Security Wizard

By Larry Seltzer  |  Posted 2004-06-15 Print this article Print

But the big thing most people will notice is that part of the OOBE (out-of-the-box experience) when you turn on a new PC or an old one with SP2 freshly installed is that you have to go through a security wizard. The first thing it does is to recommend that you turn on Automatic Updates. You can still leave it off, just as you can walk through a bad part of town flashing a roll of bills, but its on you if you do.
There was speculation at one point that Microsoft would default Windows XP in SP2 to have Automatic Updates on, but choosing instead to force the user to make a decision is the right way to go. Lets just hope that the only people who say no are the ones who know enough to apply the updates themselves.

The user is then sent to the new Security Center, a central place for managing security settings in Windows and some third-party security software. From here, you can manage the Windows Firewall (formerly known as the Internet Connection Firewall or ICF) as well as third-party firewalls and anti-virus products.

For insights on security coverage around the Web, check out Security Center Editor Larry Seltzers Weblog. In many ways, the most important security change in SP2 is on the Security tab of Internet Properties, or rather what is not on it: There is no longer a My Computer zone to edit; it has been locked down. Many security experts have complained about the My Computer zone for some time, as it has been used as a conduit for a large number of attacks through Internet Explorer. Its always been possible to lock down the My Computer zone—see this article from Microsoft and Qwik-Fix from Pivx—but with SP2, by default, attackers will no longer be able to use "cross-zone" scripting bugs to trick IE into executing code.

The big deal is the firewall: If you had been running ICF version 1, you would be immune to Blaster and lots of other attacks, but you probably turned it off because it interfered with applications and local networking and was almost completely unconfigurable. Click here to read about Microsofts efforts to get IT departments testing Windows XP SP2 right now. Windows Firewall is much better and more like third-party firewalls—and its on by default. Is it as good as prominent third-party firewalls from companies such as Zone Labs and Sygate? No, and I dont think Microsoft would claim it.

Next Page: Providing a secure firewall versus foreclosing a third-party market.

Larry Seltzer has been writing software for and English about computers ever since—,much to his own amazement—,he graduated from the University of Pennsylvania in 1983.

He was one of the authors of NPL and NPL-R, fourth-generation languages for microcomputers by the now-defunct DeskTop Software Corporation. (Larry is sad to find absolutely no hits on any of these +products on Google.) His work at Desktop Software included programming the UCSD p-System, a virtual machine-based operating system with portable binaries that pre-dated Java by more than 10 years.

For several years, he wrote corporate software for Mathematica Policy Research (they're still in business!) and Chase Econometrics (not so lucky) before being forcibly thrown into the consulting market. He bummed around the Philadelphia consulting and contract-programming scenes for a year or two before taking a job at NSTL (National Software Testing Labs) developing product tests and managing contract testing for the computer industry, governments and publication.

In 1991 Larry moved to Massachusetts to become Technical Director of PC Week Labs (now eWeek Labs). He moved within Ziff Davis to New York in 1994 to run testing at Windows Sources. In 1995, he became Technical Director for Internet product testing at PC Magazine and stayed there till 1998.

Since then, he has been writing for numerous other publications, including Fortune Small Business, Windows 2000 Magazine (now Windows and .NET Magazine), ZDNet and Sam Whitmore's Media Survey.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel