The Active Network
ActiveWin Anonymous | Create a User | Reviews | News | Forums | Advertise | VBA in Excel | Users Online: 0  
 

User Controls

New User

Login

Edit/View My Profile

Active Network

ActiveMac

ActiveWin

ActiveXbox

DirectX

Downloads

FAQs

Interviews

MS Games & Hardware

Reviews

Rocky Bytes

Support Center

TopTechTips

Windows 2000

Windows Me

Windows Server 2003

Windows Vista

Windows XP

News Centers

Windows/Microsoft

Apple/Mac

Xbox/Xbox 360

News Search

XML/RSS Newsfeeds

Pocket PC Site

FAQ's

Windows Vista

Windows 98/98 SE

Windows 2000

Windows Me

Windows Server 2003

Windows XP

Windows 7

Windows 8

Internet Explorer 6

Internet Explorer 5

Xbox 360

Xbox

DirectX

DVD's

Latest Reviews

Xbox/Games

Fable 2

Applications

Windows Server 2008 R2

Windows 7

Adobe CS5 Master Collection

Hardware

Microsoft Express Mouse

Latest Interviews

Mike Swanson

Site News/Info

About This Site

Advertise

Affiliates

Contact Us

Default Home Page

Link To Us

neowin.net

Amazon.com

  *  

  Windows XP SP2 could break existing apps
Time: 09:55 EST/14:55 GMT | News Source: Computer Weekly | Posted By: Byron Hinson

Some software developers may find their applications no longer work on machines using Microsoft Service Pack 2 for Windows XP, which will be released later this year. Microsoft has made something of a trade-off with the update, focusing on security improvements at the expense of backward compatibility. The company has called on all software developers to test their code against the beta version of Service Pack 2, or face the possibility that the update will break their handiwork.
Read Only Comments
Return to News 		  Displaying Comments 1 through 7 of 7
   This is an archived static copy of ActiveWin.com.
#1 By 6859 (206.156.242.36) at Friday, March 05, 2004 10:46:49 AM
It's a worthwhile tradeoff.

#2 By 19992 (164.214.4.61) at Friday, March 05, 2004 02:09:55 PM
If I recall properly, several people on this site are beta testers for SP2. Assuming my memory is correct in this, has anyone here come across any applications that either no longer work or need to be updated to work in SP2?

#3 By 665 (198.51.49.2) at Friday, March 05, 2004 04:50:56 PM
Since I installed the SP2 beta (I have an MSDN subscription) I have had no problem with apps breaking.

#4 By 143 (68.73.154.188) at Friday, March 05, 2004 07:11:28 PM
People complain about the lack of security in XP
and now there complaining about improved security...

#5 By 6253 (24.1.206.27) at Saturday, March 06, 2004 12:13:00 AM
Lots of web sites which host file downloads and/or media files will break, due to the MIME Sniffing changes in IE. Today, many sites get away with having misconfigured MIME types. Half the webmasters (out of the ones who haven't been laid off yet) don't even know what a MIME type is, so forget about the problem getting fixed quick. The new behavior can be overriden on the client side via registry, but the new ADM files will not have a GPO for it, and it won't be exposed in the UI, so a lot of users will be puzzled and a lot of webmasters will be caught off guard. Everytime something like this happens, people "solve" their ignorance by saying, "Oh, don't use SP2. It screws stuff up."

That's why some of the other site-breaking features of IE, including the blocking of certain ActiveX controls which were not otherwise blocked before (this is a slightly different situation than the "do you want to install?" prompt), are explained to the user via the new Notification Bar. It's a pretty slick UI feature, but the simplified information given to end-users is not going to be enough for users to tell the web sites what's wrong. By the way, Microsoft's own Office Update control is blocked by default. You don't even get a prompt to tell you that it's signed by Microsoft and giving you a chance to let it be installed. Presumably, Microsoft will adjust the way their Office Update page is coded to avoid screwing themselves at release time.

And then there's "Local Machine Lockdown." Some people know that IE has always had a hidden security zone reserved for the local machine. There's even a reg hack which lets you make it visible and modify it. Starting with SP2, those modified settings won't do squat because the new Local Machine Lockdown policy will override it. Luckily, a new reg key lets you turn it off. Otherwise, apps which use web pages installed on the local hard drive that have complex scripting (often used for computer-based training and online help, but also occurring on developers' machines) can break. The great thing is that they break quietly. It's not like those Outlook security prompts which tell you that a script is trying to access the address book and do you want to allow it for 5 minutes. Nope, your stuff will just not work. It will sit there and do absolutely nothing. Remember the phrase "Local Machine Lockdown" because that's what you'll be Googling for, when the lights go out.

Speaking of developers, remote debugging in Microsoft's own development tools is clobbered by default. Of course, out of everybody with "developer" on their business cards, probably 1 out of 20 deserve it. The rest are going to be thrown for a loop when they want to step through their ASP page running on another machine, and they can't anymore. After scratching their heads for a few days, they will stop pretending to be Microsoft developers and start pretending to be Java or PHP developers. They'll understand even less, but they'll get new business cards.

You think that only web apps are affected? Wrong. Everything applied to IE is also applied to explorer.exe by default. This results in interesting stuff that you thought you would only see on Windows Server 2003, like prompts asking you whether you really want to run an exe file which is located on a network file share, after you double-click it, even though you're not accessing it through the browser and it wasn't downloaded from the web.

Already, a recent security patch has broken download manager type programs like Net Transport which assume Windows supports URLs with user:password embedded in them. Even though the patch has been widely publicized as critical, the number of people who have installed it is tiny, compared to the number who will eventually install SP2. Get ready to find out how many programs do stuff that you never expected.




#6 By 2138 (80.98.192.116) at Saturday, March 06, 2004 02:01:46 AM
Beta Testers for SP2 received an email form the beta site and it stated that the latest build is not considered beta but very stable. If beta testers are having problems just report it.

I have the same problem as with the last SP2 build; MSN Premium email features do not work 100% proplerly but with the refresh build it worked. So we just have to wait. This was the only problem that I encountered to date.

Robert...

#7 By 21203 (4.5.32.137) at Saturday, March 06, 2004 02:31:27 AM
As holdup stated, a lot of the things that potentially can be broken (or the stuff that appears broken at the moment) can be fixed through registry changes. Frankly I uphold that the changes should be even more difficult... or at least, emphasized more strongly against.

Frankly, I can see LazyAppVendor saying at SP2 release "My app doesn't work because of a security lockdown in SP2, run this registry hack, it'll fix it" and that hack will also invalidate every process utilizing that registry change.

Personally I'm very happy with the latest beta for SP2, and the technology behind it. If it breaks applications for the greater good, I'm all for it. It's nothing new in MS history -- win16 to win32, evil win32 coding (nt) to strict win32 coding (xp), the ISVs also have to grow and become more responsible for bad coding practices, and administrators need to be more responsible with MIME types, etc.

It speaks volumes to me that MS would block ActiveX by default. They aren't doing a half-ass solution here; it's about as secure as you can get on the XP platform without a ground-up rewrite (Longhorn).



 

   *  
  *   *
 
replica watches