Windows XP Service Pack 2 (SP2) with Advanced Security Technologies was originally due in fall 2003, but a spate of hacker attacks that summer prompted Microsoft to regroup and rethink its plans for SP2. Now a major security update that will include numerous new features, SP2 isn't just a simple collection of bug fixes anymore. Instead, XP SP2 will ship with major new security features, including a new Security Center dashboard, a new Windows Firewall, a pop-up ad blocker in Internet Explorer, and numerous other changes. XP SP2 will be available for Windows Home, Professional, Media Center, Media Center 2004, and Tablet PC Editions
Final update: Windows XP SP2 was finalized on August 6, 2004 and is now available for download soon from the Microsoft Web site. for this reason, my Windows XP SP2 FAQ is now frozen. For more information, please see my exhaustive review of XP SP2.
Q: What is Windows XP Service Pack 2 (SP2) with Advanced Security Technologies?
A: XP SP2 is a major, security-oriented update to Windows XP that is due by late summer 2004. It will include all the bug and security fixes Microsoft shipped since the original XP release as well as a host of new security features. Microsoft is touting this release as "proactive protection for Windows XP."
Q: What are "Advanced Security Technologies"?
A: These are the new security-centric features in XP SP2 (see below) and the new security-centric default settings that Microsoft sets in this release.
Q: What security features will XP SP2 include?
A: XP SP2 will include the following new security features:
- Security Center. A new front-end, or dashboard, to XP's security features, including Automatic Updates, Windows Firewall, and virus protection. Microsoft doesn't offer any antivirus protection software directly, but Security Center integrates with third party software such as McAfee VirusScan.
- Windows Firewall. The new Windows Firewall replaces Internet Connection Firewall (ICF) and is on by default. Windows Firewall boasts several new administration-related features, including a full set of configuration options, Active Directory (AD) administration capabilities through Group Policy, command-line support that's compatible with logon scripts and remote management, and multiple-profile support. It is also enabled earlier in the boot process, eliminating the possibility that intruders could insert errant code over a network before the system fully comes up.
- IE security improvements. XP SP2 provides an improved Microsoft Internet Explorer (IE) version that contains several new features. A new opt-in pop-up ad blocking feature announces itself the first time you access a page that tries to open a pop-up window. (IE won't block pop-ups you enable by clicking a hyperlink.) This feature is configurable, so you can create a list of trusted sites if needed. The new IE also removes the capability of Web sites to open child windows that have certain features removed. For example, it's no longer possible to open a pop-up window with the address bar, title bar, status bar, or toolbars removed. Microsoft added this feature so that users can close any pop-up windows that do open. Furthermore, scripts can't position windows so that the title bar or address bar are above the top of the display or so the window's status bar is below the bottom of the display. IE also includes a new locked-down Local Machine security zone to help prevent malicious scripts and other dangerous Web downloads from compromising the system.
Microsoft has also overhauled IE's add-on subsystem, a move that will require plug-in makers to revamp their products. The end result, however, is better safety for users. Inadvertently installing spyware or malicious ActiveX controls will now be more difficult, and the programs will also be easier to remove. The add-on manager also monitors IE crashes caused by add-ons, letting you disable unstable add-ons. Perhaps most important, the IE add-on manager is fully manageable: You can centrally configure IE's crash-management options and which add-ons are allowed or denied.
- Outlook Express and Windows Messenger improvements. The Microsoft Outlook Express version in XP SP2 includes more secure default settings and isolation of potentially unsafe attachments, helping to ensure that email-borne attacks can't affect the system. Outlook Express also picks up a neat feature from Microsoft Office Outlook 2003: It won't download images in HTML email by default (spammers often use tracking devices in HTML images to ensure you're getting their email). Like Outlook Express, the Windows Messenger version included with XP SP2 isolates any transferred files that might be unsafe.
- Memory protection. Over the years, an amazing number of buffer overrun errors have been at the root of various Windows compromises. Although Microsoft sought to find and remove any potential exploits during its infamous 2002 Trustworthy Computing code review, many problems remain. So XP SP2 includes several new security technologies, originally designed for Windows Longhorn, that battle buffer overruns. Some of these changes are software based and will aid all XP users; others require the new "no execute" (NX) microprocessor feature that's built in to all modern Intel and AMD microprocessors. The NX feature uses the computer's microprocessor to separate application code from data, ensuring that an electronic attack won't be able to insert virulent code into memory reserved for data.
- New Windows Update. XP SP2 connects to a new version of Windows Update, which offers a convenient Express Install feature that automatically selects and installs all critical updates. You can also use a new optional updates section to choose features, including software updates (e.g., Microsoft Windows Movie Maker 2, Microsoft Windows Journal Viewer) and system-specific drivers. XP SP2 contains many other computer-maintenance-related technologies, but Microsoft says it will document them in the future. Expect a second beta release by the end of March: I'll have more information about other new features as they become available.
- Network attack protection. In addition to the new ICF version, XP SP2 includes a refined version of the remote procedure call (RPC) technology, which reduces the attack surface of XP machines attached to remote resources. RPC also runs under reduced privileges in XP SP2, reducing the chance that errant code can gain a foothold in your system and cause problems.
For more information about the new features and changes in XP SP2, please refer to my exhaustive review.
Q: Why should I install Windows XP SP2?
A: Windows XP with SP2 is more secure by default that XP, and more secure than you can make XP without buying third party applications. Its firewall helps guard against unsolicited inbound network traffic. The Data Execution Prevention technologies help mitigate buffer overrun-based attacks. The system blocks unsafe attachments in IE, Messenger, and Outlook Express by default. The new wireless networking client is easier to use and safer than previous versions. IE now includes pop-up blocking, allowing for a safe Web browsing experience. In sum, these and other features make SP2 a must-have. My advice is to install this release immediately.
Q: What are XP SP2's system requirements?
A: XP SP2 requires a PC running Windows XP and a CD-ROM drive. The PC should have at least a 233 MHz processor, 64 MB of RAM, and 800 MB of available disk space during installation.
Q: How long will it take to install XP SP2?
A: Depending on the method you use, it could take up to an hour. However, remember that XP SP2 is a massive upgrade that includes all of the previously-released XP updates. In essence, XP SP2 is a brand new version of Windows.
Q: What if I don't want all of the features. Can I turn off some of the new stuff in SP2?
A: Yes. SP2 is designed to be configurable. For IT administrators wishing to roll out custom versions of the OS, XP SP2 includes an unprecedented level of control with over 600 new Active Directory Group Policy Objects (GPOs).
Q: What happened to the concurrent sessions feature in XP SP2?
A: It's gone. In February 2003, internal Microsoft documentation described a feature planned for XP SP2 called "concurrent sessions." This would have enabled XP Professional Edition systems with Fast User Switching (FUS) enabled (i.e., non-domain systems) to support two concurrent interactive users. The current XP version is limited to one interactive user at a time; this user can be sitting at the XP machine locally or connecting to it remotely through Remote Desktop Connection (RDC), Microsoft's desktop version of Windows Terminal Services. Under the original plan for XP SP2, XP Pro would have supported two users, one local and one remote. This capability would have accomplished two goals. First, it would further differentiate XP Pro from XP Home Edition (an ongoing concern in Redmond) and make the more expensive XP Pro more enticing to users. Second, this feature would make Smart Displays more functional; under the current scheme, when a user accesses his or her XP Pro desktop from a Smart Display, the local system is logged out. Microsoft CEO Steve Ballmer, responding to complaints about Smart Displays, had promised that the company would add concurrent sessions functionality to the product in the future; XP SP2 was one way to accomplish this goal. But things change. Microsoft removed the concurrent sessions feature from XP SP2.
However, concurrent sessions will soon pop-up in an unexpected place. The next XP Media Center update, named Windows XP Media Center Edition 2005, will include concurrent sessions in order to support up to 5 Media Center Extender devices. To my knowledge, this is the only XP version that will get this feature.
Q: What is Lonestar?
A: Lonestar is the code-name for the next version of Microsoft's Tablet PC OS, dubbed Windows XP Tablet PC Edition 2004. The software giant was originally going to ship Lonestar as a separate add-on for Tablet PC users, but decided to include the bits in XP SP2: If you install XP SP2 on a Tablet PC system, you'll get the Lonestar updates as well.
Q: What features does Lonestar include?
A: Lonestar is the codename for Windows XP Tablet PC Edition 2005, the second release of Microsoft's Tablet PC OS. This release adds several features that make the Tablet PC platform more viable, especially in the crucial data-entry category. At Fall COMDEX 2003, Bill Gates first demonstrated improvements to the Tablet PC OS's Info Panel, the pop-up window that appears when you need to input Digital Ink into a Windows control, such as a text box. In previous versions, the software had to contextually determine whether you were writing letters or numbers, which was processor- and time-intensive. (For example, did you write a "5" or an "S"?) In the new version, developers can restrict the types of input each control can accept. So if an input box is designed for a phone number, it will accept only numbers and be better able to determine what you're writing. And Microsoft redesigned the Info Panel to resize on the fly so that you can write more at one time, which is a nice feature.
Tablet PC users who upgrade to SP2 get the Lonestar updates for free. For more information, check out my review of Windows XP Tablet PC Edition 2005.
Q: What is Harmony?
A: Harmony is the codename for Windows XP Media Center 2004. Media Center users who upgrade to SP2 get Media Center Edition 2004 for free. For more information, check out my review of Windows XP Media Center Edition 2004.
Q: What is Symphony?
A: Symphony is the codename for Windows XP Media Center Edition 2005, which is based on XP SP2.
Q: What features will Symphony include?
A: Symphony will be a minor release, similar to XP MCE 2004 (codenamed Harmony). I first discussed this release with a representative of Microsoft's eHome Division in January 2004, and although the company isn't going to deviate from its low-key approach to promoting MCE updates, we can safely bet that Microsoft will address some key customer requests in the new version. These requests--which might or might not make it into the next version--include High-Definition Television (HDTV) support (complicated by divergent standards in different international markets), multiple-tuner support (for recording two shows at once), support for different video formats, and radio recording. So what won't you see in the next release? The software won't be available as a standalone product (i.e., you can get it only as part of a Media Center PC), as before, and won't be available to new international markets.
Q: When will Windows XP SP2 ship?
A: Microsoft released Windows XP SP2 to manufacturing on August 6, 2004. The product should be widely available soon.
Q: How much will Windows XP SP2 cost?
A: It's free. Microsoft Chairman Bill Gates noted at the company's Financial Analysts meeting that Windows XP SP2 was the most expensive product Microsoft ever gave away for free. Even the CD version will be free, and Microsoft is including free shipping and handling.
Q: What's took so long? SP1 shipped in September 2002.
A: XP SP2 was originally due in late 2003. But a spate of Internet-based hacker attacks in summer 2003 changed everything. Recasting XP SP2 as a major security update, Microsoft quietly issued a new road map on its Web site that mentioned a second quarter 2004 date, about 9 months later than originally expected and more than a year and a half since the first XP service pack. Compatibility problems caused by the new security features later caused Microsoft to delay the release until late summer 2004. But although XP SP2 would indeed add new features, to the chagrin of users who took Microsoft's legendary but oft-abused "no new features in service packs" promise at face value, few can complain about the steps the software giant is taking to secure Windows through this release. Indeed, thanks to a variety of safety technologies, the release of SP2 should significantly improve XP's security situation.
Q: I've heard that Windows XP SP2 will cause compatibility problems. Should I be worried about this?
A: Yes. But you should install it anyway. XP SP2 was the subject of one of Microsoft's largest internal and external beta tests of all time, and though the product will undoubtedly cause some issues, the security improvements will be worth it.
Q: When will Windows XP SP2 be included on new PCs?
A: By mid-October 2004, depending on the PC maker.
Q: Will retail boxed copies of Windows XP SP2 replace current pre-SP2 XP boxes?
A: Yes. That, too, should be complete by October 2004.
Last updated September 30, 2004.