The code for release candidate 2 finally looks like a real release candidate. And sure enough, it will help you big-time with security. But what sorts of headaches will the eventual final version mean for IT shops? We'll take it piece by piece.
Remember when Microsoft said service packs wouldn't deliver any new functionality? That lasted for about six months back in 1997. Windows XP Service Pack 2 is jammed-packed with both invisible and visible improvements to Windows XP. The biggest boon is that the free update, which will probably ship some time in September, does in fact make Windows XP far more secure. Many of the other user interface bits are aimed more at protecting Microsoft, you, me, and everyone from what consumers don't know about securing their computers. As a result, they just don't matter that much to IT shops.
But Microsoft isn't wrong on that point: Many home and casual users really aren't paying close enough attention to security. And when blended-threat household-name viruses and worms start using multiple means of spreading themselves around the planet, the fact that several million consumer boxes have been plugged up (as soon as SP2 ships!) is a very good thing indeed.
Nevertheless, just how much might all that consumer touchie-feelie stuff get in the way? I'm going to explore all major aspects of the service pack in a multiple-part series on Windows XP SP2, based on the recently released RC2 code.
In retail boxes, Microsoft is enabling its revised Windows Firewall software firewall utility by default. Large enterprise customers will, of course, be able to disable the new Windows Firewall on network installations. But not every company installs or updates Windows that way.
(click image for larger view)
Windows Firewall's high water mark is probably its ability to be turned on when mobile PCs are the most vulnerable, out of the office, passing from one hotspot to the next. The "Don't Allow Exceptions" check box adds extra protection for the road or home environments.
For the rest of us, some consideration may be in order to avoid potential software firewall conflicts. In my tests, the problem never cropped up. So the firewall is on. Turn it off if you're running another one. Microsoft provides a new Windows Firewall Control Panel just for that purpose.
There are also some advantages of a firewall onboard. Windows Firewall offers solid basic protection; it's better than ICF (Internet Connection Firewall, the utility it replaces), and it's a lot better than nothing. Windows Firewall is easier to configure, and more important, it's better about staying out of the way of your applications. It also now has improved protection during boot and shutdown, something all top-notch software firewalls provide.
The biggest benefit, though, is probably as stand-in protection for mobile PCs connected to hotels and hot-spot wireless networks. They're protected back in the office, but on the road or when working at home, they're often sitting ducks. It's very easy to turn Windows Firewall on, and the "Don't Allow Exceptions" mode locks things down with a very simple control.
Even so, Windows Firewall's intrusion prevention and outbound monitoring are not as robust as those of some other firewalls. In RC2, Windows Firewall also has a tendency to turn itself on after system updates, system restores, or in conjunction with the Windows Security Center (which we'll address in a future installment).
For my money, either ZoneAlarm 4.5 or 5.0 Pro or Symantec's Personal Firewall 2004 would be better bets for protecting road warriors out in the wild. On the other hand, Windows Firewall is about to be onboard, and you already paid for it.
Windows Firewall may be the largest feature in Windows XP Service Pack 2, but from an enterprise perspective, it's pretty small potatoes.
Building A Mobile Business MindsetAmong 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps – and it's past time for those with no plans to get cracking.