Do I need SP2?

Given that I have regularly updated microsoft patches so far, do not use IE or outlook, and have my own firewall which seems to work well, do I need to waste time downloading the home user XP-update which I think is due out this week? I understand that it causes a lot of problems with certain programmes that use the internet.
The one reason I can think of to update now that it may cause problems with future security updates etc if I don’t.

I would say that if you can legally upgrade then to do so.
It’s true that there ar some issues with certain programs (Microsoft have a list including Unreal 2004, Norton Antivirus and Photoshop Elements.

It also affects certain P2P file-sharing applications but this can be fixed afterwards.

It has the all-new Windows firewall but that doesn’t change anything for you.

IE has a built-in pop-up blocker and I think that everything IE downloads asks for permission before it executes.

Wireless networking is a lot easier than before though I haven’t fully tested it yet.

One thing to keep in mind… even though you don’t use Internet Explorer and Outlook Express, components of those programs are still installed on your system and may be used by the OS or third party programs. In other words, you still have some vulnerability to IE and OE flaws.

If you’re patched up, and MS continues to release patches that don’t require SP2, you should be fairly safe and don’t need to rush to apply SP2. At some point, you’re probably going to need to have SP2 on there in order to continue receiving other patches, but wait and make sure your other programs won’t be affected first.

yes I think I will hang off for a month or two until everyone has released SP2 patches to their software

It’s got more options such as support and connection repair in the applet accessible by double clicking the system tray icon, and it also now reports in the system tray icon what stage of connectivity the wireless card is in (for example letting you know when it’s obtaining an IP address).

You can now also right click this icon and change the Windows XP firewall settings, which is a quicker way to get at them. You can also immediately disable the card by double clicking the system tray icon and hitting ‘disable’ which I don’t remember seeing prior to SP2.

Advice-wise for the OP, as long as the vulnerable software is still installed on your computer, I’d patch it with SP2. I haven’t used IE or Outlook (regular or Express) in years, and I patched.

You decide.

I’d wait a month.

SP-2… I never installed SP-1.

Didn’t see anything in SP-1 that would help me. I’ve run XP and IE every since XP came out.

Well now that SP2 is out there’s a good chance that future patchs will expect you to already have SP1 installed so you’ll probably have to do it some day.

It’s not actually a bad thing you know :slight_smile:

Service Pack 2 will not actually prevent any programs from working. If a particular program has issues interoperating with the XP firewall, you can create an exception for that program or disable the firewall. If a particular program gets caught by the buffer-overflow prevention, again, you can create an exception or turn that feature off. There’s no reason at all not to be running Service Pack 2.

I just installed SP2 and disabled the personal firewall (I’m already behind a firewall at work and at home). I haven’t had a single problem, and a few things actually seem to be slightly faster.

As one who’s responsible for supporting Windoze machines at work (and, unavoidably, for friends and family), running an unpatched XP system should be grounds for revocation of your keyboard operator’s license.

I wouldn’t go quite that far - IF you use a firewall program like ZoneAlarm and IF you’ve been religiously keeping current with Windows patches and IF you’ve been religiously keeping your Antivirus software uptodate and IF you already have a popup blocker (I like the free one in the Google toolbar), I see little point in being the first one on the block to run XP SP2. I will certainly be updating eventually, but I plan on waiting at least a month or two for the dust to settle first.

The largest advantage of Service Pack 2 as I see it is it’s prevention of buffer overflow attacks, which are the largest source of worms and Denial of Service attacks and which often appear before patches come out to address the issues. A firewall or virus scanner isn’t going to prevent a buffer overflow attack from running code of the attacker’s choice on your system. SP2 has advantages, and no real disadvantages. Why not install it?

Why not install it? Because it’s new. Might as well let others find out the problems instead of me, and make sure updates are available for any impacted software.

Also, for current computers, it only reduces (supposedly) buffer overflow attacks because of improved code in the OS. It is able to take advantage of a “No Execute” capability in up-and-coming processors to prevent code execution in memory areas that are supposed to contain data, but it’ll be a while before the processors themselves with that capability are prevalent in home computers.

List of programs which have problems under SP2.
Unpatched PCs last 20 minutes on the web before getting hacked.

(I stole the links from Una.)

I was a little surprised to see the “20 minute” figure when I first read that link (I would have thought it would take a little longer than that). However, it’s not really relevant to my point - go back to my message with all the IFs.

I’m going to bow out of this discussion - it’s almost a GD topic, and as long as one is careful about practicing “Safe Hex”, I see it as a matter of preference whether to go for the update now or wait a couple of months.