XP Service Pack 2: Last Stop Till Longhorn

By Craig Newell  |  Posted 2003-12-16

XP Service Pack 2: Last Stop Till Longhorn

Microsoft Corp. executives have kicked off the campaign for the companys next big Windows push: Windows XP Service Pack 2 (SP2).

In a Webcast Tuesday morning, Microsoft Security Business Unit Vice President Mike Nash said to expect the service pack—a major release—to enhance security in four ways. It will remedy open ports, malicious e-mail attachments, malicious Web content and buffer overrun attacks, Nash said.

Testers should begin receiving SP2 code before the end of this month via TechNet Plus and/or the Microsoft Developer Network, he said. Many observers are expecting Microsoft to start getting code into testers hands as early as this week.

If SP2 goes live by the middle of 2004, as Microsoft executives are continuing to say, customers will have had to wait almost two years to get an updated service pack.

Windows XP shipped in October 2001. XP Service Pack 1 went live in September 2002; the 1a update (which removed Java to comply with a legal settlement with Sun Microsystems Inc.), in February 2003.

The next full-fledged upgrade to Windows XP, code-named Windows "Longhorn," is not expected to debut until 2006 at the earliest.

During the past couple of years, Microsoft execs have claimed that service packs should comprise bug fixes only, not new features. But with SP2, that policy seems to be going by the wayside.

Earlier this year, Microsoft was on a path to deliver the final version of SP2 this fall. Several beta versions of the service pack went to testers in the spring. But around midyear, company execs changed course and decided to add new features, in addition to the myriad bug fixes on tap, to the SP2 release.

Nash told Webcast attendees that he has been running SP2 on his own PC "for a while."

Next page: SP2 to include Windows Firewall.

Page Two

SP2 will include a greatly enhanced version of Microsofts Internet Connection Firewall (renamed "Windows Firewall") that will allow users greater control over the Internet access of their applications, Nash said.

Today, "in many cases, ports are open by default," Nash said. "But when you close all ports, some applications are broken."

With the new firewall, users will not have to choose between turning all ports on or off. Now, they will be able to authorize specific applications to make use of certain ports using an application approval list.

Other new features on tap for XP SP2 include the following:

  • Pop-up manager: Pop-up manager is a pop-up blocker that will allow Internet Explorer to detect that a pop-up or pop-up under a window is unwanted. But users will need to turn on this feature, as pop-up blocking will be turned off by default.

  • Buffer overrun protection: By compiling all of the code changed since XP was released using the latest Visual Studio compiler, Microsoft is claiming it will reduce buffer overrun vulnerabilities.

  • Accidental download/program installation blocking: Internet Explorer will be set in SP2 to block potentially malicious Web site downloads.

  • Updated versions of code supporting the Bluetooth wireless standard; DirectX 9.0b; Windows Media Player 9 Series; and unified wireless local-area network client.

  • Enhanced file attachment handling in Outlook Express and Windows Messenger: Outlook Express will no longer download external content (such as graphics) in HTML mail by default.

  • Rocket Fuel