New features of XP SP2: Part I

Microsoft announces Windows XP...

In 2001 Microsoft released Windows XP and this was the new operating system that was the heir to Windows 2000. It came out with a host of new features that were breath taking and also one of the best operating system that Microsoft developed at that time. Microsoft released Windows XP — Professional to replace Windows 2000 Professional for the corporate user. Microsoft also introduced a new version of Windows XP for the home users, which benefited them, since they didn't want the complexities of the network environment.

Microsoft introduced two important features in Windows XP that was very important from a security point of view. They were 'the firewall' and 'windows update'. The firewall was to protect the computer from incoming traffic, which posed a security risk, when the user was connected to the Internet. Each day several millions of people connect to the Internet, full-time over cable modem or DSL links, or through corporate networks. Most of these are also used to play music and view video content. Many users enjoy instant messaging and peer-to-peer collaboration programs, as well as interactive games. Each of these features also exposed the computer to new threats. The firewall was meant to block all the incoming traffic so that the user was safe and no malicious user or hacker could access the computer to steal important data.

The 'Windows Update' was provided as a mechanism for Microsoft to provide security patches or fixes whenever a flaw was detected in the operating system. The 'Windows Update' was build into the operating system and could download the fixes from Microsoft on a scheduled basis. It also provided Microsoft to keep the operating system to the highest security level and also an automated process without the means to distribute the patches through CD which would take time to reach the user, thereby putting the user's computer at risk.

But both these mechanisms were not utilized properly by the users due to various factors and limitations. Some of these limitations were

For example in the past when some severe critical breakdowns occurred on the internet, or a big virus crippled the internet it was found that the patch was available in the past, but the user didn't protect himself in advance to minimize the risk to the computer. Hence all the users who didn't apply the security patches left their computers at risk and hence fell victim to the virus which wrecked havoc. Some of this notorious virus included MS Blast and W32.Slammer.

Another important threat faced by the user was the use of the browser when connected to the Internet. Many malicious users took advantage of the features of Internet Explorer to exploit the unsuspecting user with unintentional actions. Some of these actions included:-

So, Microsoft decided that some firm action had to be taken to stop this malicious behavior and provide full protection to the user when using windows whether online or offline. They decided to revamp the functioning of Windows XP and modify the behavior of the major components that possessed a security risk. Like:

• Upgrading the functioning of the firewall.



• Providing flexibility in the firewall.



• Upgrading the functionality of the browser.



• Making the browser better to work and inform the user what was going on in the background, thereby enabling the user to safeguard him and take action when desired.



• Protecting the operating system from the time it loads to the time it shuts down.



• Warning the user when the system was at security risk and helping the user to minimize the risk.



• Specifying the importance of Automatic Updates.

Let us discuss these points in detail.

Don't turn-off the firewall

Since the firewall is one of the first step in blocking access to the computer from the outside world, the user was not aware of the usefulness of the firewall and many times, turned off the firewall because it prevented him from accessing some of the features inside the network or he didn't understand the importance of the firewall. So the first step was to warn the user if the firewall was turned off and explain to him the risks due to turning off the firewall. It also checked for the availability of the anti virus scanner and whether the anti virus was up to date.

Since the firewall is one of the first step in blocking access to the computer from the outside world, it also had its limitations. It blocked everything and didn't allow the user to access the network. For example if the user was in a corporate network, the firewall was useless because it didn't allow the traffic in the network. Hence the firewall had to be flexible to distinguish between the local network and the Internet.

As explained about the threats of browser hijacking, malicious scripts, spy ware, the browser had to be modified to disallow the running of scripts that were not authorized. Also pop ups had to be blocked so that the user would never see them.

Making the browser better to work and inform the user what was going on in the background, thereby enabling the user to safeguard him and take action when desired. One of the most important things was awareness of the user what was going on when the browser was browsing a Web site. Hence all actions like running active X controls, running scripts were blocked and information displayed to the user. And these scripts could be executed only after mutual consent from the user.

Internet Explorer Add-ons are installed software components that load with Internet Explorer. These components could be third-party ActiveX controls that extend browser functionality, or provide special user interface elements in Internet Explorer. Historically a number of these add-ons have been found to be responsible for Internet Explorer errors.

Hence the user has to be aware of what was loaded in the background and also control had to be given to the user whether these add-ons could be executed or not.

Since the firewall was turned on only after the operating system loaded, the computer would be at risk during the boot up sequence. Hence the firewall had to be configured to start when the operating system was booting up and stopped when the operating system had completely shut down. Also Data Execution Prevention had to be enabled.

In spite of all these the user wouldn't be aware of the serious implications if he disabled the firewall, antivirus or automatic updates. Hence it was decided to inform the user from time to time whenever any of these features were turned off and explain the risk of the computer due to this. The security alert was build into the operating system at start up to alert the user of the risks.

The user had to be reminded that the Automatic updates had to be enabled so that the updates and security patches could be downloaded whenever they were available, thereby reducing the risk to the computer. Also the updates would be smaller in size and utilize the concept of BITS (Background Intelligent Transfer System) to help the user in case of low bandwidth. Hence if the Automatic updates was turned off or switched to manual process, a friendly warning would be displayed to the user, urging him to enable it.