D0GG Posted April 22, 2005 Share Posted April 22, 2005 Windws XP SP2 introduces a few new twists to TCP/IP in order to babysit users and "reduce the threat" of worms spreading fast without control. In one such attempt, the devs seem to have limited the number of possible TCP connection attempts per second to 10 (from unlimited in SP1). This argumentative feature can possibly affect server and P2P programs that need to open many outbound connections at the same time.Rant: The forward thinking of Microsoft developers here is that you can only infect 10 new systems per second via TCP/IP ?!?... Keep in mind that would still make 10^60 in a single minute, (that's 10 with 60 trailing zeros...) if everyone already infected also infects 10 new computers per second. In other words, even though it is not going to stop worm spreading, it's going to delay it a few seconds, limit possible network congestion a bit, and limit the use of your PC to 10 connection attempts per second in the process ! I have no problem with the new default setting limiting outbound connection attempts. Still, users should have the option to easily disable or change this setting. I might be going out on a limb here, but ever since the introduction of Windows XP I can't help thinking that I dislike all the bult-in Windows "wisardry" in a sense that the system also limits user access. That irritating trend to ease the mental load on end users is somewhat insulting, considering that Windows is to make the more "intelligent" choice instead of the end user, as well as limit their access to tuning such settings...End of rant.With the new implementation, if a P2P or some other network program attempts to connect to 100 sites at once, it would only be able to connect to 10 per second, so it would take it 10 seconds to reach all 100. In addition, even though the setting was registry editable in XP SP1, it is now only possible to edit by changing it directly in the system file tcpip.sys. To make matters worse, that file is in use, so you also need to be in Safe mode in order to edit it.You only need to worry about the number of connection attempts per second if you have noticed a slowdown in network programs requiring a number of connections opened at once. You can check if you're hitting this limit from the Event Viewer, under System - look for TCP/IP Warnings saying: "TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts". Keep in mind this is a cap only on incomplete outbound connect attempts per second, not total connections. Still, running servers and P2P programs can definitely be affected by this new limitation. Use the fix as you see fit.To change or remove the limit, you can use the following program: EventID 4226 Patcher Version 2.23b - A patching program for removing or changing the limit imposed on connection attempts in SP2. The patcher has the ability to restore tcpip.sys back to the original... Still, you might want to back up tcpip.sys, use it at your own risk. The author of this patch can be reached @ http://www.lvllord.de/Source*Note - I did edit the download link and name because the listed version was out dated. The latest version was released today.*Also I was reading Lvllord's forum and someone noticed that NOD32 thinks the file is a threat and so he had to start in safe mod to run the patcher. Lvllord replied: "After I read this (on 19th) I wrote an eMail to NOD32 but till now, no answer :lol: I also called german support and yesterday evening I called ESET in America. They both said, I should eMail them. My question was, why the patcher has been added to their antivirus definition 1.1045 since it neither do anything without user interaction nor does it contain harmful, viral, trojan, spy a.s.o. code. It's just a program to change the limitation of half-open connections when somebody needs it ... "Here's the forum thread if you want to read it.I dont know that it means anything to anyone, but its also avaible in german. And the main passage mentions about the file being in use and having to apply in safe mode (I dont use NOD32 either), I didn't apply in safe mode and the patcher said it worked. Whatever I'll run it in safe mode later just in case... But just to remind you THE PATCH IS COMPLETELY REVERSEABLE. Link to comment Share on other sites More sharing options...
Administrator Lite Posted April 22, 2005 Administrator Share Posted April 22, 2005 Its only detected by NOD32 using the option to detect "Potentially Dangerous Applications" afaik.Unless you get lots of EVID 4226 warning.... dont use this tool. Link to comment Share on other sites More sharing options...
D0GG Posted April 23, 2005 Author Share Posted April 23, 2005 Good tool though. Micro$oft is so ghey. They should make windows like many good programs that have basic and advanced (or expert) interfaces. So computer illiterate people would know how to use windows, and people who know what they are doing have options to tweak windows how they want to. Instead of people having to write programs to get full control of thier OS.This makes me wonder... Since they finally incoperated some security features in SP2 such as Windows Firewall and that annoying bubble that pops up to tell you that you dont have an antivirus. Does anyone think they'll eventually incorperate M$ Antispyware and maybe a M$ Antivirus into future Service Packs or versions of Windows? They're already making money without having thier own antivirus by advertising the antivirus programs on thier website that are displayed when people click the Recomendations button that is displayed when no antivirus is detected (or cuz you didn't tell it to quit poping up). Link to comment Share on other sites More sharing options...
Administrator Lite Posted April 24, 2005 Administrator Share Posted April 24, 2005 Longhorn will probs ship with both (to some extent) Link to comment Share on other sites More sharing options...
Samurai Posted April 24, 2005 Share Posted April 24, 2005 Whatever Longhorn does ship out with I sincerely hope they give us, the end user, the ability to change these settings if we so wish to do so.I don't like being restricted in this sort of thing, and if often means going to third-party websites and downloading software patches / drivers / tools etc... which obviously include some form of risk taking depending on how you look at it. Link to comment Share on other sites More sharing options...
Snake Posted April 24, 2005 Share Posted April 24, 2005 Whatever Longhorn does ship out with I sincerely hope they give us, the end user, the ability to change these settings if we so wish to do so.I don't like being restricted in this sort of thing, and if often means going to third-party websites and downloading software patches / drivers / tools etc... which obviously include some form of risk taking depending on how you look at it.totally right, they need to include those type of settings in Longhorn. Link to comment Share on other sites More sharing options...
Administrator Lite Posted April 24, 2005 Administrator Share Posted April 24, 2005 Dont expect options to change these types of security features because virus writers will change them.... Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.