They say all good things come to those who wait. For Microsoft Corp. customers, the wait for the major security upgrades in Service Pack 2 for Windows XP is nearly over as the company on Friday released the code for the update to manufacturing.
This is the last step in the process before the service pack is finally delivered to customers. Officially dubbed Windows XP Service Pack 2 with Advanced Security Technologies, the new code is nearly a complete overhaul of the security functionality in Microsofts latest version of the Windows client. SP2 originally was to be in customers hands in the spring, but its release was delayed until late summer because Microsoft executives werent satisfied with the packages quality.
The importance of this service pack was evidenced by the fact that Microsoft decided to release a second release candidate of the code earlier this summer, a rare move for an interim update such as SP2.
Customers will be able to get the update in a number of ways, including via an automatic download through Windows Update. Customers who have Automatic Updates enabled will receive SP2 automatically as soon as it is available in their country and language. Customers also can order the update on CD.
Microsoft, of Redmond, Wash., has invested a huge amount of time, resources and political capital in SP2, which has been in development since 2003. The company has billed the update as a cure for most of the security and privacy woes in XP, and is banking on the service pack to help curb the rampant spread of worms and sophisticated attacks that take advantage of vulnerabilities in Internet Explorer and other portions of XP.
Among the major changes in SP2 is the inclusion of the Windows Security Center, a security dashboard that gives users a quick view of their security settings in one place. The console contains information on the state of the Windows Firewall—which is turned on by default in SP2—anti-virus software and other security measures.
Microsoft also worked with chip manufacturers Intel Corp. and AMD Inc. to incorporate a new chip-level protection against buffer overruns, the most common software vulnerability in commercial applications. The new feature prevents malicious code from executing on protected machines.
SP2 also includes a number of enhancements to Internet Explorer designed to make it more secure. The browser has been beset by vulnerabilities of late and several recent attacks have exploited holes in IE. One of the changes will allow IE to prevent some kinds of script-based attacks.