- New and Improved Firewall: EDIT: This section has been revised after I learned that some of the information I had regarding the improved firewall was incorrent.
This is one of the best updates in SP2 in my opinion. The Internet Connection Firewall (ICF) that comes with Windows XP is not intuitively named or configured and is disabled by default. With SP2 the firewall gets a new name, Windows Firewall, and a number of significant changes that improve its functionality. Primarily, the Windows Firewall is enabled by default and is monitored through the Security Center. It also allows you to enable or disable it on an interface by interface basis rather than the all-or-nothing approach of ICF. This firewall is leaps and bounds better than ICF but probably not sufficient to replace a 3rd-party personal firewall such as ZoneAlarm. - New Security Center: With SP2, Windows XP adds a new option in Control Panel called Security Center. The main screen of the Security Center displays information on the current status of your firewall and antivirus protection as well as whether or not automatic updates are enabled. Each item can be green (On), red (Off) or orange (Unknown). Windows does not come with antivirus software, but it will check for 3rd-party antivirus software and let you know if it is running and up to date. The firewall portion favors that you simply use the Windows Firewall. When I disabled the Windows Firewall and ran my ZoneAlarm Pro instead the firewall check turned orange. Security Center was able to tell me that ZoneAlarm Pro is installed, but it was unable to verify it was running or properly configured so it marks the status orange. Regardless, this is a handy step in the right direction. It gives even novice users a sort of "one stop shopping" place to look to see whether their system has the basic protective measures turned on or not.
- Automatic Updates: Automatic Updates are not new. Microsoft has long offered the option of enabling Automatic Updates so that your Windows system could periodically phone home and learn of any new critical updates that might be available. Depending on how you configure it, these updates can occur without your intervention while you're snug in your bed, thereby keeping your system more or less proactively patched without any effort on your part. With Windows XP a little icon would appear in the Systray asking the user whether they wanted Automatic Updates turned on or not, but with SP2 the question of Automatic Updates is made much more obvious and harder to ignore. Hopefully this new approach will lead more home users to enable this feature.
- Disabled Windows Messenger Service: This is not to be confused with the Microsoft MSN Messenger instant messaging program. The Windows Messenger Service is used to communicate between network devices and send alert messages and such to administrators. It is arguably unneccesary for home users and has been hijacked by spammers as a means for popping up unsolicited messages on users machines. Disabling it by default will stop this annoying spam from showing up on your computer.
- Stop Network Attacks: In the past year or so flaws in the Remore Procedure Call (RPC) and Distributed Component Object Model (DCOM) technologies have resulted in a variety of malware including the MSBlast and Nachi worms. These threats were able to exploit these vulnerabilities to spread across network connections from computer to computer. The changes made by SP2 will help to reduce or eliminate exploits like these.
Windows XP SP2 (Service Pack 2 )
More New Security Features
From Tony Bradley, CISSP-ISSAP, for About.com
Netsecurity Book Reviews
Windows XP Professional SecurityWindows 2000 Server Security For DummiesWindows XP Hacks
Explore Internet / Network Security
Must Reads
About.com Special Features
Build Your Own Website
Step-by-step advice on how to do everything from choosing a Web host to promoting your content. More >
Connect Your Home Computers
Easy ways to connect two computers for networking purposes. More >
©2009 About.com, a part of The New York Times Company.
All rights reserved.