Windows XP Service Pack 2 (SP2) provides enhanced security measures that will hopefully improve defences against viruses, worms and hackers, along with increased manageability and an improved experience for users.
Q: What is Windows XP Service Pack 2 (SP2) with Advanced Security Technologies?
A: XP SP2 is a major, security-oriented update to Windows XP that is due by late summer 2004. It will include all the bug and security fixes Microsoft shipped since the original XP release as well as a host of new security features. Microsoft is touting this release as "proactive protection for Windows XP."
Q: What are "Advanced Security Technologies"?
A: These are the new security-centric features in XP SP2 (see below) and the new security-centric default settings that Microsoft sets in this release.
Q: What security features will XP SP2 include?
A: XP SP2 will include the following new security features:
* Security Center. A new front-end, or dashboard, to XP's security features, including Automatic Updates, Windows Firewall, and virus protection. Microsoft doesn't offer any antivirus protection software directly, but Security Center integrates with third party software such as McAfee VirusScan.
* Windows Firewall. The new Windows Firewall replaces Internet Connection Firewall (ICF) and is on by default. Windows Firewall boasts several new administration-related features, including a full set of configuration options, Active Directory (AD) administration capabilities through Group Policy, command-line support that's compatible with logon scripts and remote management, and multiple-profile support. It is also enabled earlier in the boot process, eliminating the possibility that intruders could insert errant code over a network before the system fully comes up.
* IE security improvements. XP SP2 provides an improved Microsoft Internet Explorer (IE) version that contains several new features. A new opt-in pop-up ad blocking feature announces itself the first time you access a page that tries to open a pop-up window. (IE won't block pop-ups you enable by clicking a hyperlink.) This feature is configurable, so you can create a list of trusted sites if needed. The new IE also removes the capability of Web sites to open child windows that have certain features removed. For example, it's no longer possible to open a pop-up window with the address bar, title bar, status bar, or toolbars removed. Microsoft added this feature so that users can close any pop-up windows that do open. Furthermore, scripts can't position windows so that the title bar or address bar are above the top of the display or so the window's status bar is below the bottom of the display. IE also includes a new locked-down Local Machine security zone to help prevent malicious scripts and other dangerous Web downloads from compromising the system.
Microsoft has also overhauled IE's add-on subsystem, a move that will require plug-in makers to revamp their products. The end result, however, is better safety for users. Inadvertently installing spyware or malicious ActiveX controls will now be more difficult, and the programs will also be easier to remove. The add-on manager also monitors IE crashes caused by add-ons, letting you disable unstable add-ons. Perhaps most important, the IE add-on manager is fully manageable: You can centrally configure IE's crash-management options and which add-ons are allowed or denied.
* Outlook Express and Windows Messenger improvements. The Microsoft Outlook Express version in XP SP2 includes more secure default settings and isolation of potentially unsafe attachments, helping to ensure that email-borne attacks can't affect the system. Outlook Express also picks up a neat feature from Microsoft Office Outlook 2003: It won't download images in HTML email by default (spammers often use tracking devices in HTML images to ensure you're getting their email). Like Outlook Express, the Windows Messenger version included with XP SP2 isolates any transferred files that might be unsafe.
Read more...