I got it via BitTorrent. No problems to report. Slashdot reported it several days before MS found out so I believe the file made it to several hundred thousand machines by then.
Although I can see why MS wouldn’t be happy about having the patch spread itself via BitTorrent, I don’t know why they had to issue a legal warning to stop others from doing so.
I sent it to my GF (after Downhill Battle stopped hosting it) and all is good.
Question it all you want. I’ve never had a virus infection, not at home, nor at work, on my watch. I think they’ll try to attack it, but I also think that attempting to sneak in a virus that’s totally unidentified and would remain so for any reasonable amount of time would be a piss-poor way to attack Windows.
There are plenty of security holes in existing installations to attack, and a lot more is known about them.
Sure, they could write a virus ahead of time and then infect SP2 with it, I just don’t think that it would do much good at all. Viruses are typically identified within a couple of days, and disinfection measures and updates to antiviral programs are put out in extremely timely manners.
Would they consider it? Yes. Would they actually be capable of doing anything significant? I doubt it.
It’s done every day. Risk assessment.
I linked to it. I also know that when MS’s servers are too busy, it’s a royal pain in the ass to attempt to get anything from them.
For that reason, I typically do put copies of those patches I get on my website, and I’ll point people I know to that site.
While I will use and try betas at home, I can’t just grab the first beta of a service pack and stick it on every machine on the LAN at work. At most I can do so on my test machines, but not on all the machines. Betas have that name for a reason. They have not satisfactorily been real-world bug tested.
So all of these virus epidemics we’ve had in the past few years; what were they? Imaginary? No, they’re proof positive that without assurance, viruses do get in to the wild and do do lots of damage, and they do it to people who aren’t stupid, just overconfident. For all the browser holes and security patches, the most enduring and popular attack vector for viruses is to trick a user into executing something themselves. Fundamentally, you simply didn’t know what that executable contained until you ran it. Saying that you didn’t catch a virus doesn’t prove that it was a sensible thing to do; it just means you got lucky.
Right; which is why I find it hard to believe that anyone would advocate downloading and installing a major system update from somewhere completely random. Security is the art of eliminating uncertainties, not of taking educated risks. Look at it this way; if you’re so confident in your abilities to protect yourself, why not wait until MS do make the patch generally available. You’re not in any danger in the meanwhile, right? And if you’re not so confident, wait and download it from a trusted site. In neither instance should running an unverified program on your machine be considered the best option.
In any case, this is somewhat beside the point, which is MS’s actions in requesting that the P2P copy be taken down. You’re free to do whatever you want to your computer, and if you think the file you’ve got is legit, then knock yourself out. None of this affects the fact that MS are perfectly within their rights to stop untrusted sites from redistributing their copyrighted software, and are well advised to do so given the vast negative publicity that would result from any malicious files being spread under their name. And that publicity wouldn’t just be bad for their image, but would put vast numbers of people off installing the patch, decreasing general security. Like it or not, MS have taken the only sensible action here.
You asked about one specific case. I don’t think that in this case there is a signifcant risk of anyone managing to hide a virus in a supposed SP2 executable that wouldn’t be detected and fixed less than a day or two after it hit the wild. It’s a high profile target with limited chance of success.
Considering the anti-virus software and the ability to check the hashes, I can be pretty damn sure of what an executable contains before I run it.
Where did I say ‘somewhere completely random’? There are sites other than MS which are neither ‘completely random’ nor untrustworthy. Or are you suggesting that I am the kind of person who would Google ‘SP2’ and then download and run an untested, unverified .exe from some site in Tuvalu or Niue?
Scroll up bucko. I downloaded it from MS. I just didn’t follow their admonition that this particular download is ‘not for use at home.’
Non-Microsoft is not the synonym for ‘untrusted’. And where did I say something about running unverified files? I specifically stated that I check hashes. It’s something that I am accustomed to due to my usage of Unix, and do apply to my usage of Windows.
Not using MS directly to obtain all my software in no way indicates that I use sites that are ‘untrusted’ or that I can’t check a hash.
It is legit. Downloaded directly from the page I quoted earlier on, yeah, MS’s site. It’s also now available on the internal web server I run for my company.
The problem here is that you seem to believe any site that isn’t Microsoft itself is automatically untrusted and will ruin their reputation. I can see that it’s really damaged the hell out of Sun Microsystems to have its software mirrored at other sites, and Apache, they’ve definitely suffered those publicity hits because their httpd is available at sunfreeware. Of course, they do also post recommendations that the hashes be checked, and consider their users intelligent enough to actually do so.
Sensible wouldn’t include mirrors at download.com or cnet.com or tucows.com or CDs stuck into computer magazines would it?
Why on earth do you think that only the microsoft.com domain should be considered ‘trusted’?
My point had zero to do with you, or your using it. It had to do with this statement
That gives people the false idea that SP2 is only available to the public, and thusly people who would hack or malign it, on the day of its official release.
Right, you “don’t think”. And like I said, you’re probably right. But “probably” is not security, and I don’t see any reason whatsoever why this case is different from any others. High visibility target, high chance of being attacked. Not exactly rocket science; why do you think the 9/11 hijackers went after some of the tallest buildings in the world?
I’m curious as to why you believe that checking the hash is any protection at all. The hash for the bittorrent distribution was published by the same people distributing the download, not by Microsoft. If you check the hash against a hash obtained from a known good version of the service pack, then yes, you know you have a valid version, but I don’t see how one can do this, since Microsoft haven’t published the hash (as far as I can see) and the only other way to obtain it would be to generate a hash from a known valid download. As for the virus checker, I can only assume you’re completely ignoring the repeatedly-made points about new or unknown viruses.
No, I said completely random. I have never heard of Downhill Battle before, and in the context of downloading security updates they are completely random. I have no reason to trust them whatsoever. As I said, their apparent motives suggest that they are bona fide, but that in itself does not generate sufficient trust for me.
Okaaaaay. In which case I’m slightly confused at your insistence that downloading from an unknown site is so safe, but there you go.
I said absolutely nothing about non-Microsoft. I’m talking very specifically about some site that hardly anyone had heard of before this story broke, and which the vast majority of users do not know anything about. Download.com, SunSite; all fine with me; I know and trust these places. I’m talking about simple common sense here. Don’t download software from places you don’t know. Sheesh.
Meh, again with this daft notion that I’m insisting on a single download source. I’m objecting to the ridiculous idea that Microsoft should allow the digital equivalent of Buttfuck, Illinois to distribute their own code without first asking Microsoft, and with no guarantees that the code is genuine or safe. I think distributing the patch on download.com or other trustworthy sites is a great idea but that’s not what we’re talking about; we’re talking about MS stopping the file from being distributed on P2P systems.
Again, I haven’t said anything so stupid. I just don’t trust sites I’ve never heard of, and don’t see why Microsoft should, either.
Just to be clear, this wasn’t supposed to be some juvenile jibe, it just came out like that. I just meant to emphasise that you couldn’t be sure… (in the context of the Downhill Battle download)
:smack:
So far as the computers at my place of employment are concerned, my opinion of security is our security.
And you think that’s not possible why?
My insistance is that downloading from a known safe site does not necessarily mean only Microsoft itself.
Then surely you can comprehend that a site you would consider ‘unknown’ might be one that I know well?
Which is not, in and of itself, a danger. BitTorrent, among others, indicates the exact source of the file. If it’s a site I know to be trustworthy, where’s the problem for me?
I can, however, limit my downloads from sites that aren’t Microsoft to ones I do know and trust the content of. Again, unknown to you does not mean ‘unknown to everyone.’
Again, someone who doesn’t understand how to correct their PC when it get’s totally fubared isn’t going to know what BitTorrent is or how to use it.
And one would think that with M$'s bad security record that they’d be busting ass to ensure that they got the patches out as fast as possible, and using every means under the sun to get them out. Yet they’re not.
Again, if it’s my dangly bits that are being unprotected, I have every right to do what I can to protect them. It’s even legal for me to kill another human being if I can prove that they were a threat to my safety. Why should my privacy (which can be compromised due to the security flaws in M$'s software) be subject to the whims of a corporation?
Yes, but you have to be able to prove that the individual whose driving your restricting is posing a threat to others by getting behind the wheel. The only way you can do that is by pointing to their past behaviour. Since this is, apparently, the first time someone has tried to distribute M$'s software this way, there’s no evidence that it would cause major problems.
You know, I’d like to quit using M$'s products, but unfortunately, I can’t. You see, in my industry, 99.999% of the software used will only run on Windows based machines. Yes, there’s Linux equivalents of some of the programs, but they’re not widely used, so if I’m going to land a decent paying job in my field, I must stay current with the Windows versions. I haven’t had the time or the money to play with any of the Linux based Windows emulators out there to see if the programs I need to use will run under them. Even if they can, I’d need a much more powerful PC than I have at present, and I can’t afford to get a new one, so I’m stuck with Windows.
And you bitch about me throwing out strawmen.
And this has what to do with anything?
Where? You’ve proven nothing.
At least we agree on one thing.
Every means they have, yes. But distribution is their call, not anyone else’s. If they want torrents up, they can do it themselves. It’s not hard.
I never argued that there was anything you couldn’t do, just what a third party should be allowed to do.
People can be denied driving rights for a variety of reasons, like various medical conditions, that have nothing to do with past behavior.
There’s no precedent, so it’s impossible to be certain that massive damage would result. But if MS assesses the risk inherent in allowing others to distribute their software and decides it’s too great, that’s their call. We make these kinds of decisions constantly; we don’t have to try everything to find out whether its a bad idea or not.
I thought your primary issue was with your computer(s) at home. I’d imagine this is a non-issue at the job, where this is handled by someone else, someone who is very likely going to play it safe and download the SP from MS.
Besides, you didn’t say you had to use Windows for work, you just said you couldn’t bother to learn anything else.
I was providing an example of how allowing others to dilute your branding can be dangerous. Maybe it really is a strawman, maybe it’s a useful analogy. I’ve been known to come up with some bad ones. The point remains: there has to be some guarantee that a product is what it claims to be. The customer can’t look into proprietary software to confirm its contents, and even if they could, it would be far too time-consuming to do so.
I agree absolutely that people should be personally responsible for what they download and where they acquire it. Unfortunately, far too many people still run whatever random official-looking file pops up in their inbox. MS has to be realistic and acknowledge this fact.
You argued that you download from arbitrary sources, never check the hashes, and have never been burned, so why stop now? I’m saying that a run of good fortune is no excuse to toss out safe practices.
You insist that anyone using BT is also going to be prepared to check the file for tampering, but you also mention that, while you use unofficial distribution channels, you don’t actually check the files you download to ensure their integrity. Therefore, not every person out there using BT is taking precautions to ensure that what they downloaded is what they wanted.
Actually, I’d expect them to be making every effort to ensure that the security patches are actually effective, which means making damn sure users get bits that are guaranteed not to be tampered with.
A disclaimer won’t help at all. It’s not like Microsoft is going to be liable for damages to people’s machines if they download tampered bits. However, Microsoft’s image as a maker of secure software only improves if the patches actually help people, and Microsoft doesn’t want to risk the possibility of people thinking they’re patched when they aren’t, or having people with trojans installed with their patches, because in those situations, the patches most certainly will not be helping.
Sure, it would be nice if Microsoft could roll the patches out faster. I’m a little disappointed that they can’t. But it’s not like I’m going to die in the next week if I don’t get my patches. I’m pretty sure the security holes I have today are the same ones I’ve had for the past few months. And asking Microsoft to allow ad-hoc distribution of their patches is just a huge step backwards in terms of getting a significant number of users to have their machines properly patched, because getting your machine properly patched means knowing you trust the source. If you know what you’re doing and trust the source, knock yourself out, but expect Microsoft to try their best to make sure Joe User doesn’t think this is a good idea.
catsix, at this point I have no idea what argument you think you’re having; you seem to be arguing the point that you, personally, did not endanger your computers, and if you downloaded the patch from Microsoft then that is certainly true. Everyone else is talking about this P2P distributed copy. My points are solely these:
You don’t seem to be arguing against the former, and since you didn’t apparently do the latter, I don’t understand what you’re arguing about.
[re: generating your own hash to check from]
Because if you’re downloading from Downhill Battle, you don’t have a known good download to generate a hash from, and if you did have such a thing, then you wouldn’t need to go to BitTorrent in the first place. This is really, really obvious. I guess you can phone a friend who you trust and know has downloaded their copy from microsoft, get them to generate and email you a hash which you can then verify, but I thought we were talking about something so simple that everyone using the BitTorrent source would automatically do.
Absolutely, however we’re talking about Microsoft’s actions here with respect to one specific website, and whether they should endorse a site that they evidently don’t know about and have no official contact with. Now if you regularly get software from Downhill Battle (about which I am highly sceptical, since they are an anti-music industry advocacy site, not software distributors) and therefore trust them, that’s just dandy, but it’s not a reason why Microsoft should do so. I’m not talking about any other site here that you might happen to trust, I’m talking about Downhill Battle.
Here’s why you don’t understand me.
You may know nothing about a certain site. Microsoft may know nothing about it. That does not make the site ‘unsafe’ or ‘untrusted’ to those people who do know it, and if that’s an expeditious way for them to get a security patch, more power to 'em.
Again, it’s possible to get the hash from a site the user knows and trusts but isn’t MS itself and compare it when downloading the file. You’re still equating ‘I don’t know this site’ to ‘This site can’t be trusted by anyone.’
Microsoft doesn’t have to do a damn thing. There’s no ‘endorsement’ implied in just leaving them alone. However, I expect them to act like assholes considering what they did to Mike Rowe.
Great, well, while you’re being completely narrowminded and thinking that Downhill Battle is the only non-Microsoft site to discuss, I’ll be applying my brain to the general idea that there are other sources for download that aren’t microsoft.com that are faster and that are trustworthy.
The entire fucking thread is about Downhill Battle, you monumental twat, and I already fucking said several fucking times that of course there are non-MS sites that are perfectly safe. Jesus, this is ridiculous. What the haemorrhaging fuck are you doing to my posts, reading them with your fucking arse?
Here it is in plain fucking English: it is perfectly reasonable for Microsoft to restrict the distribution of their own, copyrighted software to official channels, so that they have some degree of control over the safety of said software, on which their reputation rests. If you feel like rebutting that, fine, but otherwise take your strawmen and stupidity and fuck off. Sheesh. About the only possible relevant point I can find is:
Yes, there is. As soon as the site popped up, the media were asking Microsoft for their position, at which point they either had to say “yes, it’s fine” or act to protect their software. And if you lack the imagination to see the headlines should a virus happen to be spread by SP2, then I can see why you’re having trouble understanding such a basic concept. Microsoft are responsible for SP2. If some tit downloads it from a dodgy site and gets a virus, then of course MS should not be blamed, but since when has that stopped anyone? You and I would know that it was some tit who failed to ensure his safety, but the majority of the computer-using world will see “SP2 has a virus” and then not install it. Can you truly not see the downside here?
Yes there is. If you don’t follow this then you’re never going to understand Microsoft’s position. If they know about it and do nothing that is an endorsement. From a strictly legal trademark protection basis; if you do nothing to defend your trademark from enfringement then you lose the right to it. Those who are distributing SP2 without permission are infringing Microsoft’s trademark and copyright. They have to defend that. It’s a use it or lose it situation.
Not only that, but it also a signal to anyone else who fancies hosting the patch to just go for it. And from then on the situation is a free-for-all, out of MS hands and far from secure. If any virus writers took it advantage of that you can be sure Microsoft would catch a fair proportion of the flack about letting the situation develop.
You’re entitled to your opinion carsix, but as long as you totally fail to understand why Microsoft have acted as they have then I suspect you really don’t have a good enough grasp of the whole security thing to be in charge of it for your company. What you know and think is secure isn’t good enough. Being responsible for security is about taking into consideration what your users know and think, and sometimes protecting them from themselves. And from Microsoft’s position that includes millions of totally clueless, foolish and lax users who don’t take care, don’t have a current virus checker, don’t have the faintest beginings of a clue what’s safe, what’s not, and what the hell is a patch anyway??
Why not allow the PC manufacturers (like Dell, Gateway, etc.), reputable software developers (Norton, Symantec, etc.) and sites like download.com to make the patch available from their servers as well? They’re all reputable companies and all of them have the same level of interest in protecting their customers security that M$ does? Or use Mockingbirds suggestion? The argument that M$ must be able to control all aspects of their software distribution is the same argument being used in other cases of “copyright protection” where some of the proposed solutions are as follows:
[ul]
[li]Biometric scanners built into MP3 players.[/li][li]Viruses that destroy the computers of people suspected of file sharing.[/li][li]Elements in Longhorn which will make it difficult for you to use programs which you legally purchased.[/li][li]Monthly subscription fees to be able to use a company’s software.[/li][li]Monthly subscription fees to be able to listen to music which you legally purchased.[/li][/ul]
These aren’t wild ideas I’ve whipped out of my ass, these are serious proposals made by elected members of congress, the RIAA, and the heads of major software companies. Mind you, I think that they’re all doomed to fail eventually, but that’s not the point. The point is that in the misbegotten idea of protecting themselves, these corporations have come up with “solutions” which not only strike me as Orwellian, but also could make things difficult for both consumers and business. M$'s hamfisted shutting down of the folks distributing SP2 via BitTorrent is simply another example of this kind of mindset.
But technically, I am a third party. Especially if I download SP2 and burn copies of it for all my friends. I am a third party distributor at that point.
But nobody ever comes up to someone and says, “We think that you’ll go blind in 30 years, we’re going to take your license now, so that we don’t have to worry about you suddenly going blind while you’re behind the wheel someday.”
Ah, yes, the old “pre-emptive strike” argument. Not exactly popular when it’s applied to things like Iraq, now is it? Why should it be any different when it comes to software?
Well, I don’t flip burgers for a living, pal. I’m a machinist for a defense contractor and occassionally I have to take work home with me. Now given that even the best software out there can make translation errors when it’s importing a file generated by a different software program, and that people’s lives depend upon me doing my job right, I can’t exactly afford to take the risk that I’ll be able to catch the mistakes made by the software when I convert a CAD/CAM file generated by a different program. Additionally, there’s a wide variety of Windows software out there for the CAD/CAM community, but not every company uses the same programs, so if I decide to seek employment with a company other than my current employer, and that company uses (for example) Solidworks, while my employer uses AutoCAD, I’ve got a better chance of getting the job if I can demonstrate a familiarity with Solidworks, than if I say, “I only know how to use AutoCAD.” And it’s because of this that I don’t have time to dick around with Linux, as much as I’d like to.
Even reputable companies produce crap from time to time, and people don’t have time to research every single purchase they make sure that they’re not going to get shafted. Even if they do have the time to do that research, they may still end up being forced to buy something that they know is a piece of shit because it might be the only option they can afford. I know that on several occassions I’ve had to buy cars (a big ticket item) that I knew weren’t in the best of shape, because I needed a car, and that was the only car I could afford. I didn’t have the luxury of waiting around until I saved up enough money to buy a better one, I had to have a car ASAP.
Yeah, and that’s how most, if not all, the crippling virus attacks have been distributed: e-mail. Not BitTorrent files or other file sharing methods, but e-mail. This means that the risk to folks at large of a comparatively small number of people getting SP2 via BitTorrent is practically nil.
But I don’t toss out safe practices, I’m not running without a firewall, virus scanner, spyware blaster, and a few other programs which give me more control over my system than M$ provides me. Additionally, I don’t use IE to surf the web. Not simply because I don’t like IE’s features, but because other browsers have proven to be more secure than IE, and when they are found to have security holes, they’re patched much more quickly than M$ is able to create patches for IE.
I don’t check the hash files because I don’t need to. I’ve got a lot of software on my machine which is designed to protect me from malware, and even if I do manage to get a piece of malware which is missed by those programs (and so far I haven’t), I’ve got a disk image of my system that I can use to quickly restore my system back the way it was before I installed the malware. So I am prepared for file tampering, and if I do get a piece of malware from a particular source, I don’t bother with that source again. And yeah, I do get the occasional goatsex pic instead of the nekkid photo of Daisy Fuentes that I thought I was downloading, but that is at best, a microscopic inconvience, and not a PC destroying event.
Oh, yeah, just stumbled onto this little “jewel.” In the interest of blocking filesharing, M$ and the various hardware companies have come up with TCPA which not only will prevent people from illegally sharing files, but will prevent them from running Linux on their machine!
All hail the mighty corporation!
I don’t disagree with you at all that MS should allow others to distribute their patch, but it is left to their discretion.
Use is not the same as distribution. Going after someone for distributing your property is quite different from preventing someone from exercising their rights to fair use. Hey, I read Slashdot, too, and these ideas are scary, but they’re not the same kind of beast.
And when MS comes after you for burning copies and giving them to your friends, you can come here and complain about it and have my sympathies. That’s not what happening.
This is not the situation. The situation is “Hey, you’re distributing my software now and making it difficult for me to establish myself as the sole source of the product. This could have dire consequences.” If they do act on what could potentially happen, how could you blame them? I don’t know about you, but I go to the doctor when I suspect I’m ill. I don’t wait until whatever I have kills me.
There needs to be some kind of variant of Godwin’s Law made that concerns Iraq and the “War on Terror.” A pre-emptive war on a nation is not at all the same thing as a company asserting its right to distribute its product through its preferred channels.
I don’t understand where you’re going with this. At work, you use what they give you at work, and I can’t imagine that SP2 is your concern there. At home, you can use whatever you want. Use Linux, buy a Mac, whatever. If you need to stay on top of the apps for work, dual boot or keep another box handy. It’s unfortunate if you don’t have the time to learn to use Linux, but I suspect that you have at least some free time, or else you wouldn’t be posting here.
What is this supposed to refute?
So I shouldn’t worry about being attacked through one channel more attacks have traditionally come through the other?
You are, however, operating under the gigantic assumption that any malware you acquire will make itself evident to you by wrecking your computer, presumably in a way that you’ll be able to fix by restoring from an image. It doesn’t always work like that. What will you do if you get a keylogger? How will you know if it manages to slip through the cracks?
As for the TCPA, I wouldn’t worry about it. In fact, TCPA, without any attached DRM, is a pretty good thing.
And if their discretion is wrong, then what? Simply take it up the ass and be happy about it? I don’t think so.
Yes, but the reason these efforts are being put into place is to try and stop illegal distribution. The biometric scanner on the MP3 players is designed to stop the distribution of MP3 files via P2P. What good is it for you to download an MP3 if you can’t play it on anything?
Not yet.
Again, I go back to my comment about fixing a friend’s PC. If M$ is trying to protect themselves from what they deem to be “unnecessary costs” (i.e. tech support), then if they can claim that someone distributing a security patch is undermining their reputation, and preventing them from being the sole source of it, they can claim that by allowing anyone other than a M$ certified individual to work on it, you’re undermining their reputation and preventing them from being the sole source of tech support. Additionally, M$ could claim the right to prevent you from running any third party software on your Windows box that M$ didn’t happen to like because it might cause stability problems and undermine their “good reputation.” Remember, we’re talking about a company which has deliberately screwed with the code on their own sites simply to prohibit other people from viewing them with non-IE browsers. Not only that, but they lied about doing so.
You’d think that after they got caught doing it once, M$ would stop, but no, they did it again.
Yet, you do admit that M$ launched a pre-emptive strike on the folks using BitTorrent to distribute BitTorrent, and the pro-war argument was that American was simply exercising it’s right to defend itself. Certainly, there are differences, and there are differences between apples grown on the same tree, but that doesn’t make the argument invalid.
I don’t have the cash for a larger hard drive to be able to do a dual boot machine, and I have to use the same software at home as I do at work, because of the reasons I stated. I cannot use a Mac or Linux box, because there are (in most cases) no versions of the software we use at work for those OS’s! Yes, I do have some free time, and I like to use it to relax, not trying to figure out the ins and outs of yet another software program. My concern is not SP2 as far as the work machine goes, but SP2 as far as my home machine goes. Since I’m forced to keep a Windows machine running at home in order to be able to my job, and since I don’t have the dough for a non-Windows machine, I have to be worried about the security holes inherent in Windows. At least until I get the money up to build a decent PC that I can run Linux on, but that’s some time away.
Your statement that it’s a bad idea to get software from a third party source since people don’t have time to research everything. Pay attention.
How about you shouldn’t be paranoid about attacks from a channel that only a few people use, and hasn’t been the source of any significant damage?
Keyloggers tend to be very easy to identify, and I’ve got multiple programs which alert me the moment one program attempts to modify another program. If I download a .gif file, click on it, and a message window pops up immediately after I click on it, telling me that some program is attempting to modify another program, I know I’ve been had. In any event, my income and credit rating pretty much insulate me from the worries of identity theft. Frankly, I’m more worried about code hooks than I am anything else. I 've yet to find a software program to block against them, and even many programmers say they’ve no idea how to defend against them.
Perhaps, but I think you’ll find that getting DRM seperated from it isn’t going to be easy.
[QUOTE=Tuckerfan]
Since I’m forced to keep a Windows machine running at home in order to be able to my job, and since I don’t have the dough for a non-Windows machine, I have to be worried about the security holes inherent in Windows. At least until I get the money up to build a decent PC that I can run Linux on, but that’s some time away.
[QUOTE]
Tuckerfan, why don’t you just stfu, go to the Microsoft website, download the official version on XP SP2 and make your machine more secure? you can find it on www.microsoft.com/downloads or specifically here: http://www.microsoft.com/downloads/details.aspx?FamilyID=1a8ce553-ab76-4a63-99da-b4ed914c1514&DisplayLang=en
Please note, that the link does not work if you type www.m$.com or variants thereof.