Introduction to Windows XP Service Pack 2

Related Links • Ask questions or discuss this topic in the Windows XP Security and Administration Newsgroup • Windows XP Service Pack 2 Web site • Microsoft Protect Your PC Web site • What to know before you download and install SP2 • Windows XP SP2 Support Center • Order Windows XP SP2 on CD • Windows XP SP2 Network Installation Package • Previous columns by Barb Bowman

Windows XP Service Pack 2 is a free upgrade for Windows XP now available from Microsoft. Back in April, I wrote about my experiences with a beta version. I believe that many of you who don't spend a lot of time following the latest tech news will be grateful for the way Service Pack 2 improves computer security and reduces Internet annoyances.

In this column, you’ll learn how to download and install Windows XP Service Pack 2 and you'll find information about the new security enhancements. If you have questions, I'll be joining hundreds of other experienced computer users and volunteer experts in the public newsgroups to answer questions about SP2 in the coming weeks.

Service Pack 2 is a huge leap forward in safe and secure computing. Microsoft is delivering SP2 over the Internet with Automatic Updates, the first time this has been done with a service pack.

If Automatic Updates is enabled on your Windows XP-based computer, you may have already received notification and installed Service Pack 2. On one of my computers using Automatic Updates, Service Pack 2 downloaded in the background while I was browsing the Web. I barely noticed. Of course, I have broadband Internet access.

For those of you with dial-up Internet access, it will take longer to download Service Pack 2 even with Automatic Updates. But Microsoft has made some improvements so the downloads occur a little at a time, while you’re on the Internet. If you disconnect before the download is complete, and you reconnect later, the download resumes where it left off. This smart downloading technology is especially useful for dial-up users trying to get the large SP2 file.

The new Background Intelligent Transfer Service (BITS) version 2.0 improves the Automatic Update service. Along with improvements to Microsoft Windows HTTP Services (WinHTTP) 5.1, it creates a better Windows Update experience for dial-up users trying to download a large file.

In 2002, when Service Pack 1 for Windows XP came out, several experts in the user community recommended against trying to download such a large file on a dial-up connection.

But now, if you’ve been updating your computer regularly during the past year, and if you’re downloading the Express Install version of SP2, there’s no reason you can’t download SP2 over dial-up. It may take a long time, especially if you only connect to the Internet for a little while each day. But it may be more convenient than finding a broadband connection to use, or ordering the Service Pack 2 CD from Microsoft.

For me, installing SP2--including time for a backup in case I needed to restore my computer to its previous configuration-took me about half an hour.

How to Get Service Pack 2

Service Pack 2 is an important security update for all laptops, desktops, Tablet PCs, and Media Center PCs that run on the Windows XP operating system. You should install the update if you use Windows XP Home Edition, Windows XP Professional, Windows XP Tablet PC Edition, or Windows XP Media Center Edition.

To make sure you know which version of Windows is on your computer:

•	Click Start, and then click Run.
•	In the box, type winver, and then click OK.

If you are running Windows XP, but you’re not sure whether you already have the Service Pack 2 update, you can quickly check.

•	Click Start, right-click My Computer, and then click Properties.
•	On the General tab, under System, the fourth line lists the latest service pack installed on your system. See Figure 1 below. If it lists anything except Service Pack 2, you need to update your system.

If you are using Automatic Updates, Service Pack 2 may have downloaded to your computer in the background. But it may not yet be installed.

In this case, a notification balloon will pop up on the bottom of your screen reminding you to review and install the updates.

•	Click the notification balloon shown in Figure 2 below to review and install the updates.

If you are not already running Windows XP Service Pack 2, I urge you to take some time to download it from Windows Update and install it right away.

•	Open Internet Explorer, and visit the Windows Update Web site. (http://windowsupdate.microsoft.com/)
•	If prompted to download the new version of the Windows Update software, click Install Now. See Figure 3 below. Concurrent with the launch of Service Pack 2, Microsoft is launching Windows Update Version 5.

•	On the Windows Update site, click Express Install (recommended): High Priority Updates for Your Computer
•	Windows Update scans your computer and lists updates you need. Select Service Pack 2 in the list and then click Go to install updates.
•	On the Install Updates page, click Install.

Using Windows Update is the quickest way for most people to get Service Pack 2 and improve the security of their systems.

Other Ways to Get SP2

In some circumstances, you’ll want to use another option to get the service pack.

If you have more than one computer at home using Windows XP, in a home network for example, I recommend that you download the Network Installation Package of Service Pack 2 on one computer and then install it on all the others. You need a fast broadband Internet connection to download this 272 megabyte (MB) version. This is a much larger file than the typical Express Install from Windows Update, which includes only the files that your system hasn’t already installed. The Network Installation Package includes all of the updates for Windows XP even though some may already be on your system.

Nevertheless, if you have several computers to update, you can save time by downloading the Network Installation Package one time and installing it on all your systems.

The Network Installation Package is available in the Microsoft Download Center. Note that this version of Service Pack 2 is intended for IT Professionals and Software Developers so the help and support information may not be as easily understood by home users.

You also can order a Windows XP Service Pack 2 CD directly from Microsoft by requesting it at the Windows XP Web site. This means you have to wait until the CD is shipped to your home. This can be a good option if you need to update multiple computers, or if downloading is inconvenient.

Many retail and computer stores plan to make the Windows XP Service Pack 2 CD available free charge as a courtesy to their customers, and in the past, computer magazines have often distributed service pack CDs as an insert..

Where to Get Help and Answers to Your Questions about SP2

An unprecedented number of technical beta testers provided feedback on Service Pack 2 during the past year. Most felt (as I do) that Windows XP SP2 represents a huge step forward in Trustworthy Computing. (Some felt that more could have been done, of course. Two things that I heard frequently mentioned as lacking were outbound firewall protection and a basic antivirus program.)

If you have a question on Service Pack 2 or need help, the best place to start is in the Windows XP Newsgroups. I’ll be answering questions there, along with an army of volunteer MVPs and Microsoft Support Personnel who have experience using the beta version of Windows XP Service Pack 2.

This community support network is important to improve the state of computing for us all. After you’ve upgraded your own machines, be sure to tell your friends, neighbors and family that this Service Pack 2 upgrade is available for Windows XP.

I’ll certainly be informing and assisting my neighbors with upgrading their computers to Windows XP SP2 in the next few weeks. I also plan to get a copy of the CD from Microsoft and send it in overnight mail to a cousin who is still on a dial-up connection.

Security at First Boot after installing Service Pack 2

When you install Service Pack 2 and restart your computer, the first screen prompts you to Turn on Automatic Updates (unless you already turned it on during the installation).

Microsoft has strongly encouraged the use of Automatic Updates in Windows XP, especially since the so-called Blaster Worm crippled systems that hadn’t been updated and disrupted the Internet last year. Many people had never turned on the Automatic Updates. Service Pack 2 requires you to make a choice, before you do anything else. You should turn it on.

A Secure and Enhanced Windows Firewall

Service Pack 2 includes the new Windows Firewall, which replaces the Internet Connection Firewall on your system. Windows Firewall is turned on for all existing connections and will be turned on by default for any new connections. This means that every connection you make (dial-up, wireless, Ethernet, Bluetooth, etc.) will have firewall protection by default. If you install a new network adapter, you will be protected.

Windows Firewall is easier to customize than the earlier version. For example, you can turn off the firewall for a wired Ethernet connection, but leave the firewall active for a dial-up or wireless connection. This is a fairly typical scenario when you’re traveling with your laptop.

Three main operating modes are available and can be changed for any individual connection:

•	On with no exceptions (default)
•	On with exceptions
•	Off

When Windows Firewall detects unsolicited incoming traffic on your system, it will display a challenge such as shown in Figure 4 below.

You'll see this challenge when you run programs that require two-way interaction. When you permanently allow a program to have this interaction, it will be added to the exceptions list. You can also add programs to the list directly.

Windows Firewall adds protection for the newer Internet Protocol version 6 (IPv6). If you installed the Advanced Networking Pack from Windows Update and are using the Three Degrees public beta, you are using IPv6. Most other Internet clients and applications use the original IPv4.

If you're already using a firewall from another company such as Zone Alarm, Norton, or McAfee you should turn off the Windows Firewall after installing Service Pack 2. Managing two software firewalls is difficult and will probably be confusing. If you are running a hardware router that includes a firewall, you can continue to use the Windows Firewall with it. I’ve experienced no problems running Windows Firewall behind various routers that I have tested.

Tip: It is important that you take some extra steps to secure a wireless home network. Please see my earlier column WPA Wireless Security for Home Networks for more information.

The New Security Center

Service Pack 2 makes it easier to monitor your security settings by adding a new Windows Security Center, available through the Control Panel.

The new Security Center displays the status of the Windows Firewall. It also shows the status of Windows Update and your antivirus software. You can choose to run a different firewall, or turn off Windows Firewall using the Security Center. For more information see How to Disable Firewall Alerts.

The Security Center will recognize some antivirus software and notify you if the antivirus software is not up-to-date. See Figure 5 below.

Don't be alarmed if the Security Center is not able to recognize your antivirus program. Check the antivirus software’s Web site for updates that add this compatibility with the Security Center.

I've been using eTrust’s EZ Antivirus on a laptop since I downloaded the beta version of Service Pack 2 and the Security Center has full support for this program.

Avoiding MS Blaster-Type Attacks Through Secured RPC

Attacks like MS Blaster crippled the Internet and many corporate networks using a vulnerability in a protocol called Remote Procedure Call (RPC). This type of attack is now prevented by default, but the prevention may interfere with some legitimate programs that use RPC. If you have a program stop working correctly after you install Service Pack 2, visit the Web site for the company that made the program, and look for information about an update for SP2. Microsoft has been working with software companies to help avoid compatibility problems with Service Pack 2. But thousands of software programs are used on home computers and some programs may experience conflicts.

Internet Explorer Browser Security Enhancements

Protection against unwanted pop-up windows and downloads of ActiveX controls have been implemented in Service Pack 2. Pop-up windows are now blocked by default in the version of Internet Explorer that is included in Service Pack 2. The first time you visit a Web site that uses pop-ups, Internet Explorer will display the new Information Bar. You can choose to display the blocked pop-ups, allow one-time pop-ups, or specify that certain sites never be blocked from displaying pop-ups. You can turn off the Information Bar if you prefer.

The download of ActiveX controls, which can add video, animated content, or other features to Web sites, are now blocked by default. If you visit a Web site that tries to download an ActiveX control to your computer, the Information Bar warns you and asks permission.

Service Pack 2 also lets you manage browser add-ons. Browser add-ons and controls have been the number one source of Internet Explorer crashes and this new functionality makes it easier to find and disable the offending program. To learn more, see TechNet’s detailed information on Windows XP SP2 Enhanced Browser Security.

New Security Features in E-mail for Outlook Express

Outlook Express is the e-mail program included on every Windows XP system. Many viruses and Trojan Horses spread via e-mail so Service Pack 2 has added some security enhancements. Files attached to e-mail messages will now be blocked by default if they match a list of known potentially dangerous file types. This will help prevent you from unwittingly running a Trojan Horse virus that someone has disguised and sent to you in e-mail.

If you use Outlook Express HTML mail, you may not see some images when you download and open e-mail. Instead, a message will advise you that some pictures have been blocked to help prevent the sender from identifying your computer. If you know and trust the source, you can authorize the download and display of this content.

•	To access these security options in Outlook Express, select the Tools menu, Options, then Security. See Figure 6 below.

Wireless Networking Enhancements

Service Pack 2 makes setting up new wireless networks easier. The process of connecting to networks is now easier for most users. You can see more information about the current state of a wireless connection. A sample of a new and highly informative status message is shown in Figure 7 below.

The wireless team has also made many tweaks, fixes, and updates to ensure more reliable connections that make wireless networking easier to use and understand.

Windows XP Service Pack 2 includes a new wizard to help you set up a new wireless network or add computers to an existing wireless network. New technology called Windows Smart Network Key uses a USB flash drive to setup computers and even router and printer devices with a specific wireless network configuration. You can read more technical information about it and see screenshots in Joe Davies Cable Guy column.

Barb Bowman enjoys sharing her own experiences and insights into today's leading edge technologies. She is a product development manager for Comcast High-Speed Internet, but her views here are strictly personal.