Windows XP SP2 On The Way
Service Pack 2 will make a major difference for security in Windows XP. With its introduction, Microsoft will address the need to make the OS inaccessible except where the user opens it up. The additions are enough we could call it Windows XP 2004.Microsoft began to talk about the upcoming Service Pack 2 for Windows XP at its recent There was a time when service packs were mostly just bunches of individual patches consolidated into a single program. Sure, there were new features in them but they were subtle features, like a new tab on a dialog box. Windows XP has had an odd history with service packs. SP1, in addition to the usual consolidation of patches, added the court-ordered Set Program Access And Defaults applet, which allowed anyone to switch their Web browser, instant messaging and media player defaults. Of course, this gave competitors an even playing field and now Internet Explorer has vibrant competition (ha-ha!). On the other hand, Service Pack 2 will make significant and noticeable differences in the behavior of the operating system in the interest of locking it down for security purposes. The changesas they stand now many months before the release of SP2 are detailed in a paper on Microsofts developer site, MSDN. As we reported a few months ago, SP2 is scheduled to release in the 3rd quarter of 2004. Some of the significant changes include:
- The Internet Connection Firewall will be enhanced and turned on by default. ICF will be more configurable through a user interface and through group policies.
- Currently, a small gap is present during boot time between the loading of the network stack and when ICF is functional. This gap creates the possibility of an attack slipping through. SP2 will add an extra driver to protect against this.
- Similar to many fuller-featured personal firewalls, ICF in SP2 will include an application white list. Users will be able to decide that applications on the list should have network access, and the necessary ports will be open to those applications while they are running.
- The RPC and DCOM interfaces, both the targets of many recent and serious attacks, will be limited and run with lesser privileges.
- Remote systems making calls on the RPC interface will have to be authenticated, which doesnt eliminate the possibility of attack, but makes it much harder.
- DCOM changes will also add more permission checking and allow administrators to control access more precisely to COM servers.
- "Shielded Mode" allows users to block all inbound access to the computer temporarily. Its meant for situations where the user believes he has been compromised and is awaiting a patch, or perhaps just if a vulnerability has been announced and a patch not yet applied. Users have been able to block access before, but Shielded Mode relieves then from having to reconfigure the firewall and change settings to do so.
SP2 will attempt to remove as many as possible through automated techniques built into the newest compilers, meaning that large parts of Windows will be recompiled. Im sure there is still some assembly code in Windows and other areas not amenable to automated stack protection, and perhaps they are scrutinizing these further.