Windows XP's Big Fix
Among the most important security upgrades in SP2 are a major overhaul to Windows' built-in firewall and the addition of a Security Center Control Panel, a single starting point offering convenient links to several security features. The new tools will help safeguard even the least-protected systems against the most common kinds of Internet attacks, and will also provide a baseline of fundamental security technologies that will (in theory) shield PCs from future attacks.
Built-In Firewall Gets Refreshed
The Windows Firewall in SP2 replaces the lackluster (and well-hidden) Internet Connection Firewall--a part of the operating system since Windows 2000. The utility can block probes and attacks coming in from hackers or worms over the Internet, but it can't inhibit the ability of programs already residing on your hard drive to send data out to the Internet as the free ZoneAlarm firewall can. Outbound protection can help staunch the spread of spyware and worms from an infected machine to others.
With inbound protection alone, the Windows Firewall is significantly less useful than one with both inbound and outbound controls. Lacking outbound controls, you'll likely still need to use a separate free or commercial software firewall for a while longer; there's no good reason to use the Windows Firewall as your sole protection.
That said, SP2's Windows Firewall is still a valuable contribution to PC safety. Enabled by default, the Windows Firewall will protect those computers whose users fail to get a full-featured software firewall of their own.
The new Windows Firewall is also more configurable than its predecessor, with options that can block some applications from receiving data over networks where you can't be assured of the security, such as wireless hotspots in cafes or airports.
Security Center Ties It Together
The most obvious user interface change in SP2 is the Windows Security Center, a Web page-like dashboard for configuring various settings and launching security applications, such as the Windows Firewall. It's a good start at developing a one-stop place to manage security on your PC, but (at least in the beta version of SP2 that we looked at) it still isn't comprehensive enough.
The Security Center links you to the Windows Firewall, puts settings within easy reach, and can tie in with third-party antivirus software to alert you when your definitions are too old--a nice touch. However, you still have to launch the individual applets (or the components that control those features) individually if you want to change the settings that determine how they behave.
SP2 Urges Automatic Updates
The first time you boot your PC after you install SP2, but before Windows loads the desktop, SP2 makes a full-screen plea for you to enable Automatic Updates. Our advice: Enable Automatic Updates when Windows requests that you do so. Right now, the security risk of not completely patching your system outweighs the risk of encountering problems caused by a patch that may contain new bugs. The only exception may be for people at large companies who run one or more custom-made applications on their PCs. IT managers will have to do some testing before rolling out a patch on employees' computers.
IE (Finally) Gets Several Big Fixes
One of SP2's most useful features is the pop-up (and pop-under) ad blocking it adds to Internet Explorer, letting you stop any unwanted browser windows from spawning. IE will permit pop-ups you initiate purposefully, such as when you click a link that triggers a new window, and it will allow you to view blocked pop-ups via a handy (and surprisingly unobtrusive) Information Bar.
Less successful is IE's new Manage Add-ons feature, which permits you to disable unwanted browser plug-ins. Some plug-ins, such as adware programs, can be quite malicious. While the ability to disable undesirable plug-ins is laudable, Manage Add-ons is unable to delete them completely--a silly limitation when many PCs already have useless (and potentially dangerous) spyware or adware plug-ins installed, and the process to remove plug-ins is tedious and user-unfriendly (click Tools, Internet Options, click the Settings button, click the View Objects button, select the plug-ins that you don't want, and press the Delete key).
SP2 Blocks Some Executables
The new Safe Attachment Execution Service will prevent you from running potentially dangerous types of files that you either download through a Web browser or receive through e-mail or an instant message. Applications in XP that support downloading attachments--IE, Outlook Express, and Windows Messenger--will be supported immediately, but third-party software companies will need to build support into their applications.
The feature works the same way in all three XP applications: Any file you download that the service deems unsafe (such as a .pif, .scr, or .exe file) will initially be soft-blocked (you'll see a pop-up warning message about the dangers of downloading such an attachment). If you downloaded the file through IE, you'll see a second warning message when you try to run or open the download, asking if you're really, truly sure you want to run it. Click the Run button, and you're good to go.
But if you're using Outlook Express or Windows Messenger, and you override the first warning message, the file will appear on your hard drive in a hard-blocked state--it won't run unless you deliberately go into that downloaded program's Properties dialog box and manually click a button labeled Unblock within its Advanced Properties tab.
SP2 also introduces fundamental changes (called NX, or No eXecution) that will make it more difficult for hackers to exploit certain kinds of common vulnerabilities; the most important of these additions, however, work only on PCs with 64-bit processors, such as AMD Athlon-64-based systems or computers using Intel's upcoming 64-bit Pentium 4 and Xeon CPUs. PCs running on common 32-bit Intel or AMD chips get no benefit.
Though SP2 dramatically raises the bar on security, it provides you no way to clean up after a successful malware incursion; you will still need to run an up-to-date antivirus utility and a spyware removal tool to rid your computer of assorted junk that shouldn't be there in the first place.