Windows XP SP2 boosts security but compatibility problems loom

Windows XP Service Pack 2, which is to expected to be available from July, should improve security on desktop systems.

Windows XP Service Pack 2, which is to expected to be available from July, should improve security on desktop systems.

Microsoft is planning an aggressive campaign to move users onto the SP2 platform and analyst company Gartner has estimated that by the end of 2005, 50% of enterprises' XP PCs will be running SP2.

SP2 has been designed with the aim of making PCs immune to attack. Changes include tighter control of pop-up browser windows on Internet Explorer and to remote procedure calls in the Distributed Common Object Model programming architecture to avoid attacks such as MS Blaster.

Microsoft also plans to simplify patch management through a feature dubbed "delta patches", where users only need to install updates rather than complete patches.

Paul Randle, Windows client product manager at Microsoft, said, "SP2 is 80% security."

The RC2 release candidate code for Windows XP is being made available by the end ofMay and users are being urged to fully test this on their systems. Microsoft has said that about 10% of applications could fail on SP2, mainly because of the new firewall functionality.

A new selection of applicationprogramming interfaces will be available to users and third-party software developers to offer asafe mechanism for handling e-mail attachments, Microsoft said. However, applications will need to be rewritten to make use of this safety feature.

Gartner warned that although Microsoft did not want to break applications, new functionality added to the operating system often did. "In the past, we have seen that service packs can cause problems (for example, Windows NT SP4), and thorough testing is necessary to avoid outages caused by new compatibility issues," it said.

It is likely that Windows XP SP2 will cause more problems than most other service packs, Gartner added.

One concern is that the Windows Firewall must be configured to allow networked applications to run. As Computer Weekly reported last week, Microsoft is advising users to run the group policy feature in Active Directory to manage configurations of Windows Firewall software across the desktop PCinfrastructure.

Gartner urged IT managers to create a list of permitted network communications and send it to all users so that such requests would be minimal. Where businesses are unable to test all applications, it said users should test those used by the most people and those critical to the enterprise.

NX, a memory protection technology being added to SP2, should provide a much greater level of protection against buffer overflow attacks than SP2 alone. It should also stem the propagation of buffer overflow worms until 2008, Gartner said.

However, NX hardware could be incompatible with some applications as it relies on a processor feature called Physical Address Extension (PAE), a 36-bit address extension mode. "Most enterprises do not test applications on PCs running in PAE mode today," Gartner said.

Windows 2000 needs strong security

Although XP security is set for a boost with the introduction of SP2, Gartner said it wanted to see similar security improvements added to Windows 2000.  

At a minimum, the fixes to Internet Explorer and the remote procedure call improvements should be provided for Windows 2000, the analyst firm said. Gartner estimates that 40% of users are still running Windows 2000, even though the operating system is fast approaching the end of Microsoft's standard support period. 

"Given Microsoft's dominance in the desktop market, it should demonstrate its commitment to being a security leader by providing a security update to Windows 2000, even at this stage of the product's lifecycle," Gartner said.

Read more on Operating systems software