David Gristwood's Blog

Azure, Azure, Azure

Security and Windows XP Service Pack 2

The upcoming release of Windows XP Service Pack 2 (SP2) has had me thinking more about security.


SP2 is very much a security related release – Windows XP was launched before Microsoft’s Trustworthy Computing initiative was underway, so it hasn’t, at least not until now, benefited from the learning that came out of all our security and code reviews. Windows Server 2003, on the other hand, has been one of the main beneficiaries – for example, more than twenty of the services that were switched on in Windows Server 2000 are switched off in Windows Server 2003, and so administrators need to be deliberately and consciously switch on only those service they need. This approach obviously reduces the attack surface for Windows Server 2003, a big change from the old days when most of the common services were switched on out the box. It does mean we all need to think more about security, which is a reflection of the times we live in. I would recommend reading the Trustworthy Computing white paper for background information, and understanding more about the ideas behind our the mantra “Secure by Design, Secure by Default, Secure in Deployment”.


My main interest in SP2 was mainly from a developer perspective. Some applications will simply not run with SP2 installed, because SP2 tightens up security, and some of the defaults that developers assume will no longer be applicable. For a more detailed look at the impact of SP2 on application development, check out the article Windows XP Service Pack 2: A Developer’s View, and of course, if you do develop software, download Release Candidate 1 (RC1) of SP2 and check that your software still works with it!


The other aspect of security and SP2 that caught my attention is “spyware”  (sometimes referred to as “adware”). If you haven’t come across spyware, then here are some useful definitions, but they boil down to hidden programs that at best impact the behaviour and performance of a PC, and at worst transmit data from your PC to external web sites without your knowledge or permission. Not nice, however you look at it.


Fortunately, one of the Changes to Functionality in Microsoft Windows XP Service Pack 2 includes “locking down the Local Machine zone to prevent against the running of malicious scripts and fortifying against harmful Web downloads. Additionally, better user controls and user interfaces are provided that help prevent malicious ActiveX® controls and spyware from running on customers’ systems without their knowledge and consent”. Another good reason to install SP2 when it comes out later this summer 2004!


The other good news is that there are a number of utilities and tools that colleagues have recommended, that can help out, and so I though it would check out a few. I know I am not alone with finding spyware obtrusive and annoying – one of my colleagues at Microsoft, Mike Platt, hit on this same issue in one of his recent blogs.


One of the most popular of these utilities is Ad-Aware from Lavasoft, which has the “ability to comprehensively scan your memory, registry, hard, removable and optical drives for known datamining, aggressive advertising, and tracking components”. I ran it one my machine, and it came up with over 60 tracking cookies, which I happily let it remove for me!


Another is Spybot – Search & Destroy which can “can detect and remove a multitude of adware files and modules from your computer. Spybot also can clean program and Web-usage tracks from your system”. It found a couple more tracking cookies, but nothing more suspicious. It also creates a restore point before it does its work, which is a nice touch, just in case things go wrong.


The final tool I checked out was HijackThis, which “lists all installed browser add-on, buttons, startup items and allows you to inspect, and optionally remove selected items”. There is a nice little Quick Start tutorial for it. This tool is more powerful in terms of removing programs hooked into Internet Explorer and Windows, but as it warns “it cannot determine what is bad and what merely customized by you”, so it suggests saving the results of its search to a log file so that other  can provide more advice if you are uncertain.


So, it can be done. Take care, and don’t forget our “Protect your PC in 3 Steps” guidelines at www.microsoft.com/security/protect/