Windows XP SP 2...sucks!

Status
Not open for further replies.
dem said:
Something executed with administrative rights can screw up your os? What a shock...
Click to expand...

What about the millions of people that start up Windows XP and just go with making one account (administrator, by default)?

You can't account for that.
 
I swear... The Federal Goverment is a big mess when it comes to IT and security. I work on a Federal facility that employs almost 30,000 locally. Just found out that SP2 was already rolled out, now they're applying patches like crazy.

Idiots.
 
dem said:
Something executed with administrative rights can screw up your os? What a shock...
Click to expand...
Windows programs aren't usually designed with a strict user/admin seperation in mind. Single-user DOS/Win9x mentality prevails.
 
Hitokage said:
Windows programs aren't usually designed with a strict user/admin seperation in mind. Single-user DOS/Win9x mentality prevails.
Click to expand...

This is a problem that goes deeper than microsoft's ability to fix in any reasonable but fast way. For what it's worth, it is changing, especially with the MSInstaller making it plain how to do it, and stuff like InstallShield being sane about it. Most new software should be perfectly usable in reduced privileges.
 
My WinFastPVR mutes the whole system

ADSL connection problems

Windows were crushing all the time when I installed SP2 on top of SP1. I had to format.

Obviously Microsoft is a retarded company.
 
Looks like my "I'll wait a few months for the bugs to be worked out" might turn into "Maybe I'll skip SP2 all together". :P
 
The one mitigating factor that we found is that to change the WMI, and spoof the Security Center, the script has to be running in Administrator mode.
Click to expand...

That's just silly. If a virus wanted to screw with you, and you're running as admin, it would be more effective to just install a rootkit instead of screwing with WMI to hide itself.

Running as admin means as soon as you run ANYTHING you don't trust, you're machine is owned.

No OS can prevent admins from doing whatever they want to the machine.

So don't run as admin. It's perfectly doable on Windows.

If some programs don't work, bitch at those developers to fix them. You can use "Run As..." as well to elevate some programs to admin level, but leave yourself logged in as a regular user. (Hold down the shift key and right click on an icon.)

Some people are really grasping at straws here. It's like saying "OMG IF YOU RUN TEH LINUX AS ROOT I CAN TRICK YOU INTO RUNING A TROJAN THAT WILL CORREPT /etc!!!1OMG!!"
 
Our school sent out a mass e-mail advising us NOT to install SP2, despite its usual insistance on on-campus residents downloading any sort of update ASAP. Pretty much said it was too buggy for their liking when combined with the network.
 
aaaaa0 said:
That's just silly. If a virus wanted to screw with you, and you're running as admin, it would be more effective to just install a rootkit instead of screwing with WMI to hide itself.
Click to expand...

Hah, exactly.

And anyone thinking of skipping out on sp2 because of new ways to pwn you when you're running as Admin, when there are already infinite ways, is asking to get haxed as they're left behind on other security issues.
 
maharg said:
Hah, exactly.

And anyone thinking of skipping out on sp2 because of new ways to pwn you when you're running as Admin, when there are already infinite ways, is asking to get haxed as they're left behind on other security issues.
Click to expand...
Don't you think that perhaps the hackers have moved on to try and exploit SP2? It's a shitty world.. but they like a challenge.
 
pestul said:
Don't you think that perhaps the hackers have moved on to try and exploit SP2? It's a shitty world.. but they like a challenge.
Click to expand...

Um, so? Do you avoid locking your door because the thieves have figured out how to pick locks?
 
The whole Administrator vs. User issue is not just an issue for MS.

The same people who want to have Windows auto-login for them, are going to want to log-out and re-login to do tasks like installing software? Do you think they will run as Admin the first time they plug in a digital camera and wonder why the setup CD can't recognize the new device?

And, to be honest, what is more important to a user - system files being tampered with or an exploit that runs within the boundaries of user space and deletes all their word docs and spreadsheets?
 
skinnyrattler said:
Wait, what's the problem with creating only one account on XP? Don't haxxor me...please.
Click to expand...

Ideally, you set-up two users. One with Administrative permissions to be able to install software and make system changes. The other user is for normal usage - browsing the web, writing docs, email, etc - this account should only belong to the "users" or "power users" security groups.

This way, if you run into something that infects your computer, it should only do as much harm as permissions allow for the user account in use.
 
CaptainABAB said:
And, to be honest, what is more important to a user - system files being tampered with or an exploit that runs within the boundaries of user space and deletes all their word docs and spreadsheets?
Click to expand...

Depends on the goal of the attacker.

The vast majority of attacks today are ones where the attacker is interested in using the owned machine to attack another machine.

If the attacker is trapped in a non-administrative user, the attacker can't load a driver, can't wipe the security logs, can't spoof packets, can't use raw sockets, etc.

It also means the machine is more likely to be safely disinfected without a complete reinstall.
 
DaCocoBrova said:
I swear... The Federal Goverment is a big mess when it comes to IT and security. I work on a Federal facility that employs almost 30,000 locally. Just found out that SP2 was already rolled out, now they're applying patches like crazy.

Idiots.
Click to expand...

We haven't rolled it out (I work for a college), we are in the process of testing it on the 20 or so different machine models we have and throughly testing it with a benchmarking tool.
 
DaCocoBrova said:
I swear... The Federal Goverment is a big mess when it comes to IT and security. I work on a Federal facility that employs almost 30,000 locally. Just found out that SP2 was already rolled out, now they're applying patches like crazy.

Idiots.
Click to expand...
Needless to say, local governments ususally aren't much better. i worked in the finance department of a major county government office and found a way to browse user accounts without passwords through a major security flaw in the old version of Novell we were using. i eventually got access to upper management's passwords and even logged into their email via the web mail interface. i didn't change anything, but i was shocked at how easy it was, especially when there were so many highly-touted security features in place.
 
Since installing SP2, my DVD/CD burner and floppy drives don't seem to write files properly. I deleted files from a floppy with it, and added new ones, and on another machine the old files were still on it without the added ones. Similarly, CDs I burn with it now aren't recognised by other machines :(
 
Status
Not open for further replies.

Similar threads

My timeline sucks!
36
504
L*][*N*K replied
Packing fucking sucks
Opinion Cringe 
23
657
Dacvak replied
Moving sucks
6
675
ClanOfNone replied
Getting old sucks.
2
83
5K
LaughingStock replied
Quitting nicotine sucks
2
65
4K
Hotel Security replied
Top Bottom