Windows: Security Is Suddenly Job One

This upgrade should zap more viruses, worms, and other nasties

Microsoft (MSFT ) has always promoted new versions of Windows by talking up features designed to make computer use easier and more fun. The prosaically named Windows XP Service Pack 2 is starkly different. While it amounts to a major release in size and scope, it could also be called the cod liver oil of software upgrades: nasty but good for you.

SP2, which was published on Aug. 6 and will be available through the Windows Update service by the end of the month, is an outgrowth of Microsoft's two-year-old initiative to fix Windows' pervasive security problems. It marks a reversal of Microsoft philosophy that routinely favored convenience over security.

Internet Explorer is Exhibit A. It was designed to make it easy for Web sites to download software -- from browser plug-ins to entire applications -- to PCs, with little or no intervention from the user. This process has proved to be hopelessly insecure, contributing to an epidemic of viruses, worms, Trojan horses, and other plagues.

IE gets a total rewrite in SP2, designed to make it harder but safer to use. The biggest changes in the browser, not available for Windows versions other than XP, affect the handling of downloads. You must explicitly approve the download of any files other than pictures or sounds that are part of the page, and give further permission to install programs. Moreover, IE objects if the Web site cannot certify the software's publisher. (For more on this technology and how it can protect you, see "How a Digital Signature Works")

I SPENT SEVERAL WEEKS RUNNING preliminary versions of SP2. For most Web sites, it works fine, though downloads can be a bit of a nuisance. On sites that I have known to be sources of surreptitious spyware, the browser froze instead of notifying me that a download had been blocked. Rebooting was annoying but better than the alternative. Some public Web sites and many corporate custom applications will have to be reprogrammed to work with the new version.

Another obvious change in SP2 is the new Windows Firewall. The system, designed to block worms from attacking your computer over a network, is much more capable than the older Internet Connection Firewall. Unlike its predecessor, it is automatically turned on -- and Windows objects if you turn it off. When a program not on the firewall's approved list (which includes key Microsoft applications such as Internet Explorer, Outlook, and Outlook Express) tries to gain access to a network, the firewall will block it until you grant permission. This may stop spyware and other nasty programs that have sneaked onto your computer from reporting back to their servers. The firewall is not as comprehensive or configurable as third-party offerings such as Symantec's Norton Personal Firewall, McAfee Personal Firewall, or Zone Lab's Zone Alarm. But it's a big step toward safer computing.

The new Windows Security Center is also a step up. It reports the status of your firewall (recognizing third-party products as acceptable alternatives to the Windows Firewall), checks your antivirus software, and nags you to enable automatic downloading of security patches from Windows Update.

SP2 will be a challenging download, since it runs about 80 megabytes. It will be distributed through Windows Update beginning in late August, but anyone who uses dial-up will probably want to order the free CD from Microsoft. And it's a good idea to back up your PC before installing it. My upgrade on several computers went flawlessly, but one failed, leaving a laptop unable to boot.

The new software doesn't offer any of the usual incentives to upgrade -- new features or better performance. But by attacking some of the worst security problems in Windows, it could save you a lot of trouble. Bite the bullet and install it, the sooner the better.

For a collection of past columns and online-only reviews of technology products, click here

By Stephen H. Wildstrom

    Before it's here, it's on the Bloomberg Terminal.