Windows XP SP2 TCP/IP "Patch"

By Frank
in Microsoft (Windows)

 Share

Recommended Posts

Grand Master

John Veteran

Posted
  • Veteran
Posted
BTW if Microsoft can get around the system file warning during updates so could a virus.

585958883[/snapback]

Do you know how hotfixes "get around" it? :rolleyes: They install files with higher version numbers that are digitally signed by Microsoft, that is the key. If the file is signed, it will be accepted by Windows File Protection. If it is a higher version number, Windows will allow it to install without asking the user. If it's a lower version, Windows might prompt you about it or might simply refuse the file.

It's not really possible for a virus to create a file signed by Microsoft, so that's not going to happen.

Veteran

em_te

Posted
Posted
Or it could simply replace the file outright and lock the system up, forcing a reboot. Once a virus has full system control there is not much it cannot do.

585958883[/snapback]

It depends on the type of virus. If it's something like the Slammer virus, which only resides in memory, that it won't survive a reboot. That's already one class of viruses which this protects against. And if the virus is written in a scripting language like HTA viruses are, then it's going to be a lot harder to write all that code to "patch" the connection limit using the file manipulation libraries available in scripting languages. Most scripting languages only allow basic file editing and nothing to interface with WFP. So there's another class of viruses which will be hindered.

Grand Master

John Veteran

Posted
  • Veteran
Posted
How long has Windows XP had Digital Signatures and WFP? Yet systems are still infected? :whistle:

585959589[/snapback]

You misunderstand. What I posted was what a virus would have to go through in order to change the limit imposed by SP2. Digital signatures and Windows File Protection aren't meant stop viruses. Only antivirus software (and a somewhat intelligent user) can prevent/stop viruses.

  • 3 weeks later...
Contributor

ckozlowski

Posted
Posted

I thought I'd add to this as I have found a good reason for the patch. It seems that when doing vulnerability scanning, using something such as Nessus or Harris STAT, having the patch does slow things up, since the scanners usually do exactly what the patch prevents: Open numerous TCP connections without waiting for reply. I noticed a marked improvement in my scanning times after applying the patch, since the scanner is testing machines that may or may not be there. (Hence all of the open TCP sessions....) I first found this using Harris STAT.

I figured this might be helpful for some of you who are sys admins out there and do vulnerability scanning over a LAN.

I've run this patch on my work machine but no others, I have not seen those event log entries while running bittorrent, etc. I'd have to agree with most everything that has been said in this thread, and as such I only have the patch on my work machine.

Veteran

Beastage

Posted
Posted

What a pointless argueing thread...

I just have 2 things to say :

1. The TCP/IP patch improves your file sharing

2. The TCP/IP patch increases your system vulnerability to worms/viruses

Let the people decide what they want and stop convincing each other with opinions

Grand Master

jamend

Posted
Posted
What a pointless argueing thread...

I just have 2 things to say :

1. The TCP/IP patch improves your file sharing

2. The TCP/IP patch increases your system vulnerability to worms/viruses

Let the people decide what they want and stop convincing each other with opinions

586096369[/snapback]

The thread is obviously not pointless because you still don't understand what the patch does. #2 is completely wrong; you will not be more vulnerable to worms or viruses if you apply the patch. However, and as has already been said many times, your computer will infect more computers faster with a virus that you get.

  • 2 weeks later...
Collaborator

mocax

Posted
Posted

Will this tcpip limitation affect hosting online games? eg. I wanna host a 16 player UT2K4 game, will 6 players just drop off the server?

And how about running a web server like Apache on a WinXP machine? will the number of connections be nerfed so that it can serve only 10 web clients simultaneously?

Is windows 2000 affected too?

Grand Master

The_Decryptor Veteran

Posted
  • Veteran
Posted
Will this tcpip limitation affect hosting online games? eg. I wanna host a 16 player UT2K4 game, will 6 players just drop off the server?

And how about running a web server like Apache on a WinXP machine? will the number of connections be nerfed so that it can serve only 10 web clients simultaneously?

Is windows 2000 affected too?

586165016[/snapback]

No, this feature in XP SP2 limits your computer to only have 10 half-open connections at one time, so you could still have 16 players, or server a few hundred people on a web serve, just cant have half-open connections.

Say, if you have 30 half open connections, it will limit you to 10, but if 5 suddenly become fully open, it will let 5 of the 20 remaining connecitons to be opened, so in the end, all those 30 connections will become open if they can (e.g. the computer is there)

Basically, no need to install this patch, unless for scanning subnets or the like, where you need alot of half-open connections quickly

Grand Master

The_Decryptor Veteran

Posted
  • Veteran
Posted

Yeah, this limit is only there to slow down a flod of half-open connections

webservers dont open tones of half open connection, it opens one connection per client (and they become fully open quickly, thses half-open connections stay half open for a few seconds)

also, apache talks directly to mysql, it wont be affected at all by this limit.

Grand Master

AgEnTsMiTh

Posted
Posted

Edit... never mind I figured it out.

The patch really does nothing to help your p2p downloads. I investigated it myself and honestly, this is a lot of fuss for nothing. You can do everything you wanted just fine. At least this is the case for me.

This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.

  • Popular Now

  • Posts

    • Browser vendors pen open letter to Microsoft saying "enough is enough"

      By Nick H. · Posted

      On the one hand, it shouldn't be difficult. You buy a computer, you decide what OS you want, which browser etc. Simple enough. But that's the techie side of things. My sister, my mother, wouldn't bother with such a thought. And I'm pretty sure that if you presented a window asking them what to pick they would say, "I don't care! I just want to access my Email!"
    • CPU-Z 2.20.2

      By Copernic · Posted

      CPU-Z 2.20.2 by Razvan Serea CPU-Z is a freeware utility that gathers information on some of the main devices of your system. CPU-Z does not need to be installed, just unzip the files in a directory and run the .exe. In order to remove the program, just delete the files. The program does not copy any file in any Windows directory, nor write to the registry. CPU Name and number. Core stepping and process. Package. Core voltage. Internal and external clocks, clock multiplier. Supported instructions sets. All cache levels (location, size, speed, technology). Mainboard Vendor, model and revision. BIOS model and date. Chipset (northbridge and southbridge) and sensor. Graphic interface. Memory Frequency and timings. Module(s) specification using SPD (Serial Presence Detect) : vendor, serial number, timings table. System Windows and DirectX version. CPU-Z 2.20.2 changelog: Intel Arc G3 and G3 Extreme (Panther Lake)(2.20.2). AMD Ryzen 7 7700X3D (Raphael) (2.20.1). AMD Ryzen AI Max+ 495, 492, 488 (Gorgon Halo). AMD Ryzen AI Max 490, 485 (Gorgon Halo). AMD Ryzen AI Max PRO 495, 490, 485, 480 (Gorgon Halo). AMD Ryzen 9 9950X3D2 (Granite Ridge). AMD Ryzen 9 PRO 9965X3D, PRO 9945 (Granite Ridge). AMD Ryzen 7 PRO 9755, PRO 9745 (Granite Ridge). AMD Ryzen 5 PRO 9645 (Granite Ridge). AMD Ryzen AI 7/PRO 450G/GE (Gorgon Point 2). AMD Ryzen AI 5/PRO 440G/GE (Gorgon Point 2). AMD Ryzen AI 5/PRO 435G/GE (Gorgon Point 3). AMD Ryzen AI Max+ 392 (Strix Halo). Intel Core Ultra 5 250KF Plus (Arrow Lake Refresh). Intel Core 7 360 and 350 (Wildcat Lake). Intel Core 5 330, 320 and 315 (Wildcat Lake). Intel Core 3 304 (Wildcat Lake). Intel Core 9 273PQE, 273PTE, 273PE (Bartlett Lake). Intel Core 7 253PQE, 253PTE, 253PE, 251TE, 251E (Bartlett Lake). Intel Core 5 223PQE, 223PTE, 223PE, 221TE, 221E, 213PTE, 213PE, 211TE, 211E (Bartlett Lake). Intel Core 3 201TE, 201E (Bartlett Lake). Intel Arc Pro B70 and B65 (BMG-G31). Intel Arc Pro B60 and B50 (BMG-G21). Support of HUDIMM and HSODIMM memory modules. Download: CPU-Z 2.20.2 | Portable ~5.0 MB (Freeware) View: CPU-Z Website | Screenshot Get alerted to all of our Software updates on Twitter at @NeowinSoftware
    • Browser vendors pen open letter to Microsoft saying "enough is enough"

      By excalpius · Posted

      Oh no! Not the BCA!!!
    • Browser vendors pen open letter to Microsoft saying "enough is enough"

      By Co-ords · Posted

      Anyone who expects MS to play fair is a complete idiot.
    • Browser vendors pen open letter to Microsoft saying "enough is enough"

      By RejZoR · Posted

      Everyone behaves like Internet Explorer just never happened and Edge is whole new thing all while Microsoft is pulling the exact same ###### it did back then. Sigh.

  • Recent Achievements

    • Conversation Starter
      mobandz earned a badge
      Conversation Starter
    • Apprentice
      fernan99 went up a rank
      Apprentice
    • One Month Later
      nothanks earned a badge
      One Month Later
    • One Month Later
      B2Proxy earned a badge
      One Month Later
    • One Year In
      MadMung0 earned a badge
      One Year In

  • Popular Contributors

    1. 1
      +primortal
      468
    2. 2
      PsYcHoKiLLa
      250
    3. 3
      Skyfrog
      79
    4. 4
      FloatingFatMan
      77
    5. 5
      Michael Scrip
      60
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!