Support Forum Articles File Help Startup DB Tips Service DB Hijack This! Analyzer


Windows XP SP2 RC1 Full Preview

Security Center

The most talked about part of this service pack is of course the Security center and the much improved firewall. Anytime a new program tries to access the internet an alert message will pop up and ask you if you'd like to prevent this program from accessing the internet. Something I noticed is it doesn't stop the program the FIRST time. Behind this message I was viewing a movie preview for the whole ten yards which was on the internet! As good as it is to have the capabilities of blocking programs from accessing the net it's rather stupid that they can access it until you say that the program cannot.

Here's a few screenshots of the Firewall configuration.

#1 is the basic on/off screen
#2 is the program exceptions list. You can manually add programs to your allowed or not allowed list. You can also modify what ports the various applications are allowed to use. From this screen is how you reach #3
#3 you can see the screen where you can block/unblock any port you want.
#4 used to be several tabs that they've combined and labeled advanced now. The network connections box is where you allow various services to access the internet such as IIS. The next box is the firewall log. If you ever mess anything up they now have a restore defaults button!

The last part of security is memory protection. Several services such as DCOM and RPC have been updated to help prevent buffer-overrun attacks.

The greatest memory protection feature is going to a take a while for most users to be ablet o benefit from. From the MS doc:

Execution protection (also known as NX, or no execute) marks all memory locations in a process as non-executable unless the location explicitly contains executable code. There is a class of attacks that attempt to insert and execute code from non-executable memory locations. Execution protection mitigates this by intercepting these attempts and raising an exception

Both Intel and Advanced Micro Devices ( AMD) have shipped Windows-compatible architectures for execution protection. Windows supports execution protection on the AMD64 platform and Intel Itanium Processor Family (IPF) processors.

Written By: Martin Krohn
Date: 3-19-04
Printer Friendly

Article Index:
Page 3 -->