Windows XP SP2 - Security gets tighter

#1 harrywaldron

Security Reporter

Group: Members
Posts: 509
Joined: 10-April 04
Gender:Male
Location:Roanoke, Virginia

Posted 10 April 2004 - 03:21 PM

Another good article on improved security in SP2

Windows XP SP2 - Security gets tighter
http://news.bbc.co.uk/1/hi/technology/3579355.stm

Quote

XP is getting a security makeover

Microsoft is preparing an update to Windows XP that is intended to make the operating system more secure.

Dubbed Service Pack 2 (SP2) the update will close some loopholes that virus writers and malicious hackers have exploited to infect or take over PCs.

The add-on for XP will also include extras that block pop-up ads by default and give users a clearer picture of how secure their system is.

The update is due to be finished and released to users by the end of June.

Microsoft Security Journal

#2 Guest_MrSnausage_*

Group: Guests

Posted 10 April 2004 - 06:04 PM

Looking forward to service pack 2. I am surprised the article did not mention one of the fixing of one of the worst flaws in the current Internet Connection Firewall component.
That flaw is that currently the TCP/IP stack in Windows XP starts before the Firewall starts, therefore giving a limited opportunity when the machine is not protected. This will be fixed in SP2.

Also curious to see how much this effects the bank accounts of companies like Zone Alarm and ISS.

Should be interesting.

#3 CalamityKen

Member

Group: Members
Posts: 123
Joined: 05-April 04
Location:Whitby. Ont.

Posted 10 April 2004 - 10:13 PM

Is the Internet Connection Firewall in SP2 an outbound firewall as well?

See a one page view of Security application updates.
Posted Image

member

#4 Guest_MrSnausage_*

Group: Guests

Posted 11 April 2004 - 12:17 AM

From reading the info in XP SP2 release candidate release notes, it still does not let you filter outbound traffic. It looks like you may be able to filter outbound ICMP packets such as ping or traceroutes, but not specified ports.

It does though support application protection, so you can specify which applications can use the Internet.

#5 Papakid

Guru at being a Newbie

Group: Malware Response Team
Posts: 6,019
Joined: 08-April 04
Gender:Male

Posted 12 April 2004 - 12:37 PM

Anyone interested in a preview? Here's a nice one that is pretty in depth:

http://216.239.53.104/search?q=cache:0Y59R...&hl=en&ie=UTF-8

The IE Add-on Management tool seems to me to be the most needed it seems to me. If it works as described here it may put an end to browser hijackings.

Quote

New to IE in XP SP2 is an IE Add-on Management tool that helps you view and manage the list of plug-ins, toolbars, and other IE add-ons you may have installed on your system. The Add-on Management tool has two basic functions, from what I can tell. First, it allows you to arbitrarily deactivate or uninstall any plug-in that's been installed in Internet Explorer, whether you installed it manually or it was installed for you, surreptitiously or not, when you visited a Web site. Second, it prevents new plug-ins from being installed going forward, unless of course you want them there.

Don't know if it will stop stuff like CWS that exploits security holes. Anyone have any insights or comments about that?

Here is another preview that is a little more up to date (I think) but not as thorough:

http://www.iamnotageek.com/articles.php?aid=11&page=1

And I may be obliged to defend
Every love every ending
Or maybe there's no obligations now,
Maybe I've a reason to believe
We all will be received
In Graceland--Paul Simon

#6 Grinler

Bleep Bleep!

Group: Admin
Posts: 36,174
Joined: 24-January 04
Gender:Male
Location:USA

Posted 12 April 2004 - 01:26 PM

Interesting articles. Thanks for sending them our way.

I thinjk XP SP2 is going to be a great addition, and will help a lot of users immediately right afte rbeing installed.

I am not sure how much it will deter the CWS type hijackers, but will definitely make it easier to diagnose them. I am going to play around with the preview a bit and see if I can get hijacked with CWS when running it, or at least get an alert that a BHO is being installed.

Looks good though

Lawrence Abrams
Circle BleepingComputer on Google+!
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
How to detect vulnerable programs using Secunia Personal Software Inspector <- Everyone should do this!

#7 tg1911

Lord Spam Magnet

Group: Site Admin
Posts: 18,434
Joined: 06-May 04
Gender:Male
Location:SW Louisiana

Posted 06 May 2004 - 10:45 PM

Another link to SP2 info:

updatexp.com

MOBO: GIGABYTE GA-MA790X-UD4P, CPU: Phenom II X4 955 Deneb BE, HS/F: CoolerMaster V8, RAM: 2 x 1G Kingston HyperX DDR2 800, GPU: eVGA GeForce 9800 GTX+, PSU: Antec TruePower Modular 750W, Soundcard: Asus Xonar D1, Case: CoolerMaster COSMOS 1000, Storage: Internal - 2 x Seagate 250GB SATA, 2 x WD 1TB SATA; External - Seagate 500GB USB, WD 640GB eSATA, 3 x WD 1TB eSATA

Become a BleepingComputer fan: Facebook