SP2 - Service Pack 2
Download from http://www.softwarepatch.com/windows/xpsp2.html
NEWS Flash : Microsoft Announces the end of all Support for SP1 on Oct 10, 2006 ! !
*** so if you plan on sticking with SP1 make sure to get all recent updates "before" Oct 10
Should I break down and install
SP2?
QUESTION:
I have XP Professional installed on my computer and now I keep getting the
message "Support for Windows XP SP1 ends October 10, 2006". I have held off
updating to SP2 because I have heard so many people have problems with it. Is
this true? And should I go ahead and update??? Need your advice soon! - Susan B.
ANSWER:
It's true that Microsoft has announced the end of support for XP SP1 and SP1a on
October 10 (end of support was originally scheduled for September 17, then
extended by Microsoft last January). This includes security updates. For this
reason, it's best for most users to upgrade to SP2.
It's also true that some people have reported problems and conflicts after
installing SP2; however, based on reports and our readers' mail, the instance of
problems was much lower than with SP1. There's now a very large knowledge base
dealing with SP2 upgrade problems on the Microsoft web site, and many of the
initial problems have been corrected in subsequent updates. You can find
troubleshooting help at
http://support.microsoft.com/default.aspx?pr=windowsxpsp2
Many reported problems occur because of the SP2 firewall. For information on how
to configure the Windows Firewall in SP2 to enable your programs to run, see
http://support.microsoft.com/kb/842242
SP2 contains a feature called Driver Protection that blocks the OS from loading
drivers that are known to cause problems. Fortunately the list is pretty small.
However, if you have unusual or old hardware peripherals or configurations, you
may encounter problems.
We recommend that you back up all important data to a network location or
removable drive before installing SP2. If SP2 doesn't install successfully, you
can recover the system and remove SP2 by following the instructions at
http://support.microsoft.com/kb/875355
BEFORE I said: *** ask yourself - "Do I need SP2 ?" if you cannot find a reason, then don't get it !! If it ain't broke, don't fix it !!
MUCH HAS CHANGED - now you really need to upgrade to SP2 !!! Because . . .
you need to use WGA to Validate and DL updates - many people are scared to DL the WGA tool. However, the update site will not let you get any updates until you DL WGA !!!
if you do DL WGA, and but you do not have SP2 installed,
even if you are able to use the Windows
Update site without Validation (via a crack), or even if you have a valid
copy of Windows - the only
upgrade it will list is SP2 !! So you really need to upgrade to SP2
using WinXP Pro SP1 you will not be able to install WMP11. So you really need to upgrade to SP2
you need WGA to be able to download updates, its a mandatory install !
More Reasons . . .
*** for Autopatcher to wor, you need SP2 - if you have a pirated version of Windows XP, or for whatever reason your system will not validate - you will NOT be able to get Microsoft patches and upgrades. If this is your case . . . then you should definitely upgrade to SP2, so that you can update Windows via the "Autopatcher" monthly updates, which does not use validation. Autopatcher is for WinXP SP2 only !!
- for detailed information - go to our Autopatcher page
*** You can ROLL BACK to SP1 if need be !!! There are two ways :
Control Panel Add/Remove Programs . . . remove Service Pack 2
use System Restore to go back to the previous state "before" you installed SP2
But Still - be Careful, especially if you have older, Legacy Hardware
*** be careful - especially with older cards, for which you may not be able to find drivers that work with SP2 for. For example, you may have a $1000 video capture card made in 1999, which works perfectly. Well, it may not work at all after you install SP2, so check with the manufacturer for updated drivers. If unsure but you want SP2 - go ahead and install it, then if it causes problems that you cannot bear - roll back to SP1 using the Control Panel Add/Remove Programs, or System Restore.
IMPORTANT
There have been many problems with SP2. However, for most systems and applications it is fine. The rule of thumb is - if you have older legacy stuff or a small hard drive, then it is better to keep your system at SP1. If your stuff is modern, then update to SP2.
Windows XP SP2 Spotlight - Tech Republic
IT Administrators Delay SP2 Rollouts - eWeek
PC World - Multiple SP2 Articles and Info
Microsoft released SP2 in August 2004. Like all Service Packs, it contains all previous updates and hot-fixes, and adds it's own updates as well. Here we discuss SP2's capabilities, how to install SP2, remove SP2, the SP2 Firewall, and what SP2 breaks !!
So far, the response to SP2 is mixed. Microsoft would have everyone use it ASAP, of course, and they back that up with their Top 10 Reasons to upgrade to SP2. The primary reason for SP2 is to finally fix all the hundreds of security holes that have plagued users !! So you would think that the new firewall is an absolute blockade - but it is not. The new MS firewall does a fair job at blocking incoming hacker attempts, and it does include every WinXP patch up to this time. BUT :
SP2 = SPace-hog 2
Here is something to be aware of: SP2 needs quite a bit of disk space (from 495MB to over 1.5GB, depending on various factors). For exact numbers in different situations, see MS kB article 837783:
Hard disk space requirements for Windows XP Service Pack 2
Here's what happened to one user, K.P.: "SP2 automatically decided to download onto my computer. And half way into the install It decided I had no more room on my hard drive. So it quit half way. All was fine until I rebooted, I got a fatal error message every time I booted up. So I had to reformat my hard drive!!! "
Downloading/Installing SP2
Microsoft recommends downloading it in one of two ways:
Removing SP2
Amazingly, unlike SP1, Internet Explorer, etc - SP2 is removable. Even more amazing, Microsoft does tell users how to remove SP2. Go Here for SP2 Removal Instructions
Blocking the Automatic SP2 Download Temporarily
So long as you do not select Automatic Updates to auto-install updates (the first choice in the diagram below) - then SP2 will not install until you approve of that, and select that option.
How to Turn OFF Automatic Updates but still be notified
Right click My Computer, Click Properties, Click Automatic Update tab
Select "Notify me but don't automatically download or install them" or
"Turn Off Automatic Updates"
NOTE: even if you have selected the following, "Notify me but don't automatically download or install them" - when you go to the Microsoft Windows Update site (the site has changed - the new site URL is http://v5.windowsupdate.microsoft.com/v5consumer/default.aspx?ln=en-us ) - it will give you a message that "Automatic Updates are Turned ON". Weird, but true:
The SP2 Microsoft Firewall
*** read this and then go to Microsoft's detailed SP2 Firewall configuration instructions
Unlike SP1, where the MS firewall was OFF by default - in SP2 it is ON by default. But many of us have our own personal firewall installed (BlackIce, Zone Alarm, etc.).
The Windows Firewall was formerly called the Internet Connection Firewall or ICF. SP2 installs a completely updated firewall that is different in a number of ways. First, as mentioned it is turned on by default for all network interfaces. To configure the firewall, use the Security Center in Control Panel or the Windows Firewall Control Panel applet. On the General tab, you can select to turn the firewall off. This is not recommended unless your computer is protected by another firewall.
On the Advanced tab, you can select for which connections (network interfaces) the firewall is enabled. This is useful if you want to enable the firewall for a particular connection (for example, a cable modem connection to the Internet) but not for another (for example, your local area network connection).
If you have an existing Firewall (Zone Alarm, Black Ice, etc.) and are happy with it - disable the Microsoft Firewall - do not leave both Firewalls enabled !!
If you leave the firewall on, you might need to configure exceptions to allow desired programs and services to send information through the firewall. On the Exceptions tab, you can define desired traffic either by the application name or by the TCP or UDP port it uses. When you add a program or port, you can click the Change Scope button to specify whether the exception should apply to traffic coming from all computers (including those on the Internet), just from computers on your local network, or a custom list of computers (by IP address).
What SP2 Breaks
As we all feared - many programs have problems running after SP2 is installed. Here is the Microsoft article kB 842242 which describes some of them. The page is growing rapidly, as more and more problems are being reported !! http://support.microsoft.com/default.aspx?kbid=842242&product=windowsxpsp2
Beyond those programs - here are some others and the fixes:
Outlook Express - blocks pics in your HTML Emails
After installing SP2, by default SP2 now blocks remote images in HTML e-mail. Why? Because remote images are picture files that are stored on someone else's server and downloaded when you open the message. These can include unwanted pornographic images. But of course, you may want to make that choice for yourself, and you will see there is an option that you can click to reveal them. But there is no way to simply see them without having to click that each time.
Device drivers known to cause instability in Windows XP Service Pack 2
The Driver Protection feature helps protect operating system stability by preventing the operating system from loading drivers that are known to cause stability problems. Drivers that are known to cause stability problems are listed in the Driver Protection List database that is included with Windows XP. Driver Protection checks this database to determine whether to load a driver in Windows XP. The following device drivers are known to cause instability in Windows XP SP2 and have been added to the Windows XP Driver Protection List (for the latest list, visit the MS Protected Drivers page):| Application/Driver | Vendor | Driver Binary | Match Criteria |
|---|---|---|---|
| Security Services and AV Driver | Command Software | CSS-DVP.SYS | Product Version: 4.90.4.40123 and |
| SMSC LPC Memory Stick Host Controller | Sony | Smscms.sys | Link Date: 09/02/2003 19:07:48 |
| Windows CE Emulator | Microsoft | VPCAppSv.sys | Product Version: 6.13.10.2149 and system is running in PAE or NX mode |
| Virtual PC | Connectix | VPCAppSv.sys | Product Version: 4.x and system is running in PAE or NX mode |
Bluetooth keyboard or mouse doesn't work on SP2 computer
*** also see http://support.microsoft.com/default.aspx?scid=kb;en-us;873154&Product=winxp If you've installed Service Pack 2 and then you connect a Bluetooth keyboard
or mouse, XP won't detect them when you start the computer. Cause 1 - Bluetooth stack requires Initial Configuration to be done with
Wired Keyboard & Mouse This is actually a
security feature, to prevent others from using Bluetooth devices to access your
system. You'll need to configure the Bluetooth devices first (which means you'll
need to temporarily connect a wired keyboard/mouse). This issue occurs if
your Bluetooth adapter is enabled for the Microsoft Bluetooth stack in Microsoft
Windows XP Service Pack 2 (SP2). The Microsoft Bluetooth stack that is
included in Windows XP SP2 does not let Bluetooth devices function until after
you configure and pair the devices in Windows. This requirement helps prevent
unauthorized access to your computer. When you connect the Bluetooth devices and
then start the computer, the following behavior occurs: When the computer starts, but before the Microsoft Bluetooth stack loads,
the Bluetooth devices operate in Human Interface Device (HID) mode or by
emulating a universal serial bus (USB) device. When the Microsoft
Bluetooth stack loads, it disables HID mode or USB emulation for the Bluetooth
devices. The Bluetooth stack in Windows XP SP2 is designed to help
prevent a Bluetooth device from connecting until you explicitly configure that
device. This requirement helps prevent unauthorized access to your computer
through a Bluetooth device. You must connect a wired keyboard and mouse to the computer to install
Windows when Windows XP SP2 is integrated with the Windows XP installation
media. (This installation is also known as a slipstream service pack
installation.) When you install Windows XP by integrating the Windows XP SP2
service pack with the Windows XP installation media, Windows does not detect a
Bluetooth mouse or a Bluetooth keyboard during the graphical user interface
(GUI) mode part of the Setup program. Therefore, you cannot complete the
Windows installation or log on to Windows by using a Bluetooth mouse or a
Bluetooth keyboard. The Fix - to resolve this issue, connect a wired keyboard and mouse to
your computer to configure the Bluetooth devices. Cause 2 - Discovery Option is Turned OFF This problem may occur if the discovery option is turned off on a Windows
XP Service Pack 2-based computer that has Bluetooth support. By default, the
discovery option is turned off so that the Windows XP-based computer cannot be
discovered by a Bluetooth-connected device without your knowledge or
consent. To work around this problem, you must turn on the discovery
option in Bluetooth on Windows XP Service Pack 2. To do this, follow these
steps: Bluetooth devices can now discover and connect to your Windows XP SP2-based
computer. Important - turn on discovery only when you want a Bluetooth device
to find your computer. After the device has been added or bonded with your
computer, discovery is no longer required. You can turn it off to help protect
your privacy.
Here's a problem that's sure to come up often after SP2 is released: some systems - those whose processors have the NX (no execute) page protection feature enabled - will not let you install the popular Paint Shop Pro 8 graphics program after you install SP2. Currently, this applies to the AMD Opteron (32 and 64 bit) and the AMD Athlon64. What's up with that? Luckily, there's a fairly easy workaround, which you'll find in MS KB article 873176. http://support.microsoft.com/default.aspx?scid=kb;en-us;873176&Product=winxp
NetZero Closes Unexpectedly When You Start it in XP SP2
Uh-oh. Another SP2 problem (don't say we didn't warn you that SP2 can be
expected to break some program): after you install SP2 and then try to open
NetZero, you may get a message that says "NetZero has encountered a problem
and needs to close." Unfortunately, you're going to need an updated version
of the NetZero software to fix this one. Check their Web site (www.netzero.com)
for availability. The problem is documented in MS KB article 870907.
http://support.microsoft.com/default.aspx?scid=kb;en-us;870907&Product=winxp
SP2 NAT Conflict with L2TP/IPsec - and the Fix
ZDNet News reports that SP2 "undoes" the NAT Traversal (NAT-T), which made it possible to use L2TP/IPSec VPNs with servers that use Network Address Translation (NAT).
You can fix this by editing the Registry (see the box below).
SP2 can cause a loss of network connectivity for workstations that use Microsoft’s L2TP-based virtual private networking (VPN) client to connect to servers that are connected to NAT-based networks (explained below). Based on an SP2 design decision, Microsoft refers to the anomaly as an expected change to the default behavior of Windows XP, which, prior to the update, allowed for L2TP-based connectivity to NAT-based servers.
After confirming ZDNet’s tests which show how updating to SP2 negatively impacted L2TP-based VPN connectivity with NAT’d servers (essentially undoing the NAT-T patch), Mitchell said that Microsoft will add a document to its on-line knowledge base within the next couple of weeks that explains how to reset Windows XP to its pre-SP2 default behavior and the risks associated with that change.
The configuration change, which worked as advertised in our tests, requires the addition of a new key to Windows XP registry. According to Mitchell, the registry key that must be added is as follows (without the brackets):
The SP2 L2TP/IPsec Loss of Connectivity Fix:
[HKLM\System\CurrentControlSet\Services\IPSec\AssumeUDPEncapsulationContextOnSendRule = REG_DWORD]. SP2 resets this value to 0, which causes loss of connection to the VPN. To fix this, all you have to do it set the value to 2. There are actually three possible values, as follows:
0 - resets the behavior to Default SP2
1 - will only enable a Client with a public (i.e.non-NAT’d) address to connect to a NAT’d server
2 - enables both public and NAT’d clients to connect to a NAT’d server. The value of “2” is equal to the pre-SP2 behavior.
The key can be entered into the registry by a system’s user. But the preferred way is to push the change to the users who need it with Active Directory scripts or a third-party systems management tool.
In our discussions with Microsoft, officials were careful not to articulate this as a fix, nor the risks that go with it as a vulnerability. The risks, according to Mitchell, aren’t exactly known, which is why, in the name of security, Mitchell said he made the decision to change the default to a behavior that errs on the side of caution.
According to Microsoft, NAT introduces an additional layer of uncertainty (beyond that which is already there with non-NAT’d networks) over the fate of packets that are destined for a server connection that may have timed out. In L2TP-based VPN situations, the fate of such packets is largely irrelevant since their payload is encrypted (based on PKI, only the targeted system can decrypt them). Despite the irrelevance of that scenario, Mitchell claimed there are other scenarios that caused Microsoft to play it safe. Though Mitchell claims that such a scenario has never historically revealed a vulnerability, one of those scenarios has to do with unencrypted payload-bearing IPsec connections and the fate of packets when such a connection times out.
NAT stands for Network Address Translation (NAT) and is present in virtually all home networks where the various workstations share a single IP address through a DSL modem-based connection using a residential gateway. To external systems, such as Web servers, all systems on NAT-based network have the same IP address--the one that is shared. When a system which is external to a NAT-based network (such as a Web server on the Internet) responds to a request from the shared IP address, NAT is the technology that figures out which of the systems sharing that IP address made the request, and routes to-and-fro traffic appropriately. Though it’s not common, Microsoft acknowledges that there are businesses which put VPN servers on NAT-based networks (informally referred to as “NAT’d” servers). It is in this scenario certain Windows XP workstations will lose their VPN connectivity once SP2 is applied. First hand reports of the problem are also beginning to surface in certain Internet forums.
The problem will primarily affect telecommuters and road warriors who occasionally work from home and whose machines are configured to connect to a VPN with L2TP.
In part due to its relationship to the IPsec protocol, L2TP (otherwise known as Layer 2 Tunneling Protocol) is a more secure VPN protocol than is Microsoft’s Point-to-Point Tunneling Protocol (PPTP), which is commonly used for VPN connectivity. As its name suggests, L2TP can support Layer 2 (and higher) connections, which makes it appropriate for WAN connections that require the support of non-routable protocols. PPTP is a Microsoft-specific VPN technology that’s not supported by the default configuration of some enterprise firewalls, whereas L2TP is an IETF standard (as is IPsec) that is more widely supported.
One reason that L2TP is looked upon as being more secure has to do with how authentication is not a pre-requisite for encrypted communications. With L2TP, the authentication process itself is protected by an encrypted tunnel--whereas, the same process via PPTP is considered less secure. Many companies that want a standard, vendor-neutral VPN protocol and secure networks while allowing access from outside the firewalls, will only permit L2TP VPNs as opposed to less secure PPTP connections. The differences between L2TP and PPTP are more thoroughly fleshed out in a document on Microsoft’s Web site. In a telephone interview, Microsoft’s Windows Network program manager Chris Mitchell told ZDNet that, as a VPN protocol, Microsoft considers PPTP to be non-strategic.
NAT-based networks haven’t always played well with L2TP and IPsec-based VPNs. In response, Microsoft has issued updates to “to enhance the current functionality of the Layer Two Tunneling Protocol (L2TP) and Internet Protocol security (IPSec) on computers that are running Windows XP or Windows 2000,” according to one update page on Microsoft’s Web site. This feature is commonly referred to as the “NAT-T” or “NAT Traversal” patch, which makes IPSec and L2TP play nice with NAT.