Tip

More security in Windows XP Service Pack 2

As a follow-up to my previous tip which dealt with security enhancements planned for Windows Longhorn (Microsoft's next desktop release, due out in 2006/2007), Bill Gates has penned an Executive E-mail entitled Microsoft Progress Report: Security. In that missive, he provides all kinds of information about what Microsoft is doing, and what they're planning, to boost security protection and coverage in upcoming releases.

For this tip, my focus is security enhancements planned for Windows XP Service Pack 2 (SP2), which Gates says will be released in "late spring/early summer" 2004. Gates identifies these enhancements as relating to isolation and resiliency. By isolation, he means techniques to limit the spread of potential malware infections, once contracted; by resiliency, he means the operating system's abilities to identify and respond to what he calls "suspicious or bad behavior."


MORE INFORMATION ON XP SP2:

Examination of the security items for Windows XP SP2 help clarify this terminology:

  • Network Protection: the Windows Firewall will be active by default, with global firewall settings and centralized configuration administration also enabled. The idea is to limit potential attack points to the bare minimum.
  • Safer Web Browsing: Internet Explorer will block unsolicited downloads and pop-ups, and security settings subject to administrative policy controls.
  • Safer E-mail/Instant Messaging: Improved file attachment handling in Outlook Express and Windows Messenger, plus better download controls, should limit exposure to infected e-mails or downloads.
  • Memory protection: Buffer overruns—by far, the biggest single category of Microsoft vulnerabilities—are targeted using numerous techniques: recompilation to stymie stack and heap overruns, plus cooperation with vendors for hardware-enforced data execute protection, to mark data as non-executable (to foil malware that attempts to load instructions as data, then execute them).
  • Windows Update will get security enhancements, including status checks for key security components such as firewall, automatic update, and anti-virus. A new Security Center applet in the Windows XP Control Panel will also indicate if security capabilities are enabled and up-to-date.

All in all, these planned changes sound like Microsoft has been analyzing its traditional sources of vulnerability, and is taking serious steps to mitigate them. The real proof will be in how well what's delivered in Windows XP SP2 works. Thus, only time (plus testing and experience) will tell if Microsoft finally succeeds in raising the Windows security bar, and abandons optimistic "out of the box" defaults for secure alternatives.

This tip originally appeared on SearchWin2000.com

About the author
Tom Lancaster, CCIE# 8829 CNX# 1105, is a consultant with 15 years of experience in the networking industry and co-author of several books on networking, most recently, CCSPTM: Secure PIX and Secure VPN Study Guide published by Sybex.


This was first published in April 2004

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.