Windows XP SP2 New Security Features Review

by Amit Zinman [Published on 21 April 2004 / Last Updated on 21 April 2004]

Visual review of the new security features Microsoft is planning for Windows XP Service Pack 2. This article focuses on my experience with installing the current Beta v.2082 of SP2 so things may change by the time of release. I do not go over Internet Explorer changes in this article since they deserve a separate article.

Security Center

This feature is available through the control panel and also pops up after installation. It helps novice users through the security issues involved in maintaining a computer connected to the Internet.

As you can see my computer was not protected by the new built-in Windows Firewall (Formerly known as Internet Connection Firewall), Automatic Updates to the operating system was enabled and that Windows was not able to discover my virus protection because my anti-virus product is not a major commercial product. Annoyingly enough I couldn't find a way to turn off the virus protection alarms.

Though the Windows Firewall was not enabled it seems that application control, at least with the current build, is enabled even if it says otherwise in the Security Center.

Updating the Operating System

Microsoft built new update features into SP2. Now you can control better which updates are being downloaded and installed.

Windows XP SP2 also uses version 5 of the Microsoft Windows Update site which has a better and easier to understand interface.

Windows Firewall

Microsoft spent a lot of time designing the new personal firewall so it will be easy to use. If you've used one of those before you know that they need some managing and knowledge of networking. Microsoft, as in other products, aims to produce a software piece that can fit both professional security savvy professionals and regular Joes at home.

The Windows Firewall works with "exceptions" to allow traffic. Both port definitions and application can be defined on the exception list, which is easy to understand and configure.

In this case I added my FTP server to the list so it could be accessible from the Internet.

There are also some advanced features that allow logging, blocking of ICMP (the protocol used for the popular PING and Tracert utilities that you can use to troubleshoot network connections with), and deciding which network connections will be Firewalled.

Logging dropped packets is recommended. I hope Microsoft provides in the future a log viewer or a way to log into a database rather than a text file.

The default for ICMP is block all, so you can check rules to allow which ICP commands you want to enable. The settings here are pretty technical with no help available. To make things simpler it is safe to allow outgoing commands and incoming commands only when troubleshooting network connectivity issues.


To conclude Microsoft has made a great leap in this service pack so that more people will start protecting themselves and against attacks. Once some bugs are ironed this will make for some great features and perhaps even convince people to move away from the stable and popular Windows 2000 operating system.

See Also

The Author — Amit Zinman

Currently working as Project Manager and Systems Consultant, heading and consulting on Exchange and NT/Windows 2000 based migrations and deployments for large companies such as Checkpoint, Comverse, Smarteam, Nice, Aladdin and leading Israeli Banks, Also involved in writing scripts and custom solutions for clients based on ADSI, CDO and Visual Basic and teaching Windows 2000 and Exchange 2000 in MSCE colleges and lecturing in Microsoft User Groups.

Latest Contributions


Featured Links