Windows XP SP2

1
Windows XP SP2

• Nick Wienholt

2
A whole presentation on a Service Pack?

• After the mess of Windows NT 4 SP3, Microsoft
  made a public commitment to confine operating
  system service packs to bug fixes, with no
  functionality enhancements.
• To date, they have honored this commitment, but
  Windows XP SP2 breaks it. Commitment partially
  honored no .NET Framework.
• SP2 includes major security upgrades that enhance
  network, memory, email and browser security.
• A major deliverable for the Trustworthy Computing
  Initiative.
• A good taste of what we can expect in Longhorn

3
Driving Factors

• Patching painful, poorly applied by many shops,
  and decreasing in effectiveness.
• Sasser had similar patch-exploit gap to Blaster.
• Microsoft forecast for patch-exploit gap is 6
  hours

4
Network

• The area of greatest risk, and hence greatest
  change.
• Internet Connection Firewall (ICF) becomes
  Windows Firewall
• comes on early and stays up till late in boot
  cycle. Lives longer that the network stack using
  static policy.
• enabled by default.
• Group Policy control is supported.
• three states On, Off and On With No Exceptions
• Prompts user when an application requires
  firewall exceptions

5
DEMO.NET Remoting and Windows Firewall
6
Network

• Remote Procedure Calls (RPC)
• more granular control of visibility.
• Windows Firewall support.
• DCOM
• default security policy only allows authenticated
  administrators to activate COM components
  remotely.

7
Memory

• Data pages marked as non-executable, processor
  must support NX technology. 64-bit processors
  currently do, technology being back-ported to
  x86.
• Entire OS re-compiled with Visual C /GS switch
  which detects many types of heap and stack buffer
  overruns.

8
Browser

• No Windows Server 2003 ultra-hardening features
• Stronger MIME handling
• Pop-up blocker
• ActiveX control prompts
• AES
• Local Machine strongly tied down

9
Email and Messaging

• Outlook Express now blocks automatic image
  downloads by default.
• Attachment Execution Service (AES) used by OE,
  Windows Messenger and MSN Messenger to provide
  safer and consistent attachment handling.
• Available as a COM object to other applications
• No binary behaviours in OE-displayed HTML.

10
Things that will break

• Ping (and other ICMP stuff)
• Remote debugging
• ActiveX control testing
• Funky MIME hacks
• RPC/ DCOM/ Remoting apps
• API hooking

11
Online Crash Analyzer
12
Better end-user experience

• Smaller, quieter patches.
• Improved Security Centre.
• Microsoft's Windows Update site enhanced to
  withstand DOS attacks better.
• New Windows installer (V3) delta compression
  technology. Smaller patches.

13
Resources

• Download and test your applications with SP2 on a
  VMWare/ Virtual PC/ test machine
  (www.microsoft.com/technet/prodtechnol/winxppro/ma
  intain/sp2predl.mspx)
• MSDN Webcast by Australias own Tony Goodhew
  (http//go.microsoft.com/fwlink/?linkid27552)
• Windows XP SP2 homepage (msdn.microsoft.com/securi
  ty/productinfo/xpsp2/default.aspx)

14
Questions?