In part one of this series, Kevin Beaver provided a primer on Windows XP Service Pack 2 (SP2) security enhancements. Part two below discusses Microsoft's isolation and resiliency initiatives and what benefits they can offer you in proactively securing Windows.
Bill Gates sent out an e-mail in March 2004 outlining four major areas Microsoft intends to focus its research and development efforts:
1) isolation and resiliency
2) updating
3) quality
4) authentication and access control
Windows XP SP2 addresses most if not all of these areas. But while updating, quality, authentication and access control are relatively self-explanatory, how does isolation and resiliency relate to a service pack?
In a nutshell, isolation and resiliency means locking down the OS by default and making it less vulnerable to attack. At first glance, the isolation and resiliency improvements of SP2 appear to be merely layered patches on top of software development practices that have excluded security over the years. But it goes deeper than that. The focus is now more on proactive protection rather than the getting hacked, patch and hope everything still works -- a method we've all become used to up to this point.
One new concept brought forth by Microsoft's isolation and resiliency efforts is dynamic system protection. This service appears to bring a fresh solution to the age-old problem of computers being more vulnerable during certain events, such as a software installations or new network connections. Apparently, Microsoft software will have features that dynamically adjust the level of protection based on what's currently taking place in real time, such as booting, software installation, remote access, etc. Pretty neat.
Considering Windows XP was initially released with an "allow all" stance on security, users continually fail to enable even the most basic security settings and Microsoft tends to be reactive rather than proactive with its own XP security countermeasures, I've become quite the security pessimist. However, it appears that Microsoft released XP SP2 (and new strategies for all of its software) to take significant steps in defending systems from cyberthugs.
There is one potential side effect to dumbing down computer systems to protect them from their own users: commoditization of computer security expertise. This is not something I like to think about. However, if you look at it from a physical security perspective, newer and never before thought of computer security vulnerabilities will likely affect us in one way or another going forward.
I think the preventative hardening of software using Microsoft's isolation and resiliency tactics are well worth the hype. Enhanced software security, regardless of who is actually implementing it, can help us all in the long run.
About the author
Kevin Beaver is founder and principal consultant of Atlanta-based Principle Logic LLC, as well as a resident expert on SearchWindowsSecurity.com. He specializes in information security assessments and incident response and is the author of the new book "Hacking for dummies" by John Wiley and Sons. Kevin can be reached at kbeaver@principlelogic.com or ask him a question on Windows security threats today.
