Windows & .NET Magazine UPDATE--Windows XP SP2: Round and Round It Goes, Where It Stops, Nobody Knows--May 4, 2004

This Issue Sponsored By

Announcing the Mobility Road Show;7813145;9026133;e?

Exchange & Outlook Administrator


1. Commentary: Windows XP SP2: Round and Round It Goes, Where It Stops, Nobody Knows

2. Hot Off the Press
- New Worm Threatens to Be the Next Slammer

3. Resources
- Featured Thread: Which User Is Logged On to a Specific Machine?
- Tip: How can I create an Active Directory Service (ADS) set?

4. New and Improved
- Eliminate File-System Bottlenecks
- Tell Us About a Hot Product and Get a T-Shirt!

==== Sponsor: Announcing the Mobility Road Show ====

Learn how mobile computing can help make your employees more productive at the Mobility Road Show, a complimentary three-hour event presented by industry leaders Microsoft and Intel. You'll get hands-on experience with the latest hardware, learn how to implement mobile solutions for your business, and get the chance to win valuable prizes, including a new Tablet PC. Coming soon to a city near you. Click here to register.;7813145;9026133;e?


==== 1. Commentary: Windows XP SP2: Round and Round It Goes, Where It Stops, Nobody Knows ====
by Paul Thurrott, News Editor, [email protected]

Despite continued improvements catching and fixing bugs, Microsoft's software products continue to be the favored targets of intruders, and their terrorist-like attacks continue to hammer away at Microsoft's credibility. In the past few weeks alone, Microsoft issued a controversial and massive set of security fixes, delayed the security-oriented Windows XP Service Pack 2 (SP2) release from mid-2004 to late summer 2004, and watched as malicious hackers launched an electronic worm attack last week that exploited one of the vulnerabilities the company had just patched. That worm is expected to affect millions of users, although its payload, thankfully, doesn't delete data. If you're faced with the unenviable task of administering Windows systems and figured you had some breathing room, think again. Make no mistake, we're officially in quagmire territory now.

Of the above-mentioned troubles, I believe the constant XP SP2 delays are the most problematic. Despite potential compatibility concerns that will likely affect a significant portion of the computer-using populace, XP SP2 finally gives XP users the automated functionality and tools they need to keep their systems--and their personal information and data--reasonably safe from attack. The problem is that Microsoft has been building up XP SP2 as a security panacea for months, and now that the late June rollout date is a suddenly distant memory, this product might as well be Longhorn. Security is going to be better in the future--but we need it to be better now.

This week's worm attack is proof enough. Dubbed Sasser, the worm spreads automatically across the Internet and doesn't require unknowing users to manually email it, trigger it by opening an email attachment, or perform some other overt action. Sasser exploits one of the many security vulnerabilities Microsoft fixed in April's monthly security fix release, so users of Automatic Updates or enterprises that allow critical updates through Software Update Services (SUS) or Microsoft Systems Management Server (SMS) will be protected. But millions of XP (and Windows Server 2003 and Windows 2000) systems remain vulnerable. If XP SP2 were available today, the update would have prevented Sasser from becoming yet another XP epidemic.

XP SP2 could have prevented such attacks because it enables the Windows Firewall by default. Had the company taken this simple, more secure step with the original XP release's Internet Connection Firewall (ICF), the predecessor of Windows Firewall, we wouldn't be having this discussion today. But bowing to compatibility complaints from its customers and partners, Microsoft shipped XP with ICF disabled. Smart.

Not coincidentally, the recent delay in the release of XP SP2 is because of compatibility problems, and customer education will be key to getting this update installed on as many XP systems as possible, as quickly as possible. In my own experience with XP SP2 Release Candidate 1 (RC1), I've encountered a few snags that will likely be representative of the problems the wider user base will face whenever SP2 does ship.

The first problem I encountered was that XP SP2 machines can't print to my network print server. I purchased a small, inexpensive NETGEAR print server, which lets you attach a parallel- or USB-based printer directly to the network. This setup lets you print to the printer from any machine on the network. Unlike some similar print servers, however, the NETGEAR device requires that you install a client utility. And unlike the Hawking Technology print server I've also tested, the NETGEAR print server refuses to work with SP2. I did a bit of testing and discovered that it also doesn't work with XP SP1 and later if ICF is enabled, so clearly the problem is a firewall issue. I haven't solved the problem yet; I have to temporarily disable the firewall just to print. It's not an elegant solution.

Another problem I ran across is that the safer new Microsoft Internet Explorer (IE) version that's included in SP2 recently prevented me from downloading an eBook from an e-commerce Web site because the site used an ActiveX control. No amount of fiddling with IE's security settings--or even selecting the "Allow downloading from this page" option from the new IE Information Bar--worked, so I eventually gave up and downloaded the eBook from an XP SP1 machine, which worked fine, go figure. But using an earlier OS version won't be an option for a lot of people. In enterprises that use such controls for more mission critical work than downloading an eBook, this behavior is going to be problematic.

These problems aside, I still strongly recommend that all XP users download, test, and then deploy XP SP2 as soon as they can. This release will go a long way toward protecting users from malicious attacks and supply a baseline of security functionality that's much higher than the crippled original release of XP.

I'm often asked whether Win2K will be supported by a similar set of security enhancements. The answer is yes, though I have few details at this time. Microsoft originally developed the security updates in XP SP2 under the code name Springboard because these enhancements were initially planned for Longhorn, the next major Windows release. Microsoft will also ship Springboard enhancements in Windows 2003 SP1--due in late 2004--and in Win2K SP5. I don't know when SP5 is due, but I do know that it won't ship until after Windows 2003 SP1. And I don't know which features, specifically, Microsoft will add to that release, though the company has publicly stated that Windows 2003 SP1 will get the Springboard features from XP SP2 that make sense in a server release.

Like you, I want to know how Microsoft plans to protect non-XP users. And as I write this, I'm on a plane heading to Seattle for Windows Hardware Engineering Conference (WinHEC) 2004, so I'll be speaking with Microsoft representatives this week. I can't guarantee that I'll discover the plans for Win2K SP5 this week, but I promise to keep asking.


==== Sponsor: Exchange & Outlook Administrator ====

Try a Sample Issue of Exchange & Outlook Administrator!
If you haven't seen Exchange & Outlook Administrator, you're missing out on key information that will go a long way towards preventing serious messaging problems and downtime. Request a sample issue today, and discover tools you won't find anywhere else to help you migrate, optimize, administer, and secure Exchange and Outlook. Order now!


==== 2. Hot Off the Press ====
by Paul Thurrott, [email protected]

New Worm Threatens to Be the Next Slammer
A new Internet worm that exploits a software vulnerability revealed in Microsoft's April 2004 monthly security patch is threatening to become the next high-volume attack on Windows-based systems. Security experts warn that the Sasser worm could affect millions of Windows computers by the time it peaks sometime Monday because these types of attacks typically pick up steam when the workweek begins. For the complete story, visit the following URL:

==== Announcements ====
(from Windows & .NET Magazine and its partners)

Get 2 Free Sample Issues of SQL Server Magazine!
SQL Server Magazine is a useful resource loaded with relevant information covering database modeling and design, performance tuning, security, ADO.NET, ASP.NET, XML, and the latest topics that SQL Server developers, administrators, and business-intelligence architects need to know. Try two (no-risk) sample issues today, and discover the timesaving qualities the magazine has to offer. Order now:

Small Servers for Small Businesses Web Seminar
Today a small business can be as agile as a large business by understanding which technology can be leveraged to create a centralized server environment. In this free Web seminar, you'll learn the perils of peer-to-peer file sharing, backup and recovery, migration from desktop to servers, and Small Business Server basics. Register now!

~~~~ Hot Release: (Advertisement) Aelita

Free Message-level Exchange Recovery White Paper
In this paper, experts outline the need for message-level recovery, as well as the pros and cons of four options for getting the job done in your environment. When evaluating options, you should consider the cost, effort required to implement and time to recover – add it up to find your best solution. Register for this message-level Exchange recovery white paper today!;8021026;7402808;z?

==== Instant Poll ====

Results of Previous Poll: Tablet PC Features
The voting has closed in Windows & .NET Magazine's nonscientific Instant Poll for the question, "What is the most important feature of a Tablet PC?" Here are the results from the 155 votes:
- 40% Portability
- 32% Battery life
- 21% Performance
- 8% Other

(Deviations from 100 percent are due to rounding error.)

New Instant Poll: Sasser Exploit
The next Instant Poll question is, "Has your organization installed the patch that prevents the Sasser worm from invading your systems?" Go to the Windows & .NET Magazine home page and submit your vote for a) Yes, b) No, or c) I don't know.

==== 3. Resources ====

Featured Thread: Which User Is Logged On to a Specific Machine?
Forum user Hamid wants to know whether a command exists that will let him determine which user is logged on to a machine within a Windows Server 2003/Windows 2000 environment. If you can help, join the discussion at the following URL:

Tip: How can I create an Active Directory Service (ADS) set?
by John Savill,

Although you can perform all ADS functions on individual computers, you might want to perform an action on a predefined group--or set--of machines. ADS sets let you create a group of servers (which can include other existing sets, to form a hierarchy), and that group can then be the target of actions or deployments that you want to perform. To create a set, perform the following steps: 1. Start the Microsoft Management Console (MMC) ADS Management snap-in (click Start, Programs, Microsoft ADS, ADS Management). 2. Select the Sets branch from the window's treeview pane. 3. Right-click Sets and select New Set from the context menu. 4. You'll see the New Set dialog box, which the figure at shows. Enter a name for the new set and, optionally, a description. 5. Select from the list of available devices the devices you want to include in the set, then click Add. 6. From the list of available sets, select the sets you want to include in the new set, then click Add. 7. When you're finished, click OK.

==== Events Central ====
(A complete Web and live events directory brought to you by Windows & .NET Magazine: )

Popular Web Seminar--The Spam Problem Solved: Hensel Phelps Construction Company Case Study
Find out how Hensel Phelps Construction, a multibillion-dollar national contractor, has implemented a multilayered antispam solution to increase user productivity and decrease the burden on IT staff resources, infrastructure, and budget. Sign up now for this free Web seminar!

==== 4. New and Improved ====
by Carolyn Mader, [email protected]

Eliminate File-System Bottlenecks
Winternals Software released Defrag Manager 2.5, an enterprise defragmentation solution that can eliminate file-system bottlenecks throughout your IT infrastructure. The new version features SmartPhase, a reengineered, multiphase defragmentation engine that achieves new levels of speed. The new engine also accomplishes more thorough free space consolidation to ensure less workload on subsequent defragmentation runs. Defrag Manager remotely schedules, deploys, monitors, and controls defragmentation throughout any Windows network from one console, without any manual installation on client systems. For pricing, contact Winternals Software at 512-330-9130 or 800-408-8415.

Tell Us About a Hot Product and Get a T-Shirt!
Have you used a product that changed your IT experience by saving you time or easing your daily burden? Tell us about the product, and we'll send you a Windows & .NET Magazine T-shirt if we write about the product in a future Windows & .NET Magazine What's Hot column. Send your product suggestions with information about how the product has helped you to [email protected]

==== Sponsored Links ====

Comparison Paper: The Argent Guardian Easily Beats Out MOM;6480843;8214395;q?

Microsoft(R) TechNet
Microsoft(R) TechNet Webcasts: essential guidance, industry experts;7759917;8214395;c?


==== Contact Us ====

About the newsletter -- [email protected]
About technical questions --
About product news -- [email protected]
About your subscription -- [email protected]
About sponsoring UPDATE -- [email protected]


==== Contact Our Sponsors ====

Primary Sponsor:
Microsoft(R) --

Hot Release:
Aelita Software -- -- 1-800-263-0036


This email newsletter is brought to you by Windows & .NET Magazine, the leading publication for IT professionals deploying Windows and related technologies. Subscribe today.

View the Windows & .NET Magazine Privacy policy at Windows & .NET Magazine a division of Penton Media, Inc. 221 East 29th Street, Loveland, CO 80538, Attention: Customer Service Department Copyright 2004, Penton Media, Inc. All Rights Reserved.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.