When Microsoft released Windows XP Service Pack 1 (SP1) less than a year after the initial XP release, many users and administrators assumed that the company was settling into a comfortable, once-a-year service pack schedule. Indeed, Microsoft originally intended to release XP SP2 in late 2003, roughly a year after SP1, and that service pack would have included the standard set of fixes Microsoft had released since SP1.
However, in the days since Microsoft released XP SP1, the security climate has changed dramatically, and Microsoft has recast XP SP2 as a more comprehensive, safety-oriented release that, as a result, won't ship until the first half of 2004. Here's what you need to know about XP SP2.
Safety Technologies
In addition to the usual collection of security and bug fixes, XP SP2 will include a vast suite of security features—what Microsoft calls safety technologies—that are designed to make the underlying XP platform safer than ever. First, XP SP2 will ship with an improved Internet Connection Firewall (ICF) program that will be enabled by default. This version of ICF includes support for Group Policy; command-line, scripting, and unattended installation; and support for multiple profiles, enabling different settings for home and work.
XP SP2 will also change the way XP handles email attachments in Microsoft Outlook Express and will provide third-party email applications and new APIs to access those attachment-blocking features. Similar to the default attachment-blocking behavior in Microsoft Office Outlook 2003, Outlook Express won't trust any email attachments by default and will open or execute attachments with the least possible privileges.
XP SP2 will also include a new version of Microsoft Internet Explorer (IE—expected to be IE 6.05) that will be similar to the locked-down IE version that ships in Windows Server 2003. The new IE version will lock down the local machine zone and will block unknown and unsigned ActiveX controls.
Finally, XP SP2 will include new memory-protection technology that should thwart most buffer-overrun attacks. Based on features in modern Intel and AMD 32-bit and 64-bit processors, this technology, called no execute (NX), prevents code from running in the data areas of your system's RAM.
Patching Improvements
One of the biggest complaints users have about Microsoft product updates is that they're difficult to roll out, especially in large enterprises. For this reason, XP SP2 will be the first major release in a new series of patches that will include common command-line options across installers, support for rolling back update installations, and reduced rebooting. Under this new plan, Microsoft will release patches on a more regular schedule. To test this new scheme, the company started issuing critical security patches on a monthly basis in late 2003.
Widespread Adoption
Because of its pervasive security changes, some of which will require changes to third-party applications and end-user behavior, Microsoft expects XP SP2 to be widely deployed in virtually all markets. To this end, the company began courting application developers and Web developers in late 2003 to encourage them to make changes to their products so that the products would work properly in XP SP2.
Microsoft is launching a global education and training initiative to get end users and administrators up to speed on the benefits and changes in XP SP2. This initiative includes documentation such as technology summaries, step-by-step user guides, and prescriptive guidance for administrators, chief technology officers (CTOs), and IT professionals; security seminars on TechNet; and monthly security Webcasts.
Recommendations
XP SP2 will likely be one of the most important platform releases Microsoft has made in some time, and because of the numerous changes SP2 makes to XP security, all enterprises and businesses should consider upgrading to this release as soon as possible. But because XP SP2 isn't expected until May or June 2004, you still have plenty of time to evaluate the changes and determine what effect, if any, the changes will have on your products and users. Even if your corporation typically waits before deploying service packs, you should get involved with the XP SP2 beta process so that you can thoroughly evaluate the product before its release. This is one service pack that enterprises will want to be prepared for and implement quickly.