BZU PAGES: Find Presentations, Reports, Student's Assignments and Daily Discussion; Bahauddin Zakariya University Multan - View Single Post - XP-SP2 review

**irfishahpk** · #1 10-03-2009, 01:02 PM

XP- SP2 Notes

Here are some of the most important security changes that are part of XPSP2

The Internet Connection Firewall is now enabled by default, which should improve security for SOHO users. However, in a corporate environment it could cause problems for users trying to connect to network resources. The firewall will also now activate much earlier in the boot cycle, even before the network stack is enabled. On shutdown, it will now remain active until after the stack is disabled.
The Messenger service is now disabled by default.
A pop-up ad blocker has been turned on by default.
A unified security application called the Windows Security Center has been added. It is supposed to bring all of the most basic security configuration information into one easy-to-manage place that will show whether your firewall is enabled, if your antivirus software is working, and if you have the latest software updates installed.
NX support is added to Windows XP. NX (no execute) will allow NX-enabled CPUs to mark certain areas of memory as non-executable; that is, any code pushed into those areas (perhaps by malware such as Blaster or other viruses) will just sit there, unable to run and therefore will be rendered harmless. This will harden the OS against the notorious buffer overrun threats. NX is currently only supported for AMD’s K8 and Intel’s Itanium processors, but 32- and 64-bit support for this important security feature is expected in most future processor releases.
DCOM (the Distributed Component Object Model) gets a new set of restrictions in the form of an access control list for nearly every action of any COM server. There will also be a more detailed set of COM permissions, which will allow administrators to fine-tune COM permission policies.
There is improved port management. It will no longer be up to the application to close ports after it is finished. Before, if a developer left out the closing routine or the application crashed, a port could remain open and leave XP open to attack. SP2 encourages port management with an application white list that only a user with administrator privileges can alter. Placing an application (such as a peer-to-peer program) on the white list causes ports to be managed automatically. Such applications can also now be run as a regular user rather than needing local administrator privileges to open ports in ICF.
New RPC restrictions help tighten communications. The XP SP2 changes in this area let administrators fine-tune RPC services. This granular control over RPC will allow you to specify that a port be used for RPC even if the application is not on the white list. There are a lot of changes for RPC, including a new RestrictRemoteClients registry key that by default blocks most, but not all, remote anonymous access to RPC interfaces on the system. The RPC interface restriction will require an RPC caller to perform authentication, which makes it much more difficult to attack an interface, and helps mitigate against Trojan attacks.