Sunday, December 30, 2007

Microsoft Blog Briefs, XP SP3 Slipstreaming, and Vista Services Tweaks

Quick update on some Microsoft-related articles.

I've been disappointed with the lack of posts over on Microsoft's Microsoft Anti-malware blog.

I had hoped it would provide interesting technical details about some malware issues they are encountering. Alas, it hasn't lived up to the billing. Posts are few and far-between.

The Microsoft Security Response Center blog has been a bit more productive, providing information on upcoming security update patches and releases, and more details and workaround when something unexpected comes up.

Microsoft SVRD Blog

So I was hopeful when I saw a post there announcing (yet another) Microsoft security blog:

This one promises to share in-depth technical info about vulnerabilities serviced by their updates.

...the Security Vulnerability Research & Defense blog’s intent is to provide more information about Microsoft vulnerabilities, mitigations and workarounds, and active attacks.  During Microsoft’s technical investigation of security issues, information is discovered that we feel is important to share.  Some examples include:

  • Workarounds that are not 100% effective in every situation, every attack vector

  • Workarounds that are specific to a particular attack

  • Super complicated workarounds that work but cannot be recommended to all customers

  • Interesting mitigations that might not be present in all cases

  • “Best Practices” type guidance that applies to a particular vulnerability

  • Group policy deployment guidance

  • “Interesting” facts about a vulnerability Microsoft is fixing that will help customers learn more about Windows, the security infrastructure, or the way we conduct security investigations

  • Debugging techniques and information on how to triage security vulnerabilities

  • Overview of some of the challenges that we face when fixing specific security bugs

As always, security bulletins or security advisories are the ultimate authority but we’ll try to include juicy spill-over technical stuff in the Microsoft Security Vulnerability Research and Defense blog.

The first two blog posts are pretty interesting...if this is your thing:

I, for one, actually find knowing the background story on the updates kind-of fascinating.

XP SP3 RC1 Slip Streaming - Works but Doesn't

I actually find that it is fun and useful to slip-stream service packs in XP setup disks.

There are a number of automated tools to try to assist you with this process, but I am old-school and have always had fail-proof experience by just following Paul Thurrott's SuperSite for Windows: Slipstreaming Windows XP ... guide.  Works like a charm, every time.

So when the XP SP3 RC1 release became available for download, I wanted to give it a try.

And it worked perfectly.

The building, that is.  See, I never actually "tested" using it to create a new image.

Turns out there is a bug in XP SP3 RC1 that makes this currently not a good thing to try.  I was reading the APCMag post HOW TO: create a bootable XP SP3 CD and found a curious note:

NOTE – do not follow this tutorial to create a slipstreamed XP SP3 CD using the currently-available beta of SP3. Even if you are tempted to Bittorrent it. There’s a significant bug with the Windows Product Activation feature which lets you install Windows XP without entering a product key. The bug means that you’re still prompted for a product key, but the installer won’t accept any key you type in. We’ve reported this problem to Microsoft and are awaiting a response -- but you can assume this will be sorted out by the release of the gold master.

The process works, but the delivery doesn't. That doesn't bother me as I wouldn't imagine using a release candidate version of a service pack to deploy new systems with, but it was a good trial-run test.

That actually let me to find a really fascinating TechNet forum on Window XP Service Pack 3

It has a number of bug reports, and workaround solutions.

Vista Bits and Services Tweaks

Vista bashing - Why is it so popular? - 4sysops climbs into the muck being tossed at Vista and shares their take why everyone is taking aim at Vista like the coach at a dunking-booth at the high-school fair.  Summary; Microsoft cut key features early in development, OS feature development shifted to Security, not a sexy topic, bashing Redmond is a good traffic draw.

See also:

SpeedyVista.com - Windows Vista Tweaks and Services - neat website that offers a number great resource links for working with Vista and its services. (spotted via TinyApps)

  • Tweaks - Covers tips on performance, multi-monitors, indexing service, drivers, boot settings, security, activation, auto-backups, and more.

  • Service Guide - Lists and explains what the various Vista services are along with their default and recommended settings. See also the condensed Services Cheatsheet

  • Registry Files - Provides the default registry settings (in both bat and reg formats) for Vista Home Basic, Premium, Business, and Ultimate.  Really handy if you make a bad mistake and want to try to restore the registry to it's default service settings.  Also offered are reg and bat files to instantly switch your service settings to "Safe" or "Tweaked" or "Minimal" configurations. 

Reminded me of the famous "Black Viper's" XP Service tweaks of yore. Last I heard, his page had gone 404 but I was happy to find he is back with a new site and new material.

As always, do these tweaks at your own risk! 

Your performance may vary and these are the opinions and suggestions of third-party tweakers...not Microsoft so accuracy for some choices and settings may be open to considerable debate amongst Windows techies.

--Claus

No comments: