Visit Derek’s web site dedicated to Windows Auditing and Security Tools, articles, books, forums, and more…
www.auditingwindows.com
XP SP2 Security!
Have you been awaiting the new Windows XP Service Pack? Did you even know Microsoft was working on a new service pack for Windows XP? Well, it is almost here and the changes that you will see once it is rolled out should help protect the clients, as well as the entire network. The product has been in Beta and Release Candidate (RC) for about a year. We are sitting on RC2 now, which has been out since early June. The latest release date is scheduled for early August, which is about the time you should be reading this article.
There are plenty of security setting changes in this service pack. Some are going to be very visual and take immediate affect, while others will sit in the background helping without you even realizing they are there. Of all of the changes, here are the top 10 security modifications that you will soon be experiencing.
#1 Internet Connection Firewall is enabled
This will change the way that Windows XP functions in almost every environment. The firewall is enabled and there will be many applications, tools, and services that fail because of this. Of course the failures are expected, since the firewall is protecting the computer from communications on the ports that these tools use, which are ill-intended. Some of the applications that I have already seen fail with this new security setting include: Virus updates, remote administration tools, and network printing. ICF also comes with a new interface, as shown in Figure 1, as well as some new features such as exceptions and ICMP controls.
Figure 1: New Internet Connection Firewall interface with SP2
If you are in charge of the Help Desk at your company, be sure you get some extra support to man the phones the first day this is rolled out. I have heard that Microsoft installed an auto-dialer when they enabled ICF.
#2 Messenger is disabled
Although I love technology, I am not a Messenger fanatic. I use Messenger when it is useful, but other times I just put my status to “Busy” or “Away”. For corporations, Messenger can be a gateway for viruses and a great opportunity for “WA” (work avoidance). With this being disabled by default, it will cause each corporation and user to make a decision as to whether they really want this enabled. Not that enabling it is so tough, but it will cause an extra step.
#3 ICF protects the computer at boot time
A fantastic new security feature is that ICF protects the computer while booting. This protects the computer while the operating system loads, but still allows it to communicate with DNS and DHCP. ICF provides a static stateful filter to protect the computer during this time. The static filter is disabled and the other run time filters are enabled after the computer finishes booting.
#4 There are 611 new GPO settings
Microsoft has gone GPO happy! There are 611 new GPO settings that only apply to computers that are running XP SP2. These settings control all of the different aspects of Windows XP that the SP2 adds, plus more settings that we the customer asked for. You can get a copy of the new list of GPO settings from the following URL. http://www.microsoft.com/downloads/details.aspx?FamilyID=ef3a35c0-19b9-4acc-b5be-9b7dab13108e&displaylang=en
#5 Messenger can block unsafe file transfers
Messenger, if you enable it, can now protect the computer from unsafe file transfers. When you are receiving a file transfer, it will be blocked when both the sender is not on your Contacts list and the file being sent is considered unsafe.
#6 Memory protection
This is a setting that you can’t see on the screen, but protects your computer from nasty viruses. Data Execution Prevention (DEP) does rely on the processor hardware supporting the technology, but most new hardware supports DEP. DEP prevents code from running in areas of memory where it should not be running.
#7 Outlook Express email controls
Now OE can be controlled to render all incoming mail in plain text, instead of HTML. This will help protect the computer from emails that use HTML to spread viruses or put Trojans on your computer. OE also can prevent external HTML content, which can reduce spam and communications with spam originators.
#8 Internet Explorer add-on management
This feature allows the user to control the installation and removal of add-ons through IE. It also allows the user to see some add-ons that were difficult to see before, or did not show up in a list of add-ons that were installed.
#9 Internet Explorer download prompting
When a site prompts you to download a file, it can be confusing or overwhelming to select the correct button. This caused inadvertent downloads and installation of malicious applications. Now, these prompts are shown in the information bar, not being installed until the user deliberately clicks to download the application.
#10 Windows Update Services support
Although WUS is not going to be released until early 2005, I had to include it as one of the top 10 security features in SP2. The reason is for the features the WUS will add. WUS will add more features to control installations of updates from both the client and server side.
Honorable Mention
I need to give Microsoft some credit and the Security Center an honorable mention for a security feature that comes with SP2. The Security Center is a one-stop shop for configuring the most important security features on the computer. The Security Center focuses on the following areas, as shown in Figure ??.
- Firewall configuration
- Automatic Updates
- Virus Protection
- Internet Options
Figure 2: Windows XP Security Center
Summary
There you have it, the Top 10 Security features in SP2 for Windows XP. Will Microsoft meet the new deadline? I think so, based on their slow delivery of the product so far and the announcements they have had in the past couple of weeks. Should you install it? Well that is another question to be answered, but not by me. You will need to make that decision. My recommendation to you is to test it before you implement it. Test it well! If the rumors are correct, I also heard that the auto-dialer is linked to every security feature that Microsoft included in SP2.
