But the big thing most people will notice is that part of the OOBE (out-of-the-box experience) when you turn on a new PC or an old one with SP2 freshly installed is that you have to go through a security wizard. The first thing it does is to recommend that you turn on Automatic Updates. You can still leave it off, just as you can walk through a bad part of town flashing a roll of bills, but its on you if you do.The user is then sent to the new Security Center, a central place for managing security settings in Windows and some third-party security software. From here, you can manage the Windows Firewall (formerly known as the Internet Connection Firewall or ICF) as well as third-party firewalls and anti-virus products. For insights on security coverage around the Web, check out eWEEK.com Security Center Editor Larry Seltzers Weblog. In many ways, the most important security change in SP2 is on the Security tab of Internet Properties, or rather what is not on it: There is no longer a My Computer zone to edit; it has been locked down. Many security experts have complained about the My Computer zone for some time, as it has been used as a conduit for a large number of attacks through Internet Explorer. Its always been possible to lock down the My Computer zonesee this article from Microsoft and Qwik-Fix from Pivxbut with SP2, by default, attackers will no longer be able to use "cross-zone" scripting bugs to trick IE into executing code. The big deal is the firewall: If you had been running ICF version 1, you would be immune to Blaster and lots of other attacks, but you probably turned it off because it interfered with applications and local networking and was almost completely unconfigurable. Click here to read about Microsofts efforts to get IT departments testing Windows XP SP2 right now. Windows Firewall is much better and more like third-party firewallsand its on by default. Is it as good as prominent third-party firewalls from companies such as Zone Labs and Sygate? No, and I dont think Microsoft would claim it. Next Page: Providing a secure firewall versus foreclosing a third-party market.
There was speculation at one point that Microsoft would default Windows XP in SP2 to have Automatic Updates on, but choosing instead to force the user to make a decision is the right way to go. Lets just hope that the only people who say no are the ones who know enough to apply the updates themselves.