twitter
facebook 
| XP Service Pack Needs Significant Testing |
| Apr. 19, 2004 |
By applying its Trustworthy Computing framework to Windows XP Service Pack 2 (SP2), Microsoft intends to bring Windows XP up to the level of security of Windows Server 2003. Like previous Windows service packs, SP2 provides an integration-tested set of updates and patches and establishes a new baseline for Windows XP systems. However, SP2 also makes major changes that will force organizations to test it as if it were a new Windows release. Security Main Focus Windows XP SP2 represents a significant change because Microsoft is not only releasing a collection of tested patches but is also making system and configuration changes to Windows XP systems to improve their overall security. Substantial security-related changes are necessary because Windows XP shipped before Microsoft conducted its review of the Windows code driven by the Trustworthy Computing initiative. This review has significantly improved the overall security and reliability of Windows Server 2003, which was the first version of Windows to ship after the review. The principles of Trustworthy Computing and the resultant changes to Windows made during that review have now found their way into XP SP2, as follows: Secure by design. Security must be a fundamental part of the design of every feature. For Windows XP SP2, Microsoft has redesigned several services, such as Remote Procedure Calls and DCOM, to improve their security. Secure by default. Security must be preserved during installation and configuration. While this step typically involves disabling services that are infrequently used, until an administrator enables and configures them, in Windows XP SP2 Microsoft is enabling the Windows Firewall by default to improve the security of Windows XP. Secure by deployment. Security must be preserved throughout the life cycle of a product by responding effectively to new threats or newly discovered vulnerabilities. Windows XP SP2 is adding a Security Center, a new Windows System Tray item from which users can check all their security settings, and is prompting users to use AutoUpdate, a service that automatically downloads and installs critical patches, to help keep Windows XP secure after deployment. Communications. Information about security vulnerabilities, exploits, patches, and workarounds, as well as information about configuring and using products securely, must be communicated to customers and partners in a timely, open, and honest fashion. Complete communication of the changes in Windows XP SP2 for both developers and administrators demonstrates improvements in this area. Patch Improvements Decoupled Microsoft is also currently working to improve the patching of its products, which would benefit "security by deployment." Current efforts include the following:
Early on, it appeared that these patching improvements would be synchronized with the release of Windows XP SP2. Now it seems likely that SP2 will ship first, with the other changes released with the next version of WUS in the second half of 2004. Testing Challenge for Corporate Users The security changes in SP2 will particularly benefit consumers, who frequently lack basic security infrastructure (such as firewalls and antivirus software), do not have the skills or IT resources to manage configuration and security, and might not be keeping their computers up to date or secure. However, corporate users, who may already be reasonably secure, may encounter problems. For example, SP2 aggressively prompts users to activate AutoUpdate, and the Windows Firewall will be turned on by default. Although these may be reasonable settings for Windows XP Home Edition, they may not be welcome in an organization that already has a well-configured and managed firewall, where administrators want to manage which updates are installed, or they use a tool like WUS and Systems Management Server to control and manage the deployment of updates. Moreover, Microsoft is not providing a "patches-only" version of SP2 (which would not change system configuration). Therefore, to deploy the integration-tested collection of patches, customers must also deploy the changes. Because the changes affect how Windows works—for example, the Windows Firewall (formerly known as the Internet Connection Firewall, or ICF) will be on by default—some applications that customers rely on may stop working. This means that customers will have to perform as much testing before they deploy SP2 as they would before deploying a completely new version of Windows. Microsoft is making the new features and settings manageable in a corporate environment. For example, the configuration of the Windows Firewall can be managed by Group Policy (GP). But this adds another layer of testing and planning before SP2 can be rolled out—before using GP to manage the firewall, administrators must look at the configuration options exposed to GP, determine the correct settings for their organization, and then test the deployment of the SP and the policy. (For an illustration, see "Firewall Settings Managed by Group Policy".) Although Microsoft is making SP2 widely available for testing prior to its final release, some customers may not have the resources to begin testing now or may not be willing to test so many changes until a final version is released. This creates an unfortunate paradox: although both the patches and the security changes in XP SP2 are valuable, packaging them in a single service pack may delay the deployment of both. Resources An overview of the changes in Windows XP SP2 is available in "XP Service Pack Highlights Security Dilemma" on page 3 of the Jan. 2004 Update. For a copy of Windows XP SP2 for testing, see the Technical Preview Program site www.microsoft.com/technet/prodtechnol/winxppro/sp2preview.mspx. All the changes in Windows XP SP2 are described at www.microsoft.com/technet/prodtechnol/winxppro/maintain/winxpsp2.mspx. Developer information on the changes needed to program for Windows XP SP2 is at msdn.microsoft.com/security/productinfo/xpsp2/default.aspx . |
