When Microsoft released Service Pack 2 for Windows XP last year, they claimed that its primary purpose was to make Windows XP much more secure. At the same time though, a quick Google search on the words "Windows XP SP2 Problems" will show you that the long awaited service pack has created lots of problems for some people. As reports of various problems became more numerous, I began to wonder if any of the problems that had been reported could be security related. Specifically, I wanted to know whether there were instances in which installing Service Pack 2 for Windows XP could actually make a system less secure than if the service pack had never been installed at all.
What I found after researching my question was that in the vast majority of cases, systems seem to be more secure with Service Pack 2 than without it. I personally run Service Pack 2 on all of my Windows XP machines, and in most cases I would recommend that you do the same. Although I never found some glaring error in Service Pack 2 that completely undermines your system's security, Service Pack 2 does have its fair share of bugs and incompatibilities. It's these bugs and incompatibilities that can compromise security in very specific situations.
A False Sense of Security
I was once quoted in a publication as saying that I believe that having a false sense of security can be worse than having poor security. I observed a perfect example of this last week that I would like to share with you. Last week, I visited one of my client's offices in order to help them out with a small project. The administrator in charge of the facility was intelligent and hard working. He had done a decent job of securing the company's network.
As you have probably already guessed, the administrator was running Service Pack 2 on each of the network's workstations. One day during my visit, I was observing some users to see how well they were adapting to a new server that I had installed. At one point, one of the users received a pop up message from Windows firewall. Some program that I had never heard of was attempting to pass through the Windows firewall. Almost before I could even finish reading the message, the user clicked the Unblock button and went back to work.
I couldn't help but to ask the user what the program was that she had just unblocked and why unblocking it was necessary. She explained to me that everyone in the office gets those pesky block / unblock messages all the time, so they always just click Unblock to make the message go away.
My point is that the Administrator had a false sense of security, but through no fault of his own. He had installed all of the latest patches and secured the workstations the best that he knew how to. Even so, he might as well have not even enabled the Windows firewall because his users were disengaging it at every sign of trouble. The administrator had absolutely no idea that this was going on.
The solution to the problem was to clean up the workstations by removing unwanted programs (such as Trojans) that were triggering the firewall message. The other part of the solution was to educate the users on the dangers of clicking the Unblock button.
Potential Virus Problems
Microsoft has been taking steps to make Windows more resilient towards viruses. In fact, Windows XP Service Pack 2 was actually slated for a much earlier release then when it was actually given to us. One of the main reasons why the service pack was help up was because of the SQL Slammer virus. Microsoft knew that Longhorn was going to have security measures in place that would stop future code based on SQL Slammer technology from being effective. At the same time though, they also knew that Longhorn was years away from being released. In an unprecedented move, executives within Microsoft temporarily halted the development of Longhorn and began porting Longhorn security features that had been completed into Windows XP Service Pack 2.
That's just one of the steps that Microsoft has taken toward protecting Windows against viruses. Other steps include the recent purchase of anti virus software manufacturer Sybari, and the purchase of some smaller anti virus companies over the last couple of years. It's obvious that Microsoft wants to do something to combat computer viruses. That's what makes my next point so surprising. In many instances, Windows XP Service Pack 2 causes various anti virus programs not to function correctly.
Windows XP SP2's anti virus software problems run the gambit from blank splash screens to the inability to download updated virus definitions. The good news is that although many different anti virus products are effected, the problems are well documented and there are workarounds.
Since so many different anti virus products are effected, and each problem has a different solution, I don't want to bore you with all of the details. I could easily fill the rest of this article with product specific work arounds. What I can tell you though is that various anti virus (and system security) products from Symantec, McAfee, and Computer Associates are plagued by problems related to Windows XP SP2. I would recommend consulting the manufacturer's Web sites for patches and work arounds. If you are unable to find the necessary information though, Microsoft has a couple of Web pages that discuss product incompatibilities and workarounds. You can access these pages at http://support.microsoft.com/default.aspx?kbid=842242 and at http://support.microsoft.com/default.aspx?scid=kb;en-us;886264
Even if you think that your anti virus software is working well, it might be worth your time to spot check a few workstations. Just verify that you are able to perform a full system scan and that the anti virus definitions are up to date.
Backup Software Problems
Although the preferred method of data retention is to have users save their data onto a server and then back the server up each night, there are plenty of companies in which users save at least some data locally. In such environments, it is not uncommon for at least a few of the workstations to get backed up remotely over the network.
This is one area in which Windows XP Service Pack 2 tends to cause a lot of problems. These problems just haven't received much publicity because as I mentioned earlier, backing up workstations remotely isn't exactly the preferred method of backing up data.
The problem stems from the method in which the server-based backup software communicates with the workstation that's being backed up. Although there are several different techniques used by various applications, the most common method is for the backup software to push an agent to the workstation and to then use that agent to facilitate the backup process. The problem is that whether an agent is used or not, the backup software must traverse the Windows firewall, which is now enabled by default.
According to Microsoft, one of the backup software applications that experiences the most trouble functioning with Windows XP SP2 is Backup Exec version 9, from Veritas. Fortunately, there is a work around though.
If you are having trouble backing up workstations using BackupExec version 9, you can get around the problem by opening port 10,000 on the firewall. You must also add the following to the default exception list: C:\Program Files\Veritas\Backup Exec\RANT32\beremote.exe.
My advice is that if you are remotely backing up workstations that are running Windows XP SP2, then you should check your backup logs even if you are running something other than Backup Exec and there are no obvious problems. I have seen plenty of instances over the years in which the only indication of a backup failure was an entry in a log file.
In the vast majority of situations, installing Windows XP Service Pack 2 will help to increase your organization's security rather than undermine it. However, you must keep in mind that there are some third party applications that simply do not work correctly with Windows XP Service Pack 2 without a little tweaking. When such applications are responsible for your system's security then Windows XP SP2 has in effect undermined your system's security. It is therefore very important to verify that all such programs are functioning correctly after the upgrade. If a particular application does not function correctly, then you can almost always find a patch or a workaround on the manufacturer's Web site.