It's an unsafe world out there for Windows-based computers. Microsoft wants to address the problem with its new megapatch, Service Pack 2 for Windows XP. Does it succeed? Not entirely. But the big fix does so much to close security holes and to make protecting your PC simpler that it's still an essential upgrade.
As we went to press, Microsoft was predicting that SP2 would get to consumers in August. This giant patch--the biggest single update since Windows XP itself was released--promises to cure many of the known security ills that have befallen XP since it debuted in late 2001, and to preemptively put a stop to a still-unknown number of others.
But it's not just a big security fix; SP2 makes Wi-Fi and Bluetooth networks easier to navigate, adds new features to Tablet and Media Center PCs, and updates XP's multimedia components. It all comes in a 220MB package that (at press time, when we saw only the Release Candidate 2 beta version) installs in under an hour over broadband.
We tested a beta version of SP2 on a handful of systems and encountered no major problems. However, it's impossible to know how the finished product will do when people load it on millions of different computers built in millions of different configurations. You should be sure to take the usual precautions whenever making a major update: Back up crucial files, create a System Restore point before you start--and don't begin the installation if you have a pressing deadline looming. Microsoft will provide free phone support for SP2.
Among the most important security upgrades in SP2 are a major overhaul to Windows' built-in firewall and the addition of a Security Center Control Panel, a single starting point offering convenient links to several security features. The new tools will help safeguard even the least-protected systems against the most common kinds of Internet attacks, and will also provide a baseline of fundamental security technologies that will (in theory) shield PCs from future attacks.
Built-In Firewall Gets Refreshed
The Windows Firewall in SP2 replaces the lackluster (and well-hidden) Internet Connection Firewall--a part of the operating system since Windows 2000. The utility can block probes and attacks coming in from hackers or worms over the Internet, but it can't inhibit the ability of programs already residing on your hard drive to send data out to the Internet as the free ZoneAlarm firewall can. Outbound protection can help staunch the spread of spyware and worms from an infected machine to others.
With inbound protection alone, the Windows Firewall is significantly less useful than one with both inbound and outbound controls. Lacking outbound controls, you'll likely still need to use a separate free or commercial software firewall for a while longer; there's no good reason to use the Windows Firewall as your sole protection.
That said, SP2's Windows Firewall is still a valuable contribution to PC safety. Enabled by default, the Windows Firewall will protect those computers whose users fail to get a full-featured software firewall of their own.
The new Windows Firewall is also more configurable than its predecessor, with options that can block some applications from receiving data over networks where you can't be assured of the security, such as wireless hotspots in cafes or airports.
Security Center Ties It Together
The most obvious user interface change in SP2 is the Windows Security Center, a Web page-like dashboard for configuring various settings and launching security applications, such as the Windows Firewall. It's a good start at developing a one-stop place to manage security on your PC, but (at least in the beta version of SP2 that we looked at) it still isn't comprehensive enough.
The Security Center links you to the Windows Firewall, puts settings within easy reach, and can tie in with third-party antivirus software to alert you when your definitions are too old--a nice touch. However, you still have to launch the individual applets (or the components that control those features) individually if you want to change the settings that determine how they behave.
SP2 Urges Automatic Updates
The first time you boot your PC after you install SP2, but before Windows loads the desktop, SP2 makes a full-screen plea for you to enable Automatic Updates. Our advice: Enable Automatic Updates when Windows requests that you do so. Right now, the security risk of not completely patching your system outweighs the risk of encountering problems caused by a patch that may contain new bugs. The only exception may be for people at large companies who run one or more custom-made applications on their PCs. IT managers will have to do some testing before rolling out a patch on employees' computers.
IE (Finally) Gets Several Big Fixes
One of SP2's most useful features is the pop-up (and pop-under) ad blocking it adds to Internet Explorer, letting you stop any unwanted browser windows from spawning. IE will permit pop-ups you initiate purposefully, such as when you click a link that triggers a new window, and it will allow you to view blocked pop-ups via a handy (and surprisingly unobtrusive) Information Bar.
Less successful is IE's new Manage Add-ons feature, which permits you to disable unwanted browser plug-ins. Some plug-ins, such as adware programs, can be quite malicious. While the ability to disable undesirable plug-ins is laudable, Manage Add-ons is unable to delete them completely--a silly limitation when many PCs already have useless (and potentially dangerous) spyware or adware plug-ins installed, and the process to remove plug-ins is tedious and user-unfriendly (click Tools, Internet Options, click the Settings button, click the View Objects button, select the plug-ins that you don't want, and press the Delete key).
SP2 Blocks Some Executables
The new Safe Attachment Execution Service will prevent you from running potentially dangerous types of files that you either download through a Web browser or receive through e-mail or an instant message. Applications in XP that support downloading attachments--IE, Outlook Express, and Windows Messenger--will be supported immediately, but third-party software companies will need to build support into their applications.
The feature works the same way in all three XP applications: Any file you download that the service deems unsafe (such as a .pif, .scr, or .exe file) will initially be soft-blocked (you'll see a pop-up warning message about the dangers of downloading such an attachment). If you downloaded the file through IE, you'll see a second warning message when you try to run or open the download, asking if you're really, truly sure you want to run it. Click the Run button, and you're good to go.
But if you're using Outlook Express or Windows Messenger, and you override the first warning message, the file will appear on your hard drive in a hard-blocked state--it won't run unless you deliberately go into that downloaded program's Properties dialog box and manually click a button labeled Unblock within its Advanced Properties tab.
SP2 also introduces fundamental changes (called NX, or No eXecution) that will make it more difficult for hackers to exploit certain kinds of common vulnerabilities; the most important of these additions, however, work only on PCs with 64-bit processors, such as AMD Athlon-64-based systems or computers using Intel's upcoming 64-bit Pentium 4 and Xeon CPUs. PCs running on common 32-bit Intel or AMD chips get no benefit.
Though SP2 dramatically raises the bar on security, it provides you no way to clean up after a successful malware incursion; you will still need to run an up-to-date antivirus utility and a spyware removal tool to rid your computer of assorted junk that shouldn't be there in the first place.
Of course, Windows XP Service Pack 2 isn't solely about security fixes; Microsoft couldn't resist inserting a few other interesting new features into this update.
One is a mea culpa of sorts: In the original XP release, Microsoft integrated support for wireless networks, dramatically simplifying the process of configuring and connecting to wireless networks. But XP made it too easy to connect to insecure wireless networks, so in XP Service Pack 1 the company added an annoying click-through dialog box. Every single time you tried to connect to a Wi-Fi network without security, you would get a warning. Outraged users found that they couldn't even connect to their own home networks easily anymore because they had no way to turn the alert off.
In SP2, Windows still raises an alarm the first time you connect to a wireless network that has no security turned on, but you get a chance to override its objection permanently. Once you do so, every time you try to connect to the same insecure network thereafter, Windows won't complain.
The new Wireless Network Connection applet (which appears when you right-click the wireless adapter's system tray icon and choose View available wireless networks) is a model of clarity compared with the previous version. Now, at a glance, you can peruse the available wireless networks, determine their relative signal strengths, see if they're protected, and easily access the settings for the wireless adapter, among other features.
Also, SP2's Wireless Network Setup Wizard dramatically improves the process of initially setting up and connecting to wireless networks. The software even includes a way to move wireless settings from PC to PC using USB flash drives, a surprising but welcome new capability.
XP's wireless network support still lacks some features that are found elsewhere. Mac OS X, for example, makes setting up a peer-to-peer wireless network very easy. This functionality is next to impossible to replicate in XP, and the Wireless Network Setup Wizard does nothing to help.
No More Bluetooth Blues
Bluetooth users, rejoice. XP SP2 includes Microsoft's Bluetooth Client 2.0, a dramatic improvement to its Client 1.1, a tool that supported only Microsoft's own Bluetooth keyboards and mice. Version 2.0 introduces a Control Panel applet (which appears only if you have a Bluetooth radio in your PC), a well-designed wizard for discovering and configuring Bluetooth devices, and a tray icon to help you access the Client and monitor connected Bluetooth devices. The wizard also allows you to choose a passkey for any connected Bluetooth device--an important feature that "locks" the device to the PC so that the device can communicate only with that single computer.
From the Bluetooth tray icon, you can easily launch the Bluetooth Devices Control Panel applet, send or receive files with compatible devices, join a Bluetooth-based Personal Area Network for file sharing, or perform other related tasks. You can also selectively suspend individual Bluetooth devices, which can conserve a laptop's battery power. It's as straightforward as it should be, and for the first time the Bluetooth support in XP rivals that of OS X, previously the undisputed Bluetooth champ. Linux, by comparison, offers only rudimentary support for Bluetooth devices.
Tablet PC Edition Gets a Face-Lift
Users of Windows XP Tablet PC Edition who install SP2 will find their system updated to Windows XP Tablet PC Edition 2005. Included is a new context-sensitive Tablet Input Panel, which is what Microsoft calls the dialog box that appears whenever you use a stylus to insert text in a document. In earlier versions, the TIP always had a fixed location at the bottom of the screen; now it appears directly below wherever you want to insert some text. The new TIP also adds real-time handwriting recognition, so you can correct the text before it's transmitted to the underlying application.
Digital Media & Multimedia
Though Microsoft will ship its most dramatic digital media components of 2004 (such as Windows Media Player 10) separately, XP Service Pack 2 bundles a number of multimedia upgrades that have already been released individually, including Windows Media Player 9 and Windows XP Media Center Edition 2004.
Media Player Adds Online Links
In late 2002 Microsoft shipped a major media player upgrade: Windows Media Player 9 Series. It has been available as an optional download since then, but with SP2 it is now a required, core part of the operating system. This version of Media Player is a decent, if overly complex, all-in-one player that offers pervasive links to online music and video. Compared with Apple's elegant ITunes, which provides much of the same functionality, Windows Media Player 9 suffers from a confusing user interface--for example, a bizarre array of tiny buttons that you must hover over with the mouse pointer just to figure out what they do.
Media Center Edition Evolves
Users who upgrade their Media Center PCs will see their OS rebranded as Windows XP Media Center Edition 2004, a major update that refines the user experience, adds support for wide-screen displays and FM radio, improves the program guide and recording features, and integrates online services. Media Center Edition 2004 is a must-have. And a couple of months after the release of SP2, another significant upgrade to Media Center Edition will add even more nifty features.
Service Pack 2: Patch Imperfect?
Overall, Windows XP Service Pack 2 substantially improves the state of Windows. Microsoft's proactive approach to security in this patch--implementing some precautions at all times, even at the cost of functionality--is a welcome change of priorities. However, even though the Windows Firewall, the Internet Explorer pop-up blocker, and the IE Manage Add-ons feature address many of the security problems of today, SP2 merely scratches the surface of potential future security issues.
Until the Windows Firewall can block outbound connections, for instance, it will never fully replace a third-party application. And compared with competitors such as Linux and Apple's Mac OS X, Windows XP--even with SP2 added to it--still has a long way to go before it can ensure bulletproof security for every PC it is installed on.
Nevertheless, the bigger picture--that the security features in XP SP2 will create a new baseline of security for all Windows users--is inescapable. Even though SP2 can't fix every security problem in Windows now or in the future, the hope is that hackers won't have as easy a time breaking into an SP2-patched Windows XP system. And if every XP computer were patched with SP2, then the Internet as a whole might for a while be safer.
Windows Road Map
With a range of specialty Windows operating systems (and of products tied in to them), it can be hard to keep track of planned future releases of Microsoft software. Here, then, is the road map for Windows, circa summer 2004. Most of the dates are estimates from analysts and Microsoft observers; the company is reluctant to officially say when an update will arrive. Also, as with any Microsoft project, there's a good chance that delays will occur.
Windows Media Player 10
Expected late summer 2004: WMP 10 will have a simpler interface plus support for Microsoft's digital rights management, which will enable music services to offer downloadable tunes.
Windows XP Media Center Edition
Expected late 2004: This update to Media Center Edition 2004 (code-named Symphony) promises some pretty cool new video and audio features.
Windows XP 64-Bit Edition for 64-Bit Extended Systems
Expected late 2004 or early 2005: This mouthful will be optimized to take advantage of Advanced Micro Devices Inc. and Intel Corp. 64-bit processors.
Longhorn Beta 1 and 2
Expected in 2005: The beta version of the next Windows (code-named Longhorn) will apparently offer Microsoft's futuristic, 3D "Aero" user interface.
Longhorn Release Candidates
Expected early 2006: As the release approaches, Microsoft will lock down the feature set and work on performance and fit-and-finish issues.
Expected mid- to late 2006: The new OS promises security features and hack-proof components that more closely resemble those in Linux and Mac OS X than those in past Windows.