Overview of Windows XP Service Pack 2 Security Technologies
Many customers do not or cannot roll out security updates as soon as they become available, but still need to be protected against the risks that these security updates are designed to mitigate. Each security bulletin that Microsoft delivers includes information that customers can use to help mitigate risk while they deploy the update. However, Microsoft is delivering other security technologies that provide additional mitigation when a security update cannot be deployed immediately. These security technologies cover the following areas:
•Network protection. These security technologies help to provide better protection against network-based attacks, like MSBlaster, through a number of innovations, including enhancements to Windows Firewall. The enhancements include turning on Windows Firewall in default installations of Service Pack 2, closing ports except when they are in use, improving the user interface for configuration, improving application compatibility when Windows Firewall is on, and enhancing enterprise administration of Windows Firewall through Group Policy. The attack surface of the Remote Procedure Call (RPC) service is reduced, and you can run RPC objects with reduced credentials. The Distributed Component Object Model (DCOM) infrastructure also has additional access control restrictions to reduce the risk of a successful network attack.
•Memory protection.Some attacks by malicious software leverage software security vulnerabilities that allow too much data to be copied into areas of the computer's memory. These vulnerabilities are typically referred to as buffer overruns. Although no single technique can completely eliminate this type of vulnerability, Microsoft is employing a number of security technologies to mitigate these attacks from different angles. First, core Windows components have been recompiled with the most recent version of our compiler technology. Additionally, Microsoft is working with microprocessor companies to help Windows support hardware-enforced execution protection (also known as NX, or no execute) on microprocessors that contain the feature. Execution protection uses the CPU to mark all memory locations in an application as non-executable unless the location explicitly contains executable code. This way, when an attacking worm or virus inserts program code into a portion of memory marked for data only, an application or Windows component will not run it.
•Safer e-mail handling.Security technologies help to stop viruses (such as SoBig.F) that spread through e-mail and instant messaging. These technologies include default settings that have enhanced security, improved attachment control for Outlook Express and Windows Messenger, and increased Outlook Express security and reliability. As a result, potentially unsafe attachments that are sent through e-mail and instant messages are isolated so that they cannot affect other parts of the system.
•Enhanced browsing security.Security technologies that are delivered in Microsoft Internet Explorer provide improved protection against malicious content on the Web. One enhancement includes locking down the Local Machine zone to prevent against the running of malicious scripts and fortifying against harmful Web downloads. Additionally, better user controls and user interfaces are provided that help prevent malicious ActiveX® controls and spyware from running on customers' systems without their knowledge and consent.
•Improved computer maintenance. A very important part of any security plan is keeping computers updated with the latest software and security updates and understanding the role they play in protecting your computer. You must also ensure that you have current knowledge of security attacks and trends. For example, some software updates that mitigated known viruses and worms were available before any significant attacks began. New technologies are being added to help the end user stay up-to-date. These technologies include Security Center, which provides a central location for information about the security of your computer and Windows Installer, which provides more security options for software installation.
Microsoft understands that security technologies are only one aspect of a sound defense-in-depth security strategy. The security technologies outlined here are the next steps being taken in the Trustworthy Computing initiative to make customers' systems more resilient to network attacks.
