Windows XP SP2 TCP/IP "Patch"

[Ficman]

What is sad is people thinking they're smarter than networking experts who are paid to be among the best in their field...

585520027[/snapback]

Very Well put...

:yes:

[Mastertech]

What is sad is people thinking they're smarter than networking experts who are paid to be among the best in their field...

What is sad is average users thinking they are "experts" of anything.

[John Veteran]

What is sad is average users thinking they are "experts" of anything.

585551612[/snapback]

So true! :D How ironic? Does this mean you'll stop trying to convince people this limit is pointless?

[NEVER85]

Oyy...I'm just gonna repeat what the SMART people have been saying, and pray to God someone finally understands.

The SP2 TCP/IP limit does NOT hinder your DL speeds, unless 300 KB/s on BitTorrent is somehow considered slow to some of you. :rolleyes:

The limit merely slows the spread of viruses. If you wanna set the limit back to its pre-SP2 setting of 16-some million instead of 10, go nuts. Just don't come back to this thread crying because you've been infected by a virus before you had time to do anything about it.

A dumbed down description for you.

[Gowcra]

^ :laugh:

[_fOoL_]

i patched mine coz i follow the sheep...

[jamend]

Oyy...I'm just gonna repeat what the SMART people have been saying, and pray to God someone finally understands.

The SP2 TCP/IP limit does NOT hinder your DL speeds, unless 300 KB/s on BitTorrent is somehow considered slow to some of you.  :rolleyes:

The limit merely slows the spread of viruses. If you wanna set the limit back to its pre-SP2 setting of 16-some million instead of 10, go nuts. Just don't come back to this thread crying because you've been infected by a virus before you had time to do anything about it.

A dumbed down description for you.

585559262[/snapback]

No, you didn't understand what people were saying at all... The change in question does not make your own computer more secure. It's more of a "for the greater good" issue because it slows down the spread of viruses from already infected computers. It only has an effect after you're already infected because it will slow down the rate at which the virus can scan for other targets. Also, the patch raises the limit from 10 to 50, not "16-some million". No, it won't improve download speeds directly, but that has already been established. It just makes P2P traffic like searching for files or searching for more sources faster because it allows for more connections at a time, so raising the limit will make searching faster and it will find more sources for in-progress files faster, which could indirectly improve download speeds.

[NEVER85]

Read the post again, genius. The setting prior to XPSP2 was 16-some million, not 50.

[jamend]

Read the post again, genius. The setting prior to XPSP2 was 16-some million, not 50.

585559915[/snapback]

You said that it would reset it back to the pre-SP2 limit, which it doesn't.

[Mastertech]

So true! :D How ironic? Does this mean you'll stop trying to convince people this limit is pointless?

I was refering to you but to answer your question no.

The SP2 TCP/IP limit does NOT hinder your DL speeds, unless 300 KB/s on BitTorrent is somehow considered slow to some of you. :rolleyes:

Correct and no one says it does.

The limit merely slows the spread of viruses. If you wanna set the limit back to its pre-SP2 setting of 16-some million instead of 10, go nuts. Just don't come back to this thread crying because you've been infected by a virus before you had time to do anything about it.

You still don't get it, this DOES NOT prevent you from getting a virus, you have to already be infected for this to theoretically do anything and all it would do theoretically is slow you down from infecting others. Now in REALITY a good virus writer will simply unpatch this when you get infected, do you now realize how pointless this is!!!

This is EXACTLY what I am talking about so called "experts" are attempting to scare people into not patching this for their own selfish interests. They don't care if you get infected only that you don't spread it to them. I prefer to have people NOT get infected in the first place then help out some sorry ass system admin that doesn't properly protect his servers. They deserve what they get for being lazy.

Also, the patch raises the limit from 10 to 50

No, the patch here raises it to the original 16 million.

[John Veteran]

No, it won't improve download speeds directly, but that has already been established. It just makes P2P traffic like searching for files or searching for more sources faster because it allows for more connections at a time, so raising the limit will make searching faster and it will find more sources for in-progress files faster

585559530[/snapback]

Why would it improve searching times anyway? Let's think about this for once, in bloody explicit detail.

Here's how P2P works. A client app is responsible for sending search queries to one or more servers, which keep track of all of the files available through that server's clients. Once a client has a list of other clients with a desired file, the client is responsible for requesting that file from the other client. Whether this is done directly or through the P2P network's servers is largely irrelevant.

Now, suppose you're on a P2P network, and for simplicity sake, there's 100 servers. 50 of those servers are bogged down with thousands of users, and another 25 are offline, while the first 25 are online and handling traffic at a reasonable speed. The 50 slow servers will take quite a long time to respond to search queries, since most searches are handled in a FIFO (first-in, first-out) fashion. Between the time your query arrives and the time it is processed and a response is sent (if any), you have already gotten several responses from other servers. The 25 offline servers won't even respond to search queries, since they are unreachable.

Now, let's say the 50 slow servers take, on average, 120 seconds (2 minutes) to process and respond to a search query, while the regular servers take 0-10 seconds. Keep in mind the offline servers will never respond, and the client has to wait for either a "destination unreachable" message, or for the timeout period (application specific) to expire.

Say I send out a search for "John Lennon" to all 100 known servers. I'll generate 25 queries that will never come back to me (the offline servers), 25 that will come back within 10 seconds, and another 50 that will come back an average of 2 minutes later. Also keep in mind that I don't know which servers are offline or slow; I'm just sending queries to every server I've ever connected to and my peers have ever connected to, regardless of whether or not they're even with the P2P network anymore, let alone online or not...

Before SP2, Windows would simply send all the packets out immediately, flooding the links between you and the servers.

What SP2 does now is limit the number of packets sent per second to the slow/offline servers. It does not prevent them from being sent, it merely waits and puts the packets sent to a slow/offline server in a queue, which is emptied little by little. Eventually, all my packets will be sent and I will get my responses in nearly the same amount of time.

I would say try and perform some searches with and without the patch and compare the results, but most P2P clients have more complex searching algorithms than I used as an example above. Not only that, but the P2P networks themselves are relatively unstable - servers can go from almost zero traffic to overloaded in a matter of minutes, and vice versa. And the routers that form the structure of the internet are continuously updating their routing tables because links are or aren't available, which causes a small percentage of packets to be lost. Also, not all routes are the same speed, so if you have to use a different route, it may take 5 - 10 times as long or more to reach your destination.

However, with downloading, none of this really matters because we don't care about latency, we care more about bandwidth... Just keep in mind that your 1.5 megabit cable line is always 1.5 megabits (Y)

[em_te]

Now in REALITY a good virus writer will simply unpatch this when you get infected, do you now realize how pointless this is!!!

585560633[/snapback]

If a user doesn't run as an administrator, won't that prevent a virus from unpatching it?

[Krome]

ppl said this patch can/should/would discourage spammers/hackers... and it would help the internet as a whole? How did you come up with that conclusion? I thought we can disable or undo this patch. If we can do that, so does the spammer/hackers or those illete users? How will this help prevent spammers?

[Mastertech]

If a user doesn't run as an administrator, won't that prevent a virus from unpatching it?

585561572[/snapback]

1. Who runs their windows system as a user?

2. If you get infected with a Virus/Worm as a user it would be due to some security exploit, which if anyone keeps up on them, usually allows complete system access!

If we can do that, so does the spammer/hackers or those illete users? How will this help prevent spammers?

EXACTLY! It doesn't do jack except make lazy system admins feel better, instead of fixing the real problem.

[Frank]

You still don't get it, this DOES NOT prevent you from getting a virus, you have to already be infected for this to theoretically do anything and all it would do theoretically is slow you down from infecting others. Now in REALITY a good virus writer will simply unpatch this when you get infected, do you now realize how pointless this is!!!

This is EXACTLY what I am talking about so called "experts" are attempting to scare people into not patching this for their own selfish interests. They don't care if you get infected only that you don't spread it to them. I prefer to have people NOT get infected in the first place then help out some sorry ass system admin that doesn't properly protect his servers. They deserve what they get for being lazy.

No, the patch here raises it to the original 16 million.

585560633[/snapback]

No I think YOU are the person who doesn't understand.

Lets say I am a average user who promoted this patch and uses it myself. I have AV running and is updated every day at midnight. I spread the word about this patch to everyone I meet. A virus that is released and since this patch is so popular the virus spreads like wildfire. I get the virus before I get a updated dat file BECAUSE someone I told installed that patch and it spread the virus around like crazy to other computers who have patched and then finally back around to me.

Since I also patched I am continuing this circle.

1. Who runs their windows system as a user?

2. If you get infected with a Virus/Worm as a user it would be due to some security exploit, which if anyone keeps up on them, usually allows complete system access!

585561869[/snapback]

All of the users that run the machines that I administer are not logged in as administrators. They have plain user rights.

EXACTLY! It doesn't do jack except make lazy system admins feel better, instead of fixing the real problem.

585561869[/snapback]

Can you please tell me how us "lazy system admins" are supposed to protect our machines from viruses other then cutting off the users access to the internet?

We use Trend AV here and it can take them hours to get a new dat file when a major virus outbreak has occured, so how exactly are we "lazy admins" supposed to fix the "real problem"?

[em_te]

1. Who runs their windows system as a user?

585561869[/snapback]

Anyone who's smart enough to get a patch for TCP/IP should be smart enough not to run as administrator. If they aren't then they should be warned on the sites that offers that patch to download.

2. If you get infected with a Virus/Worm as a user it would be due to some security exploit, which if anyone keeps up on them, usually allows complete system access!

585561869[/snapback]

Exploits are only root exploits if the application being exploited is running as root; which isn't many. Even IE, the most exploited application, doesn't run as root.

[jamend]

words

585561541[/snapback]

Alright, maybe my assumption of why the cap impedes on the performance of P2P downloads was wrong, but I know from experience that it does impede on the performance in some way. Let's not forget that this threaded started by someone complaining about messages that the cap was generating due to P2P applications.

Anyways, I disagree with those who apply the patch on all computers or who suggest it to eveyone they know. The patch only slows down how fast an infected computer can damage other computers, so only experienced users who can avoid getting viruses in the first place and who perform tasks on which the cap would impede (ie. port scanning, P2P, etc.) should consider applying it.

Also, I think this is a topic that should be openly discussed on Neowin without having the topic itself be negatively criticized. While there are many average computer users on Neowin who just want some technical support, there are of course also the more advanced users who provide that technical support and who also want to discuss more advanced topics.

Lastly, and this is directed at gameguy, I think you're making a bad judgement about people who do not work with computers as a profession and who do not have formal training. Someone who is a hobbyist and/or who hasn't "learned from the book" may still know as much or even more than someone who is a expert in the industry.

[Frank]

Alright, maybe my assumption of why the cap impedes on the performance of P2P downloads was wrong, but I know from experience that it does impede on the performance in some way. Let's not forget that this threaded started by someone complaining about messages that the cap was generating due to P2P applications.

585564015[/snapback]

This thread WAS NOT started by someone having these errors. I started this thread because I got tired of seeing people reccomend this patch to someone to "fix" their problem and upon further investigation had no idea what the patch actually did.

Also, I think this is a topic that should be openly discussed on Neowin without having the topic itself be negatively criticized. While there are many average computer users on Neowin who just want some technical support, there are of course also the more advanced users who provide that technical support and who also want to discuss more advanced topics.

585564015[/snapback]

How can you openly discuss a topic without showing the negative sides on that topic? That is what this thread is for to discuss this TCP/IP patch and make people understand what it does.

Lastly, and this is directed at gameguy, I think you're making a bad judgement about people who do not work with computers as a profession and who do not have formal training. Someone who is a hobbyist and/or who hasn't "learned from the book" may still know as much or even more than someone who is a expert in the industry.

585564015[/snapback]

I don't believe GameGuy was stating he was a "Networking Expert" in his post. I believe he was refering to people who came up with the idea to limit the un answered connections.

[Mastertech]

No I think YOU are the person who doesn't understand.

No I understand perfectly well.

Lets say I am a average user who promoted this patch and uses it myself. I have AV running and is updated every day at midnight. I spread the word about this patch to everyone I meet. A virus that is released and since this patch is so popular the virus spreads like wildfire. I get the virus before I get a updated dat file BECAUSE someone I told installed that patch and it spread the virus around like crazy to other computers who have patched and then finally back around to me.

Yeah too bad this is the real world and Viruses are not exploiting same day exploits. More like six month old security holes. If someone does this they are going to unpatch this cap anyway. Not to mention the cap doesn't stop the virus.

Can you please tell me how us "lazy system admins" are supposed to protect our machines from viruses other then cutting off the users access to the internet?

By making sure all your systems are fully patched and not just relying on AV! Not to mention implimenting proper security policies. All bad outbreaks of worms have been due to lazy ass admins not patching six month old exploits and relying on their AV. A good system admin will never have catastrophic virus outbreaks.

[John Veteran]

Lastly, and this is directed at gameguy, I think you're making a bad judgement about people who do not work with computers as a profession and who do not have formal training. Someone who is a hobbyist and/or who hasn't "learned from the book" may still know as much or even more than someone who is a expert in the industry.

585564015[/snapback]

Well, I'm flattered you think I'm an expert in the industry, but to be honest, I'm just starting my network training (Cisco CCNA, Microsoft MCSE). I don't even have a job dealing with computers yet; I'm a simple hobbyist like many of us on here. It's just that I'm very passionate about computers and networking, so I do lots of research in my own time. Thanks for the constructive criticism though (Y) Not many people are willing to say something like that to a moderator, even though the Neowin mods seem to be pretty reasonable...

[jamend]

This thread WAS NOT started by someone having these errors.  I started this thread because I got tired of seeing people reccomend this patch to someone to "fix" their problem and upon further investigation had no idea what the patch actually did.

How can you openly discuss a topic without showing the negative sides on that topic?  That is what this thread is for to discuss this TCP/IP patch and make people understand what it does.

I don't believe GameGuy was stating he was a "Networking Expert" in his post.  I believe he was refering to people who came up with the idea to limit the un answered connections.

585564200[/snapback]

Sorry, my memory didn't serve me correctly, but there were still other people reporting the issue in this thread. Also, I meant that the discussion of the topic should not be ridiculed, not the topic itself (ie. people shouldn't say "this is a pointless topic").

Well, I'm flattered you think I'm an expert in the industry, but to be honest, I'm just starting my network training (Cisco CCNA, Microsoft MCSE). I don't even have a job dealing with computers yet; I'm a simple hobbyist like many of us on here. It's just that I'm very passionate about computers and networking, so I do lots of research in my own time. Thanks for the constructive criticism though (Y) Not many people are willing to say something like that to a moderator, even though the Neowin mods seem to be pretty reasonable...

585565495[/snapback]

Although I'm sure you're quite good with computers, I didn't suggest that you were an expert =)

I was referring to this:

What is sad is people thinking they're smarter than networking experts who are paid to be among the best in their field...

585520027[/snapback]

[John Veteran]

Although I'm sure you're quite good with computers, I didn't suggest that you were an expert =)

585565799[/snapback]

What was this all about then? :huh:

Someone who is a hobbyist and/or who hasn't "learned from the book" may still know as much or even more than someone who is a expert in the industry.

Whatever, I guess it doesn't matter :laugh:

[Mouton]

Just to continue on the previous (3 pages ago I think) image...

Personally, I wait at red lights because I care for my security, *and* the security of others that I might compromise by crossing a street when it's not my turn to.

I strongly believe that MS patch in SP2 that enforce this kind of comportment is a good thing.

Removing it is, again using that wonderful metaphor, kinda like crossing on a red light once in a while to get where you're heading faster. Even if you are careful and there's a good chance you'll never cause harm by being careful, **** happens and you might hit your grandma who was crossing the street and who you didn't see for some reason.

How sad that under the impression that your time is worth more than other's security, you fry red lights.

How sad that under the impression that your P2P searches will get faster, which would make you happier for some unknown reason, you become a bigger threat to everyone on the internet.

But eh... We still win as a whole. MS patch is still active on approx 99.999% of Windows SP2 PC. So unpatch yours if you want.

At best, you'll never send me a virus. At worst, I'll have the occasion to say 'I told you so' once more.

[jamend]

The difference is that traffic lights must be followed by law while the cap does not. The risks are also much different, as is the action of taking that risk. If you can avoid getting viruses in the first place, you have every right to apply the patch.

[Mastertech]

The difference is that traffic lights must be followed by law while the cap does not. The risks are also much different, as is the action of taking that risk. If you can avoid getting viruses in the first place, you have every right to apply the patch.

Exactly.

A better metaphore would be a "security guard" for your house that doesn't do anything while your house is being robbed and ransacked but is paid to just keep stepping in the way of the the crooks as they move onto other homes, making them take longer to get their but not apprehending thim. To make things worse the guard does this for everyone leaving your house, all the time.

Now who would think this is "good" security or even security at all?