Windows XP SP2: Finally Open for Business
by Alex Woodie
After another last-minute delay, Microsoft finally released Windows XP Service Pack 2 to manufacturing last week. The delivery of XP SP2, which has major new security features designed to repel viruses and hackers from Windows PCs, will free Microsoft developers to work on other new versions of Windows, including upcoming releases of Windows Server 2003 and 64-bit versions of Windows, that have been delayed by the massive effort that went into XP SP2.
Microsoft announced on Friday that Windows XP SP2, officially called Windows XP Service Pack With Advanced Security Technologies, had been released to manufacturing. Windows XP SP2 turns on some important security facilities by default, and has new features that should help users to keep their PCs locked down and secure.
One of the major new security features in this release is that Microsoft has turned on the Internet Connection Firewall on by default. A new wizard walks users through setting up security, while a new security dashboard, called the Windows Security Center, quickly gives users the status of their firewall, antivirus, and other security settings at a glance. The Widows Messenger service, the source of a well-known and exploited security vulnerability, has also been disabled by default. NX (no execute) support has been added, which allows NX-enabled CPUs from Intel and Advanced Micro Devices to mark certain areas of memory as non-executable, to resist attacks using buffer overflow techniques. Rounding out this release are a new set of access control restrictions that have been added for DCOM for nearly every action of any COM server; the automatic closure of ports after the application using it closes (or crashes); and better control over RPC communications.
Bill Gates, the company's chairman and chief software architect, says that Windows XP SP2 reflects changing attitudes toward security in the computer industry. "Service Pack 2 is a significant step in delivering on our goal to help customers make their PCs better isolated and more resilient in the face of increasingly sophisticated attacks," he stated in a press release.
Microsoft is taking a different approach to distributing XP SP2, which it is distributing to current Windows users free of charge. On day one of availability, the only users able to obtain XP SP2 were beta testers, business partners, and Microsoft Developer Network (MSDN) Universal and Professional members. As of Monday, a version of XP SP2 for developers, called XP SP2 Network Installation Package for IT Professionals and Developers, was available for download from Microsoft's download site.
For everyday users, however, XP SP2 is not yet available. Microsoft is encouraging the masses to upgrade to XP SP2 through Windows' Automatic Updates feature, which keeps a computer up-to-date with the latest service packs, security patches, and other updates by automatically checking for updates, and then downloading them from Microsoft, every time a PC is connected to the Internet. Microsoft is expected to begin distributing XP SP2 through Automatic Updates this week. Microsoft says that it expects to distribute XP SP2 to approximately 100 million PCs through Automatic Updates over the next two months.
XP SP2 should be available through Windows Update, which leaves more control in the hands of the user, later in August. New PCs equipped with XP SP2 are not expected to be available in retail stores for six to eight weeks, missing the big back-to-school push that is now ramping up. Microsoft is also introducing a new download utility with Windows XP SP2 that is designed to optimize downloading, even over slow dial-up lines, by using spare bandwidth.
While it's officially just a service pack, Windows XP SP2 was subjected to one of the most rigorous testing regimens of any Windows release in recent memory and should be considered a major new release of the operating system. More than a million users were involved in the beta tests, and Microsoft says it tested more than a thousand applications for compatibility with XP SP2.
Despite all the testing, some applications are expected to break when they run on Windows XP SP2. Security experts say the applications most likely to experience problems are older applications not built with security considerations in mind. Corporate users who run older Windows-based terminal emulation software for connecting to large mainframe, Unix, or OS/400 hosts could experience problems with XP SP2, some emulation vendors say (see "Host Access Vendors Wary About Windows XP SP2"). Microsoft's own CRM software will also run into problems with XP SP2, and Microsoft last week issued a patch that it said would fix the problem. Undoubtedly more accounts of incompatibility with third-party applications will surface in the coming months.
XP SP2 has been a long time in coming. Microsoft originally started its Windows XP SP2 development project nearly two years ago, following the 2001 launch of Windows XP. It was originally slated for shipment in 2003, but numerous delays continued to push back the ship date. In late May, when one of the ship dates came and went, company officials gave no solid ship date. Then, in mid-July, Microsoft said XP SP2 would ship sometime in August.
XP SP2's delays have had a ripple effect in Microsoft's development labs. Last month Microsoft cited the delays in getting XP SP2 out the door as key factors contributing to the current delay of at least six months in three other versions of Windows, including Windows Server 2003 Service Pack 1, Windows Server 2003 for 64-bit Extended Systems, and Windows XP 64-bit Edition for 64-bit Extended Systems (see "Microsoft Delays Windows Server 2003 SP1 and 64-bit Versions").
The August ship date almost came and went, too. Last Thursday, a story in the Wall Street Journal said Microsoft had expected XP SP2 to be released to manufacturing late Wednesday, but pushed it back to an unspecified future date. Microsoft announced the availability of XP SP2 the next morning.