• Windows XP SP2 (Service Pack 2 )

    by  • July 21, 2009 • Windows XP

    There may be a large number of people out there in the world- people with jobs and lives who don’t lurk around computer security web sites or fish through computer magazines in all their free time- who may be unaware that the long awaited Windows XP Service Pack 2 (SP2) will be released by Microsoft soon. But, whenever Microsoft has to push back a release date it becomes front page news around the globe so its possible that even those people know. Regardless, Microsoft has released the release candidate (RC1) which is typically the last phase prior to a public release so we can expect to see SP2 available in the next month or two I would guess.

    One of the most talked about additions in SP2 has been the Security Center and the changes Microsoft has made to a number of different features in the name of security. When Windows XP was first released it was hailed as the most secure yet. Windows XP Home edition, although it still lacks some of the most important security features of its Windows XP Pro sibling, was a quantum leap better in stability and security than its Windows home operating predecessors such as Windows 98 or Windows ME (Millennium Edition).

    But, one of the chief complaints has been that there are still insecure features that are enabled by default while the security features such as the built-in firewall are disabled by default. This means that users must know enough to determine that they want the security feature turned on and then figure out how to navigate through Windows to find the feature and enable it. Its a little like selling a car with brakes, but having them be disabled until the user finds the right switch to turn them on.

    Windows XP Service Pack 2 includes many new or modified features designed to make the operating system more secure such as:

    • Managing IE add-ons
    • Stopping malicious scripting in IE
    • Blocking pop-up ads
    • More secure Outlook Express email
    • A vastly improved firewall
    • New Security Center feature
    • Modified Automatic Updates configuration
    • Disabled Windows Messenger Service
    • Restrict ability of network services to propagate threats

    Below is a more detailed explanation of each of these new and improved security features:

    • Internet Explorer Updates
      • Manage Add-Ons: Many programs install a plug-in or add-on which adds some functionality to the Internet Explorer (IE) web browser. Many users go about happily clicking OK and may install add-ons they don’t really want or need and some malicious programs might secretly install add-ons. This utility allows you to view the add-ons installed on your system as well as add-ons that have been used by Internet Explorer but not installed. You can enable or disable the different add-ons from this utility as well.
      • Pop-Up Blocking: Yes, you read that right. Internet Explorer will finally have the ability to block those annoying pop-up ads. Most other web browsers have already had this functionality, and many Internet Explorer users have adopted tools like the Google Toolbar which is a plug-in you can add to Internet Explorer to block pop-up ads among other things, so the annoying advertisers have already been busy trying to find other ways to get their ad in front of you. But, there are still plenty of sites with pop-up ads and this new feature will help make sure you don’t have to see them.
      • Modified Scripting Functionality: Unscrupulous sites can use scripting to accomplish a variety of mischievous, if not outright malicious, actions. With the current IE it is possible for a web site to open new windows that aren’t even visible on the screen or to open new windows that don’t have the normal status and toolbars which make them difficult, if not impossible to close via normal means. After SP2, IE will not allow developers- mischievous, malicious or just mis-guided- to do these sorts of things.
    • More Secure Email: SP2 makes changes to the way Outlook Express works that will help protect most users from unknowingly or accidentally infecting their systems with viruses or Trojans. Outlook Express will block a variety of file attachment types such as EXE or COM files which are executable and may contain malicious code. Graphic images are blocked by default, but allow you to right-click and download them anyway. This can help prevent the display of potentially offensive pictures in spam email.
    • New and Improved Firewall: EDIT: This section has been revised after I learned that some of the information I had regarding the improved firewall was incorrent.
      This is one of the best updates in SP2 in my opinion. The Internet Connection Firewall (ICF) that comes with Windows XP is not intuitively named or configured and is disabled by default. With SP2 the firewall gets a new name, Windows Firewall, and a number of significant changes that improve its functionality. Primarily, the Windows Firewall is enabled by default and is monitored through the Security Center. It also allows you to enable or disable it on an interface by interface basis rather than the all-or-nothing approach of ICF. This firewall is leaps and bounds better than ICF but probably not sufficient to replace a 3rd-party personal firewall such as ZoneAlarm.
    • New Security Center: With SP2, Windows XP adds a new option in Control Panel called Security Center. The main screen of the Security Center displays information on the current status of your firewall and antivirus protection as well as whether or not automatic updates are enabled. Each item can be green (On), red (Off) or orange (Unknown). Windows does not come with antivirus software, but it will check for 3rd-party antivirus software and let you know if it is running and up to date. The firewall portion favors that you simply use the Windows Firewall. When I disabled the Windows Firewall and ran my ZoneAlarm Pro instead the firewall check turned orange. Security Center was able to tell me that ZoneAlarm Pro is installed, but it was unable to verify it was running or properly configured so it marks the status orange. Regardless, this is a handy step in the right direction. It gives even novice users a sort of “one stop shopping” place to look to see whether their system has the basic protective measures turned on or not.
    • Automatic Updates: Automatic Updates are not new. Microsoft has long offered the option of enabling Automatic Updates so that your Windows system could periodically phone home and learn of any new critical updates that might be available. Depending on how you configure it, these updates can occur without your intervention while you’re snug in your bed, thereby keeping your system more or less proactively patched without any effort on your part. With Windows XP a little icon would appear in the Systray asking the user whether they wanted Automatic Updates turned on or not, but with SP2 the question of Automatic Updates is made much more obvious and harder to ignore. Hopefully this new approach will lead more home users to enable this feature.
    • Disabled Windows Messenger Service: This is not to be confused with the Microsoft MSN Messenger instant messaging program. The Windows Messenger Service is used to communicate between network devices and send alert messages and such to administrators. It is arguably unneccesary for home users and has been hijacked by spammers as a means for popping up unsolicited messages on users machines. Disabling it by default will stop this annoying spam from showing up on your computer.
    • Stop Network Attacks: In the past year or so flaws in the Remore Procedure Call (RPC) and Distributed Component Object Model (DCOM) technologies have resulted in a variety of malware including the MSBlast and Nachi worms. These threats were able to exploit these vulnerabilities to spread across network connections from computer to computer. The changes made by SP2 will help to reduce or eliminate exploits like these.

    I could go on and on. This isn’t so much a patch or update as it is a completely new version. Rather than calling it Windows XP Service Pack 2 they could just drop the “Service Pack” part and call it Windows XP 2. With Windows XP SP2 Microsoft has finally made some tremendous strides in providing a more secure operating system by default rather than simply including some questionably functional security features buried somewhere within the operating system.

    There is no question that every Windows XP user should acquire and install this update once it becomes available. Windows XP Home users will still be lacking in a number of very key security features that exist in Windows XP Professional (see 5 Steps To Secure Windows XP Home, but with SP2 it will be significantly more secure than without it. Not only will applying SP2 add all of this new security functionality, but it will apply all of the patches for the operating system up through the date they publish the Service Pack so the system will be protected against all of the known vulnerabilities through that time.

    One of the biggest issues facing users will be acquiring the update. I have heard reports that it is in the 200Mb range, however the RC1 version that I downloaded was a 475Mb download which would take approximately 20 to 45 hours to download on a standard dial-up connection. While broadband use is growing rapidly, there are still a vast majority of users- the very users who need the updated security the most- who are using slow dial-up connections to access the Internet.

    Perhaps Microsoft will offer to ship the CD for free to registered users by request. I have contended that Microsoft should partner with distribution outlets like Blockbuster Video or Best Buy or Target or something to offer Service Packs and other large updates on free CD’s for the taking the same way the ubiquitous America Online CD’s are pushed. If neither of those things occur, you might consider downloading it at work if you have highspeed access and won’t be violating the AUP (acceptable use policy) of your employer, or find a friend with broadband access and a CD burner to help you get the patch.

    About

    Tony has driven security policies and technologies for antivirus and incident response for Fortune 500 companies, and he has been network administrator and technical support for smaller companies. He has written for a variety of other Web sites and publications, including BizTech Magazine, PC World, SearchSecurity.com, WindowsNetworking.com, Smart Computing magazine, and Information Security magazine. Tony is a CISSP (Certified Information Systems Security Professional) and ISSAP (Information Systems Security Architecture Professional). He is Microsoft Certified as an MCSE (Microsoft Certified Systems Engineer) and MCSA (Microsoft Certified Systems Administrator) in Windows 2000 and an MCP (Microsoft Certified Professional) in Windows NT. Tony has been recognized by Microsoft as an MVP (Most Valuable Professional) in Windows security since 2006. In addition to his Web site and magazine contributions, Tony was also tech editor of PCI Compliance (ISBN: 1597491659 ) and author of Essential Computer Security: Everyone’s Guide to E-mail, Internet, and Wireless Security (ISBN: 1597491144), coauthor of Hacker’s Challenge 3 (ISBN: 0072263040) and a contributing author to Winternals: Defragmentation, Recovery, and Administration Field Guide (ISBN: 1597490792), Combating Spyware in the Enterprise (ISBN: 1597490644) Syngress Force 2006 Emerging Threat Analysis: From Mischief to Malicious (ISBN: 1597490563), Botnets: The Killer Web Applications (ISBN: 1597491357), and AVIEN Malware Defense Guide for the Enterprise (ISBN: 1597491640).

    http://www.tonybradley.com