MSDN article Windows XP Service Pack 2: A Developer's View, begins with:
Draft Version for PDC 2003
This document contains preliminary information about the security technologies in Windows XP SP2.
Microsoft Corporation
October 2003
Applies to:
Microsoft® Windows® XP
Summary: With Windows XP Service Pack 2 (SP2), Microsoft is introducing a set of security technologies that will improve Windows XP-based computers' ability to withstand malicious attacks from viruses and worms. The technologies include:
- Network protection
- Memory protection
- Safer email
- Safer browsing
This paper discusses the first two elements on this list.
Together, these security technologies will help make it more difficult to attack Windows XP, even if the latest patches or updates aren't applied. These security technologies together are particularly useful mitigation against worms and viruses.
This paper reflects early thinking about SP2 and its implications for developers. As we progress further, we will make more information available for developers on the Microsoft Developer Network (MSDN) Security Developer Center. The goal for SP2 is to build on our Trustworthy Computing efforts that have previously been applied to Windows Server 2003. To read more about the Microsoft Trustworthy Computing initiative, please see the Trustworthy Computing Defined overview. (13 printed pages)
Overview of Windows XP SP2 Security Technologies
Many customers do not or cannot roll out patches as soon as they become available, but still need to be protected against the risks that the patches mitigate. Each security bulletin that Microsoft delivers includes information that customers can use to help mitigate risk while they deploy the patch. However, Microsoft is innovating further delivering security technologies that provide additional mitigation ahead of deploying a patch. These security technologies will cover the following areas:
- Network protection. These security technologies will help provide better protection against network-based attacks, like Blaster, through a number of innovations, including enhancements to Internet Connection Firewall (ICF) . The planned enhancements include turning on ICF in default installations of SP2, closing ports except when they are in use, improving the user interface for configuration, improving application compatibility when ICF is on, and enhancing enterprise administration of ICF through Group Policy . The attack surface of the RPC service will be reduced as well as running in a reduced privilege . The DCOM infrastructure will also have additional access control restrictions to reduce the risk of a successful network attack.
- Memory protection. Some attacks by malicious software leverage software vulnerabilities that allow too much data to be copied into areas of the computer's memory . These vulnerabilities are typically referred to as buffer overruns . Although no single technique can completely eliminate this type of vulnerability, Microsoft is employing a number of security technologies to mitigate these attacks from different angles . First, core Windows components are being recompiled with the most recent version of our compiler technology to help mitigate against buffer overruns . Additionally, Microsoft is working with microprocessor companies to help Windows support hardware-enforced "no execute" (or NX) on microprocessors that contain the feature . NX uses the CPU itself to enforce the separation of application code and data, preventing an application or Windows component from executing program code that an attacking worm or virus inserted into a portion of memory marked for data only.
- Safer e-mail. Security technologies will help stop viruses (such as SoBig.F) that spread through e-mail and instant messaging. These technologies include default settings that are more secure, improved attachment control for Outlook Express and Windows Messenger, and increased Outlook Express security and reliability. As a result, potentially unsafe attachments sent through e-mail and instant messages will be isolated so that they cannot affect other parts of the system.
- Safer browsing. Security technologies delivered in Internet Explorer that will provide improved protection against malicious content on the Web. One enhancement includes locking down the local machine zone to prevent against the running of malicious scripts and fortifying against harmful Web downloads. Additionally, we will provide better user controls and user interfaces that help prevent malicious ActiveX® controls and spyware from running on customers' systems without their knowledge and consent.
Microsoft understands that security technologies are only one aspect of a sound defense-in-depth security strategy. The security technologies outlined here are the next steps being taken in the Trustworthy Computing initiative to make customers' systems more resilient.
See MSDN article Windows XP Service Pack 2: A Developer's View for the complete article.
