Ready or not, here comes secure Windows XP

 

Connecting state and local government leaders

Systems administrators and IT security vendors are bracing for what Microsoft Corp. has called the most significant security upgrade ever to a Windows operating system.

Systems administrators and IT security vendors are bracing for what Microsoft Corp. has called the most significant security upgrade ever to a Windows operating system.Todd Gagorick, a Microsoft senior technical specialist, said he is guardedly optimistic about the disruption that will be caused by Windows XP Service Pack 2.'It's a pretty reasonable assumption that you can deploy SP2 with a minimum of pain,' he said. But he warned that enterprise users should look carefully at the service pack's compatibility with the applications they routinely use.Firewall and antivirus vendors whose products compete with SP2's new security features are announcing compatibility with the service pack, although some products will require upgrades.Chad Harrington, director of enterprise products for Zone Labs Inc. of San Francisco, advised caution in rolling out SP2 to the enterprise. 'It makes sense to be prudent and take your time and test,' he said.Ready or not, said Justice Department IT security staff director Kevin Deeley, 'This is going to hit us. No matter what, it's coming down the pike.'SP2 officially began its trip down the pike Aug. 6. New PCs will have the operating system upgrade next month. Preferred customers and then the public will get it via CDs and downloads to be phased in over several weeks.The file size is about 70M for XP Home and 92M for XP Professional.Gagorick called SP2 one of the first fruits of Microsoft's 2-year-old trusted computing initiative. It has stronger default desktop security settings and a new Security Center management console. Also, Windows' built-in firewall has been reworked, and a host of buffer-overrun problems in Internet Explorer have been fixed, he said.Although attacks still can crash the browser, it will stop malicious code from executing, he said.Deeley said Justice primarily runs Windows 2000 on its desktop systems. 'We're much smaller on the XP side,' he said, and the department will not rush to install SP2. 'We're not upgrading everything at once. It will be part of day-to-day business.'Justice has a strong configuration management process and 'a solid test bed for testing before we implement it,' Deeley said.Although SP2 will bolster desktop defenses, Harrington said its lack of central management likely will deter Zone Labs' enterprise customers, including government.'If you're an enterprise, it's probably not going to meet your requirements,' he said.Zone Labs sells its own firewalls, and Harrington said most customers probably would not turn on the Windows firewall, which he called 'very basic' because it automatically trusts all computers on the same network segment. Also, its application programming interface lets programs disable the firewall or open ports without being validated first, Harrington said.'Being able to programmatically turn the firewall off is a security nightmare,' he said.Symantec Corp. of Cupertino, Calif., recommended that users of its firewall products disable the Windows firewall, although all Symantec products are compatible with SP2.'Both firewalls can be on at the same time without causing software conflicts,' the company said, but 'running both products simultaneously will cause minor performance degradation.'Symantec officials also are ironing out a wrinkle with the Windows security console. It might not properly register some Symantec products, which have tamper-protection features to make it difficult to scan their status.The problem will be corrected in a product update available now for current versions of Symantec Client Security and Antivirus, and in the next maintenance release for earlier versions, company officials said.

Three warnings about XP Service Pack 2

  • To foil worms and viruses, Windows XP Service Pack 2 has a new way of handling e-mail attachments. If your office has a business process using attachments that execute automatically, 'You probably need to look at that, because it's probably going to break,' Microsoft's Todd Gagorick said.

  • The built-in firewall now blocks unsolicited calls to services. But some applications, including remote-management and scanning tools, need to make such calls, so firewall policy must be altered to allow them.

  • SP2's Internet Explorer browser is less friendly to mobile code. If you use Web applications that load lots of mobile code, make sure Explorer controls are configured properly.




































  • X
    This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
    Accept Cookies
    X
    Cookie Preferences Cookie List

    Do Not Sell My Personal Information

    When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

    Allow All Cookies

    Manage Consent Preferences

    Strictly Necessary Cookies - Always Active

    We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

    Sale of Personal Data, Targeting & Social Media Cookies

    Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

    If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

    Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

    Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

    If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

    Save Settings
    Cookie Preferences Cookie List

    Cookie List

    A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

    Strictly Necessary Cookies

    We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

    Functional Cookies

    We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

    Performance Cookies

    We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

    Sale of Personal Data

    We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

    Social Media Cookies

    We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

    Targeting Cookies

    We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.