Windows XP Service Pack 2: A Developer's View

<br /><pre>Draft Version for PDC 2003 <br />This document contains preliminary information about the security technologies <br />in Windows XP SP2. <br />Microsoft Corporation <br />October 2003 <br />Applies to: <br /> Microsoft® Windows® XP <br />Summary: With Windows XP Service Pack 2 (SP2), Microsoft is introducing a set of <br />security technologies that will improve Windows XP-based computers' ability to <br />withstand malicious attacks from viruses and worms. The technologies include: <br /> <br />* Network protection <br />* Memory protection <br />* Safer email <br />* Safer browsing <br /> <br />This paper discusses the first two elements on this list. <br />Together, these security technologies will help make it more difficult to attack <br />Windows XP, even if the latest patches or updates aren't applied. These security <br />technologies together are particularly useful mitigation against worms and <br />viruses. <br />This paper reflects early thinking about SP2 and its implications for <br />developers. As we progress further, we will make more information available for <br />developers on the Microsoft_Developer_Network_(MSDN)_Security_Developer_Center. <br />The goal for SP2 is to build on our Trustworthy Computing efforts that have <br />previously been applied to Windows Server 2003. To read more about the Microsoft <br />Trustworthy Computing initiative, please see the Trustworthy_Computing_Defined <br />overview. (13 printed pages) <br /> <br />Overview of Windows XP SP2 Security Technologies <br /> <br />Many customers do not or cannot roll out patches as soon as they become <br />available, but still need to be protected against the risks that the patches <br />mitigate. Each security bulletin that Microsoft delivers includes information <br />that customers can use to help mitigate risk while they deploy the patch. <br />However, Microsoft is innovating further delivering security technologies that <br />provide additional mitigation ahead of deploying a patch. These security <br />technologies will cover the following areas: <br /> <br />* Network protection.These security technologies will help provide better <br /> protection against network-based attacks, like Blaster, through a number of <br /> innovations, including enhancements to Internet Connection Firewall (ICF). The <br /> planned enhancements include turning on ICF in default installations of SP2, <br /> closing ports except when they are in use, improving the user interface for <br /> configuration, improving application compatibility when ICF is on, and <br /> enhancing enterprise administration of ICF through Group Policy. The attack <br /> surface of the RPC service will be reduced as well as running in a reduced <br /> privilege. The DCOM infrastructure will also have additional access control <br /> restrictions to reduce the risk of a successful network attack. <br />* Memory protection.Some attacks by malicious software leverage software <br /> vulnerabilities that allow too much data to be copied into areas of the <br /> computer's memory. These vulnerabilities are typically referred to as buffer <br /> overruns. Although no single technique can completely eliminate this type of <br /> vulnerability, Microsoft is employing a number of security technologies to <br /> mitigate these attacks from different angles. First, core Windows components <br /> are being recompiled with the most recent version of our compiler technology <br /> to help mitigate against buffer overruns. Additionally, Microsoft is working <br /> with microprocessor companies to help Windows support hardware-enforced "no <br /> execute" (or NX) on microprocessors that contain the feature. NX uses the CPU <br /> itself to enforce the separation of application code and data, preventing an <br /> application or Windows component from executing program code that an attacking <br /> worm or virus inserted into a portion of memory marked for data only. <br />* Safer e-mail.Security technologies will help stop viruses (such as SoBig.F) <br /> that spread through e-mail and instant messaging. These technologies include <br /> default settings that are more secure, improved attachment control for Outlook <br /> Express and Windows Messenger, and increased Outlook Express security and <br /> reliability. As a result, potentially unsafe attachments sent through e-mail <br /> and instant messages will be isolated so that they cannot affect other parts <br /> </pre>