Windows Service Pack 2
Windows Service Pack 2
Article by Marc Liron - Microsoft MVP (Windows Desktop Experience)
Why do we need a new Service Pack?
You might want to take a look at my FAQ article on the Windows XP Service Pack 2: Windows XP Service Pack 2 FAQ 's
You can not have failed to hear about all the virus, worm, hacker and Trojan attacks that have plagued the Windows community over the last 12 months!
Perhaps you were even a victim to at least one of them?
Well, Microsoft have put together a comprehensive package to address the security concerns these attacks have raised for Windows XP users.
(This page was last updated: 3rd August 2004)
As one commentator put it: "...Microsoft have closed the barn door!"
Windows XP Service Pack 2 is born...
An overview of Windows XP Service Pack 2
The following is taken directly from Microsoft's own documentation*:
"In Service Pack 2 for Microsoft Windows XP, Microsoft is introducing a set of security technologies that will help to improve the ability of Windows XP-based computers to withstand malicious attacks from viruses and worms.
The technologies include:
# Network protection
# Memory protection
# Safer e-mail handling
# More secure browsing
# Improved computer maintenance
Together, these security technologies will help to make it more difficult to attack Windows XP, even if the latest updates are not applied. These security technologies together are particularly useful in mitigation against worms and viruses."
#(Changes to Functionality in Service Pack 2 for Microsoft Windows XP - February 20, 2004)
What I will do now is explore these FIVE technologies and THREE additional parts of the XP SP2, not fully addressed in the above list - Windows Media Player 9, Windows Installer 3.0 & Policy Settings...
Please remember that this article is NOT an in-depth technical discussion, merely a review and is aimed at the "average" user of Windows XP Home and Professional editions.
If you are new to computers then reading the following article FIRST, may help your understanding of some of the concepts discussed here on this page.
#1 - Network Protection:
The security technologies in this section help to provide better protection against network based attacks.
A real life example is the MSBlaster worm (see http://www.updatexp.com/msblast-exe.html ) that hit so many Windows XP users worldwide...
Through a number of innovations, including enhancements to Windows Firewall (previously called Internet Connection Firewall or ICF), Microsoft are now seeking to improve the security of Windows XP.
The XP SP2 "Network Protection" enhancements include:
# Turning on Windows Firewall by default. (Currently users have to turn it on themselves, and many do not even know it exists!)
What is NOT clear at the moment is the situation with AOL and Windows Firewall... America Online (AOL) installs its own connection settings that override the ones that come with Windows XP. America Online's connection settings don't include a way to turn on Windows XP's built-in firewall!
# Closing ports except when they are in use. (Leaving some ports open on your PC, when not in use, can give an entry/exit for viruses and Trojans.)
# Improving the user interface for configuration. (Microsoft have improved the way you can change some key settings on your computer.)
# Improving application compatibility when Windows Firewall is on. (Microsoft have made it harder for other software to run into problems when the firewall is on.)
# Enhancing enterprise administration of Windows Firewall through Group Policy. (this one is for "techies" like me - NOT home users!) (In earlier versions of Windows, Windows Firewall had a single Group Policy object (GPO): Prohibit Use of Internet Connection Firewall on your DNS domain... With Windows XP Service Pack 2, now every configuration option can be set through Group Policy.)
# The attack surface of the Remote Procedure Call (RPC) service is reduced. (In English this means that the RPC service that runs on your PC has been improved in such a way that it will be much harder for a virus/Trojan to exploit it and cause your PC harm.)
# The Distributed Component Object Model (DCOM) has additional access control restrictions. ( Again this is a part of Windows XP that has caused many security concerns over the last 12 months. Microsoft have addressed these concerns, but have stopped short of disabling or even removing DCOM from Windows XP. Personally I, and many others, believe there is NO need for DCOM in windows XP - read: http://www.updatexp.com/dcom-windows-xp.html )
# Disabling the Windows Messenger Service by default. (This is not referring to the Instant Messenger client but to a service that runs in the background on your Windows XP PC. I have been arguing that this should be turned off by default for the 12 months! Now it seems Microsoft agree... You can read my article here: http://www.updatexp.com/messenger_service_spam.html )
# Boot time security. (On PC's running Windows XP Service pack 1, there is a window of time between when your PC can "see" the network and when Windows Firewall provides protection. This results in the ability for a "packet(s)" of data to be received and delivered to a service without Windows Firewall performing ANY filtering. This potentially exposes YOUR computer to vulnerabilities. In Windows XP Service Pack 2, this vulnerability has been stopped using a new "policy" that works during boot up. However, there is no boot-time security if Windows Firewall is disabled.)
# Enhanced multicast and broadcast support. (In previous versions of Windows, Windows Firewall did not perform any multicast or broadcast filtering. In Windows XP Service Pack 1, Windows Firewall statefully filtered multicast and broadcast traffic, requiring the user to manually open the port to receive the response. In Windows XP Service Pack 2, the response to the multicast/broadcast traffic will be allowed in.)
The Windows Firewall is now easily accessible via the Control Panel:
Control Panel 1 / Control Panel 2
Screen Shot of the new Windows Firewall:
The new look Windows Firewall 1
The new look Windows Firewall 2
#2 - Memory Protection:
Windows XP Service Pack 2 includes a new technology called:
Execution Protection (NX)
Execution Protection (also known as NX, or "no execute") marks all memory locations in a process as non-executable unless the location explicitly contains executable code.
For non-techies this means that ANY "virus" attack on your PC, that attempts to insert and run malicious code into memory, will FAIL!.
Execution Protection will intercept these attempts and BLOCK them...
#3 - Safer Email Handling:
Plain Text Mode
The plain text mode feature of Outlook Express provides users with the option to render incoming mail messages in plain text instead of HTML.
The setting "Read all messages in Plain text" will be turned on by default. (It can be found by navigating to the Tools menu, selecting Options, and then clicking the Read tab.)
When you open an HTML email it is possible for a virus to be added to it and set to "run" the moment you open the email..!
This is because there a special part of an HTML email called the "Header". It is possible to run scripts in this header, and that is what many virus writers like to do...
By working in Plain Text mode these header scripts can NOT be run...
Now if you TRUST the sender of the email and want to view the email as intended, Microsoft have included a NEW menu option in Outlook Express:
On the View menu, click Message in HTML.
This new menu item switches the current message view to HTML if it is currently in plain text view, both in the preview display as well as in the full message display.
Don’t Download External HTML Content
Spammers send their emails to millions of addresses at the same time. They usually have no idea if your email address is valid or not. However if you are using Outlook Express to view your email as HTML. The spammer will instantly know if your email address is valid when you open it. You see spammers include a small graphic in the email that is "pulled" down from their servers to your computer.
When this happens they KNOW your email address is real and active! So you get MORE SPAM!!!
Microsoft have included a NEW option to BLOCK all external content in an HTML e-mail, this option is turned ON by default in Windows XP Service Pack 2
It can be found by navigating to the Tools menu, selecting Options, and then clicking the Security tab.
You will now see the NEW "Block images and other external content in HTML e-mail" check box.
Now to those of you that like to receive your HTML emails, this may seem a bit restrictive. BUT please DO NOT go and uncheck the "Block images and other external content in HTML e-mail" check box.
To download external content for an individual e-mail message, and so view the HTML e-mail as it was intended to view it, click the *External Message Information Bar to download the external content that was included with the message.
(*External Message Information Bar - this is the yellow bar at the top of the email)
If you have ever used Microsoft Outlook 2003, then these new features of the Windows XP Service pack 2 will be very familiar to you.
Screen Shot of the Do Not Download External Content:
New Block Images Setting
#4 - More Secure Browsing:
# Add On Management Tool...
A NEW feature of the Windows XP Service Pack 2, is an Internet Explorer Add-on Management tool.
This now tool lets users view and control the list of add-ons that can be loaded by the browser. This new Add-On management feature also shows the presence of some browser "add-ons" that were previously not shown and could be very difficult to detect!
These "add-ons" might provide undesired functionality or services and, in some cases, might present a security risk...
For example, a user might unintentionally install an add-on that secretly records ALL Web page activity and reports it to a central server.
Previously, specialized software and deep technical knowledge might have been required to identify and remove that "add-on".
The new Internet Explorer Add-on Management feature now provides an easier way to detect and disable that add-on!
Screen Shots of the new feature:
Add-ons currently loaded in Internet Explorer
Add-ons have been used by Internet Explorer
As you will see in the pictures above, the list shows all installed Internet Explorer "add-ons". To enable or disable an installed add-on, click the "add-on" in the list, then click Enable or Disable.
If you click an ActiveX control in the list, then click "Update ActiveX" option (bottom right of the picture), Windows searches for an update at the location where the original control was found.
If a newer version is found at that location, Internet Explorer attempts to install the update!
The list of "add-ons" also contains "signed add-ons" that were blocked from installation because their publisher was untrusted. If you select one of these controls, the user can unblock the control by clicking "ALLOW". Caution should be exercised when doing this! Clicking the "ALLOW" option removes the publisher from the untrusted list...
A Blocked "add-on" icon appears in the Internet Explorer status bar when a Web page attempts to "run" an ActiveX control that is disabled or blocked because its publisher is untrusted. You can double click the icon to open Manage Add-ons and change the ActiveX settings if required. (The status bar icon is accompanied by a balloon tip the first five times it appears.)
Many users are unaware of the add-ons they have installed on their computer. Some add-ons are loaded whenever Internet Explorer is launched, but cannot be detected unless the user searches the registry. When users experienced frequent crashes, there was no easy way to diagnose whether the issue was related to an add-on. Even if they suspected that the problem stemmed from recently-installed software, it was difficult to isolate the cause and often impossible to fix if the software did not provide an uninstall option.
Internet Explorer Add-on Management, together with Add-on Crash Detection, gives users the power to make their systems more secure and more stable by identifying and disabling problematic add-ons.
If you are responsible for administrating a network, Microsoft have also provided you with a powerful administrative tool to control "add-on" use your organization!
# Crash Detection Feature...
Now this is a VERY welcome feature from Microsoft!
Whenever Internet Explorer crashes, the "Add-on Crash Detection" program is launched.
Add-on Crash Detection is an error analysis program that examines the state of the Iexplore.exe (Internet Explorer) process. It collects the list of dynamic link libraries (DLLs) that are loaded, and the value of the instruction pointer register (EIP) at the time of the crash. Add-on Crash Detection then attempts to find the DLL whose memory range the EIP lies within. This DLL is often the cause of the crash.
If a DLL is found, it is not a system DLL, and the DLL is the COM server for an Internet Explorer add-on, the Internet Explorer Add-on Crash Detection window appears. This dialog box contains information that indicates which add-on caused the crash, the name of the company associated with the add-on, and the description of the DLL file that contains the add-on code. Click
Advanced to display Manage Add-ons, which you can then use to disable the identified add-on. After you review the information and click Continue, the standard Windows Error Reporting window appears.
As you would expect the Add-on Crash Detection feature can be managed in a corporate environment using policies to stop users accessing it!
# Pop Up Blocker...
Now this is a ANOTHER VERY welcome feature from Microsoft!
We now have a popup blocker that will prevent most pop-ups from happening when you visit a website!
You have the ability to block ALL pop-ups, allow pop-ups for certain sites or you can turn the pop-up blocker off.
Screen Shots of the new IE pop up blocker:
Pop-Up Blocker via IE6 Tools Menu
Pop-Up Blocker via Internet Settings Window
Pop-Up Blocker Warning Window
Pop-Up Blocker Status Bar Access
#5 - Improved Computer Maintenance:
The main scope of improvements in this area are related to Group Policy Resultant Set of Policy (RSoP). Since this advanced topic is of no relevance to the new/basic user I will not go into it in this article.
There is however one improvement and that is to the Windows Update. With Windows XP Service Pack 2 there is a new version of the Windows Update service.
Screen Shots of the new Windows Update:
The new look Online Windows Update
A Download via Windows Update Online
Download Complete via Windows Update Online
In addition Microsoft are heavily promoting The Windows Update service in Windows XP Service Pack 2. On its installation you are required to reboot the computer. On doing so the FIRST screen you see is one asking you to automatically have Windows Update run on your computer for you.
Screen Shot of the 1st Boot Screen:
1st Boot Screen
#6 - Windows Media Player 9:
Windows Media Player 9 is installed as part of Windows XP Service Pack 2.
This version of Windows Media Player includes security fixes and new functionality.
During the Windows XP Service Pack 2 installation, if you select the option to archive files (and I recommend you do), you can remove Windows Media Player 9 Series later. To do so, you can remove the service pack through Add or Remove Programs. Windows Media Player 9 Series is removed along with the service pack, and both Windows Media Player and the operating system are restored to their previous version.
If you perform a new installation of Windows XP with Service Pack 2 on a computer that is running a previous version of Windows, the operating system is replaced, and Windows Media Player 9 Series cannot be removed!!!
Earlier versions of Windows Media Player contained security vulnerabilities and other bugs. Although these vulnerabilities and bugs have been fixed with software updates, a more thorough solution is to upgrade earlier versions to Windows Media Player 9.
Windows Media Player 9 has also been thoroughly tested and updated to work with the other security enhancements contained in Service Pack 2 for Windows XP.
#7 - Windows Installer 3.0:
There are quite a few changes made with the Introduction of version 3.0 over the current Windows Installer 2.0
Most of them are "too geeky" to explain here... but here are three of them:
3.0 allows smaller patches to be made.
Users are more likely to keep their application patches current if patch packages are small, easy to download, and don't require the user to perform difficult procedures to install.
3.0 now support patch removal.
This change removes a barrier to deploying patches. It provides users and administrators with a mechanism to remove patches in order to deal with potential application compatibility issues. This is a great improvement to help troubleshooting.
3.0 now supports better security.
The Windows Installer service runs in the "security context" of the Local System account. In previous versions of Windows XP, the service attribute of Windows Installer was set to what is called "interactive".
An interactive service can display its own user interface and receive user input and may be a security vulnerability. Because of this, the Windows Installer 3.0 service is no longer interactive.
#8 - Group Policies:
This area is for administrators of Windows networks. But just to say that In Service Pack 2 for Windows XP, many operating system components have added new policy settings. These new settings have been created in response to customer feedback. (There is an MS Excel spreadsheet available for viewing at the Microsoft website http://go.microsoft.com/fwlink/?LinkId=22031 )
I do have some concerns about this new release:
After installing XP Service Pack 2 the Windows Firewall is enabled by default...
1) This might "break" application compatibility, if the application does not work with "stateful filtering" by default. (Windows firewall uses a process called stateful packet filtering.)
2) It may also conflict with other active software and hardware firewalls... now more folks are using routers with built-in firewalls on their Broadband connections, there is room for conflicts to happen here!
Having said all this, by enabling as default will offer more protection than was offered before! Most home users have never installed a firewall so this is welcome.
With Windows Media Player 9...
1) If you uninstall Service Pack 2 for Windows XP, you might need to reacquire some licenses in order to play the content that you have previously licensed. This applies if you have upgraded your computer from Windows 2000 to or Windows XP to Service Pack 2 for Windows XP, because Windows Media Player 9 handles digital content licenses differently than earlier versions.
With Execution Protection (NX)...
1) Applications that perform just-in-time (JIT) code generation or execute memory from the default process stack or heap MAY lead to problems in the Windows XP Service pack 2 "Execution Protection" environment. In some rare circumstances an application may cease to function.
These are not serious concerns, but may lead to more support for users getting used to Service Pack 2
The goal for Service Pack 2 is to build on the "Trustworthy Computing" efforts of Microsoft, that have previously been applied to Windows Server 2003.
For an overview of the Microsoft Trustworthy Computing initiative, see “Trustworthy Computing Defined,” on the Microsoft website at: http://go.microsoft.com/fwlink/?LinkId=20970
The Windows XP Service Pack 2 is a WELCOME addition.
On installing the XP SP2 edition you will be asked to help Microsoft by providing some information about your system... This is optional! View the screenshot here.
This article discusses some of the primary changes that will be made in Service Pack 2 for Windows XP, to help increase the protection and security of Windows XP. Most of these features are designed to mitigate against malicious attacks on systems even when they do NOT have the latest patches installed.
You may find the following screen videos informative:
XP SP2 installation - Pt1
XP SP2 installation - Pt2
XP SP2 installation - Pt3
Downloading files in XP SP2
The new "Pop Up" blocker in IE 6
Trouble Free PC Security?
"Discover The Simple But Powerful Secrets To Keeping Out Viruses, Hackers, Trojans, Keyloggers And Many Other Online Security Threats"
CLICK HERE - For More Information Now!
>>> My FREE Windows Newsletter! >>>
Fortnightly copy of my FREE Windows
Windows XP, Vista, 7 , Microsoft Office and Windows Live Services - Sign-up TODAY!!!
Trouble Free PC Security?
"Discover The Simple But Powerful Secrets To Keeping Out Viruses,
Hackers, Trojans, Keyloggers And Many Other Online Security Threats"
Expert PC security advice from a long standing Microsoft MVP!