Windows XP Service Pack 2

Two of the things that Windows XP Service Pack 2 will address are the Internet Connection Firewall (ICF) and Popup Manager. The ICF has been a part of Windows XP since it came out, but it was off until we turned it on. The Popup Manager is new for Microsoft. Both of these changes can adversely affect our computers, so they are worth looking into.

The Internet Connection Firewall will be turned on after the Service Pack is applied. This can be a good thing for people that have no firewall protection, but it can cause all kinds of problems with computers that already have a firewall. Generally, we don’t want a program doing something at the same time another program is doing the same thing - this is inviting trouble. Even though I have both Ad-aware and Spybot on my computer, I don’t run them at the same time!

The ICF has some great ideas that can help protect us. When ICF is enabled, the computer will have a firewall from the time it is first turned on. The boot-time security allows the computer to perform basic networking tasks when it is first turned on, but ONLY allows the basic tasks. Once the firewall service is running, it removes the boot-time filters. This prevents possible attacks between the time the computer starts up and the time the firewall program is fully loaded. The bad news is that if we disable the ICF, this boot-time security is not enabled, either. It is an either / or situation, and that seems a bit odd to me. It would be nice to have the boot-time security even if we don’t use ICF, but Microsoft doesn’t agree.

If you are running a firewall, I recommend going back and changing the ICF settings after you apply the Service Pack. If you don’t, there can be all kinds of problems with two firewalls running at the same time. If one firewall allows certain things but the other one doesn’t, it can take a lot of time to figure out which one is blocking what you want.

The new Pop-up Manager “blocks most unwanted pop-up windows from appearing. Pop-up windows that are launched when the end user clicks a link will not be blocked.” This is a very good choice, since some pop-up blockers don’t recognize the difference between a page-generated pop-up and a click that opens a new window as a pop-up.

The pop-up manager will show a notice and play a sound when a pop-up is blocked (you can turn off the sound!) and offer some options at that point: Allow Pop-ups From This Site, Show Blocked Window, and Block Pop-up Windows. The first option adds the site to your Allow list (another new feature in Internet Explorer that will come with Service Pack 2) so that you will not have to keep clicking on Show Blocked Window on that site. The Show Blocked Window option will only show that one pop-up without allowing all pop-ups from the site. This can be helpful if there is a site with a lot of unwanted pop-ups as well as links that open new windows that you WANT to see. The third option turns the pop-up manager on and off.

I am surprised to learn that Microsoft plans to install this and leave it turned off. You have to go in and manually turn it on and set the options after the Service Pack is applied. Additionally, the pop-up manager allows pop-ups that are opened by software that is running on your computer or opened by ActiveX controls that are launched from a Web site. So if you have a spyware program that is launching ads, they will not be blocked. And an ActiveX control can be used to download things to your computer without your knowledge, so there are a couple of holes in the program right from the start. It seems to me that this will provide a false sense of security, which is never good.

That seems like enough for now! Next Monday, I will delve a little into the memory and Internet Explorer security in the Service Pack.

Credits to Mark Rider (http://whatcounts.com/t?ctl=56270E:21C93BE)

I’m now like one week and some days on SP2 and its working fine. There is some problems with integrated ZIP support and ICF doesn’t detect all connecting programs,but in overall its working very good. avast! is working fine too and i had no problems.
In Security Center,avast is detected as Unknown (but its working anyway),but i know Alwil programmers are already working with Microsoft regarding this.

how do you obtain sp2?

eMule :wink: I tried to use official Microsoft beta program,but i never got their stupid mail with serial to login for beta testers.
So i used alternative heh

ED2K Link:
ed2k://|file|Windows.XP.SP2.2082.[XSS].exe|362173928|4A5FC2D5937A52E0AB7AED74709022D0|/

Or search string:
Windows.XP.SP2.2082

I tried to use official Microsoft beta program,but i never got their stupid mail with serial to login for beta testers.

so its still in the beta phase? no wonder windoes update doesnt download it

Yup its still beta. Final Release is scheduled for this summer :slight_smile:

I suspect it may never be available as a download – the beta users can correct me if I’m wrong, of course, but I’ve heard this one’s big, the better part (or maybe all) of a CD. The most likely souce will be via dealers, or if necessary by delivery from MS.

The latest beta release of SP2 has exactly 353,685 KB.

Thanks, Vlk, that’s quite a difference from what I’d been hearing (wouldn’t be the first time, of course). Heck, even on my 56 dialup that would be nothing.

It’s possible, of course, that MS trimmed SP2 way down from what they originally had in mind for it, and the original versions were what got the misinformation started.

where can i download sp2 i tried the link above but nothing found,does microsoft have to send an id and password after signing up on the beta testing program,is there another link or page?bri

I think the beta nomination phase is now closed for some time, so unless your willing to look a bit underground your probably out of luck… :-\

But it’s not something you’d really need, I think… Personally, I’d be very scared to put it on any of my real machines… I only have it installed on one of the test machines, and even on that, I was very afraid when I was installing it… :slight_smile:

Risk is a everyday job :wink: I use SP2 Beta as normal service pack and i have no problems :slight_smile: Holding fingers crossed :slight_smile:

News from the SP2! :wink:

Execution Protection

This is a very tricky thing to explain in detail without getting all geeky, but if this feature had been in place when the MSBlaster worm hit last year, it would not have been able to spread itself as it did. There would still have been problems if you got the worm on your computer, but it would not have had as much of an impact as it did.

When a program executes and runs on your computer, it can run in a variety of memory areas. The Execution Protection feature being introduced in the Service Pack will prevent the programs from accessing certain areas of the memory unless these areas are specifically ‘marked’ to allow execution. The ‘marking’ of these areas is done in the program, so there is nothing you need to do to make this happen - it is up to the programmers!

Execution Protection is NOT a replacement for anti-virus software - it is simply one more tool in the well protected computer’s arsenal. If the person who wrote MSBlaster had to deal with the Execution Protection, they could have worked on a different vulnerability to try to spread the worm.

Microsoft seems certain that most programs and device drivers (the programs that communicate with things like the keyboard, mouse and video card) will not be adversely affected by this change in how a program runs, so this should not affect us too much if they are right.

Internet Explorer

Love it or hate it, IE comes standard with Windows. Because it is so ubiquitous, it is the target of a lot of hackers, and because it is the target for so many hackers, it has had a lot of security holes exploited.

Windows XP Service Pack 2 will address a lot of these holes, and most of it will be behind the scenes.

Internet Explorer Add-on Management will allow us to view and control the add-ons that can be loaded by Internet Explorer with more detailed control than before. It also shows the presence of some add-ons that were previously not shown and could be very difficult to detect. This includes toolbars, ActiveX controls, and other types of files that control various aspects of how Internet Explorer works. You can enable and disable each add-on individually and view information about how often the add-ons have been used by Internet Explorer.

Internet Explorer Add-on Management works alongside the new Add-On Crash Detection that will examine what add-ons were running when IE crashed, and give you the ability to disable them before you restart Internet Explorer.

Also Execution Protection works ONLY on Athlon64 class processors (and probably on next generation Intel CPUs too),so its no use for us with normal processors like AthlonXP and P4 (all before Prescott).

Will users be gently invited to spent a lot of money in upgrading?! ;D

The upcoming release of Windows XP Service Pack 2 will make a lot of changes to our systems. I have tried to hit some of the main points in the last two installments of this series. In this issue I will try to explain the Internet Explorer Zone changes planned in the update.

You have two Internet Explorer security zones set up on your computer - Internet and Local Intranet. (Go to Tools | Internet Options and click on the Security tab to see them). These zones are used to allow or block certain things from happening when you are online, and they are set up with different security levels by default. The idea is that you can allow certain program behavior if you are connected to a local network (like an office is) and block that same behavior if you are connected to the Internet.

There is a third zone that is set up on your computer, but it is not one you can see or control. The Local Machine Zone is used for Web pages that are stored on your computer - usually a part of a program that you have installed. The Local Machine Zone has always been considered to be safe, so there have been no restrictions on what a program can do if it has a Web component in it. Unfortunately, attackers try to take advantage of the Local Machine Zone to run code that can cause damage or read files from your computer.

Windows XP Service Pack 2 will lock down the Local Machine Zone so that programs cannot have free reign unless they have a security aspect built into them. This is a very good thing for us, but developers may need to make some changes to their programs because of this. Look for updates to some programs that have Web functionality in them as the Service Pack nears release.

Finally, there are several new security settings in the different zones on the Security tab. A security setting for Java could be used to disable the Microsoft Java Virtual Machine (MSJVM), but this setting would also disable a Java virtual machine from any other software vendor (like Sun). Windows XP Service Pack 2 contains an Internet Explorer security setting that works exclusively with the MSJVM and allows other Java virtual machines to function correctly.

The Binary Behaviors setting is also new. Binary behavior is a programming technique that allows developers to write code in one part of a program and refer to it in other areas of the program. When you move your mouse over a link and the link turns a different color, you are seeing an example of a behavior. These behaviors have never been restricted by the security settings, which means that they could operate in the Restricted Zone. This could allow attackers to execute certain types of programs even though your security settings would normally prevent the program from running.

Like the MSJVM setting, the default value for this setting is Enable for all zones except the Restricted Sites zone. In the Restricted Sites zone, the default value is Disable.

That wraps up the Windows Service Pack 2 overview for now. There are some other things Microsoft mentions in their documentation, but they have nothing more than the line “This content is not available in this preliminary release.” As that content is made available, I will pass along the pertinent details.

Credits to Mark Rider.

That means Execution Protection probably requires Windows XP 64-bit Edition.

any 64 bit windows version would surely fail at this point. Apple has strives to make OS X.3 64 bit but has managed only about 30% of the OS to rely on 64 bit. And all windows is is the Mac OS rewritten so apple has to come out with it first so microsloft can copy it :wink: