Understanding the future security of Windows SP2

[tabich]

I am a bit worried about the updates to Windows Update, I went and read the article you posted from winsupersite, and then went and read the applicable section of the microsoft paper.

In the article, someone is quoted as saying that the new Windows Update will be more in users faces. If something is in my users face, that means they are in my face, that is what as known as "a bad thing".

Presently we do not use the freely available Software update server(or whatever it is called, I forget) because we found that it did not work terribly well. In addition, configuring some clients to acces it was cumbersome at best and SMS is a hella lot a monaaay, we tend to use auto-update, or in certain cases, not, but someone checks the machine every time they have to go there to sort a users issue out(mostly for highly bitchy users). The article hints at a better Software Update server, but in my read of the relevant section of the whitepaper I see no mention of it, only the Windows Installer stuff, and no mention of the server component at all.

I suppose the new Windows Update will be configured to work well with SMS 2003, but, that is not an option for many organizations, mine included. A working, free or low cost local Windows Update Server really needs to happen if they are going to be more in the users face about patching. As I said, SMS is really not an option, the Current Software Update Server is nowhere near configurable enough as far as what patches are allowed and not. We have certain client machines and even servers that serve a specific purpose which cannot be automatically updated because a certain patch or Service Pack breaks them. Sure you can disallow certain patches with SUS, but that disallows it for everyone, not really a good thing.

So, I really hope they come out with a better version of SUS, cause having users in my face more often is definitely going to sour me even more than I already am.

[pooh sun tzu]

A few recent changes I want to bring to light:

- Updated Control Panel Icon : change - Icon change only

- Update Firewall General settings : change - minor layout adjustments

- Updated Firewall Ruleset Settings : change - layout and placement of menus along along with the new feature of choosing per ruleset of local use, or subnet only.

- Updated IE popup blocking - change - Show Information Bar when Popup is Blocked option avaliable now


And some more indepth changes, no images however (lost them in a recent format and forgot to backup)

Security Center

This is the control panel that helps handle the larger view of Windows security. Autochecking for an existing firewall, an existing virus scanner, and checking to see if automatic updates is turn on or not.

And not to worry, when you ask to turn on one of the security features, it gives you the choice to use their built in software or to let it know you shall be using your own. This is great news for admins, as it means they can keep their existing 3rd party software installed at the click of a button. While an AV solution is still not released yet, it gives the option to select that you have your own AV software already installed and would rather use that.

A nice check on the first startup after the SP2 install is the automatic update check. Running before Windows fully loads, it is a "in the face" reminder to all home users how important updating the OS is.

That's it for now. As I run across more I will post it. Sadly, I can not edit the origonal post without contacting an administrator due to it being over 1400+ minutes old. Hope this newest information helps solve some questions we had earlier!

[MrLinus]

Them links ain't working...

[pooh sun tzu]

Just barely lost my connection for a moment. Retest for me?

edit: links down for a moment, resetting compy one last time

[DeadAddict]

They seem to be working now. hmm that is strange They all work for me with no problems

[MrLinus]

Them links still ain't working...

Oh... nevermind.. I see them, albeit it a bit slow...

[pooh sun tzu]

Okay. Final reset. Server is back up. All permissions set. Should work perfectly now. Sorry about the wait, ISP was acting up.


On a side note, I don't know if I'm liking SP2 build 2082 as much as I did the previous beta release of SP2. Primarily because (and granted it is still beta), but it seems like a few features got fscked in the Security Center.

For instance, I have the new firewall up and running but the security center swears up and down that it isn't on. After some testing, I've learned that the outbound detection of the firewall has suddenly stopped working while the inbound works perfectly. Rulesets are all in place, all configurations are up to par... but for some reason it just won't detect. This isn't permenate of course, as the build before it worked perfectly. All in all, this newest beta looks better, but has a few glaring errors.

Almost tempted to go back to the previous release Let's hope they get these bugs fixed soon.

[Eonfire]

Windows is always going to be bashed about, partly due to users experience with it and partly because they are in the spotlight so much.

Isn't this the sole reason why Microsoft gets so much stick? I'm sure if the linux source code wasn't available and they where just as big as Microsoft they would be in the exact same position.

It's just a case of preferring the underdog in most cases as far as i can see, and i don't think i need to know much about security to say this.

[R0n1n]

Throwing in my 50 cents...

Yes Windows is bashed because of being in the spotlight, but a lot of power users bash it because it really isn`t very good. Speaking from my own experience, and I believe that is rather extenisve, Windows has show time and time again that its a good OS for the home user but just doesn`t perform well in a professional environment as the server backend. Yes its great in that it supports all the hardware in the world, and yes its got a nice GUI, but deep down it still has some big issues, and I`m not advocating Linux as the answer either. In a professional environment AIX, AS400 etc... all kick Wndows ass in reliability and performance, this is why Windows gets bashed, its touted as the ideal server environment but isn`t and when it performs poorly it deeply annoys us folks. It keeps trying to be all things to all users, and isn`t, it can`t be, not unless we really have differentiated products, Windows for servers, and Windows for home users.


This posting may be due to me having a very bad windows related day.......

[pooh sun tzu]

So I take it you have never tried Windows 2003 Server Edition?