Windows XP SP2 RC1 Preview

First, go get it: (disclaimer — this is beta code, don’t install it on a production machine)

Now, what do you think? This has been an interesting ride for us. Six or seven months ago, SP2 was just another service pack — bug fixes mostly, some targeted customer-driven design changes, sure, but mostly following the cardinal rule of a service pack: Thou Shalt Not Add Features. Service Packs are about improvements — in stability, reliability, security, supportability… generally as many “-ity”’s as possible. Adding a feature as a rule does not help in that way. A new feature is another set of opportunities for reducing -itys. And besides, most of our enterprise customers don’t like us to introduce features (unless, of course, its a feature that they specifically want) in a service pack. One of the goals is that a Service Pack should be a no-brainer install — install it and everything is better. Adding features means that customers they need to evaluate those new features in the context of their deployment, and decide whether nor not they can support them, etc. etc. It’s a big deal. So, by avoiding adding features, we help make it easier for a company to decide to deploy the service pack, and take advantage of the ity-improvements.

So, back six or seven months ago, a key decision was made: The built-in firewall was going to be on by default. This was a big deal. Lots of apps and in-box components were not tested with a firewall — the assumption was “if the app didn’t work, turn off the firewall“. Now that assumption could not be made. An amazing amount of end-to-end testing was put into a place in an amazingly short period of time. Key components were changed to be firewall aware, the firewall gained all new more prominent UI, and the game was on. 

The on-by-default firewall put an interesting spin on things. SP2 was going to be a scenario-breaker. People were going to have to think very hard about how and when to install it. It was a big step for a service pack. But the state of the world demanded it. But, it was also an opportunity. Many teams had detailed plans for security changes in their components for Longhorn. Across the board, many of those plans were brought forward to Windows XP SP2. You can see the results of that by browsing the “changes to functionality” document.

Since I’m in the Networking UI arena, that’s obviously what I care most about. There have been lots of changes, some obvious, some not-so-obvious. The firewall is an obvious one. The Network Experience team (the team I’m part of) was responsible for all of the changes to the firewall user experience and functionality. In other areas, we had a few security-related features that were already in the works to be released as add-ons — we merged these into the SP2 release.

First, we tackled wireless networking from a security and usability standpoint. There was a complete redesign of the wireless connection UI. The security of the network you’re connecting to is now much more prominent, and we do a much better job of ensuring that you can connect to secure networks easily (and that you’re warned when you’re connecting to non-secure networks). We also added a wizard that will help set up new home wireless networks securely (see the link off of the wireless connection UI). Finally, we added support for Wireless Provisioning Services, a new technology that lets hotspots deploy secure networks (today they’re almost all deployed as “open“ networks, which lets anyone with a wireless card sniff your data out of the air).

We also added Bluetooth Personal Area Networking (PAN) support. PAN is a Bluetooth profile that essentially creates a standard IP network over a Bluetooth connection. PAN support is the first step to enabling rich Bluetooth networking scenarios, which can be secured using the well-tested IP-based security standards (IPSec, 802.1x, etc.). Devices supporting the PAN profile are already on the market, and there should be many more in the coming year (demand it from your vendor!).

We also made significant changes to the Network Setup Wizard. This wizard has a little bit of bad reputation. If you didn’t pay attention while going through it, it could configure your computer in ways you might not have expected. This has made some web sites recommend avoiding the wizard, which is unfortunate, becaues the wizard is intended to help you to set up your computer to be a good citizen in home network — for instance, it can enable file sharing (which is off by-default), including setting up the firewall so it actually works. It can set up your computer to be a gateway for other computers or to be a client of a gateway. Anyway, we changed several things to make sure that the default path is benign, and added support for the firewall, among many other things. We’re quite proud of the new Network Setup Wizard (I had wanted to add a version number, say “1.5” to let people know things had changed, but we ultimately decided against it). 

It’s an exciting time for us. SP2 is a big and important release, and we’re looking forward to the feedback.

Comments (9)

  1. Colin Ramsay says:

    I’ll be downloading SP2 as soon as it’s fully done. But I must say that despite the admiration I have for the progress MS has made with it’s security policies, I am sorely disappointed that Internet Explorer hasn’t shipped with more improvements.

    It seems logical to me that this was the time to implement CSS2.1 in IE. It would have been a great, exciting feature to compliment the interesting developments happening elsewhere in the SP.

    Having said that, the firewall improvements alone make the upgrade worthwhile. With the proliferation of broadband, promoting firewalls will become more and more important and that’s a lot easier if XP has an advanced one by default.

  2. Adam says:

    I already like the pop up blocker.

    When will we see these changes in Server 2003?

  3. Sean says:

    Now that most of the core development of SP2 is done, my team, and many others, are transitioning some of the developers over to working on Service Pack 1 for Server 2003. Nothing’s been announced yet for the content of the service pack (so I’m not going to announce anything), but clearly we’re going to try and port whatever we can in the timeframe we have from XP into Server.

    And yeah, that pop-up blocker is slick. Thanks for the feedback!

  4. Very nice coding….

    many time i use sp1 overflow vulnerability…

    but this sp look like…..hhee….

    many tools has been added …but be carefull there is one micosoft loger in it that can not be detected by anti loger program

    idont know why micosoft do that…..

  5. meiam says:

    First ..i have a legal pre installed copy of XP but suppose I just dont want SP2..?

    Suppose I dont want to use Windows Media Player ..Internet Explorer or the new "you have no choice " firewall..? Suppose I have had it with the endles ENDLESS security patches and updates .. Suppose I simply no longer wish to give Microsoft any more hard disk space .? What then?

  6. edited additions..

    I have Broadband and I run XP but tell me ..when will the updates security patches and bug fixes EVER end..?

    I have Norton 2004 updated regularly and Zonelab Pro Firewall.

    Nevertheless Micro$oft cries daily

    " More patches ..more patches.. "

    My PC is beginning to look like a pair of hobo jeans picked up at a local thrift store.covered in patches and running out of space..

    Soon my hard drive will contain nothing but Microsoft updates patches and bug fixes.

    Next is coming the HUGE SP2download..

    IF ..IF ..IF it EVER gets debugged first..

    And even then ,we are told in advance that some applications will cease to function once it’s installed and we should just be happy to accept that tradeoff for increased security needed because of inept code creation on the part of Microsoft’$ software developers in the first place.

    well.. i’VE had it !

    What if I choose NOT to install SP2..?

    What if I’m tired of giving up more and more hard disk space to Microsoft for endless ENDLESS security updates and bug fixes…?

    What if I dont want a firewall which I cant turn totally off if I choose to ..?

    Why should I or any of us any longer continue to just say "here Microsoft ..take complete control of my PC and my internet activities"?? After all .. just because I paid for it doesnt mean my PC is mine..Right??

    What if I think "enough is enough.??"

    And believe me .. I’m there already.

  7. Sean says:

    Well, first, I’m not sure that you’re asking here. I’m not going to try and convince you that you need it. We have tons of information on what’s in SP2 and what’s great about it, but if you don’t believe it, then just don’t install it. At the end of the day, it’s your PC, you have the right to do whatever you want with it.

    We (software developers at MS) work very very hard to deliver software that people want to use. But if you don’t like it, there’s not much I, or anyone else can do about it. If you want give specific feedback, I’m more than happy to take it. But if you want to rant… I’ll listen, but I can’t take action on it. SP2 is a major change in philosophy for us. We hope to make it so that users never have to worry about Internet security issues.

    Minor things: the firewall can be turned off, easily. Patches usually replace existing files and don’t usually result in taking up noticably more disk space.

  8. Sanxion says:


    How’s about you guys bring out a slim line version of xp? Or at least giving customers more choice about what does and what does not get installed on their pic…..Like in 98?

  9. Bit-cycling says:

    A long time ago when I worked on Windows XP, I worked on a project to add Bluetooth PAN support to Windows.