Why is Windows XP SP2 causing so many problems?

  • Thread starter Adrian Baker
  • Start date
  • Tags
    Windows
In summary: The desktop 'firewall' in SP2 is not a Firewall! In summary, Microsoft's security and Internet Explorer enhancements led to the PC saying to restart to finish the process, but then on restart refused to boot. After installing SP2, the PC said to restart to finish the process, but then on restart refused to boot with XP. I edited the registry to repair this fault. However, the user names had disappeared on reboot and I couldn't log on as anyone. With safe mode I overcame this. However, the modem was unrecognised and couldn't be used. I had to edit the BIOS to get the non-working USB ports going again. The floppy disc icon disappeared from my computer and although I got this back
  • #1
Adrian Baker
378
2
Hi all

Not sure if this has been discussed here but installing SP2 trashed my PC!

After installing SP2, the PC said to restart to finish the process, but then on restart refused to boot! I have spent a week 'googling', searching, rebuilding, trying, retrying, to get it fixed.

Microsoft warns that this can happen on Intel 'Prescott' chips on certain motherboards (not well publicised) but I have an Athlon chip!

XP refused to 'Repair Install' when booted from the CD as it couldn't recognise the original Installation, so would only put in a new installation deleting my old data.

Recovery Console refused to work without a password (I have never set one!)

Removing the Hd and putting it in a different PC got me my data back, and eventually by transferring over data from the 'Repair' folder to the windows system32 folder I eventually got XP to recognise my old install and do a repair install.

However, the user names had disappeared on reboot and I couldn't log on as anyone!

With safe mode I overcame this, but then found that the modem was unrecognised and couldn't be used. Modem options were 'greyed' out!

I had to edit the registry to repair this fault, then edit the BIOS to get the non-working USB ports going again.

The floppy disc icon disappeared from my computer and although I got this back by editing the BIOS again, it still refuses to work - insisting that I insert a disc even when I have done so. Searching through Google shows the Floppy problem to be a common one (even without SP2) but with no known solution.


Anyway - Please be warned, SP2 works well on many PCs' but trashes some. It has wasted a week of my life and reduced my PC's capability. I now really understand why so many people detest Microsoft so much...

You've been warned - don't install SP2!
 
Computer science news on Phys.org
  • #2
I, or anyone else that I know, have had any problems with SP2. In fact, I consider the security and IE enhancements to be of the utmost importance.
 
  • #3
graphic7 said:
I, or anyone else that I know, have had any problems with SP2. In fact, I consider the security and IE enhancements to be of the utmost importance.

If you or your friends haven't had a problem - that's nice. However,that isn't hardly the whole computer world is it! Actually, I consider the use of my computer to be of the utmost importance!

Here is one issue that Microsoft admit: Reboot error


Also, try putting "SP2 problem" (without quotes) into Google - it finds over 1,000,000 pages! And this is for a new package that has just been released!

Pah!
 
  • #4
Hate to be devils advocate... well actually I don't :-)

http://www.internetnews.com/ent-news/article.php/3425011

100 million downloads of SP2...

I think a fairer comparsion using google would be "with" quotes becuase without you will be picking up www pages with just "Microsoft" or "Problem" not nessesarily both!

I feel you pain tho Adrian... I heard that if your PC reboots while doing the upgrade you could b screwed like yourself!

SP2 is better... But I would still Remove IE and that poxy little firewall is still not worth talking about...
 
  • #5
Anttech said:
Hate to be devils advocate... well actually I don't :-)

http://www.internetnews.com/ent-news/article.php/3425011

100 million downloads of SP2...

I think a fairer comparsion using google would be "with" quotes becuase without you will be picking up www pages with just "Microsoft" or "Problem" not nessesarily both!

I feel you pain tho Adrian... I heard that if your PC reboots while doing the upgrade you could b screwed like yourself!

SP2 is better... But I would still Remove IE and that poxy little firewall is still not worth talking about...

The firewall has actually turned into a real firewall in my opinion. The firewall now has the ability to block TCP and UDP ports, not to mention ICMP protocol (still no IGMP), with some rather decent logging features. My only complaint about the firewall (I don't use it anyways - no need) is it still doesn't do TCP or UDP forwarding. I suppose Microsoft has a deal with Cisco or Linksys to keep it that way.
 
  • #6
Its not a firewall its an application to block ports! Thats it

What layer and how many layers (OSI) of traffic is it inspecting? 1... (Layer4)
Firewalls in my opinion have to deep scan packets to check for any anomolies, they have to work at various levels... Do you think that the port blocker in SP2 will stop your PC being ddosed? Nope... Do you think it would know if someone was TCP sequence prediction attacking you? No... It is not a firewall it is a port blocker... Something you can do on Linux and Unix out of the box!

The desktop 'firewall' in sp2 is not a Firewall!

This is a firewall:
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/ps4094/index.html
And this:
http://www.checkpoint.com/products/vpn-1_pro/index.html

is it still doesn't do TCP or UDP forwarding

This is NAT you are talking about (actually PAT)
 
Last edited by a moderator:
  • #7
I'm aware of what I'm talking about. If you put a Cisco on a cable connection, or anything non-fiber, it's not going to make a difference whether the router knows it it's getting packets up the ass.
 
  • #8
I do not follow you?

Cable, dsl, atm, ethernet, WLAN, ect ect all still run IP through internet the only difference is the physical layer within the protocol...

it's not going to make a difference whether the router knows it it's getting packets up the ass.

Dont understand what you are getting at here
 
  • #9
Anttech said:
it's not going to make a difference whether the router knows it it's getting packets up the ass.
Dont understand what you are getting at here

If you only have a standard residential broadband connection, then no router is going to be able to protect you from a ddos attack.
 
  • #10
master_coda said:
If you only have a standard residential broadband connection, then no router is going to be able to protect you from a ddos attack.

And depending on the magnitude of the DDOS attack (and they are getting higher these days), no router 4 or 5 hops up could withstand the attack, either.
 
  • #11
Adrian, did you end up reformating or did you get SP2 to work for you?
Also what mother board do you have?
 
  • #12
Ahh Masta_coda is a bit more understandable...

Anyway Ingress and Regress filtering at your border Routers will stop DDOS :-) which doesn't nessesarly have to be on fiber...

Anyway that is not what I was getting at. I was getting at SP2 firewall not being one, it is a port blocker.. Albetit making Windows a better product but it still isn't a firewall...
 
Last edited:
  • #13
Anttech said:
Anyway Ingress and Regress filtering at your border Routers will stop DDOS :-) which doesn't nessesarly have to be on fiber...

I've seen a few cases where Qwest (back in the days when they owned the "boarder routers") attempted to stop major DDOS attacks - most were unsuccessful. And as you so put it the "border routers" are going to be owned by the ISP's which do have fiber. You're hard to understand.

My point is though that you're not going to run Windows XP SP2 as a "real" firewall (a home user doesn't need a "real" firewall to begin with), and certainly any business would do the same. Therefore, a free firewall that blocks ports - what more could you ask for? If it blocks ports, logs, and blocks specific protocols (ICMP), what can't it do that any cheapie Linksys router/firewall could do?

In fact, my friend has a cheapie Linksys router, but it can't forward any ports on UDP.

And the reason I'm emphasizing fiber in all of my posts is because fiber does have the highest bandwidth of any traditional medium.
 
Last edited:
  • #14
OK, But why do you think that quest "owned" the border routers... A border router is just a router between 2 A.S.'s (autonomous systems) typically these routers are owned by ISP's and Large companies and Goverment Orgs (there are LARGE ISP outside of the states you know!)... Becuase these companies typically own large blocks of Public IP's... But any company that owns Public Blocks (in this new world of CIDR) can regress/ingress filter at there AS border.

If an ISP or company were to filter ingress and regress as I said then they would not be suspectable to the worst DDOS attacks, ie spoofed IP ddos attacks because all packets entering the A.S. from another A.S. without the correct source IP address (IE an address from the neighbouring AS) would be dropped... Thus you elinimate DDOS... ISP have known this for a long time and for some reason decline to activate this service, no idea why!

Any other type of DDOS without spoofed IP address could be handled by Access lists and can be recovered from far easier.

Lets say you have a large company with a large bank of Publics in a block, (lets say 11.1.1.0/20) and you connect to your ISP (all beit level3 or something, fiber) then you could very easily have a Serial connection to one of there border routers... this is why I said it doesn't ness. have to be on Fiber!

I aggree SP2 port block is not a firewall :-) But it is a good asset to have on your PC, I also do not use it...I also would not say that the cheapie linksys routers (with firewall builtin) are not Firewalls... But what these things can do that sp2 firewall can't is NAT! thus hiding your PC even more
 
  • #15
Anttech said:
OK, But why do you think that quest "owned" the border routers... A border router is just a router between 2 A.S.'s (autonomous systems) typically these routers are owned by ISP's and Large companies and Goverment Orgs (there are LARGE ISP outside of the states you know!)... Becuase these companies typically own large blocks of Public IP's... But any company that owns Public Blocks (in this new world of CIDR) can regress/ingress filter at there AS border.

Let's just say I have experience contacting Qwest the ISP of my employer's ISP. On one occasion, Qwest could do nothing because of the shear load of traffic (and the many IP's that were responsible, 10,000+) the routers were handling. Qwest does receieve government contracts, by the way.

The worst DDOS attacks, are the ones that are from a mass number of systems - usually residential cable and DSL. That specific attack I referred to bombarded the ISP with 15gbps, with one hell of a SYN/UDP flooder.
 
Last edited:
  • #16
Sure... but typically DDOS use IP maskerading techniques... If you DO NOT accept packets that have false IP address then you do not suffer...

Look at RFC2267 for more details
 
  • #17
Anttech said:
Sure... but typically DDOS use IP maskerading techniques... If you DO NOT accept packets that have false IP address then you do not suffer...

Look at RFC2267 for more details

The specific DDOS attack(s) that I'm referring to did not use any sort of masquerading technique. Qwest could do nothing, and my employer's ISP was put down.

And no, DDOS attacks do not typically use masquerading techniques. There's no need for it if you control a mass amount of systems.
 
Last edited:
  • #18
And no, DDOS attacks do not typically use masquerading techniques. There's no need for it if you control a mass amount of systems.

Just curious how you know this? What data did you look at? Is this just an educated guess? If this was such a large attack it would most probably gotten media attention, I would love to see some news cuttings if you have any... (Or just some links to back your research into DDOS would be nice)

I will honestly say that I do not know which are most prolific Spoofing or non spoofing attacks, and will take your word for it as it seems you have done lots of research...

However I remember the biggest DDOS which did hit the papers was one in 2002 if I am not mistake that went for all 13 Root servers, and if I rememeber correctly the IP addresses were spoofed...

http://www.internetnews.com/dev-news/article.php/1486981

Here is a link to M$ website which also says common DDOS are empolying spoofing techniques

Enable egress filtering. P.T. Barnum is famously reputed to have fleeced people who attended his circus by hanging signs directing them "This Way to Egress", but if you understand that egress filtering is a way for you to control which packets are allowed to leave your network you'll understand why it's useful. In general, egress filtering keeps your routers from forwarding any packets whose actual source address doesn't match the real one. DDoS attacks commonly involve spoofing the origin address of the attack packets; with egress filtering on, your network will never forward those packets out to the rest of the world.

http://www.microsoft.com/technet/security/bestprac/ddosatku.mspx

Which doesn't supprise me as long as ingress and regress filter is turned off on BGP routers then doesn't make a difference and will be more effective if you can't trace the ip back...

*waits to see Graphic7's research*
 
Last edited by a moderator:
  • #19
Well, if you look at any of the source for any of the latest Win32 worms, you will indeed see the SYN/UDP flooders are not doing any type of masquerading. They simply don't need to. I doubt you have any field experience with these sorts of attacks, and that's quite understable. Your basing your facts off of media coverage, and I can tell you from experience that some of the largest attacks will not receive media coverage because of the sensitivity of the situation.

You obviously are not understanding the concept here. The Win32 worms do not care if anyone will be able to trace the IP back. The infected systems are residential and if you do any 'netstat -an''s you will in fact notice that the IRC server they are connected to is 127.0.0.1. This is in part that the ARP tables have been altered. To iterate my point, masquerading is no longer needed because of the capability to harvest a mass number of systems.
 
Last edited:
  • #20
Not all win32 worms are DDOS agents... And I believe you also have no experience in this field, contery to your claims... I do have experience in a large corporate network and I look after BGP routers, I also look after other border network equpitment...

Why do you think I do not understand the concept? You are arrogant to even presume anything about me graphic!
 
  • #21
Anttech said:
Not all win32 worms are DDOS agents... And I believe you also have no experience in this field, contery to your claims... I do have experience in a large corporate network and I look after BGP routers, I also look after other border network equpitment...

Why do you think I do not understand the concept? You are arrogant to even presume anything about me graphic!

You're loss, not mine. Anyways, we've strayed too far from the original topic of this thread.
 
  • #22
explain this if you will:

IRC server they are connected to is 127.0.0.1. This is in part of that the ARP tables have been altered.

Because it doesn't make grammatical sense to me... Or close the thread if you feel it has wandered to much... I would prefer if you didnt make presumptions either
Thanks
 
  • #23
Anttech said:
explain this if you will:



Because it doesn't make grammatical sense to me... Or close the thread if you feel it has wandered to much... I would prefer if you didnt make presumptions either
Thanks

Just re-read the sentence myself and I fail to see what's wrong the sentence. It is a rather complex sentence, read it again.

For clarification purposes, I was stating that if you do a 'netstat -an' you will observe there is an outgoing connection to an IRC server - the loopback device. This is because the ARP tables have been altered. The latest stream of Agobots and Phatbots circulating employ this feature.

Edit: There was a stray preposition. I apologize for the confusion.
 
Last edited:
  • #24
This is in part of that the ARP tables have been altered.

This is what I didnt understand...

So you are saying that the Agobots rewrite the ARP so the Gateway MAC (next hop router ) becomes seen as 127.0.0.1... this would kill all outgoing communication, wouldn't it?
 
Last edited:
  • #25
Macgyver said:
Adrian, did you end up reformating or did you get SP2 to work for you?
Also what mother board do you have?

Hi there

By swapping over loads of files from the repair file to the system 32 file I managed to get XP to do a repair install. So no, I didn't do a reformat. However, the repair install was not fully successful and I had to spend ages getting the user profiles working, the USB ports working, reinstalling hardware etc. I still can't get the floppy drive to work. It does seem stable now though.

I'm not sure if SP2 is installed or not now. I deleted the update.sys file when I was trying to get it rebooted so that XP wouldn't 'know' about the SP2 pack. Some SP2 files are there... I'm not fiddling with it again to find out what though!

It was my parents PC and as I'm not there now I'm not sure what motherboard it was.
 

What is Windows XP SP2 Hell?

Windows XP SP2 Hell refers to the experience of using the Windows XP operating system with Service Pack 2 installed, which was known for causing numerous issues and errors.

What problems can arise from using Windows XP SP2?

Some common problems that users may encounter when using Windows XP SP2 include frequent crashes, slow performance, and compatibility issues with certain software and hardware.

Is Windows XP SP2 still supported by Microsoft?

No, Microsoft officially ended support for Windows XP SP2 in 2010. This means that there are no more security updates or technical support available for this version of the operating system.

Can I uninstall Windows XP SP2?

Yes, it is possible to uninstall Windows XP SP2 from your computer. However, this is not recommended as it may cause even more problems and leave your system vulnerable to security threats.

What should I do if I am still using Windows XP SP2?

If you are still using Windows XP SP2, it is highly recommended to upgrade to a newer and more secure operating system, such as Windows 10. You should also make sure to regularly backup your important files and data in case of any issues with your system.

Similar threads

Have you faced these odd problems with Windows 10 Professional v1909?
    • Computing and Technology
Replies
5
Views
1K
Windows 10 made a brick out of my laptop
    • Computing and Technology
4
Replies
123
Views
15K
Windows XP: If I have the disc?
    • Computing and Technology
Replies
8
Views
6K
How do I install KDE when I'm running Windows XP?
    • Computing and Technology
Replies
2
Views
3K
Bull Security Center of Windows XP SP2
    • Computing and Technology
Replies
2
Views
2K
Help Me! Win 98 CD Disaster - Win XP OS Not Booting
    • Computing and Technology
Replies
4
Views
3K
Why Am I Facing Issues with Windows XP on My MacBook Pro?
    • Computing and Technology
Replies
2
Views
5K
[ubuntu] Can't boot into anything after installing Ubuntu on Windows 7
    • Computing and Technology
Replies
2
Views
5K
How can I fix the 'No Sound on AC'97' issue in Windows 7 Ultimate?
    • Computing and Technology
Replies
7
Views
9K
How to Fix Internet Access Control and AOL Issues on Windows XP
    • Computing and Technology
Replies
6
Views
2K

Hot Threads

Recent Insights

Back
Top