Penn Computing
Computing Menu Computing A-Z
Computing Home Information Systems & Computing Penn

Windows XP Service Pack 2 For Providers

Windows XP box

Windows XP Service Pack 2 (officially named "Windows XP Service Pack 2 with Advanced Security Technologies") was released on August 9th, 2004. Service Pack 2 is the latest and most significant update to Microsoft's leading operating system.

Information Systems & Computing (ISC) will support Windows XP Service Pack 2 for its clients, including off-campus students, only on new Intel-based PCs that ship with Windows XP Service Pack 2 pre-installed or that have been automatically updated through Windows Update. ISC strongly recommends that all other users adopt a "wait and see" attitude, continuing to use previous versions of Windows XP until after the initial bugs in Service Pack 2 are identified and fixed.

Provider note: although ISC is following its standard three month "cooling off" period for a new or significantly revised operating system with Windows XP Service Pack 2, we recognize that the landscape has changed and that many users who are running Automatic Update on their Windows workstations will receive Service Pack 2 without any intervention.

When ISC does recommend an upgrade it will be for workstations with processors 450 MHz or above that have at least 256 megabytes of RAM. Please refer to ISC's Windows System Specifications to find out which versions of Windows are recommended for your Intel-based computer. The full version of Windows XP Service Pack 2 is approximately a 270 megabyte download and requires between 650 megabytes and 2.0 gigabytes of additional hard disk space over a base (but fully patched) Windows XP Professional installation, depending on the type of Intel-based PC and choices made during the install.

Provider note: Windows XP Service Pack 2 backs up the previous installation of Windows XP by default, instead of giving a choice like previous service packs did. This adds considerably to the space that Service Pack 2 uses.

Issues

There are several known problems with Windows XP Service Pack 2, a few of which will be especially relevant to Penn's Windows users:

  • Windows XP Service Pack 2 may require a BIOS upgrade or other changes to Intel-based PCs. Most PC manufacturers, including Dell and IBM, have pages devoted to Windows XP compatibility.
    • Provider note: Newer Dell and IBM desktops and laptops will tend to be compatible with Windows XP Service Pack 2. Older desktops and laptops (especially older laptops) nearing the end of their life-cycles may need BIOS upgrades, RAM upgrades, or other modifications to effectively run Windows XP Service Pack 2 -- and some may never run it well.
  • Windows XP Service Pack 2 includes an updated version of Internet Explorer 6.0, which may introduces significant problems for some University users. In some, but not all, cases ISC suggests using Mozilla 1.6/1.7.x.

  • The Summer and Fall versions of the PennConnect 2004 CD-ROM install and run successfully on Windows XP Service Pack 2, with two exceptions.

    • If you are running in managed mode only, Symantec AntiVirus Corporate Edition 8.1.1, included with the Summer version of the PennConnect 2004 CD-ROM, does not fully function with Windows XP Service Pack 2. Symantec has released a compatible version, Symantec AntiVirus 9.0.1, which will be included in the Fall version if the PennConnect 2004 CD-ROM.

      • Provider note: note that this single release of Symantec AntiVirus is compatible with all University-supported versions of Windows.

    • Since Windows Firewall is enabled by default in Windows XP Service Pack 2, Dimension 5.0 will not be able to execute its calls to the timeserver. Once these calls are allowed by the Windows Firewall control panel, Dimension 5.0 works correctly.

How to get it

Microsoft is making Windows XP Service Pack 2 available at the University in four different ways:

  1. The Windows XP Service Pack 2 Network Installation package can be downloaded from Microsoft's web site as of August 9th.

  2. For users who have Automatic Update installed and set to automatically download and install, Service Pack 2 will start to become available on August 16th. The timing for users to receive Service Pack 2 through Automatic Updates will depend on a number of factors, including the user's Internet usage, location, language, and level of Internet demand for Service Pack 2.

  3. For users with Penn's Software Update Services (SUS) activated, SUS will not install Service Pack 2. Providers with workstations running SUS are free to install Service Pack 2 when they consider it appropriate, at which point SUS will continue to function properly.

  4. For users who run Windows Update manually, Service Pack 2 will be available as a critical update sometime in late August.

What's new in Windows XP Service Pack 2

Windows XP Service Pack 2 has many new features, most of which are security-related:

  • Network Protection Technologies: these security technologies help to provide better protection against network-based attacks with enhancements to Windows Firewall and a reduced Remote Procedure Call (RPC) attack surface. These enhancements include turning on Windows Firewall in default installations of Service Pack 2, closing ports except when they are in use, improving the user interface for configuration, improving application compatibility when Windows Firewall is on, and enhancing enterprise administration of Windows Firewall through Group Policy. The attack surface of the RPC service is reduced, and RPC objects can be run with reduced credentials. The DCOM infrastructure also has additional access control restrictions to reduce the risk of a successful network attack.

    • Provider note: Windows Firewall is now on by default and it is significantly different and more flexible than the previous Internet Connection Firewall (ICF). It also adds boot-time security and global configuration, so the firewall can be set up once for all available network connections.

  • Memory Protection Technologies: some attacks by malicious software (often called buffer overruns) leverage software security vulnerabilities that allow too much data to be copied into areas of the computer's memory. In Service Pack 2, core Windows components have been recompiled with the most recent version of Microsoft's compiler technology, which provides added protection against buffer overruns. Additionally, Microsoft is working with microprocessor companies to help Windows support hardware-enforced data execution prevention (DEP) on microprocessors that contain the feature. DEP uses the CPU to mark all memory locations in an application as non-executable, unless the location explicitly contains executable code. This way, when an attacking worm or virus inserts program code into a portion of memory marked for data only, an application or Windows component will not run it.

    • Provider note: at present data execution prevention (DEP) is only available on desktop hardware with AMD Athlon microprocessors. It will not be available with Intel microprocessors until at least Q4/2004.

  • Email Handling Technologies: these technologies include default settings that have enhanced security and improved attachment control using the Attachment Execution Service (AES) API. This results in security and reliability enhancements for communications applications such as Outlook 2003 and Windows Messenger. As a result, potentially unsafe attachments that are sent through email and instant messages are isolated so that they cannot affect other parts of the system.

  • Web Browsing Security: the technologies that are present in Microsoft Internet Explorer 6.0 for Windows XP Service Pack 2 provide better protection against malicious content than previously had been available in a Microsoft web browser. One enhancement includes locking down the Local Machine zone to prevent the running of malicious scripts and fortifying against harmful Web downloads. Additionally, better user controls and user interfaces are provided that help prevent malicious ActiveX controls and spyware from running on users' systems without their knowledge and consent. Finally, Internet Explorer now includes integrated blocking of pop-up windows.

    • Provider note: most users will see integrated blocking of pop-ups as the primary upgrade feature. A side benefit for support providers is that this should slow the spread of third-party pop-up blockers with their various incompatibilities and strange behaviors.

  • Computer Maintenance: new features have been added to help the end user stay up-to-date with the latest software and security updates. These technologies include Security Center, which provides a central location for information about the security of the client's computer, and Windows Installer, which provides more security options for software installation.

  • Updated features for Tablet PCs: updates include a new design for Tablet PC Input Panel, which opens and floats near where the user is entering text, a redesigned Input Panel correction experience, context-sensitive handwriting recognition (for example, URL and email addresses), improved handwriting recognition engines for all languages - most notably East Asian languages, and a new lined input experience in the East Asian Input Panel.

    • Provider note: these updates are quite significant for the small number of Tablet PC users at the University - enough to represent the equivelant of an operating system upgrade.

For further information

Microsoft's Windows XP Service Pack 2 Resources for IT Professionals page.

eWeek's Windows XP Evolution page.

-- Laura Hunter, Student Financial Services and John Mulhern III, ISC Technology Support Services (August 9, 2004)
top

Information Systems and Computing
University of Pennsylvania
Comments & Questions
University of Pennsylvania Penn Computing University of Pennsylvania Information Systems & Computing (ISC)
Information Systems and Computing, University of Pennsylvania