Cyberwars: The Role of XP S2

Cyberwars: Where Do We Go From Here?

The role of Microsoft's XP Service Pack 2 in the ongoing fight to virus-proof Windows

Dan Albrich
Manager, Microcomputer Services
dalbrich@uoregon.edu

Last fall the campus was hit hard with the likes of Blaster, Welchia, and Sasser, just to name a few. We all knew that anyone could get a virus by downloading a suspicious file or opening an email attachment, but few realized that our Windows computers could be infected simply by connecting to the Internet.

During the height of the campus contagion, we saw cases of people becoming infected while booting their PCs--even with firewalls enabled--because there was a 10-second lag between the time the PC connected and the firewall became effective. Worse still, new computers with integrated wireless cards could be infected simply by being turned on within range of a wireless access point.

Each of the viruses that wreaked such havoc last fall specifically targeted Windows vulnerabilities and left other platforms unaffected. In addition, Microsoft Outlook has been found to be an integral component in the propagation of the more common type of email-based viruses called "worms." All of this is bad news for Microsoft, and has users and computer support staff worldwide scrambling to come up with answers.

Microsoft responds: Windows XP Service Pack 2 (SP2)

After spending approximately one billion dollars on development, Microsoft recently released the largest update to Microsoft Windows ever. Much of this update, called "Windows XP Service Pack 2," is designed to patch holes or vulnerabilities in Microsoft Windows in hope of reducing the current onslaught of worms, viruses, and spyware affecting Windows users.

Should I install it?

There's no magic bullet that can guarantee computer security once and for all. However, SP2 does address the specific vulnerabilities that enabled Blaster, Welchia, and Sasser to take hold. For those of you who haven't installed this critical set of updates, we strongly encourage you to do so. History has taught us that the time lag is shortening between the release of a patch for a particular vulnerability and the creation of a worm or virus that exploits it. In other words, choosing not to apply new patches as soon as they are released seems to directly result in your PC becoming virally infected.

What's new in SP2?

Network Protection: The main change here is an integrated firewall that works. Microsoft eliminated the 10-second lag between the time a network connection became active and the time the integrated firewall became effective. Firewalls keep your computer safe from random unsolicited network connections from arbitrary Internet hosts. The firewall does not stop you from running network applications such as browsing the web, or getting your email. It simply stops any unsolicited inbound network connections.
Memory Protection: This feature blocks attacks that try to copy too much data into areas of your computer's memory. This form of attack, called a buffer overrun, is a common means of gaining unauthorized access to computing systems or denying access to legitimate users. SP2 supports a hardware feature called DEP (data execution prevention) that is supported on some microprocessors. This feature marks certain memory locations as data only, and subsequently blocks exploits that utilize execution of data as executable code.
Other protections designed to limit the spread of email viruses, and those contracted through browsing the web: SP2 also includes updates for tablet and multimedia versions of Windows. Microcomputer Services staff recommend that you use an alternate browser (not Internet Explorer) for your general purpose browsing needs. For this reason, Duckware 2004 automatically offers to install Firefox, a good alternative browser, if you do not appear to have something other than IE installed.

How do I get SP2?

You can download SP2 via Windows Update if you have a high-speed Internet connection (for example, if you're on campus or have a DSL or cable modem).

You may also pick up a copy on CD from the Documents Room Library in 175 McKenzie Hall.

References

"Securing Windows":
http://micro.uoregon.edu/security/windows/index.html

"Features and Functionality in Windows XP Service Pack 2":
http://www.microsoft.com/technet/prodtechnol/winxppro/plan/xpsp2ff.mspx

PC Magazine article "Windows XP Service Pack 2":
http://www.pcmag.com/article2/0,1759,1631045,00.asp

Fall 2004 Computing News | Computing Center Home Page