Proceed cautiously with SP2, security experts say

pr0digal jenius · Aug 8, 2004, 12:27 AM

Microsoft took more than two years to develop Windows XP Service Pack 2 (SP2), delaying its release several times. In the meantime, attackers have had a ball poking through Windows' multiple security holes with virus and worm attacks, spam and spyware.

The software giant took an important step Friday when it released SP2 to manufacturing and promised the full release by month's end. Information security experts said it's worth the wait.

"There's no doubt it significantly enhances security, both for the generic end user and the higher-level enterprise administrator," said Bradley Dinerman, technical operations manager for Newton, Mass.-based IT management firm MIS Alliance Corp.

But they have no illusion the package will be installed on every enterprise network overnight; nor do they think it should be. Companies must test SP2 to see if it's compatible with other programs on their network and educate their users on all the new features.

"My advice to IT managers is to check with their vendors and make sure there are no conflicts between the programs they have and SP2," said Russ Cooper, senior scientist for Herndon, Va.-based security firm TruSecure. "Make sure the vendors say 'yes, our applications work with SP2.'"

SP2 is designed to make Windows XP more ironclad against attacks from the likes of Sasser, Dowload.ject and Mydoom. Its security features include turning on the Internet Connection Firewall (ICF) by default, closing ports except when they're in use and improving the firewall configuration interface. Other steps taken to improve security include recompiling core Windows components to make the OS more resilient to malware-induced buffer overruns and improving Internet Explorer controls and user interfaces to block malicious ActiveX controls and spyware.
__________________
Source/Read More: Search Security

Aug 8, 2004, 12:27 AM	#1
pr0digal jenius Delete Me Join Date: Mar 2004 Posts: 14,648 Rep Power: 0	Proceed cautiously with SP2, security experts say Microsoft took more than two years to develop Windows XP Service Pack 2 (SP2), delaying its release several times. In the meantime, attackers have had a ball poking through Windows' multiple security holes with virus and worm attacks, spam and spyware. The software giant took an important step Friday when it released SP2 to manufacturing and promised the full release by month's end. Information security experts said it's worth the wait. "There's no doubt it significantly enhances security, both for the generic end user and the higher-level enterprise administrator," said Bradley Dinerman, technical operations manager for Newton, Mass.-based IT management firm MIS Alliance Corp. But they have no illusion the package will be installed on every enterprise network overnight; nor do they think it should be. Companies must test SP2 to see if it's compatible with other programs on their network and educate their users on all the new features. "My advice to IT managers is to check with their vendors and make sure there are no conflicts between the programs they have and SP2," said Russ Cooper, senior scientist for Herndon, Va.-based security firm TruSecure. "Make sure the vendors say 'yes, our applications work with SP2.'" SP2 is designed to make Windows XP more ironclad against attacks from the likes of Sasser, Dowload.ject and Mydoom. Its security features include turning on the Internet Connection Firewall (ICF) by default, closing ports except when they're in use and improving the firewall configuration interface. Other steps taken to improve security include recompiling core Windows components to make the OS more resilient to malware-induced buffer overruns and improving Internet Explorer controls and user interfaces to block malicious ActiveX controls and spyware. __________________ Source/Read More: Search Security