Windows XP Service Pack 2 (SP2) with Advanced Security Technologies FAQ

Windows XP Service Pack 2 (SP2) with Advanced Security Technologies was originally due in fall 2003, but a spate of hacker attacks that summer prompted Microsoft to regroup and rethink its plans for SP2. Now a major security update that will include numerous new features, SP2 isn’t just a simple collection of bug fixes anymore. Instead, XP SP2 will ship with major new security features, including a new Security Center dashboard, a new Windows Firewall, a pop-up ad blocker in Internet Explorer, and numerous other changes. XP SP2 will be available for Windows Home, Professional, Media Center, Media Center 2004, and Tablet PC Editions

Final update: Windows XP SP2 was finalized on August 6, 2004 and is now available for download soon from the Microsoft Web site. for this reason, my Windows XP SP2 FAQ is now frozen. For more information, please see my exhaustive review of XP SP2.

Q: What is Windows XP Service Pack 2 (SP2) with Advanced Security Technologies?

A: XP SP2 is a major, security-oriented update to Windows XP that is due by late summer 2004. It will include all the bug and security fixes Microsoft shipped since the original XP release as well as a host of new security features. Microsoft is touting this release as “proactive protection for Windows XP.”

Q: What are “Advanced Security Technologies”?

A: These are the new security-centric features in XP SP2 (see below) and the new security-centric default settings that Microsoft sets in this release.

Q: What security features will XP SP2 include?

A: XP SP2 will include the following new security features:

Security Center. A new front-end, or dashboard, to XP’s security features, including Automatic Updates, Windows Firewall, and virus protection. Microsoft doesn’t offer any antivirus protection software directly, but Security Center integrates with third party software such as McAfee VirusScan.

Windows Firewall. The new Windows Firewall replaces Internet Connection Firewall (ICF) and is on by default. Windows Firewall boasts several new administration-related features, including a full set of configuration options, Active Directory (AD) administration capabilities through Group Policy, command-line support that’s compatible with logon scripts and remote management, and multiple-profile support. It is also enabled earlier in the boot process, eliminating the possibility that intruders could insert errant code over a network before the system fully comes up.
IE security improvements. XP SP2 provides an improved Microsoft Internet Explorer (IE) version that contains several new features. A new opt-in pop-up ad blocking feature announces itself the first time you access a page that tries to open a pop-up window. (IE won’t block pop-ups you enable by clicking a hyperlink.) This feature is configurable, so you can create a list of trusted sites if needed. The new IE also removes the capability of Web sites to open child windows that have certain features removed. For example, it’s no longer possible to open a pop-up window with the address bar, title bar, status bar, or toolbars removed. Microsoft added this feature so that users can close any pop-up windows that do open. Furthermore, scripts can’t position windows so that the title bar or address bar are above the top of the display or so the window’s status bar is below the bottom of the display. IE also includes a new locked-down Local Machine security zone to help prevent malicious scripts and other dangerous Web downloads from compromising the system.
Microsoft has also overhauled IE’s add-on subsystem, a move that will require plug-in makers to revamp their products. The end result, however, is better safety for users. Inadvertently installing spyware or malicious ActiveX controls will now be more difficult, and the programs will also be easier to remove. The add-on manager also monitors IE crashes caused by add-ons, letting you disable unstable add-ons. Perhaps most important, the IE add-on manager is fully manageable: You can centrally configure IE’s crash-management options and which add-ons are allowed or denied.
Outlook Express and Windows Messenger improvements. The Microsoft Outlook Express version in XP SP2 includes more secure default settings and isolation of potentially unsafe attachments, helping to ensure that email-borne attacks can’t affect the system. Outlook Express also picks up a neat feature from Microsoft Office Outlook 2003: It won’t download images in HTML email by default (spammers often use tracking devices in HTML images to ensure you’re getting their email). Like Outlook Express, the Windows Messenger version included with XP SP2 isolates any transferred files that might be unsafe.
Memory protection. Over the years, an amazing number of buffer overrun errors have been at the root of various Windows compromises. Although Microsoft sought to find and remove any potential exploits during its infamous 2002 Trustworthy Computing code review, many problems remain. So XP SP2 includes several new security technologies, originally designed for Windows Longhorn, that battle buffer overruns. Some of these changes are software based and will aid all XP users; others require the new “no execute” (NX) microprocessor feature that’s built in to all modern Intel and AMD microprocessors. The NX feature uses the computer’s microprocessor to separate application code from data, ensuring that an electronic attack won’t be able to insert virulent code into memory reserved for data.
New Windows Update. XP SP2 connects to a new version of Windows Update, which offers a convenient Express Install feature that automatically selects and installs all critical updates. You can also use a new optional updates section to choose features, including software updates (e.g., Microsoft Windows Movie Maker 2, Microsoft Windows Journal Viewer) and system-specific drivers. XP SP2 contains many other computer-maintenance-related technologies, but Microsoft says it will document them in the future. Expect a second beta release by the end of March: I’ll have more information about other new features as they become available.
Network attack protection. In addition to the new ICF version, XP SP2 includes a refined version of the remote procedure call (RPC) technology, which reduces the attacksurface of XP machines attached to remote resources. RPC also runs under reduced privileges in XP SP2, reducing the chance that errant code can gain a foothold in your system and cause problems.

For more information about the new features and changes in XP SP2, please refer to my exhaustive review.

Q: Why should I install Windows XP SP2?

A: Windows XP with SP2 is more secure by default that XP, and more secure than you can make XP without buying third party applications. Its firewall helps guard against unsolicited inbound network traffic. The Data Execution Prevention technologies help mitigate buffer overrun-based attacks. The system blocks unsafe attachments in IE, Messenger, and Outlook Express by default. The new wireless networking client is easier to use and safer than previous versions. IE now includes pop-up blocking, allowing for a safe Web browsing experience. In sum, these and other features make SP2 a must-have. My advice is to install this release immediately.

Q: What are XP SP2′s system requirements?

A: XP SP2 requires a PC running Windows XP and a CD-ROM drive. The PC should have at least a 233 MHz processor, 64 MB of RAM, and 800 MB of available disk space during installation.

Q: How long will it take to install XP SP2?

A: Depending on the method you use, it could take up to an hour. However, remember that XP SP2 is a massive upgrade that includes all of the previously-released XP updates. In essence, XP SP2 is a brand new version of Windows.

Q: What if I don’t want all of the features. Can I turn off some of the new stuff in SP2?

A: Yes. SP2 is designed to be configurable. For IT administrators wishing to roll out custom versions of the OS, XP SP2 includes an unprecedented level of control with over 600 new Active Directory Group Policy Objects (GPOs).

DOWANLOAD