First Look: Windows XP Service Pack 2
Microsoft Windows XP Service Pack 2
Not yet rated
| |||||
Service Pack 1 (SP1) for Windows XP, which was about 130MB (compressed) in size, fixed 324 errors in the operating system. Service Pack 2 (SP2), which will ship in mid-2004 at the latest, is nearly three times as large, at 360MB (Build 2082). The main focus, apart from the fixing of well-known problems, is on security.
More and more of today's PCs have always-on Internet connections. Although business computers are relatively well protected against Internet-borne attacks by corporate firewalls, this is not generally the case with home PCs. Microsoft is partly responsible for this undesirable state of affairs: after installing Windows XP the integrated software firewall (Internet Connection Firewall) is currently switched off by default, leaving the system unprotected from hacker attacks. Last year's Blaster worm proved how important a firewall can be: even today, a newly installed Windows XP system will be infected after few seconds' connection to the Internet if the firewall is deactivated and the Blaster patch is missing.
XP SP2 offers improved security in four areas:
- Improved network protection
- Protection from memory overflow
- Safer email handling
- More secure Internet browsing
The following pages describe these changes in more detail.
Service Pack 2 is designed to make Windows XP more secure.
Improved network protection
| |||||
There is also better access to Windows Firewall's options. Instead of wading through dialogue boxes, as before, a system tray icon appears as soon as the network connection is active. Security-related features are also gathered together in the new Security Center front end.
Firewall configuration: exceptions for certain applications.
Protection from memory overflow
| |||||
PCs that use the Pentium 4 and other chips that do not offer hardware-enforced execution protection (the NX feature), must rely on execution protection built into the operating system. However, this procedure - known as 'sandboxing' -- is not as effective as the hardware implementation in NX-enabled chips.
AMD and Microsoft are currently planning a campaign to promote the value of the NX feature to users.
AMD's Athlon 64 processors offer protection from memory overflow with the NX feature. Windows XP provides support for this feature in Service Pack 2.
Safer e-mail handling
| |||||
Outlook Express can now block pictures and HTML content in external e-mail, and prevent potentially dangerous attachments from being opened.
Outlook Express now offers protection from dangerous content.
More secure Internet browsing
| |||||
However, a pop-up blocker does not make the browser safer - that is provided by the new Manage Add-ons feature. The new Internet Explorer prevents dangerous HTML code from being implemented on the local PC by listing add-ons in the Manage Add-ons dialogue box, where they can be enabled or disabled by the user. If a Web page tries to load a disabled add-on, a warning is given - however, the user can ignore the warning and permit Internet Explorer to execute the code.
In our tests, Internet Explorer warned about the execution of parts of the iBench Internet benchmark, even though this contains no dangerous code. If such errors persist in the final version of SP2, some companies' intranet applications might be affected. The warning might concern many users, resulting in an IT support call -- which surely is not the intention.
Internet Explorer can now manage browser add-ons.
Improved Windows Update
| |||||
The new update service in Service Pack 2, which automates the installation of patches, also allows individual updates to be removed if problems subsequently arise.
Administrators of large networks should try out this feature first on a single computer. If the feature works perfectly, it can be switched this on for all the other computers on the network.
The new Windows Update improves the installation of patches.
Performance and memory requirements
| |||||
At the moment, Windows XP with Service Pack 2 is slightly slower than its predecessors. However, this may change when the final version is released.
| XP Service Pack 2: performance & memory requirements | |||
| XP installation | Windows XP SP1 DX9b | Windows XP SP1 (updates 11.3) | Windows XP SP2 (build 2082) |
| Files/folders | 9780/710 | 10104/738 | 11596/830 |
| Footprint | 1,212.9MB | 1,286.8MB | 1,856.7MB |
| Handles | 3,178 | 3,277 | 4,512 |
| Threads | 252 | 242 | 302 |
| Processes | 15 | 15 | 19 |
| Memory | 522.99MB | 522.99MB | 522.99MB |
| Available | 419.4MB | 415.7MB | 391.5MB |
| System cache | 62.9MB | 83.8MB | 130.3MB |
| Kernel memory | 12.6MB | 12.6MB | 16.8MB |
| Paged | 7.7MB | 7.8MB | 11.4MB |
| Non-paged | 4.9MB | 4.9MB | 5.3MB |
| Windows XP startup | 20s | 19s | 25s |
| Comanche4 | 70.6fps | 70.9fps | 70.0fps |
| Business Disk WinMark | 10.3MB/s | 9.9MB/s | 9.4MB/s |
| CPU utilisation | 7.2% | 7.6% | 7.6% |
| High-end Disk WinMark | 24.9MB/s | 25.0MB/s | 26.1MB/s |
| CPU utilisation | 2.96% | 3.2% | 3.4% |
| Business Winstone 2004 | 25.9 | 25.7 | 23.9 |
| CPU utilisation | 55.1% | 54.9% | 53.7% |
Conclusions
| |||||
Windows Firewall is now more configurable and easier to administer. Microsoft also provides access to all security-related options via the Security Center. Users with systems powered by AMD's Athlon 64 processor enjoy more protection than those with comparable Intel-based PCs: Service Pack 2 activates the NX function in the Athlon 64, which prevents the execution of dangerous code from a memory overflow. Intel currently only offers this feature with its high-end Itanium processor, but may well implement it in it desktop CPUs before long.
Some additions that Microsoft is offering in Service Pack 2 have long been available from third parties, including pop-up blockers for Internet Explorer and protection from dangerous email attachments. Even so, many people exclusively use programs that come with the OS, and these users are now catered for. The integrated pop-up blocker in Internet Explorer makes Web browsing a more pleasant experience, while the protection from dangerous email attachments in Outlook Express is also welcome.
Windows XP with Service Pack 2 now offers the best protection that Windows has ever enjoyed. However, security can still be compromised: if you click on email attachments like 'I Love You', don't be surprised if strange things happen with your system. You should delete emails from people you don't know.
With a firewall -- which for XP users with Service Pack 2 is installed by default -- and an anti-virus program (which does not come with Windows XP), most attacks on your computer can be repelled. But before you start opening attachments all over the place, remember: these measures do not offer one hundred percent protection.
Microsoft has made Release Candidate 1 (RC1) of Service Pack 2 available for download.
| |||||
You are now warned about installing potentially dangerous software.
During installation, the activation of automatic updates is recommended.
Windows Firewall is no longer hidden away: it can now be configured via Network Connections.
Finally, pop-up protection for Internet Explorer.
The Security Center tracks the status of Windows Firewall, automatic updates and your anti-virus program.