Full Version of this article can be found here

Windows XP SP2 RC2 Preview

Microsoft is finally getting their act together and doing some things that people have been after them to do for years now. Finally Microsoft has decided to listen up and take some fairly drastic steps to securing windows. We took a look into the Technical aspects of SP2 here. We also took a look at RC1. Today we'd like to dig into RC2 for SP2. Not all that much has changed since our last preview. A lot of things have been polished up, plenty of bugs squashed and DirectX 9.0C has been thrown in. If you'd like to try out DX9.0c without having to install SP2 then go here.

Microsoft has posted RC2 for download right here. This is a 264Mb network installer. The express installer is only available through Windows Update. Unlike previous builds you can no longer install this latest build over previous ones. If you're running an older build of SP2 you will have to remove it before installing this new version.

In Windows XP Service Pack 2, Microsoft is delivering several security technologies that help protect customers against malware and other risks to their computer. These technologies are not intended to replace periodic security updates as they are release, but rather to help strengthen Windows XP's overall defenses against malicious attacks.

The key components being updated:

Alot of little things have changed. Most of the people around this site that I've talked to simply say I don't like it and uninstall it rather quickly. This is something that you most likely won't like at first, but it grows on you over time. The more I use it the more I like it! On top of what I've found just by using it I read alot of Microsoft's 200 page document and gave a report here.

Microsoft is nearly finished now that it's reached its second release candidate stage. I'm writing this preview because all of the other previews out there have become rather dated from Microsoft working on things for several months. The features covered here are alot closer to the final product.

Automatic Updates

Immediately after installing you're brought to a screen that asks you if you want to enable automatic updates. There is no way to exit this screen without giving either a yes or no answer. This is GREAT. Now most of the normal users will stay up to date with security fixes. It downloads all of the latest security patches for me before I even realize another patch is needed! Previous versions just floated a little window suggesting you turn automatic updates on. I said yes to this. Right away it started downloading the updates it found. The last of these images is a look at the new windows update site since it's changed quite a bit from previous versions. Things like hiding updates are now available if you're sick of seeing an update that you KNOW you don't want to install (*cough* .net framework *cough*) IE's smart downloading with resume support will also work for updates.

Click to Enlarge

I'm not sure exactly how the automatic updates handle the driver updates, but I don't want it to every touch my drivers so I did some looking around and found in system properties --> hardware a box that says windows update. It was defaulted to ask, but I just completely turned it off!

Security Center

The most talked about part of this service pack is of course the Security center and the much improved firewall. Anytime a new program tries to access the internet an alert message will pop up and ask you if you'd like to prevent this program from accessing the internet. Something I noticed is it doesn't stop the program at all! Behind this alert message my entire contact list was loaded in Trillian! This was before I gave it a selection to allow this program to run. As good as it is to have the capabilities of blocking programs from accessing the net it's rather stupid that they can access it until you say that the program cannot. Not only this, but I even told Windows FW to block this program and it STILL connected and I was able to send and receive messages just fine even while Windows FW was supposed to be blocking this! Microsoft really needs to redo this before the release is finalized. It's insane that this was allowed to happen this late in the development stage.

Click image for larger version    Name:  firewall.PNG  Views: 0  Size:  14.2 KB

Here's a few screenshots of the Firewall configuration.
[1][2][3][4]

(Numbers 1,3 and 4 have changed slightly since RC1)

#1 is the basic on/off screen
#2 is the program exceptions list. You can manually add programs to your allowed or not allowed list. You can also modify what ports the various applications are allowed to use. From this screen is how you reach #3
#3 you can see the screen where you can block/unblock any port you want.
#4 used to be several tabs that they've combined and labeled advanced now. The network connections box is where you allow various services to access the internet such as IIS. The next box is the firewall log. If you ever mess anything up they now have a restore defaults button!

Alerter and Messenger Services Disabled

In previous versions of Windows, the Messenger service is set to start automatically and the Alerter service is set to manual start. In Service Pack 2 for Windows XP, both of these services are set to Disabled. If you want to use these services go in and turn them on.

Ports blocked

If you run into problems with this here's how to fix;
At the command prompt, type netsh firewall set portopening TCP 445 ENABLE and then press ENTER.

Here are some other blocked ports 445 is the only one that you might want to open. These are used in file and printer sharing.
UDP port 137
UDP port 138
TCP port 139

Boot time security

In earlier versions of Windows, there is a window of time between when the network stack was running and when Windows Firewall provides protection. This results in the ability for a packet to be received and delivered to a service without Windows Firewall filtering and potentially exposes the computer to vulnerabilities. This was due to the firewall driver not starting to filter until the firewall service was loaded and had applied appropriate policy.

Memory Protection:

The last part of security is memory protection. Several services such as DCOM and RPC have been updated to help prevent buffer-overrun attacks.

The greatest memory protection feature is going to a take a while for most users to be able to benefit from. From the MS doc:

Execution protection (also known as NX, or no execute) marks all memory locations in a process as non-executable unless the location explicitly contains executable code. There is a class of attacks that attempt to insert and execute code from non-executable memory locations. Execution protection mitigates this by intercepting these attempts and raising an exception

Click image for larger version    Name:  dep.PNG  Views: 0  Size:  13.2 KB

Both Intel and Advanced Micro Devices ( AMD) have shipped Windows-compatible architectures for execution protection. Windows supports execution protection on the AMD64 platform and Intel Itanium Processor Family (IPF) processors.

IE Updates

Popup Blocker is the most obvious addition. This newest release shows you that it blocked a popup in 2 different ways. The first way is directly under the address bar. You can disable this rather annoying notification by right clicking on it and selecting "turn off information bar for blocked popups" The second way is what they've had in place since the early days of SP2. A nice little icon on the bottom of your screen. I right clicked on it so you see what options you have. The first bar also has these when you right click on it.

Click image for larger version    Name:  popup1.PNG  Views: 0  Size:  2.8 KB

Next is what it looks like when you click tools --> popupblocker --> settings

Click image for larger version    Name:  popup3.PNG  Views: 0  Size:  13.3 KB

In the latest build Microsoft made this popup blocker a bit more complex than just simply on or off. There's now three levels of blocking. The default is medium.

The next thing I did was downloaded winamp where I was given a new screen that looked like this. (changed since RC1)

Click image for larger version    Name:  download.PNG  Views: 0  Size:  9.2 KB

IE's Addon manager

To the right it even tells you how many times the addon has been usedand how many times IE stopped it from being used. It's nice to know what plugins were installed for IE. Before any addons are installed for IE you will be prompted to approve it. This should prevent alot of spyware applications that are automatically installed on systems from questionable sites. It's about time Microsoft fixes this problem that has caused so many service calls.

There's also supposed to be something called crash detection, but I haven't been able to trigger it so I'm not exactly sure what it'll do.

Disable Crash Detection

HKCU{LM}\Software\Policies \Microsoft\Internet Explorer \Restrictions

NoCrashDetection : DWORD

0

0 ? Off,

1 ? On

The last thing I want to show is the slightly changed add/remove programs

.

This is all a part of the new windows installer that I talked about in my last article. I believe it'll be a great update.

Wireless Network

Here's a few shots of the new wizard interface.

Outro

With RC2 already out the door we're getting closer and closer to a finished product. Even after updating from the previous build there's plenty of noticeable differences in presentation. Alot of the previously absent documentation is now in place. I haven't had any stability related issues at all in more than 3 months of testing which started before RC1 was released. This sucker is about as stable as a MS product gets ;) This service pack is Microsoft finally taking several steps it should have made several years ago. Better late than never.... It's been great watching MS's biggest SP mature over these months. It will truly bring Windows a huge step closer to where it should be.

Microsoft has created an online training course that details the implications of installing SP2 on Windows XP machines. The course covers the impact on existing applications and includes code samples. (http://msdn.microsoft.com/security/productinfo/XPSP2/default.aspx)

Microsoft's Visual Studio .Net is will not be fully function with this SP. The developer tool's remote debugging feature won't work because of the Firewall. Another MS product that'll break is the .Net Framework. It'll only break in the Itanium and AMD64's with memory protection turned on. I'm sure there will be plenty of other things that quit working properly. The only game that I noticed quit working was Championship Manager which needed a simple patch provided by the developer to make it work again.