Advertisment

Security enhancements in XP SP2

author-image
CIOL Bureau
Updated On
New Update



























































































In the previous episode we saw the features of Internet Explorer that helps a

lot in the day to day browsing. We saw how the pop-up blocker, Information bar,

Add-ons Manager reduce the pain of unwanted intrusion by third parties. Today

we will see some more features that have been implemented in Windows XP SP2. But

these are not directly seen by the user and hence we will refer to them as

internal features because the user might not notice the difference if he

doesn't pay enough attention.

The features that we will discuss today are :-

  • File Downloading.
  • Publishers.
  • Zone Defense.
  • Outlook Express - Attachment Manager and HTML Content Blocking.


  • File Downloading

    Another way of intrusion on a user's computer without the user's knowledge was

    through the downloading of files. When the user clicked on a link to download

    the file, the site would redirect him to another site to begin the download and

    before the user could realize what happened, the download would begin with

    additional software that wasn't requested. This led to the installation of spy

    ware and other software that was harmful to the user's computer.

    Windows XP SP2 has made additional changes to this behaviour. Since the files

    that can be downloaded are of different types and serve different purposes, for

    example, a game, a picture, or even a program. For this reason, Internet

    Explorer has stepped up its scrutiny of any file you begin to download, open,

    or save from the Web. Internet Explorer checks to see whether the file is the

    type of file it says it is and provides strong warnings if there are

    irregularities in how the file describes itself or if there seems to be a

    potential for harm based on the particular type of file Internet Explorer also

    offers more concise information to help you understand the implications of

    opening or saving a file. Internet Explorer users will immediately notice

    several changes to the dialog box when they download files. The following

    examples indicate the behaviour that Internet Explorer's security mechanism

    warns during downloading files.

    1. Internet Explorer displays the type of file that is being attempted to be

    download. In Windows XP SP2, the user will also see the size of the file as

    well as the type of file it is. Downloaded executable files are checked for

    publisher information. The publisher check provides information that can be

    used to check whether the files are from suspicious or unidentified publishers

    and provides a systematic way to prevent executable files from compromising the

    security of the computer.

    2. Internet Explorer displays the source of the download so that the user can

    know where the software comes from. A new security information area at the

    bottom of the dialog box that provides information depending on whether the

    downloaded file is of higher or lower risk.

    3. Internet Explorer offers guidance about the type of file that is being

    downloaded. A new file handler icon displays the default application that will

    be associated with the download.

    4. If the user isn't still sure what to do with the downloaded file, Internet

    Explorer provides the “How can I decide what software to run?” link to make a

    more informed decision about what to do.







    Figure 1. Attachment dialog box enhanced

    with additional details.



    Publishers

    Windows XP SP2 has undergone several enhancements to block downloads from

    specific Publishers. Some publishers will go to great lengths to have users

    install their programs. Some users have experienced a situation in which they

    were unable to get rid of the repeatedly prompting to install a program that

    you didn't want or didn't trust and in some cases the user even installed the

    program by mistake when trying to get the prompts to go away.

    Now, Internet Explorer helps you to avoid this situation. With a simple click

    of the mouse, you have the option of automatically preventing certain programs

    from being installed or run on your computer. This includes an option to block

    all software from a specific publisher. Internet Explorer also provides the

    facility to handle downloads from a specific publisher with the Add-on Manager.

    As discussed in an earlier chapter we explored the Add-on Manager which allows

    the user to block certain Active X controls.

    Stronger Zone Defense

    As a security measure, Internet Explorer corrals all Web sites on the Internet

    into a single zone-the Internet zone-and applies a certain level of security

    protection which helps you to browse more securely. Internet Explorer will

    prompt you before you download content that it identifies as potentially

    unsafe.

    Internet Explorer also specifies four other zones, including Trusted and

    Restricted zones, to which you can assign Web sites either that you trust

    completely, such as Windows Update, or that arouse your suspicion. It also

    assigns your hard disk to the Local Machine zone (although this zone is not

    displayed in the settings for Internet Explorer).

    When you open a Web page, Internet Explorer restricts the actions a page can

    take based on the zone of the Web page-Internet, Restricted, and so on. For

    example, Web pages that are located in the Internet zone, might not be able to

    perform some operations, such as accessing information from the local hard

    drive.

    In previous versions of Internet Explorer, your hard drive (or Local Machine

    zone) was considered to be secure, and content in this zone was allowed to run

    with relatively few security restrictions. However, attackers often tried to

    take advantage of these low restrictions to compromise computers.

    In Windows XP SP2 this changes. Internet Explorer applies strong security

    settings to the Local Machine zone to help protect against some common types of

    attacks, such as the running of a harmful download or a malicious script.

    Local Machine Zone Lockdown

    Prior to Windows XP Service Pack 2, the content on the local file system, was

    considered to be secure and was assigned to the Local Machine security zone.

    This security zone normally allows content to run in Internet Explorer with

    relatively few restrictions. However, attackers often try to take advantage of

    the Local Machine zone to elevate privilege and compromise a computer.

    Many of the exploits that involve the Local Machine zone will be mitigated by

    other changes to Internet Explorer in Windows XP SP2. However, attackers may

    still be able to figure out ways to exploit the Local Machine zone. Windows XP

    SP2 further protects the user by locking down the Local Machine zone in

    Internet Explorer by default. Local HTML hosted in other applications will run

    under the less restrictive, previous default settings of the Local Machine zone

    unless that application makes use of Local Machine Zone Lockdown.

    With Windows XP Service Pack 2, Local Machine Zone Lockdown will be even more

    restrictive than the Internet zone. Any time that content attempts one of these

    actions, the Information Bar will appear in Internet Explorer with the

    following text:

    "To help protect your security, Internet Explorer has restricted this file from

    showing active content that could access your computer. Click here for

    options..."

    The user can click the Information Bar to remove the lockdown from the

    restricted content. This kind of security enables the user to know when an

    interactive CD is trying to execute an ActiveX script.

    Outlook Express - Attachment Manager

    Another important security feature implemented with SP2 is the e-mail

    applications. Since downloads also occur with email attachments, it is also

    important to provide a secure environment in the same way that was provided for

    the downloading of files in Internet Explorer. SP2 provides Outlook Express

    with the Attachment Manager.

    Attachment Manager is a new set of application programming interfaces (APIs)

    that is used to check e-mail attachments. The use of Attachment Manager allows

    applications to eliminate custom code that performs similar safety checks and

    instead rely on this centrally managed API set. In addition, Attachment Manager

    provides a consistent user experience across all applications that check the

    security of an attachment. When Outlook Express opens an e-mail that has an

    attachment, it now calls Attachment Manager to determine whether the attachment

    is safe. Based on the type of attachment, Outlook Express takes different

    actions:

    1. Safe attachments (for example a JPEG or GIF file) are completely available

    to the user. Safe images are displayed, and safe attached plaintext files are

    shown as available attachments.

    2. Unsafe attachments (for example, binary executables) are blocked. The user

    cannot open them at all but does see a notice of the blockage.

    Suspicious attachments trigger a warning prompt when the user attempts to drag,

    save, open, or print the file. If the user accepts the option to drag, save,

    open, or print the file, the file is handled in a way that is guaranteed to

    trigger any active antivirus program.

    Windows Messenger uses similar logic and identical dialogs for handling file

    attachments. A major difference between Outlook Express and Windows Messenger

    is that e-mail attachments are normally downloaded without any intervention by

    the user. The instant messaging attachments normally require the recipient's

    permission before they can be received.

    HTML Content blocking in Outlook Express

    Businesses and individuals that use spam as a marketing technique typically

    include external content (such as references to images that reside on their Web

    servers) inside the HTML e-mail message. When the user opens the e-mail that

    contains the image, previous versions of Outlook Express would automatically

    contact the Web server to download and display the images. This process would

    allow the Web server to record a “hit” that would be used to identify the

    recipient. Specifically, this verified that a spam e-mail message was received

    by a recipient in the spam originator's mailing list. With SP2, the “Don't

    Download External HTML Content” feature of Outlook Express allows the user to

    do the following:

    Block external images and other external content in Outlook Express when

    viewing e-mail in HTML mode. This download behavior is configurable and is

    enabled by default when you install Windows XP Service Pack 2. When active, the

    option can load the blocked external content for an e-mail message with a

    single click. The feature preserves the user's privacy and prevents future

    attacks.

    Minimize the likelihood that downloaded e-mail with external Internet content

    will automatically attempt to start a dial-up connection when read offline.

    Prior to implementing this feature, if a user downloaded e-mail messages and

    then disconnected from the Internet, and if the user subsequently attempted to

    view an HTML message that included pictures or other external Internet content,

    the user's modem would automatically attempt to dial out to download the

    external content.

    As an additional measure, when the user sets Outlook Express to read all

    messages in plaintext, Outlook Express uses the rich edit control instead of

    the HTML browser control (mshtml) from Internet Explorer. This choice offers a

    reduced surface to attackers.

    We covered a lot

    today and saw how Service Pack 2 safeguards the operating system internally

    from external threats. We also saw how Outlook Express included security for

    attachments and HTML rendering. In the next section we will see how the

    networking environment has been enhanced with Service Pack 2 to safeguard from

    the hostile perils of the network whether internal or external.

    To be continued...



    tech-news