To SP2 or not to SP2?

Do you know enough that you should be saving file backups (logical) and making drive images (physical) to provide for recovery? Then if you don't like what happens after an install - of a service pack, application, or whatever - then you data is safe and you can restore back to just the way it was before.

Only security people that don't understand service packs don't install them. The SP2 is more than a security update, it includes many fixes that are needed for XP. The firewall gets the most press, but it's far from the only thing installed by SP2.

If your machine is already free of malware and is not more than 3 years old you should not experience any problems. If your machine is not free of malware then you need to get it cleaned before you install SP2.

While I agree with you on most issues, I:

1.- Don't care about privacy on my Windows box. Nor should anyone, it's seems to me just a false hope.

2.- I *do* backups.

So I happily installed SP-2 and enjoyed (?) it.

There are other security-improvements that you didn't list. Note that some of the most-recent "buffer-overflow" exploits do not affect computers running SP2 -- Microsoft proactively(!) fixed many potential exploits, by recompiling most of the source.

In addition, the pop-up blocker within IE does work, if you do use IE.

The "base" one works fine, for an "end-user" computer, i.e., one not part of a SOHO network. The updated firewall _is_ improved.

If you do get a virus/worm/trojan on your computer, it may exploit IE or OE or Outlook, unless you've patched them. Either way, your computer is still infected.

Disk-space is cheap!

Yes, it takes some space to download the SP file(s). When you run the file(s), they unpack to a "temporary" directory -- more space. It writes a backup of the about-to-be-changed files into an "uninstall" directory - more space.

When the install is complete, and you're happy with SP2, you can delete the above files, and reclaim the space.

As I said above, Microsoft has "proactively" patched many _potential_ exploits. All the updated/recompiled code makes the size of the download of SP2 larger.

Huh? Automatic updating is available in SP1. (My Computer -> right-mouse click -> Properties -> Automatic Updates tab)

Safer? Not in my opinion. To be safe:

• run a firewall, to block net-based attacks.

• run a _quality_ anti-virus product (
  formatting link
  ) to scan what you allow into your computer via E-mail attachments, malicious content on web-pages, P2P-content, USENET newsgroups, et cetera.

• practise "safe-computing".

• try the free Microsoft spyware-scanner (
  formatting link
  )

• update everything (WinAmp, putty, RealPlayer, AcrobatReader, WinZip) that you have chosen to install.

• apply SP2, and then allow Automatic Updates to download the post-SP2 fixes.

My $0.03 (CDN).

the problem is that if you turn off Windows firewall and use your own, the computer will keep pestering you about no firewall installed. I have Tiny running, but the system keeps pestering me becuase I have Windows firewall turned off, despite the fact that I have another firewall running.

You can tell the security center to stop pestering you about the firewall, you know.

If I didn't list them, its because I never found anything on them. That's why I posted this message. To my knowledge, Microsoft did not put out a list of what specific 'exploits' SP2 was designed to protect against. All I could find from them about SP2 is just general improvements made, much of what i mentioned here. If you know where I can obtain a list of such information concerning the specific exploits SP2 is supposed to protect against, I'd love to hear about it.

Well, why do you think I called it an "improved firewall"? I also mentioned the fact that improved or not, its still a lousy firewall compared to even the worst 3rd party firewalls. And I already happen to have the best, so as mentioned, this does nothing for me.

How do you figure, when you just quoted me as saying that I don't use IE, OE or Outlook?

Not on my hard drive it isn't, thank you very much.

The reason I'm asking about what SP2 does, is because I want to know if its worthwhile -before- installing it, so I can avoid having to go to all the fuss you just described (and more). I can very well know whether it's worthy my while if I know exactly all that it purports to fix or patch up. I'm sorry but simply running it is not going to tell me that. Not to imply that there's anything "simple" about installing this beast...

Haven't tried it yet, but I read somewhere that SP2 spells the death of SP1 updates. Are they the same updates for SP2 as SP1? It would seem not, since SP2 has functions and capabilities SP1 doesn't. It would also seem that if SP1 updates are still available, they won't be for too long, when MS finally manages to finish updating most people's machines for SP2. After all, the first thing the updates tell you when you have SP1 is to take the SP2 update!

So you're saying all those "potential exploit" patches and all the rest that SP2 does doesn't make you any safer? I guess that means you're advising me not to download it.

(BTW, there's a difference between "safe" and "safer"...).

So now you're advising me that I should take SP2?? And I still don't know why, because I don't have nearly enough information to make a judgement as to whether this service pack is worthwhile.

Did you already read:

Windows XP Service Pack 2

That is the consumer page. For the IT page, see:

Windows XP Service Pack 2: Resources for IT Professionals

Which has links to:

Security Information for Windows XP Service Pack 2

Features and Functionality in Windows XP Service Pack 2

If you have done the impossible, i.e., completely uninstalled IE and OE, then a virus on your computer would not be able to exploit IE and OE. Since you have them installed, a virus on your computer will be able to exploit the MAPI interfaces on your computer.

The 1980s are gone -- disk-space no longer costs $100 per gigabyte. Trim your mullet, and spend less than $100 and get over 100 gigabytes. Too easy?

On the computers I use, it was simple. Just a few clicks.

Windows Update answers your question. If you're stuck with XP RTM/Gold or XP/SP1, any "new" update (since August 2004, when SP2 was released) has been tagged by Microsoft, to indicate whether the patch is necessary (for SP1) or unnecessary (proactively fixed in SP2).

Define "too long". Microsoft recently announced the end-of-support for the "gold" version of XP, about 4 years after it became available. So, SP1 will continue to be supported for a "long" time.

All the released updates for Windows 98 are still available via Windows Update, almost seven years later. The current updates for XP will continue to be available via Windows Update for a "long" time.

I did not say that -- please don't put words into my mouth.

Your guess is incorrect.

I advise you to switch to Mac OS X, if you really want to be safe, to end your paranoia about Microsoft operating systems.