• August 10, 2004 •
Microsoft Windows XP Service Pack 2 Review
By: Arie SlobWindows Security Center
The Security Center is a new service in Windows XP SP2 which provides a central location for changing security settings, learning more about security, and ensuring that the user's computer is up to date with the recommended security settings "up & running". You can use the Security Center by using the Security Center icon in Control Panel.
The Security Center service checks the state of the following components on the user's computer:
- Firewall: The Security Center checks whether Windows Firewall is on or off. It also checks for the presence of some 3rd party software firewalls.
- Virus protection: The Security Center checks for the presence of antivirus. If the information is available, the Security Center service also determines whether the software is up-to-date and whether real-time scanning is turned on.
- Automatic Updates: The Security Center checks to make sure that Automatic Updates is set to the recommended setting, which automatically downloads and installs critical updates to the user's computer.
A balloon will pop-up in the Windows tray when the Security Center service notices that one of the components is not within the specified state, alerting users to the (potential) problem (Figure).
The Security Center's implementation has been problematic so far. Its inability to detect & successfully monitor 3rd party products has been a problem since the first beta versions. The problem is that 3rd party applications have to add code to their software, so that the Security Center can successfully detect it's presence & status. According to Microsoft, the 3rd party application developers have been given details as to how their apps should "hook" into the Security Center, so it's just a matter of time before these applications will be updated, so the Security Center can successfully monitor them.
Automatic Updates & Windows Update
Automatic Updates has long been something that Microsoft wished more users were using. In SP2, Automatic Updates is "pushed" even more, in an effort to have less experienced users turn it on. When you first upgrade Windows XP to Service Pack 2, Automatic Updates will "advertise" itself when you first reboot your computer, and "recommends" turning on Automatic Updates to help you protect your PC (Figure). Now Automatic Updates is set to download and install critical updates in the background.
Together with SP2 Microsoft launched a new version of Windows Updates (ver 5), which promises smaller download sizes for patches, and new "trickle" download functionality, which lets you download updates in the background without saturating your Internet Connection. This latest version of Automatic Updates offers expanded support for Microsoft products, including Microsoft Office, Microsoft SQL Server, and Microsoft Exchange, so these will now also be able to use the Automatic Update feature previously only available to the Windows Operating system.
Other improvements
SP2 includes a number of other improvements too. The Network Setup Wizard greatly improved over the previous version. There's also a new Wireless Network Setup Wizard that allows you to add a wireless network to your system, either with or without security.
Microsoft has also added an enhanced Bluetooth networking stack to SP2, so if you use Bluetooth devices with SP2 you'll have a much improved experience.
Microsoft has also improved the Add or Remove Programs applet in Control Panel. By default it doesn't show any product updates anymore, thus cleaning up the display a bit (Figure). You'll have to tick the new box Show Updates at the top of the window to toggle the showing of product updates (Figure).
Security is further enhanced in this service pack in the following ways:
- Windows Messenger Service is switched off by default. Note: Windows Messenger Service is not Windows Messenger, the instant messaging client in Windows. Windows Messenger Service is a network administration tool that has been exploited by spammers. When the service is off, spammers will not be able to use the feature to send unwanted pop-up ads to users.
- More secure infrastructure for the Distributed Component Object Model (DCOM). More granular COM permissions were created to give administrators the flexibility to control a computer's COM permission policy. These additional access control restrictions and will reduce the risk of a successful network attack.
- Reduction of the attack surface of a Windows XP-based computer while on a network. For example, the Remote Procedure Call (RPC) service will run with reduced privileges and will no longer accept unauthenticated connections by default. (RPC was exploited by the Blaster worm)
I think that although it has taken Microsoft a long time, Service Pack 2 for Windows XP is a big step in the right direction, namely making Windows XP more secure by default. It could create some problems in the short term, since users will need to get used to the new defaults, but it is the right way for Microsoft to go.
Microsoft has published a number of documents about Service Pack 2 that will help system administrators and software developers understand the changes made to Windows XP in SP2:
- Changes to Functionality in Microsoft Windows XP Service Pack 2
- Windows XP Service Pack 2 Deployment Tools
- Group Policy Settings Reference for .adm files included with Windows XP Professional Service Pack 2
- Deploying Windows Firewall Settings for Microsoft Windows XP with Service Pack 2
- Using the Windows Firewall INF File in Microsoft Windows XP Service Pack 2
Give your comments on this article.