In part one of this series below, you'll get a primer on Windows XP Service Pack 2 (SP2) security enhancements. Part two discusses Microsoft's isolation and resiliency initiatives and what benefits they can offer you in securing Windows.
Earlier this year, Microsoft made some waves in the security pool by announcing it would put significant research and development resources into security enhancements for its software, and most recently for its long-awaited Windows XP Service Pack 2 (SP2) -- also referred to as Security Pack 2 given its focus. Should this hoopla be on your radar?
One new feature of XP SP2 is that much of the code has been recompiled to protect against buffer overflows. SP2 also supports the NX (no-execute) flag supported by the AMD K8 and Intel Itanium processors, which prevents code from being executed in areas of memory that are reserved for data. In addition, various DCOM and RPC components have been reworked helping to reduce the "attack surface" of Windows, referring to the system openings that a hacker or malware can exploit.
Other security enhancements include:
- Over 600 new Active Directory Group Policy Objects affecting security;
- Security Center module in the control panel with enhanced security settings;
- New Windows Firewall to replace the original Internet Connection Firewall (ICF), which is now enabled by default and can be managed centrally across the network;
- Pop-up blocker option, and security zone and Internet Explorer improvements to make it more secure by default;
- Enhanced security when downloading HTML and file attachments via e-mail and instant messaging in Outlook Express and Windows Messenger, which is now disabled by default;
- Improvements to the Automatic Updates service.
Other planned security enhancements are in the works for Exchange Server, Windows Server 2003, ISA Server and more.
So nothing is that new here. Microsoft has simply taken some security best practices -- things that should be done to keep operating systems secure in the first place -- and built them into its software to force network managers and users to secure Windows correctly.
I never thought I'd say this, but I actually feel a little sorry for Bill Gates and company. They're releasing software with gobs of features demanded by their customers -- the same customers who often fail to make the slightest effort to correctly secure their systems. What's a software vendor to do?
Don't get me wrong. I'm not completely on Bill's side. I don't like the fact that Microsoft is preventing the installatioon of SP2 on pirated copies of Windows XP. Imagine how much more secure the Internet could be if they did.
About the author
Kevin Beaver is founder and principal consultant of Atlanta-based Principle Logic LLC, as well as a resident expert on SearchWindowsSecurity.com. He specializes in information security assessments and incident response and is the author of the new book "Hacking for dummies" by John Wiley and Sons. Kevin can be reached at kbeaver@principlelogic.com or ask him a question on Windows security threats today.
