SUBSCRIBE FOR FREE!
If you do not currently receive LSM on a bi-monthly basis, you can easily do so totally free of charge by entering your email address in the box below and clicking the 'Subscribe' button.

Microsoft Windows XP Service Pack 2 (SP2) - Friend or Foe ?
by Jonathan Burnside ©2004

The fruition of Service Pack 2 has caused quite a stir for many… The reason for this is because of the radical changes it makes to the Operating System (OS) and Internet Explorer (IE). These changes were brought about because of the numerous security risks in Windows XP and IE. Let’s face it, Microsoft were stuck between a rock and a hard place, they were damned if they did and damned if they didn’t. The massive influx of viruses, worms, trojans, malware, spyware etc. over recent years brought the problem to a head and a lot of criticism was thrown at Microsoft to come up with a solution.

Microsoft’s solution was SP2 and it created a stir because after installing it many businesses and private users suddenly found that some applications ceased to function properly (or at all in some cases). However, SP2 has been known about for a long time in IT circles and developers have had plenty of time to alter their programs to work with the new upgrade.

What has changed ?

There are many changes that take place with the installation of SP2, way too many to cover here, so below are just a few of them:

Data Execution Prevention (DEP), aka – ‘the NX issue’
This new feature has plagued games manufacturers more than any other software manufacturer. The reason for this is because DEP has plugged a hole in security that has frequently been abused by different attackers. This security hole allowed code to be run in areas of memory allocated for data storage. The world famous Sasser worm, that caused so many problems, utilised this weakness. The reason it has plagued the games software manufacturers is because many of them used these data storage areas to run code that gathers license details and uses it during every run of the program. This proved a clever way to curb software piracy but unfortunately meant that many of these programs will now cease to function without being recoded.

Unfortunate too, is that if you are running 64-bit Windows you cannot disable this facility. If you are running 32-bit Windows then DEP can be disabled, but you do have to bear in mind that by doing so you are opening up a hole in security again.

Internet Explorer (IE)
The introduction of SP2 has brought with it, many changes to IE. A substantial amount of these will not be noticed by the user as they are working in the background, but a number of them will be noticed straight away…

The whole way in which IE deals with downloads has changed, which is definitely for the better. The download dialog box has taken on a new look, it is now cleaner and more professional looking. There are now ‘Trusted Publishers’ and ‘Untrusted Publishers’ and if any download attempt is made from a blocked publisher, the download will not take place.

Unauthorised automatic downloads (i.e. downloads that don’t have a signed certificate) are also blocked. You can tell when one of these is blocked because there is a new information bar near the top of the browser window informing the user.

A pop-up blocker is also included which stops virtually all those annoying pop-up advertisements. A setting can be changed to alter how aggressive the pop-up blocker is, you know… whether to block just automatic pop-ups or all of them, etc.

The updated IE now deals differently with Multipurpose Internet Mail Extensions (MIME). Before SP2 many malware files were unintentionally downloaded or executed because they had been disguised by having their file extensions altered or their MIME type changed. Now IE does numerous different checks in-order to determine a file type, instead of just looking at the file extension. Once the file type has been verified IE will check the extension to see if it corresponds correctly, if it does not IE will alter it to the correct extension there and then.

Firewall
By far the biggest cause of problems after the installation of SP2 is the new firewall which is turned on by default. When this facility is turned on the user is presented with a ‘Windows Security Alert’ dialog box when a program attempts an exterior communication. This allows the user to make a choice about the application in question:

1. Keep Blocking
2. Unblock
3. Ask Me Later

The user can also alter the firewall settings via the new Windows Security Centre, which can be found in the Control Panel. In here it is possible to unblock programs and particular ports once you have identified which ones are required. If a user unblocks a program and it is still having problems then chances are that the port it is using will need unblocking, the software manufacturer will be able to advise on which port is being used.

And Finally…

Lets face it SP2 was needed more than ever, but whether Microsoft spent enough time making it as compatible as possible is debateable. I know from my own experience, when SP2 came out it immediately caused quite a few problems for many of our customers – however most of the problems were noticed on machines that provided network services, such as fileservers, internet / fax gateways, etc and not so much on actual client machines. However, you cannot expect such core changes to the OS and IE to work seamlessly with your existing systems; time needs to be taken in-order to test SP2 and modify its settings to get it working with what you have, which is always good practice with all major software updates.