How could I make my own service pack

[Delprat]

Of course it takes time, but it's no more than copy/pasting files with explorer and copy/pasting INF files contents with notepad. Don't say it's hard...

The easier way to go is to take an update pack (RyanVM one or another), and look into it (enties.ini & RVMUpPk.inf), following explanations on RyanVM's forum. When basic structure is understood, simply try to add one hotfix. Then another. Then you'll be smart enough to start a new update pack.

But these "UpdatePacks" will never be "service pack" (even with a "custom" prefix) : microsoft's SP contains a powerful engine (update.exe) able both to install on existing systems (with an optional backup) and to slipstream to an install source. Plus it checks if you are applying the good SP on the good OS.

All this power is absent in RVMIntegrator (and in nLite, which is even less powerful)... Thus, take care... you should end up with an alert before logon saying you can't use your OS

++

[Crash&Burn]

Since there might not be a SP3 for Windows XP and I don't want to do all this work on nLite and having to test my disks for the latest security over and over again is there a possible way to make my own service pack, or to add security updates to the service packs.

How can it be done to create my own service pack?

I don't understand why you would want to make a service pack in the first place. With the tools available now, its nearly a no-brainer to slipstream everything into the source prior to an install.

But all most service packs are just self-extracting (SFX) cabs, much like SFX Rars or SFX 7z's. If you look inside a typical KB file, there is a subDir of ./update/

eula.txt
kb896358.cat
spcustom.dll
update.exe
update.inf
update.ver
updspapi.dll

So with some amount of work, unpacking the various KB files, renaming the update.inf's to the appropriate kb#..ie kb896358.inf, you could create a SFX rar that unpacks and executes the various inf's contained within.

Don't see how this would be a worthwhile way to waste time though, use the tools that have been tweaked and honed, HFSLIP, NLite, XPCreate - whatever floats your boat... Its immeasurably easier to update source before installing than to apply service packs ad nauseum to a fresh Windows install.

[monohouse]

or better yet, don't update

[enderandrew]

Yep, gotta love keeping exploitable code around!

Other than WGA, I can't see any good reason for not installing the critical updates.

[morfix]

with all this exploitable code, do you really think that there as many crackers and as many exploits around that every system is hacked ?

also, the updates make new security holes, that's why some updates are only valid for SP2/SP1.

crackers are always aiming towards hacking the uncovered exploits in the new updated versions, not the old ones.

not to mention the fact that no matter how many updates you make it will never be secure, look win2000 it's SP4 there are still exploits in it, nothing will ever be secure.

keep in mind that all these updates all additonal load on the system, they make those libraries bigger all the time, because ther not only add new security code, but also add bloat, that is why SP2 has a 137 MB ISO and SP0 has only 79 MB ISO.

and personally I would install all the security updates if they were really updating only the security problems, but they don't and if they were also fixing ALL the security problems, but neither is true.

if a company REALLY wants to make their products secure, they would have done that in the first place.

if I had to guess, they insert security holes to make you want to "fix" them so that they could add more bloat to the .dll's which would of corse make you buy more powerful system, that's where they get money from hardware companies....

and most important to you than anything else : I am running an "insecure" sp0 system without any updates, everything works fine without any problems, all these "security holes" that are in the .dll's, I have two things to say about them : 1. don't load / run them and there won't be any security holes, 2. their explitability is nowhere near critical, 3. even if there is some hole is the security and someone is to exploit it and if he's really good enough he will exploit even your most updated system.

Edited June 16, 2006 by morfix

[-I-]

*just use ryan vm's packs. |

creating a service pack is a HUGE project,

and xp sp3 WIL come. around about the same time as vista.

[Camarade_Tux]

*just use ryan vm's packs. |

creating a service pack is a HUGE project,

and xp sp3 WIL come. around about the same time as vista.

One year later in fact, in 2007!

[Camarade_Tux]

also, the updates make new security holes, that's why some updates are only valid for SP2/SP1.

An update is not a recode from scratch!

It doesn't add flaws, it's not that long to fix the bug. You have to find the exact problem and then it's quick. But it's long to check the fixed file works as expected, doesn't break anything...

crackers are always aiming towards hacking the uncovered exploits in the new updated versions, not the old ones.

Just like worms.

keep in mind that all these updates all additonal load on the system, they make those libraries bigger all the time, because ther not only add new security code, but also add bloat, that is why SP2 has a 137 MB ISO and SP0 has only 79 MB ISO.

NO!

The difference between SPs and hotfixes is SPs add functionnalities.

When you read a flaw was caused by an unchecked buffer, changing this buffer to checked will maybe make your soft run 0.000001% slower.

and personally I would install all the security updates if they were really updating only the security problems, but they don't and if they were also fixing ALL the security problems, but neither is true.

And what else do they update ?

if a company REALLY wants to make their products secure, they would have done that in the first place.

Do you know why PunBB is a great board ?

Because it has 2 000 000 less lines of code than IPB. It is far more maintanable.

if I had to guess, they insert security holes to make you want to "fix" them so that they could add more bloat to the .dll's which would of corse make you buy more powerful system, that's where they get money from hardware companies....

I, myself, has a conspiration from MS : putting techs on desktop clients so that you buy servers to use these features which licences are more expensive.

and most important to you than anything else : I am running an "insecure" sp0 system without any updates, everything works fine without any problems, all these "security holes" that are in the .dll's, I have two things to say about them : 1. don't load / run them and there won't be any security holes, 2. their explitability is nowhere near critical, 3. even if there is some hole is the security and someone is to exploit it and if he's really good enough he will exploit even your most updated system.

-hackers

-worms

These are not the sames.

A human attacker will most likely succeed. However they probably have other things to do than hacking into a personnal computer.

[monohouse]

what can a worm do to a system on which all the ports are closed ?

that is what I am trying to fix in my closing ports thread, if we manage to close all those ports 1025, 138, 139, 455.

there will simply not be anything a wor mcan connect to, thus there will not be anything for it to be able to do.

because a connection to the system cannot be established, if you'd ask me, I say the worm problem can be easily fixed.

I do agree with the assessment not to update *everything*, only the protocol which has open ports (RPC?), which only needs one update/security fix.

I can't figure out why we need updates for a computer that has all it's ports closed, espcially with a firewall (except of corse for private protocols).

[Camarade_Tux]

what can a worm do to a system on which all the ports are closed ?

that is what I am trying to fix in my closing ports thread, if we manage to close all those ports 1025, 138, 139, 455.

there will simply not be anything a wor mcan connect to, thus there will not be anything for it to be able to do.

because a connection to the system cannot be established, if you'd ask me, I say the worm problem can be easily fixed.

I said the same thing (at least tried to ).

[ZcWorld]

dead on

a worm will open ports any way it can to get access

its just a matter of time

[-I-]

by the way...

keep in mind that all these updates add additonal load on the system, they make those libraries bigger all the time, because ther not only add new security code, but also add bloat, that is why SP2 has a 137 MB ISO and SP0 has only 79 MB ISO.

if you knew anything about programming, you wouldn't have stated this,

because fixing buggs is not about adding extra lines of code to put glue in a hole,

but rather instead they rewrite the faulty code,

did you even know that 1 of the biggest causes of bugs is that programmers had previously added a feature that didn't quite fit,

also any profesional would audit his code quite a few times per lifecycle.

thus making the code smaller more efficient and thus faster...

[hyipo]

But I have to make a service pack. When I integrated the updates I keep having all these problems. I even got my server messed up. I just want to put them all in a service pack so I don't have to deal with the frustration. I use Windows 2000 Adv. Server.

Heck I also got security holes too. I just want them all integrated without trouble with IIS, Outlook Express messing up with integration, or other stuff.

[hyipo]

Anyways All I want to know is what freeware, programs, or methods on how to make my own service packs. That's all. I just want to know. I think it is possible because of these post service packs, and unoffical SP5 Service Pack.

[RyanVM]

Just use RyanVM's pack.

He's a giant douche and the pack slowly has junk creeping into it (WGA, WGA Tray Notifications). But other than that, its relatively good.

I love you too

BTW, I'm more of a turd sandwich than a giant douche

EDIT: Oh, and people in my forums have made removal addons for WGA for those who don't like it.

Edited June 25, 2006 by RyanVM