Windows XP Service Pack 2: a first look

The forthcoming Service Pack 2 for Windows XP is actually a significant upgrade for Microsoft's OS, delivering much-needed security enhancements. We highlight the key changes.

The forthcoming Service Pack 2 for Windows XP is actually a significant upgrade for Microsoft's OS, delivering much-needed security enhancements. We highlight the key changes.

Service Pack 1 (SP1) for Windows XP, which was about 130MB (compressed) in size, fixed 324 errors in the operating system. Service Pack 2 (SP2), which will ship in mid-2004 at the latest, is nearly three times as large, at 360MB (Build 2082). The main focus, apart from the fixing of well-known problems, is on security. More and more of today's PCs have always-on Internet connections. Although business computers are relatively well protected against Internet-borne attacks by corporate firewalls, this is not generally the case with home PCs. Microsoft is partly responsible for this undesirable state of affairs: after installing Windows XP the integrated software firewall (Internet Connection Firewall) is currently switched off by default, leaving the system unprotected from hacker attacks. Last year's Blaster worm proved how important a firewall can be: even today, a newly installed Windows XP system will be infected after few seconds' connection to the Internet if the firewall is deactivated and the Blaster patch is missing. XP SP2 offers improved security in four areas:

(1) Improved network protection

(2) Protection from memory overflow

(3) Safer email handling

(4) More secure Internet browsing

The following pages describe these changes in more detail.

Service Pack 2 is designed to make Windows XP more secure.

Improved network protection
Network protection is greatly improved in Service Pack 2. Windows Firewall (previously called Internet Connection Firewall) is now always on, and is also more configurable. The firewall now protects the computer against attacks during startup: the network driver is only loaded once Windows Firewall is activated. Likewise, when shutting down, the firewall provides effective protection by switching off the network driver first. As mentioned above, Windows Firewall is always active, with all network connections. The user can configure the firewall by default, although the network administrator can disable this option in the profile editor if necessary. There is also better access to Windows Firewall's options. Instead of wading through dialogue boxes, as before, a system tray icon appears as soon as the network connection is active. Security-related features are also gathered together in the new Security Center front end.

Firewall configuration: exceptions for certain applications.

Protection from memory overflow
Under Service Pack 2, protection from memory overflow -- which can be exploited by malicious code -- is ensured by new processors that support the NX (No eXecute) feature in hardware (AMD Athlon 64, AMD Opteron, Intel Itanium). PCs that use the Pentium 4 and other chips that do not offer hardware-enforced execution protection (the NX feature), must rely on execution protection built into the operating system. However, this procedure – known as 'sandboxing' -- is not as effective as the hardware implementation in NX-enabled chips. AMD and Microsoft are currently planning a campaign to promote the value of the NX feature to users.

AMD's Athlon 64 processors offer protection from memory overflow with the NX feature. Windows XP provides support for this feature in Service Pack 2.

Safer email handling
Many worms, viruses and Trojan programs arrive via email as attachments. In Service Pack 2, Outlook Express matches many of the security features of the fully fledged Outlook application. Outlook Express can now block pictures and HTML content in external email, and prevent potentially dangerous attachments from being opened.

Outlook Express now offers protection from dangerous content.

More secure Internet browsing
With Service Pack 2, Internet Explorer finally provides an effective pop-up blocker. This feature has been available since 2002 in the form of third-party add-ons such as Crazy Browser, which adds a tabbed interface and a smart pop-up blocker to the IE engine. Microsoft has taken until 2004 to implement something similar. However, a pop-up blocker does not make the browser safer – that is provided by the new Manage Add-ons feature. The new Internet Explorer prevents dangerous HTML code from being implemented on the local PC by listing add-ons in the Manage Add-ons dialogue box, where they can be enabled or disabled by the user. If a Web page tries to load a disabled add-on, a warning is given – however, the user can ignore the warning and permit Internet Explorer to execute the code. In our tests, Internet Explorer warned about the execution of parts of the iBench Internet benchmark, even though this contains no dangerous code. If such errors persist in the final version of SP2, some companies' intranet applications might be affected. The warning might concern many users, resulting in an IT support call -- which surely is not the intention.

Internet Explorer can now manage browser add-ons.

Improved Windows Update
Microsoft recommends that you activate its automatic update service. Currently it is pointed out during the installation of Windows XP that your PC is better protected with Windows Update enabled. However, many users report that automatic updating causes problems. Therefore, this feature is often switched off. The new update service in Service Pack 2, which automates the installation of patches, also allows individual updates to be removed if problems subsequently arise. Administrators of large networks should try out this feature first on a single computer. If the feature works perfectly, it can be switched this on for all the other computers on the network.

The new Windows Update improves the installation of patches.

Performance and memory requirements
A glance at the number of the processes, threads and handles shows clearly that more is happening under Service Pack 2 compared to its predecessors. The fact that Windows Firewall is active and Security Center (which examines all security-related features) runs in the background also makes for a higher memory load. At the moment, Windows XP with Service Pack 2 is slightly slower than its predecessors. However, this may change when the final version is released.

XP Service Pack 2: performance & memory requirements

XP installation
Windows XP SP1 DX9b
Windows XP SP1 (updates 11.3)
Windows XP SP2 (build 2082)

System cache
Kernel memory
Windows XP startup
Business Disk WinMark
CPU utilisation
High-end Disk WinMark
CPU utilisation
Business Winstone 2004
CPU utilisation

With Service Pack 2, Microsoft has clearly made Windows XP safer. Activating Windows Firewall by default should prevent some attacks: for example, the Blaster worm cannot penetrate a system that's protected by a firewall.

Windows Firewall is now more configurable and easier to administer. Microsoft also provides access to all security-related options via the Security Center. Users with systems powered by AMD's Athlon 64 processor enjoy more protection than those with comparable Intel-based PCs: Service Pack 2 activates the NX function in the Athlon 64, which prevents the execution of dangerous code from a memory overflow. Intel currently only offers this feature with its high-end Itanium processor, but may well implement it in it desktop CPUs before long. Some additions that Microsoft is offering in Service Pack 2 have long been available from third parties, including pop-up blockers for Internet Explorer and protection from dangerous email attachments. Even so, many people exclusively use programs that come with the OS, and these users are now catered for. The integrated pop-up blocker in Internet Explorer makes Web browsing a more pleasant experience, while the protection from dangerous email attachments in Outlook Express is also welcome. Windows XP with Service Pack 2 now offers the best protection that Windows has ever enjoyed. However, security can still be compromised: if you click on email attachments like 'I Love You', don't be surprised if strange things happen with your system. You should delete emails from people you don't know. With a firewall -- which for XP users with Service Pack 2 is installed by default -- and an anti-virus program (which does not come with Windows XP), most attacks on your computer can be repelled. But before you start opening attachments all over the place, remember: these measures do not offer one hundred percent protection.

Microsoft has now made Release Candidate 1 (RC1) of Service Pack 2 available for download.


You are now warned about installing potentially dangerous software.

During installation, the activation of automatic updates is recommended.

Windows Firewall is no longer hidden away: it can now be configured via Network Connections.

Finally, pop-up protection for Internet Explorer.

The Security Center tracks the status of Windows Firewall, automatic updates and your anti-virus program.