OT: Windows XP Update Service Pack 1


I just figured that i would "warn" others about this. You can find my thoughts / experience about the subject by clicking on the link below. Sean
>

most recent Windows XP Update
sean
Tok20000: I've been checking my download speeds via the test provided at Toast.net on a somewhat regular basis since i hooked up my "super connection" ( cable modem ) two weeks ago. I've been averaging appr 1150K and was able to peak at 1650K on several occasions. Needless to say, what would normally be a "monster" of a download on my dial-up ( which averaged 46K - 52K ) is now a matter of seconds ( literally ).

I was also alerted to the fact that this type of connection drastically increases the potential for hackers to access your computer. This is due to the fact that you are always connected to the net ( so long as the puter is on, etc..). As such, i was directed to this website to check computer security. Luckily, i passed with flying colours although a few people that i've forwarded to that site said their puters failed miserably in terms of security and "hackability". I'm VERY glad of this as i've had hackers inside my puter before*, so it was good to see that my security programs are working. Sean
>

* The "hackers" happened to be someone that frequented both this forum and AA. I do not know who it was, but they intercepted some of my emails and played some TALL games by sending out "less than polite" responses to people that were trying to contact me via email. The only way that i found this out is that those same people contacted me shortly after that and wanted to know why i had said the things that i did in my previous emails. Needless to say, i had no idea as to what they were talking about since i had never even seen the initial email that the hackers had previously intercepted and downloaded off of the server. Talk about a mess and the potential for misunderstandings ( to say the least ). I'm just glad that the people that this happened to were pretty understanding and knew me better than to think i would do / say those things to them.
After posting the above, i followed my own links to see if they came up okay. As such, i ran my computer through the same tests that i had done earlier today. Here is a copy of what i posted in the same thread on AA:

Just for laughs, i just went to a website that i had visited a few times prior to installing the aforementioned Microshaft XP Service Pack 1. It is a site that checks / verifies the "security" of your puter i.e. checks to see if you have open ports, etc... Everything had always come up that i was in "stealth" mode, which was the highest security that you can have. After installing XP Service Pack 1, the same tests had shown that i was extremely vulnerable to attack and had several ports open. Just to make sure, i went back and ran the same tests over again. Needless to say, i got the same results i.e. reduced security, tons of open ports, etc... Obviously, that was not good.

So, once again and for the third time today, i went back and deleted XP Service Pack 1. After purging my computer of what is effectively a "Microshaft authorized virus" and re-booting, i flew over to the same website to check my security status. Lo and behold, i was back to being "fully protected" and operating in "stealth" mode.

As such, the obvious conclusion is that Microshaft's latest XP update is VERY undesirable. What was supposed to offer patches to repair previous problems and improve the security of your computer by reducing vulnerability to hackers had actually done just the opposite. XP Service Pack 1 actually increases vulnerability and basically opens your front door and waves the hackers in.

With that in mind, i would HIGHLY recommend that anyone that has installed XP Service Pack 1 to visit this site and check their vulnerability. It is a good idea to do this even if you aren't running XP or have yet to download Service Pack 1. For the record, Service Pack 2 does not create any problems so far as i can tell and it is still on my computer. Once again, i would like to hear from those of you that are willing to share your results of the testing. Sean
>

https://grc.com/x/ne.dll?bh0bkyd2
I downloaded (fast) and installed (slow) XP SP1 and following that my Sony VAIO refused to boot, endlessly cycling me through ScanDisk at startup. I ended up having to reinstall XP from CD using the Recovery Console. Obviously this is not a good upgrade.
I ordered the upgrade on disc from MSFT. Installation went fine and no problems. I too use a cable modem. I've been working with computers daily since the late seventies. Usually things go okay. Sometimes you're unlucky. I've used PCs as well as Apples and personally think Microsoft does a pretty decent job.

However, I am sorry about your problems, Sean. I know from many experiences in the past 25 years how frustrating it is when you've got a malfunctioning machine.

Brian
By the time I finished writing this, I realized it’s almost a novel… please excuse my verbosity and/or the “oversimplification” of some things, but I was only trying to make everything as clear as possible for everybody, and most of all, to help.

There are several issues discussed in this thread (looks more like a “Computergon” thread :)) and I’ll try to address them all. Here’s my $0.02:

Service pack 1 issues:

- I also had problems with its first installation, the most noticeable thing being an ugly decrease in the speed of my Internet connection. A possible cause for this are some registry settings in Windows, which regulate the networking capabilities of your system. IF this is the case, one can attempt to fix the problem by using Dr. TCP, (a freeware tweaking program). I say IF, because there’s no way to tell how exactly the installation of the service pack will affect each individual computer.
- Personally, I re-installed my entire system (OS, programs and all) and installed the service pack using the “Windows XP Service Pack 1 Network Installation”. It’s time consuming, but the safest way to go. Although it’s intended for “professionals” the program will work automatically (you don’t have to do anything). I would recommend this to anyone with a cable/DSL connection. It is a BIG download, but once you have the file, you can use it “locally”, meaning that the update is less prone to errors due to connection faults between you and the Windows update server. Plus, you can archive the file and use it again later.
- Also, note that the SP is rumored to purposely mess with systems that have – er, problems with the serial number (I heard something about a database of duplicate/multiple serial numbers being maintained by MS). This is just hearsay, but it may have something to do with OEM computers (with pre-installed operating systems) being treated as “clones?” – I’m not sure.

Security/hackers:

- Firewall: Windows XP has its own built-in firewall, which is good for entry-level protection. There are third party commercial firewalls available, which further enhance that protection. The site Sean mentioned recommends one of the best available such programs: Zone Alarm. The best part is that the program is free. Enhanced versions are also available for a fee. Zone Alarm works well, IF PROPERLY CONFIGURED. Most service reps from your ISP will say that it impedes the proper functioning of your connection – it is not true. In most cases, they are just trying to find a way out of their incompetence. (ex: you: “my connection is down” – rep: “are you using a firewall?” –“yes” rep: -“you must uninstall it-that’s why it’s not working”. Problem solved! – as far as he is concerned)
- Hackers: first, what’s an IP? Your IP (Internet Protocol) address is a unique number (pretty much like, say, your home street address) assigned to your computer in the “neighborhood” of your Internet Service Provider’s (short: ISP) network. IP’s can be static, i.e. always the same – which is the case with most cable connections, and dynamic (changing just about every time you connect to the ISP’s network – which is the case with most dialup connections.) The downside of one having a static IP is that the hackers always know where to find you (by analogy, a burglar would know your street address, as opposed to a “random” address you would have when checking in in various rooms of a hotel). If they don’t succeed in accessing your computer the first time, they can always come back later, and take their time, since it’s always on. If you post on Audio Asylum, your IP is listed in big, bold numbers above your entry. (under the title of the listing). It’s like: xxx.xxx.xxx.xxx (the number of x’s will vary). So if Sean posted something, they had an easy time finding his computer/address: it’s already there. The Asylum probably meant this feature to serve security purposes (to track down “misbehaving” inmates), but these addresses can also be used by malicious users. To forge an e-mail (to make it look like it comes from you) they need your e-mail address (must) name (probably) and your IP address (optional) – depending on the level of “authenticity” they want to fabricate. If they really intercepted e-mails addressed to you, they probably hacked either your computer or the mail server. Anyway, there are ways to find out where an e-mail REALLY comes from by looking at the message source. The idea is to track down the IP of the computer/network from which the e-mail actually originated (not what the hacked e-mail asserts). You can try and use SpamCop’s system (free subscription required) even though it was intended for somewhat different purposes; I’m sure there are other tracking systems on the Net, but I’m just too lazy to look them up now :). After you find THEIR IP address, the ball is in your court and there are several ways to go about it, depending on what you want to do. If you can persuade the hacker’s ISP that you have a real case of abuse, he may give you some details about their user. From this point everything becomes “legal” and “policy” stuff, so I’m not sure.

Service pack (again): A service pack is not much more than a collection of patches and updates. Most of these patches were individually available on the Windows update site before the release of the SP1. Once the number of patches reaches a threshold (I don’t know what the criteria are) they are packed together in a … service pack. (which can be released on CD). To the best of my knowledge, so far there is only a SP 1. Sean says something about SP 2 (?) Could be that “SP2” is a number of post – SP1 updates (they do exist) installed via the “Windows update” tool? Be that as it may, there ARE a few vulnerability issues. Some settings are restored to “default” after the update. For instance, the built-in firewall must be enabled manually after installing the OS, my guess is that the same happens after installing the updates. (I use Zone Alarm, so I don’t care much about that) Another good tool for privacy protection and the performance of the computer is the XP anti-spy. With this program, however, it’s mostly about what goes OUT of our computer, rather than about what comes in.

I hope this helps.