Windows XP Service Pack 2 (SP2) incorporates a massive revamping of the core security architecture of Windows XP. The security technologies built into SP2 represent a quantum leap in Windows XP’s ability to resist malicious attacks.
Windows XP SP2 addresses areas that have been the main targets of malicious software — what Microsoft calls “malware.” These critical security areas improved by SP2 include Remote Procedure Calls (RPCs), DCOM, Windows Firewall (previously called Internet Connection Firewall or ICF), and preventing the execution of any malicious, unauthorized programs.
Microsoft groups security enhancements of SP2 into five categories. Although these technologies do not eliminate the need for promptly downloading periodic security updates from Microsoft, they do bolster the core ability of Windows XP to defend against malicious attacks.
1. Network Protection
These security technologies help provide better protection against network-based attacks, like MSBlaster, through enhancements to Windows Firewall and a reduced RPC attack surface. SP2 innovations include:
2. Memory Protection
- Turning on Windows Firewall in default installations
- Closing ports except when they are in use
- Improved user interface for configuration
- Improved application compatibility when Windows Firewall is activated
- Enhanced Windows Firewall enterprise administration through Group Policy
- Reduced RPC attack surface
- Added restrictions on access control of DCOM infrastructure to reduce exposure to network attack
Some attacks try to cause excessive data to be copied into computer memory, causing what are called buffer overruns or overflows. SP2 reduces the vulnerability of Windows to buffer overflows by protecting memory using tags that either allow or deny executables to launch. This No Execute (NX) scheme is currently supported by AMD Athlon and Opteron chips. The newest Intel Prescott-based Pentium 4 chips will also support NX.
Hardware-enforced Data Execution Prevention (DEP) uses the CPU to mark all memory locations in an application as non-executable, unless the location explicitly contains executable code. This way, when an attacking worm or virus inserts program code into a portion of memory that is marked for data only, an application or Windows component will not run it.
3. Safer Email Handling
New SP2 security technologies help stop viruses such as SoBig.F that spread through email and instant messaging. More defensive default settings and better attachment control isolates potentially unsafe attachments before they harm other parts of the system.
When Internet Explorer analyzes the content of a Web page or downloaded file, it decides how to handle the file based on the MIME type assignments and an analysis of the content itself. SP2 automatically renames a file to match its true content before placing the file in the Internet cache. It also prevents promoting one MIME type to another (text to HTML, for example) if the second MIME type has additional functionality.
4. Enhanced Browsing Security
Windows XP SP2 includes security enhancements to Internet Explorer which provide improved protection against malicious web content. For example, the Local Machine zone is locked down to guard against running hostile scripts and block harmful web downloads. Better user controls and interfaces help prevent malicious ActiveX controls and spyware from running without the user’s knowledge.
5. Improved Computer Maintenance
SP2 introduces the Security Center to provide a central location for information about your computer’s security. SP2 also includes the new Windows Installer, which provides more security options for software installation.
How Progent Can Help
Windows XP Service Pack 2 is available for free downloading from Microsoft’s web site. Progent’s Microsoft-certified consultants can assist you in planning a pilot evaluation of SP2 or a company-wide deployment. Progent can also help you understand how this important new software can benefit your business. For more information, call Progent at 800-993-9400 or visit Contact Progent.
Click here to go to the table of contents of the IT Connection newsletter.