> SP2, or by installing a version of XP that was slipstreamed with SP2. The
> problems might have been
>> caused by something running in memory (an uncaught virus, or spyware?).
>> 3.. Recommendations are very, VERY firm about running a full antivirus
> scan, followed by a scan
>> for spyware (and other malware) before doing an install.
>> 4.. Some drivers need to be re-installed, especially for devices using
> USB.
>> 5.. Most all other "issues" were with programs that needed to be added
> to the Windows firewall.
>> Don't use the Windows Firewall. It is rather useless. Use a firewall
> such as ZoneAlarm.
>
> No, SP2's firewall is just fine along with any good virus checker. Lose
> ZA.
>
>

> If you think Windows Firewall is 'fine'

What's wrong with it?

--
Regards

John Waller

"John Waller" wrote

> > If you think Windows Firewall is 'fine'
>
> What's wrong with it?
>
> --
> Regards
>
> John Waller

It only monitors incoming traffic, not outgoing traffic.

Alias

"Ron Reaugh" wrote:

>
> "RJ" > wrote in message
> ...
> > Interesting things spotted on a quick overview read of all comments
> > at the SANS XP SP2 page:
> > http://isc.sans.org/xpsp2.php
> > 1.. It appears SP2 doesn't like the Prescott chip, AT ALL. Almost
> everyone with critical problems
> > was running a Prescott.
>
> No, one just needs the latest mobo BIOS with the proper Prescott microcode.
> OR rename update.sys and SP2 works fine.
>
> > (One suggestion by a poster was that Intel's NX technology is glitched,
> and
> > thus is not allowing the boot code to finish running.)
> > 2.. Those with "issues" seemed to find these cleared up either with a
> fresh install,
>
> No, mobo BIOS flash.
>
> >followed by
> > SP2, or by installing a version of XP that was slipstreamed with SP2. The
> problems might have been
> > caused by something running in memory (an uncaught virus, or spyware?).
> > 3.. Recommendations are very, VERY firm about running a full antivirus
> scan, followed by a scan
> > for spyware (and other malware) before doing an install.
> > 4.. Some drivers need to be re-installed, especially for devices using
> USB.
> > 5.. Most all other "issues" were with programs that needed to be added
> to the Windows firewall.
> > Don't use the Windows Firewall. It is rather useless. Use a firewall
> such as ZoneAlarm.
>
> No, SP2's firewall is just fine along with any good virus checker. Lose
> ZA.
>
>
> Windows firewall is what?
Try doing a Leak test (get the utility fromWWW.grc.com)
While there try a few port probes.I did this, Windows firewall leaked like a
seive!
You may also find as many others have that despite yurning off Windows
firewall it graciously continues to block programs WITHOUT telling you.
You cannot compare a product like Zone Alarm and Windows Firewall.

See here for accurate info on the Prescott microcode issue:

http://support.microsoft.com/default.aspx?kbid=885626

"Ron Reaugh" > wrote in message
...
>
> "RJ" > wrote in message
> ...
>> Interesting things spotted on a quick overview read of all comments
>> at the SANS XP SP2 page:
>> http://isc.sans.org/xpsp2.php
>> 1.. It appears SP2 doesn't like the Prescott chip, AT ALL. Almost
> everyone with critical problems
>> was running a Prescott.
>
> No, one just needs the latest mobo BIOS with the proper Prescott
> microcode.
> OR rename update.sys and SP2 works fine.
>
>> (One suggestion by a poster was that Intel's NX technology is glitched,
> and
>> thus is not allowing the boot code to finish running.)
>> 2.. Those with "issues" seemed to find these cleared up either with a
> fresh install,
>
> No, mobo BIOS flash.
>
>>followed by
>> SP2, or by installing a version of XP that was slipstreamed with SP2. The
> problems might have been
>> caused by something running in memory (an uncaught virus, or spyware?).
>> 3.. Recommendations are very, VERY firm about running a full antivirus
> scan, followed by a scan
>> for spyware (and other malware) before doing an install.
>> 4.. Some drivers need to be re-installed, especially for devices using
> USB.
>> 5.. Most all other "issues" were with programs that needed to be added
> to the Windows firewall.
>> Don't use the Windows Firewall. It is rather useless. Use a firewall
> such as ZoneAlarm.
>
> No, SP2's firewall is just fine along with any good virus checker. Lose
> ZA.
>
>

If I'm using a NAT router, do I need a firewall?

--
Regards

John Waller

John Waller wrote:

> If I'm using a NAT router, do I need a firewall?
>

Yes, it is a good idea.

Malke
--
MS MVP - Windows Shell/User
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"

> Yes, it is a good idea.

But not essential?

The company that administers our company server say we don't need software
firewalls on every machine. We don't have a hardware firewall either.


--
Regards

John Waller

John Waller wrote:

>> Yes, it is a good idea.
>
> But not essential?
>
> The company that administers our company server say we don't need
> software firewalls on every machine. We don't have a hardware firewall
> either.
>
>
It depends on what is being used as a firewall on the corporate level. I
would certainly have a really good firewall between the outside world
and my corporate network, with no additional software firewalls needed
on the workstations. But since I don't know what your IT Dept. has
done, I can't comment on it.

Malke
--
MS MVP - Windows Shell/User
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"

"Edward W. Thompson" > wrote in message
...
> Windows Firewall is only fine for those who have no concern about
exporting
> malware to those in their address book.

Nope, a good virus checker and spyware checker prevents that along with
SP2's firewall.

> If you think Windows Firewall is 'fine' then I suggest you are no better
> than the author of the malware as you will be one of their distributors.

Clueless.

Why don't you go tell your tales to the SP2 development team.

> "Ron Reaugh" > wrote in message
> ...
> >
> > "RJ" > wrote in message
> > ...
> >> Interesting things spotted on a quick overview read of all comments
> >> at the SANS XP SP2 page:
> >> http://isc.sans.org/xpsp2.php
> >> 1.. It appears SP2 doesn't like the Prescott chip, AT ALL. Almost
> > everyone with critical problems
> >> was running a Prescott.
> >
> > No, one just needs the latest mobo BIOS with the proper Prescott
> > microcode.
> > OR rename update.sys and SP2 works fine.
> >
> >> (One suggestion by a poster was that Intel's NX technology is glitched,
> > and
> >> thus is not allowing the boot code to finish running.)
> >> 2.. Those with "issues" seemed to find these cleared up either with a
> > fresh install,
> >
> > No, mobo BIOS flash.
> >
> >>followed by
> >> SP2, or by installing a version of XP that was slipstreamed with SP2.
The
> > problems might have been
> >> caused by something running in memory (an uncaught virus, or spyware?).
> >> 3.. Recommendations are very, VERY firm about running a full
antivirus
> > scan, followed by a scan
> >> for spyware (and other malware) before doing an install.
> >> 4.. Some drivers need to be re-installed, especially for devices
using
> > USB.
> >> 5.. Most all other "issues" were with programs that needed to be
added
> > to the Windows firewall.
> >> Don't use the Windows Firewall. It is rather useless. Use a firewall
> > such as ZoneAlarm.
> >
> > No, SP2's firewall is just fine along with any good virus checker.
Lose
> > ZA.
> >
> >
>
>

"Alias" > wrote in message
...
>
> "John Waller" wrote
>
> > > If you think Windows Firewall is 'fine'
> >
> > What's wrong with it?
> >
> > --
> > Regards
> >
> > John Waller
>
> It only monitors incoming traffic, not outgoing traffic.

With a proper virus checker and adware checker outgoing checking is NOT
needed.

"Adrian UK" > wrote in message
...
>
>
> "Ron Reaugh" wrote:
>
> >
> > "RJ" > wrote in message
> > ...
> > > Interesting things spotted on a quick overview read of all comments
> > > at the SANS XP SP2 page:
> > > http://isc.sans.org/xpsp2.php
> > > 1.. It appears SP2 doesn't like the Prescott chip, AT ALL. Almost
> > everyone with critical problems
> > > was running a Prescott.
> >
> > No, one just needs the latest mobo BIOS with the proper Prescott
microcode.
> > OR rename update.sys and SP2 works fine.
> >
> > > (One suggestion by a poster was that Intel's NX technology is
glitched,
> > and
> > > thus is not allowing the boot code to finish running.)
> > > 2.. Those with "issues" seemed to find these cleared up either with
a
> > fresh install,
> >
> > No, mobo BIOS flash.
> >
> > >followed by
> > > SP2, or by installing a version of XP that was slipstreamed with SP2.
The
> > problems might have been
> > > caused by something running in memory (an uncaught virus, or
spyware?).
> > > 3.. Recommendations are very, VERY firm about running a full
antivirus
> > scan, followed by a scan
> > > for spyware (and other malware) before doing an install.
> > > 4.. Some drivers need to be re-installed, especially for devices
using
> > USB.
> > > 5.. Most all other "issues" were with programs that needed to be
added
> > to the Windows firewall.
> > > Don't use the Windows Firewall. It is rather useless. Use a firewall
> > such as ZoneAlarm.
> >
> > No, SP2's firewall is just fine along with any good virus checker.
Lose
> > ZA.
> >
> >
> > Windows firewall is what?
> Try doing a Leak test (get the utility fromWWW.grc.com)
> While there try a few port probes.I did this, Windows firewall leaked like
a
> seive!
> You may also find as many others have that despite yurning off Windows
> firewall it graciously continues to block programs WITHOUT telling you.
> You cannot compare a product like Zone Alarm and Windows Firewall.

Right, Windows SP2's Firewall is fully integrated with the MS XP OS and
hooked directly to Automatic Update..no comparison. Lose ZA.

"John Waller" > wrote in message
...
> If I'm using a NAT router, do I need a firewall?

I'd use SP2's firewall as it hooked to MS's Automatic Updates.

"John Waller" > wrote in message
...
> > Yes, it is a good idea.
>
> But not essential?
>
> The company that administers our company server say we don't need software
> firewalls on every machine. We don't have a hardware firewall either.

Then there's something missing from your story OR you need a new "company
that administers". I suspect the former.

Outgoing checking is only unnecessary if you trust people like Microsoft,
Real Networks, Intuit and many others not to write home with info from your
machine. I think it would be naive to extend that trust, especially since
two I've mentioned have already been caught doing exactly that.


formerprof




"Ron Reaugh" > wrote in message
...
>
> "Alias" > wrote in message
> ...
>>
>> "John Waller" wrote
>>
>> > > If you think Windows Firewall is 'fine'
>> >
>> > What's wrong with it?
>> >
>> > --
>> > Regards
>> >
>> > John Waller
>>
>> It only monitors incoming traffic, not outgoing traffic.
>
> With a proper virus checker and adware checker outgoing checking is NOT
> needed.
>
>

"formerprof" > wrote in message
...
> Outgoing checking is only unnecessary if you trust people like Microsoft,
> Real Networks, Intuit and many others not to write home with info from
your
> machine.

Exactly, I want them to try so that I can certify the class. They ain't
gonna do it at least in any offensive fashion.

> I think it would be naive to extend that trust, especially since
> two I've mentioned have already been caught doing exactly that.

Not seriously and that's changing. That's an issue for AGs and not for each
persons PC and fancy firewalls.

> "Ron Reaugh" > wrote in message
> ...
> >
> > "Alias" > wrote in message
> > ...
> >>
> >> "John Waller" wrote
> >>
> >> > > If you think Windows Firewall is 'fine'
> >> >
> >> > What's wrong with it?
> >> >
> >> > --
> >> > Regards
> >> >
> >> > John Waller
> >>
> >> It only monitors incoming traffic, not outgoing traffic.
> >
> > With a proper virus checker and adware checker outgoing checking is NOT
> > needed.
> >
> >
>
>

"formerprof" > wrote in message
...
> Outgoing checking is only unnecessary if you trust people like Microsoft,
> Real Networks, Intuit and many others not to write home with info from
your
> machine.

Besides if they get offensive then adware checkers will take em down!

Dear Ron,

Well I'm certainly ready to join the class -- but I think I have less faith
in the process than you do given what seems to me to be the larger public's
indifference to privacy issues. Moreover it would take some pretty dedicated
decrypting and hacking to discover whether Intuit is studying my bank
accounts, and Microsoft my musical preferences or manuscripts.

All good wishes.

formerprof





"Ron Reaugh" > wrote in message
...
>
> "formerprof" > wrote in message
> ...
>> Outgoing checking is only unnecessary if you trust people like Microsoft,
>> Real Networks, Intuit and many others not to write home with info from
> your
>> machine.
>
> Exactly, I want them to try so that I can certify the class. They ain't
> gonna do it at least in any offensive fashion.
>
>> I think it would be naive to extend that trust, especially since
>> two I've mentioned have already been caught doing exactly that.
>
> Not seriously and that's changing. That's an issue for AGs and not for
> each
> persons PC and fancy firewalls.
>
>> "Ron Reaugh" > wrote in message
>> ...
>> >
>> > "Alias" > wrote in message
>> > ...
>> >>
>> >> "John Waller" wrote
>> >>
>> >> > > If you think Windows Firewall is 'fine'
>> >> >
>> >> > What's wrong with it?
>> >> >
>> >> > --
>> >> > Regards
>> >> >
>> >> > John Waller
>> >>
>> >> It only monitors incoming traffic, not outgoing traffic.
>> >
>> > With a proper virus checker and adware checker outgoing checking is NOT
>> > needed.
>> >
>> >
>>
>>
>
>

"Ron Reaugh" > wrote in message
...
>
> "Alias" > wrote in message
> ...
>>
>> "John Waller" wrote
>>
>> > > If you think Windows Firewall is 'fine'
>> >
>> > What's wrong with it?
>> >
>> > --
>> > Regards
>> >
>> > John Waller
>>
>> It only monitors incoming traffic, not outgoing traffic.
>
> With a proper virus checker and adware checker outgoing checking is
> NOT
> needed.

This is above the mental comprehension of most users.

Ron Reaugh wrote:

>
> Right, Windows SP2's Firewall is fully integrated with
> the MS XP OS and hooked directly to Automatic Update..no
> comparison. Lose ZA.


You mean lose WinXP's firewall. don't you? No one with any knowledge
in the field considers it more than a "stop-gap" solution.
--

Bruce Chambers

Help us help you:
http://dts-l.org/goodpost.htm
http://www.catb.org/~esr/faqs/smart-questions.html

You can have peace. Or you can have freedom. Don't ever
count on having both at once. - RAH

"Bruce Chambers" > wrote in message
...
> Ron Reaugh wrote:
>
> >
> > Right, Windows SP2's Firewall is fully integrated with
> > the MS XP OS and hooked directly to Automatic Update..no
> > comparison. Lose ZA.
>
>
> You mean lose WinXP's firewall. don't you?


Not hardly.

> No one with any knowledge
> in the field considers it more than a "stop-gap" solution.

You are simply flat WRONG!

>> No one with any knowledge
>> in the field considers it more than a "stop-gap" solution.
>
> You are simply flat WRONG!

There are plenty of articles from respectable commentators on the
inadequacies of the XP2 Firewall (links provided as examples only, not to
prove a point). Most comment on the lack of outbound monitoring. I'm aware
that some opine that spy checkers and anti-virus software should do the job
for outbound traffic but there seem to be a few varying points of view.

http://comment.zdnet.co.uk/other/0,39020682,39163267,00.htm

http://netsecurity.about.com/od/firewalls/a/aa081804b.htm

The jury still seems to be out overall.

--
Regards

John Waller

> Then there's something missing from your story OR you need a new
> "company that administers". I suspect the former.

Our workstations (all running XP Pro SP2 with Windows Firewall) and our
(single) server (running Windows SBS 2003) are all connected to a NetComm
1300 ADSL modem which has an inbuilt NAT router (but no SPI).

The modem connects to the Internet 24/7.

That's the story.

--
Regards

John Waller

"John Waller" > wrote in message
...
> >> No one with any knowledge
> >> in the field considers it more than a "stop-gap" solution.
> >
> > You are simply flat WRONG!
>
> There are plenty of articles from respectable commentators on the
> inadequacies of the XP2 Firewall (links provided as examples only, not to
> prove a point). Most comment on the lack of outbound monitoring.

Outgoing monitoring is unneeded with a good virus checker and spyware
checker.

"John Waller" > wrote in message
...
> > Then there's something missing from your story OR you need a new
> > "company that administers". I suspect the former.
>
> Our workstations (all running XP Pro SP2 with Windows Firewall) and our
> (single) server (running Windows SBS 2003)

SBS2003 is the firewall and that's the missing part.

> SBS2003 is the firewall and that's the missing part.

I see.

Thanks Ron.

--
Regards

John Waller

> Outgoing monitoring is unneeded with a good virus checker and spyware
> checker.

Fair enough. I have both.

All I'm saying is that, judging by their online articles, not all industry
pundits seem to have come to the same conclusion.

:-)

--
Regards

John Waller

"John Waller" > wrote in message
...
> > Outgoing monitoring is unneeded with a good virus checker and spyware
> > checker.
>
> Fair enough. I have both.
>
> All I'm saying is that, judging by their online articles, not all industry
> pundits seem to have come to the same conclusion.

But I and MS have and that is what is important<G>.

> But I and MS have and that is what is important<G>.

I can't argue with that ;-)

--
Regards

John Waller

>>But I and MS have and that is what is important<G>.
>
>
> I can't argue with that ;-)

[sticks finger down throat and gags]