HELP
PAGE
Websites:
ARTICLES ABOUT SP2 BELOW
Can You Live with Windows XP SP2?
Service Pack 2 (SP2) for Microsoft Windows XP (news
-
web sites) is expected to start showing up on many more desktops today
(Wednesday 8/25), as Microsoft starts to deliver it to XP Professional users
who have automatic updates turned on, as well as via Windows Update. The
service pack is notable mostly for a variety of new security features,
including fixes to many known problems, a new version of the Windows
Firewall that is turned on by default, and a new security center. You can
read all about these features in our full
Windows XP SP2 report. Instead, I want to focus on what it's like living
with the final version of SP2, on the other new features, and on the
controversy over some of these security features. People who were
beta-testing SP2, members of Microsoft TechNet, home users with automatic
updates on, and many corporate customers have been able to get SP2 for a
couple of weeks now, and many of us at PC Magazine have been
running this version. Along the way, we've fielded a lot of questions from
Windows users.
Back to top of page.
Is it compatible?
Perhaps the biggest question is whether SP2 is going to break your current
applications.
Microsoft has published a list of programs that have problems. Some of
these are quite surprising you would think Microsoft would have made sure
all its own programs worked, for instance. But for the most part, the
problems are with older versions of software or can be fixed by an end user
fairly easily. A number of programs are simply blocked by the built-in
firewall, which is the point; the firewall doesn't always know which
programs are legitimate and which are ones you don't want to run. The answer
for that is fairly simple setting the firewall to let the program work.
(Here are details on how to set a program to work with the
Windows Firewall. This week's
Security Watch column explains how to open additional ports for some
applications. But other problems aren't as easily addressed, so Microsoft
has published a
utility for corporate customers to prevent the XP2 upgrade from installing
and a complete
Windows XP SP2 migration guide. Our Neil Rubenking suggests that the
utility to block the upgrade consists of a change to
a single registry variable. Many organizations will want to test their
applications thoroughly before rolling SP2 out, and we are hearing about
a number of enterprises that are highly skeptical of the upgrade. Still,
the overwhelming majority of people seem to be running SP2 without
compatibility issues. We will keep looking for problems, and we'll let you
know if we find any.
Back to top of page.
Security Concerns
Of course, the big focus has been security, and here the issue is more
complex. There seems to be general agreement that the protections in SP2 are
better than no protection. On the other hand, many security experts are
concerned that SP2 will give customers a false sense of security, and a few
worry that some of the new security features themselves will be open for
attack. A number of the concerns deal with the Windows Firewall, which only
protects your computer against inbound traffic, as opposed to all the
third-party firewalls (such as ZoneAlarm, Norton Internet Security, etc.),
which also control Internet access for the programs on your computer, and
thus provide more protection against things like Trojan horses. My own take:
The Windows Firewall is a good thing, just because so many people do not run
software firewalls. But if you're serious about security, I recommend both a
hardware firewall and a third-party software firewall. I've noticed that the
latest versions of the firewalls ask if you want to turn off the Windows
Firewall, so you only run one at a time. A bigger question is whether the
new Security Center, which displays the state of your firewall, antivirus
software, and Windows updates, is itself a target for hackers. We've
recently received some reports about the possibility of a rogue application
using the technologies underneath the Security Center (specifically the
Windows Management Instrumentation subsystem and Web-Based Enterprise
Management) to spoof a new program, or just present incorrect information.
For more details, see our
Security Watch column. We haven't seen any exploits of this potential
vulnerability so far, but it's clearly an area that's ripe for a problem,
and one Microsoft needs to worry about. Another area that has generated some
concern is the
security zones feature which some researchers fear could be used to
trick users into opening a malicious file. We do know that some of the other
fixes added to SP2 are already having an impact. A new Internet worm out
last week (Download.Ject)
posed a threat to other versions of XP, but didn't affect SP2 users. Again,
it seems like installing SP2 is better than nothing, but it's certainly no
"magic bullet" users still need to watch out for security issues. And you
know there will be other exploits, as the people who write them keep looking
for other holes, and are almost certain to find some in SP2or in any other
OS, for that matter.
Back to top of page.
Where Is the Security?
One question I've repeatedly gotten comes from readers who have installed
SP2, but don't see the Security Center showing up on their system. In most
cases, the answer is that they're using managed desktops, and their security
settings are handled by an IT department. In that case, you can still find
the Security Center, by clicking on the icon in the control panel. You'll
typically see a message telling you that your system is managed by a network
administrator. Another question I've gotten quite often regards a feature
called data execution prevention (DEP), which uses both hardware and
software to allow software to run only in memory explicitly marked for
running applications. This would prevent certain threats that involve
exploits that write unexpected pages in memory. Currently, this feature only
works with the NX or No-eXecute feature in AMD's Athlon 64 and Opteron
chips. Intel has announced a similar feature (Execute Disable) for future
chips, but is not shipping it yet. Again, this should add an extra degree of
protection, but for now is available only for AMD systems. (And again, a
couple of applications, notably PaintShop Pro, have had trouble installing
on such systems, but there is
a simple workaround.
Back to top of page.
Additional Features
Windows XP SP2 bundles up a number of smaller changes that haven't
gotten as much attention, but are worth noting. Two of the most important
deal with connectivity. First, SP2 includes Bluetooth Client 2.0, a major
upgrade to the Bluetooth stack. If you have a Bluetooth radio, a new
control-panel applet appears, along with a wizard for finding and
configuring Bluetooth devices. It also includes a method of locking a device
so it will only connect to a single PC. And the wireless options have
increased, as well, through a new wireless network connection screen that
makes it easier to set up and connect to a wireless network. This interface
is much cleaner that previous versions, making it easier to see the list of
available networks and signal strength. A new Wireless Network Setup Wizard
eases network setup, and includes a nice feature that lets you move your
wireless settings to a USB flash drive, so you can set up additional
computers more easily. In general, I like the look of the new wireless
client, although I have had some unexplained difficulties connecting to one
protected network I often use. Other changes in this version include
big new features for tablet PC users, and
Windows Media Player version 9.
WMP version 10 is well into its beta-test cycle, and we expect Microsoft
to ship it shortly.
Back to top of page.
Bottom Line
So should you upgrade? For most people, there isn't any choice it will
come automatically, and if you don't upgrade, you're leaving yourself open
to even more exploits those that are already around. If you have a dial-up
connection, the upgrade will take a while (perhaps several weeks with
intermittent connections). Corporate customers, of course, need to make sure
that it doesn't break any substantial applications. Will you be happy with
the upgrade? My guess is most users will be, though I expect we'll still
continue to see lots of threats aimed at Windows. After all, it's still the
most popular and widely used platform, and thus the biggest target for
hackers. For maximum security, you might want to have multiple platforms, or
at least multiple browsers (See our story, "Is
Microsoft to Blame?".)
Article above written by: Michael J. Miller - PC
Magazine 8-25-2004
Back to top of page.
Microsoft To Delay
Automatic XP SP2 Updates
 By
Erika Morphy
CRM Daily
August 17, 2004 10:53AM
By and large, antivirus firms approve of
Microsoft's Windows XP Service Pack 2. However, experts caution that
the decision to install it -- especially enterprise-wide -- should not
be made lightly, as significant testing must be done to ensure that
there are no conflicts within a company's network.
After waiting months and months for
Windows XP
Service Pack 2, how much difference can a few more days make? As it
turns out, plenty.
has announced it will delay by slightly more than a week the
planned distribution of the
security
service pack via automatic update. Corporations, as has become
clear, are in no hurry to install SP2; companies want the ability to
prevent employees from downloading it in an overzealous attempt to
secure their networks. That, reportedly, is the reason the
automatic-upgrade feature is being delayed.
50-200 Apps Affected
By and large, antivirus firms approve of the service pack.
However, experts caution that the decision to install it --
especially enterprise-wide -- should not be made lightly, as
significant testing must be done to ensure that there are no
conflicts within a company's network.
And more than likely there will be: XP service pack 2 makes some
fairly significant changes to the default Windows firewall
configuration that affects many critical applications. Thus far, at
least 50 -- and as many as 200 -- applications have been identified
as causing conflicts.
"The bigger companies are delaying their installations," Sophos
security consultant Graham Cluley told NewsFactor. However, a few
are beginning to experiment on smaller, contained networks in-house,
he notes, mainly for testing purposes. "But a lot of companies are
saying, 'We don't need this, because we already have the security in
place.' So there isn't this urgent need to upgrade -- at least among
enterprises," Cluley says.
Back to top of page.
Consumer Conundrum
Consumers are not as likely to be up to date with their security.
Still, this group may not be ready for XP service pack 2 either,
Cluley says. "What I would suggest to consumers is start upgrading
your computer now with the missing patches and appliances. Then,
when the application is more consumer-friendly, you won't have as
much work to do.
Meanwhile, more vendors and retailers are marketing their
services to help upgrade to XP Service Pack 2. Many of these offers
are aimed at businesses, but CompUSA has announced a "can't fail"
deal for consumers. For a limited time, it is offering free
installation of SP2 on all computers using Windows XP brought to any
store location, even if the computer was not purchased from CompUSA.
The retailer says it will test the computer to make sure it is
running smoothly following the SP2 update.
"While SP2 can be downloaded from Microsoft's Web site, it can
take a significant amount of time, especially if customers have not
updated their XP operating system on a regular basis or have
traditional dial-up access to the Internet," CompUSA points out.
Back to top of page. |
|
|
