Windows XP with Service Pack 2
It's an unsafe world out there for Windows-based computers. Microsoft wants to address the problem with its new megapatch, Service Pack 2 for Windows XP. Does it succeed? Not entirely. But the big fix does so much to close security holes and to make protecting your PC simpler that it's still an essential upgrade.
- Great support, Easily accessible
- Security somewhat lacking, Irritating networking
Windows XP is probably the best operating system for the vast majority of people who want to perform basic desktop tasks. It loses to Mac OS in many regards but superior support and accessibility make Windows a viable choice.
Price$ None (AUD)
As we wrote this article, Microsoft was predicting that SP2 would get to consumers in August. This giant patch--the biggest single update since Windows XP itself was released--promises to cure many of the known security ills that have befallen XP since it debuted in late 2001, and to preemptively put a stop to a still-unknown number of others.
But it's not just a big security fix; SP2 makes Wi-Fi and Bluetooth networks easier to navigate, adds new features to Tablet and Media Center PCs, and updates XP's multimedia components. It all comes in a 220MB package that (at press time, when we saw only the Release Candidate 2 beta version) installs in under an hour over broadband.
We tested a beta version of SP2 on a handful of systems and encountered no major problems. However, it's impossible to know how the finished product will do when people load it on millions of different computers built in millions of different configurations. You should be sure to take the usual precautions whenever making a major update: Back up crucial files, create a System Restore point before you start--and don't begin the installation if you have a pressing deadline looming. Microsoft will provide free phone support for SP2.
Security ImprovementsAmong the most important security upgrades in SP2 are a major overhaul to Windows' built-in firewall and the addition of a Security Center Control Panel, a single starting point offering convenient links to several security features. The new tools will help safeguard even the least-protected systems against the most common kinds of Internet attacks, and will also provide a baseline of fundamental security technologies that will (in theory) shield PCs from future attacks.
Built-In Firewall Gets RefreshedThe Windows Firewall in SP2 replaces the lackluster (and well-hidden) Internet Connection Firewall--a part of the operating system since Windows 2000. The utility can block probes and attacks coming in from hackers or worms over the Internet, but it can't inhibit the ability of programs already residing on your hard drive to send data out to the Internet as the free ZoneAlarm firewall can. Outbound protection can help staunch the spread of spyware and worms from an infected machine to others.
With inbound protection alone, the Windows Firewall is significantly less useful than one with both inbound and outbound controls. Lacking outbound controls, you'll likely still need to use a separate free or commercial software firewall for a while longer; there's no good reason to use the Windows Firewall as your sole protection. That said, SP2's Windows Firewall is still a valuable contribution to PC safety. Enabled by default, the Windows Firewall will protect those computers whose users fail to get a full-featured software firewall of their own.
The new Windows Firewall is also more configurable than its predecessor, with options that can block some applications from receiving data over networks where you can't be assured of the security, such as wireless hotspots in cafes or airports.
Security Center Ties It TogetherThe most obvious user interface change in SP2 is the Windows Security Center, a Web page-like dashboard for configuring various settings and launching security applications, such as the Windows Firewall. It's a good start at developing a one-stop place to manage security on your PC, but (at least in the beta version of SP2 that we looked at) it still isn't comprehensive enough.
The Security Center links you to the Windows Firewall, puts settings within easy reach, and can tie in with third-party antivirus software to alert you when your definitions are too old--a nice touch. However, you still have to launch the individual applets (or the components that control those features) individually if you want to change the settings that determine how they behave.
SP2 Urges Automatic UpdatesThe first time you boot your PC after you install SP2, but before Windows loads the desktop, SP2 makes a full-screen plea for you to enable Automatic Updates. Our advice: Enable Automatic Updates when Windows requests that you do so. Right now, the security risk of not completely patching your system outweighs the risk of encountering problems caused by a patch that may contain new bugs. The only exception may be for people at large companies who run one or more custom-made applications on their PCs. IT managers will have to do some testing before rolling out a patch on employees' computers.
IE (Finally) Gets Several Big FixesOne of SP2's most useful features is the pop-up (and pop-under) ad blocking it adds to Internet Explorer, letting you stop any unwanted browser windows from spawning. IE will permit pop-ups you initiate purposefully, such as when you click a link that triggers a new window, and it will allow you to view blocked pop-ups via a handy (and surprisingly unobtrusive) Information Bar.
Less successful is IE's new Manage Add-ons feature, which permits you to disable unwanted browser plug-ins. Some plug-ins, such as adware programs, can be quite malicious. While the ability to disable undesirable plug-ins is laudable, Manage Add-ons is unable to delete them completely--a silly limitation when many PCs already have useless (and potentially dangerous) spyware or adware plug-ins installed, and the process to remove plug-ins is tedious and user-unfriendly (click Tools, Internet Options, click the Settings button, click the View Objects button, select the plug-ins that you don't want, and press the Delete key).
SP2 Blocks Some ExecutablesThe new Safe Attachment Execution Service will prevent you from running potentially dangerous types of files that you either download through a Web browser or receive through e-mail or an instant message. Applications in XP that support downloading attachments--IE, Outlook Express, and Windows Messenger--will be supported immediately, but third-party software companies will need to build support into their applications.
The feature works the same way in all three XP applications: Any file you download that the service deems unsafe (such as a .pif, .scr, or .exe file) will initially be soft-blocked (you'll see a pop-up warning message about the dangers of downloading such an attachment). If you downloaded the file through IE, you'll see a second warning message when you try to run or open the download, asking if you're really, truly sure you want to run it. Click the Run button, and you're good to go.
But if you're using Outlook Express or Windows Messenger, and you override the first warning message, the file will appear on your hard drive in a hard-blocked state--it won't run unless you deliberately go into that downloaded program's Properties dialog box and manually click a button labeled Unblock within its Advanced Properties tab.
SP2 also introduces fundamental changes (called NX, or No eXecution) that will make it more difficult for hackers to exploit certain kinds of common vulnerabilities; the most important of these additions, however, work only on PCs with 64-bit processors, such as AMD Athlon-64-based systems or computers using Intel's upcoming 64-bit Pentium 4 and Xeon CPUs. PCs running on common 32-bit Intel or AMD chips get no benefit.
Though SP2 dramatically raises the bar on security, it provides you no way to clean up after a successful malware incursion; you will still need to run an up-to-date antivirus utility and a spyware removal tool to rid your computer of assorted junk that shouldn't be there in the first place.
Functional ImprovementsOf course, Windows XP Service Pack 2 isn't solely about security fixes; Microsoft couldn't resist inserting a few other interesting new features into this update.
One is a mea culpa of sorts: In the original XP release, Microsoft integrated support for wireless networks, dramatically simplifying the process of configuring and connecting to wireless networks. But XP made it too easy to connect to insecure wireless networks, so in XP Service Pack 1 the company added an annoying click-through dialog box. Every single time you tried to connect to a Wi-Fi network without security, you would get a warning. Outraged users found that they couldn't even connect to their own home networks easily anymore because they had no way to turn the alert off.
In SP2, Windows still raises an alarm the first time you connect to a wireless network that has no security turned on, but you get a chance to override its objection permanently. Once you do so, every time you try to connect to the same insecure network thereafter, Windows won't complain.
The new Wireless Network Connection applet (which appears when you right-click the wireless adapter's system tray icon and choose View available wireless networks) is a model of clarity compared with the previous version. Now, at a glance, you can peruse the available wireless networks, determine their relative signal strengths, see if they're protected, and easily access the settings for the wireless adapter, among other features.
Also, SP2's Wireless Network Setup Wizard dramatically improves the process of initially setting up and connecting to wireless networks. The software even includes a way to move wireless settings from PC to PC using USB flash drives, a surprising but welcome new capability.
XP's wireless network support still lacks some features that are found elsewhere. Mac OS X, for example, makes setting up a peer-to-peer wireless network very easy. This functionality is next to impossible to replicate in XP, and the Wireless Network Setup Wizard does nothing to help.
No More Bluetooth BluesBluetooth users, rejoice. XP SP2 includes Microsoft's Bluetooth Client 2.0, a dramatic improvement to its Client 1.1, a tool that supported only Microsoft's own Bluetooth keyboards and mice. Version 2.0 introduces a Control Panel applet (which appears only if you have a Bluetooth radio in your PC), a well-designed wizard for discovering and configuring Bluetooth devices, and a tray icon to help you access the Client and monitor connected Bluetooth devices. The wizard also allows you to choose a passkey for any connected Bluetooth device--an important feature that "locks" the device to the PC so that the device can communicate only with that single computer.
From the Bluetooth tray icon, you can easily launch the Bluetooth Devices Control Panel applet, send or receive files with compatible devices, join a Bluetooth-based Personal Area Network for file sharing, or perform other related tasks. You can also selectively suspend individual Bluetooth devices, which can conserve a laptop's battery power. It's as straightforward as it should be, and for the first time the Bluetooth support in XP rivals that of OS X, previously the undisputed Bluetooth champ. Linux, by comparison, offers only rudimentary support for Bluetooth devices.
Tablet PC Edition Gets a Face-LiftUsers of Windows XP Tablet PC Edition who install SP2 will find their system updated to Windows XP Tablet PC Edition 2005. Included is a new context-sensitive Tablet Input Panel, which is what Microsoft calls the dialog box that appears whenever you use a stylus to insert text in a document. In earlier versions, the TIP always had a fixed location at the bottom of the screen; now it appears directly below wherever you want to insert some text. The new TIP also adds real-time handwriting recognition, so you can correct the text before it's transmitted to the underlying application.
Digital Media & MultimediaThough Microsoft will ship its most dramatic digital media components of 2004 (such as Windows Media Player 10) separately, XP Service Pack 2 bundles a number of multimedia upgrades that have already been released individually, including Windows Media Player 9 and Windows XP Media Center Edition 2004.
Media Player Adds Online LinksIn late 2002 Microsoft shipped a major media player upgrade: Windows Media Player 9 Series. It has been available as an optional download since then, but with SP2 it is now a required, core part of the operating system. This version of Media Player is a decent, if overly complex, all-in-one player that offers pervasive links to online music and video. Compared with Apple's elegant ITunes, which provides much of the same functionality, Windows Media Player 9 suffers from a confusing user interface--for example, a bizarre array of tiny buttons that you must hover over with the mouse pointer just to figure out what they do.
Media Center Edition EvolvesUsers who upgrade their Media Center PCs will see their OS rebranded as Windows XP Media Center Edition 2004, a major update that refines the user experience, adds support for wide-screen displays and FM radio, improves the program guide and recording features, and integrates online services. Media Center Edition 2004 is a must-have. And a couple of months after the release of SP2, another significant upgrade to Media Center Edition will add even more nifty features.
Service Pack 2: Patch Imperfect?Overall, Windows XP Service Pack 2 substantially improves the state of Windows. Microsoft's proactive approach to security in this patch--implementing some precautions at all times, even at the cost of functionality--is a welcome change of priorities. However, even though the Windows Firewall, the Internet Explorer pop-up blocker, and the IE Manage Add-ons feature address many of the security problems of today, SP2 merely scratches the surface of potential future security issues.
Until the Windows Firewall can block outbound connections, for instance, it will never fully replace a third-party application. And compared with competitors such as Linux and Apple's Mac OS X, Windows XP--even with SP2 added to it--still has a long way to go before it can ensure bulletproof security for every PC it is installed on.
Nevertheless, the bigger picture--that the security features in XP SP2 will create a new baseline of security for all Windows users--is inescapable. Even though SP2 can't fix every security problem in Windows now or in the future, the hope is that hackers won't have as easy a time breaking into an SP2-patched Windows XP system. And if every XP computer were patched with SP2, then the Internet as a whole might for a while be safer
Best Deals on PCWorld
- Software and ServicesView all »
- SecurityView all »
- Servers & StorageView all »
- Desktop PCsView all »
- NotebooksView all »