The release of Windows XP SP2 has finally come to an end. This large patch of 270 megabytes has many new security settings and features. In fact, this patch is more security-conscious than any of Microsoft's previous ones. Among the myriad security features of XP SP2, including software and hardware data processing protection, IE pop-up blocking and improved Outlook Express attachment management, I want to focus on two: the new Security Center and the default Windows Firewall. The XP SP2 Security Center looks great (you can learn about its settings via Start-Settings-Control Panel-Security Center). It displays the status of anti-virus software, personal firewalls, and Windows auto-upgrades on the current machine through a minimized window. If the malicious code aborts these tools or the user does not upgrade, the Security Center will pop up a dialog box and a broken red heart will appear in the toolbar to remind the user until the security function is restored or upgraded. It is important to understand that the Security Center is only a general view of the security settings and is primarily used to report the security status of the machine. This means that administrators do not have central management capabilities, such as remotely locking machines or specifying better security settings when users use illegal addresses or turn off security features. Fortunately, however, users cannot turn off the Security Center. Users can choose to ignore the recommended settings and have them temporarily disappear, but they will recover and warn the user. Basically, Windows can replace some basic security settings with user self-tests. I recommend adding a description of the Security Center to your company's security training and detailed instructions to the Desktop Help Support staff or Customer Service Team who may need help with Security Center warnings. Another big feature of XP SP2 is the Windows Personal Firewall. I talked to several organizations that plan to use this built-in Windows Firewall. They believe that Windows Firewall is built-in, automatically deployed with XP SP2 and provides the required firewall functionality. It doesn't look like brains, is that the case? Not strictly speaking, this built-in firewall only provides the least amount of functionality - blocking only inbound connections, which can block some worms that use memory leaks and the network to monitor backdoors. However, this is only half the defense that users need. The truth is that more and more malicious code is installed on outbound connections that communicate with attackers, detecting commands to execute and outputting results. Causes malicious code to eradicate protection or allows an attacker to control the GUI. It's easy to find such a backdoor by crossing the built-in Windows XP Personal Firewall. You might be thinking, "If the Windows firewall blocks incoming malware, where is the malicious code for communicating with the outside?" There are many vulnerabilities available to attackers, whether or not there is an inbound filtering firewall. Perhaps the easiest way is for the user to run an attachment to an email or install other untrusted software. We can also find a large number of browser-based vulnerabilities. For example, if a user visits the wrong site, an attacker can take advantage of HTTP running in the browser to control it. We discovered this vulnerability in many Microsoft products last month, called the GDI+ driver memory leak vulnerability, which exploits the memory leak vulnerability of Windows JPEG image processing. This means that if you view the wrong image using unpatched IE, Outlook or other image projection software, the attacker will invade your territory - no inbound connections are required. Although there are patches available for GDI+ vulnerabilities, there are other undiscovered vulnerabilities. XP SP2's built-in firewall lacks filtering of outbound connections, causing the system to be exposed to numerous viruses. The built-in Windows XP SP2 firewall is very immature software and can only help some users who are online entertainment or e-commerce. It does not protect most enterprise environments.