| |||||
More and more of today's PCs have always-on Internet connections. Although business computers are relatively well protected against Internet-borne attacks by corporate firewalls, this is not generally the case with home PCs. Microsoft is partly responsible for this undesirable state of affairs: after installing Windows XP the integrated software firewall (Internet Connection Firewall) is currently switched off by default, leaving the system unprotected from hacker attacks. Last year's Blaster worm proved how important a firewall can be: even today, a newly installed Windows XP system will be infected after few seconds' connection to the Internet if the firewall is deactivated and the Blaster patch is missing.
XP SP2 offers improved security in four areas:
The following pages describe these changes in more detail.
| |||||
There is also better access to Windows Firewall's options. Instead of wading through dialogue boxes, as before, a system tray icon appears as soon as the network connection is active. Security-related features are also gathered together in the new Security Center front end.
| |||||
PCs that use the Pentium 4 and other chips that do not offer hardware-enforced execution protection (the NX feature), must rely on execution protection built into the operating system. However, this procedure - known as 'sandboxing' -- is not as effective as the hardware implementation in NX-enabled chips.
AMD and Microsoft are currently planning a campaign to promote the value of the NX feature to users.
| |||||
Outlook Express can now block pictures and HTML content in external e-mail, and prevent potentially dangerous attachments from being opened.
| |||||
However, a pop-up blocker does not make the browser safer - that is provided by the new Manage Add-ons feature. The new Internet Explorer prevents dangerous HTML code from being implemented on the local PC by listing add-ons in the Manage Add-ons dialogue box, where they can be enabled or disabled by the user. If a Web page tries to load a disabled add-on, a warning is given - however, the user can ignore the warning and permit Internet Explorer to execute the code.
In our tests, Internet Explorer warned about the execution of parts of the iBench Internet benchmark, even though this contains no dangerous code. If such errors persist in the final version of SP2, some companies' intranet applications might be affected. The warning might concern many users, resulting in an IT support call -- which surely is not the intention.
| |||||
The new update service in Service Pack 2, which automates the installation of patches, also allows individual updates to be removed if problems subsequently arise.
Administrators of large networks should try out this feature first on a single computer. If the feature works perfectly, it can be switched this on for all the other computers on the network.
| |||||
At the moment, Windows XP with Service Pack 2 is slightly slower than its predecessors. However, this may change when the final version is released.
XP Service Pack 2: performance & memory requirements | |||
XP installation | Windows XP SP1 DX9b | Windows XP SP1 (updates 11.3) | Windows XP SP2 (build 2082) |
Files/folders | 9780/710 | 10104/738 | 11596/830 |
Footprint | 1,212.9MB | 1,286.8MB | 1,856.7MB |
Handles | 3,178 | 3,277 | 4,512 |
Threads | 252 | 242 | 302 |
Processes | 15 | 15 | 19 |
Memory | 522.99MB | 522.99MB | 522.99MB |
Available | 419.4MB | 415.7MB | 391.5MB |
System cache | 62.9MB | 83.8MB | 130.3MB |
Kernel memory | 12.6MB | 12.6MB | 16.8MB |
Paged | 7.7MB | 7.8MB | 11.4MB |
Non-paged | 4.9MB | 4.9MB | 5.3MB |
Windows XP startup | 20s | 19s | 25s |
Comanche4 | 70.6fps | 70.9fps | 70.0fps |
Business Disk WinMark | 10.3MB/s | 9.9MB/s | 9.4MB/s |
CPU utilisation | 7.2% | 7.6% | 7.6% |
High-end Disk WinMark | 24.9MB/s | 25.0MB/s | 26.1MB/s |
CPU utilisation | 2.96% | 3.2% | 3.4% |
Business Winstone 2004 | 25.9 | 25.7 | 23.9 |
CPU utilisation | 55.1% | 54.9% | 53.7% |
| |||||
Windows Firewall is now more configurable and easier to administer. Microsoft also provides access to all security-related options via the Security Center. Users with systems powered by AMD's Athlon 64 processor enjoy more protection than those with comparable Intel-based PCs: Service Pack 2 activates the NX function in the Athlon 64, which prevents the execution of dangerous code from a memory overflow. Intel currently only offers this feature with its high-end Itanium processor, but may well implement it in it desktop CPUs before long.
Some additions that Microsoft is offering in Service Pack 2 have long been available from third parties, including pop-up blockers for Internet Explorer and protection from dangerous email attachments. Even so, many people exclusively use programs that come with the OS, and these users are now catered for. The integrated pop-up blocker in Internet Explorer makes Web browsing a more pleasant experience, while the protection from dangerous email attachments in Outlook Express is also welcome.
Windows XP with Service Pack 2 now offers the best protection that Windows has ever enjoyed. However, security can still be compromised: if you click on email attachments like 'I Love You', don't be surprised if strange things happen with your system. You should delete emails from people you don't know.
With a firewall -- which for XP users with Service Pack 2 is installed by default -- and an anti-virus program (which does not come with Windows XP), most attacks on your computer can be repelled. But before you start opening attachments all over the place, remember: these measures do not offer one hundred percent protection.
Microsoft has made Release Candidate 1 (RC1) of Service Pack 2 available for download.
| |||||