Since the release of Windows XP in 2001, the information security situation has changed a lot. On September 9, 2002, Microsoft released Windows XP SP1 and 325 patches for Windows XP, 33 of which were related to security. In the following two years, there were as many as 64 security bulletins for Windows XP SP1, with more than 80% of critical and important security bulletins. In the meantime, another feature of malicious attacks is the use of operating system security vulnerabilities to attack, and the user's system settings, network environment and security awareness also provide opportunities for these attacks. In fact, one year after the release of Windows XP, Microsoft began implementing a plan for trusted computing. In the Trustworthy Computing white paper, Microsoft proposed the means to implement trustworthy computing: Design security: Reduce software vulnerabilities Default security: Reduce attack surface deployment security: Security measures are easier to implement user communication: Help users learn to protect themselves in Windows In XP SP2, the above methods and concepts have been well practiced. First, although SP2 is not a new operating system, 140 of its 818 fixes are Base Operating System fixes to compensate for software vulnerabilities in the design phase. In addition, Windows Firewall, Internet Explorer, Outlook Express, Windows Update, etc. are in a safe setting by default. Third, the Windows Security Center not only facilitates the security settings of the system, but also intelligently prompts users for security issues. For example, when the virus protection software is not updated in time, a security warning pops up. Windows XP SP2 Features Overview
In Windows XP SP2, Microsoft provides a variety of security technologies to help users protect against malware and other risks, thereby improving the overall security of Windows XP. These security technologies include: Network Protection This type of security technology includes Windows Firewall Enhancement and Remote Procedure Call (RPC Remote Procedure Call), which helps provide better network-based attacks like MSBlaster. protection of. These enhancements include: turning Windows Firewall on by default, shutting down ports unless the port is used, an improved configuration user interface, improved application compatibility when Windows Firewall is turned on, and enterprise management tools for Windows Firewall through Group Policy. The attack surface of the remote procedure call service is reduced, and the object runs at a lower privilege level. The DCOM architecture also adds access control restrictions to reduce the risk of being hit by cyber attacks. Memory Protection Some software allows too much data to be copied into the computer's memory, and malware attacks can take advantage of this security weakness. Usually this phenomenon is called buffer overflow. Although no single technology can completely eliminate this problem, Microsoft is using multiple security technologies from different perspectives to mitigate such attacks. First, recompile the core Windows components with the latest compilation techniques, adding protection against buffer overflows. In addition, Microsoft is working with microprocessor vendors to enable Windows to support the hardware-based Data Execution Prevention feature on microprocessors. Data Execution Protection marks all memory locations of an application as unexecutable by the CPU unless these locations explicitly contain executable code. This way, when a worm or virus is inserted into the program code and into the storage portion marked as data only, the application or Windows component will not run it. To view and set data execution protection, click the "Start" button, right-click "My Computer" in the pop-up menu, and select "Properties" in the shortcut menu. In the "System Properties" dialog that opens, select the "Advanced" tab, click the "Settings" button in the performance options, and select the "Data Execution Prevention" tab in the "Performance Options" dialog that opens. Email Processing Security technology helps stop viruses that spread through email and instant messaging (such as SoBig.F). These technologies include security-enhanced default settings and improved attachment control using the AES Attachment Execution Service application interface. This enhances the security and reliability of communications applications such as Microsoft Outlook, Outlook Express, and Windows Messenger. As a result, potentially unsafe attachments delivered via e-mail and instant messaging are isolated and affect as little as possible of the rest of the system. Browsing security Security technologies in Microsoft Internet Explorer provide protection against malicious content on the Web. One of the improvements is to lock the native zone to avoid running malicious scripts and enhancing the organization's harmful web downloads. In addition, better user controls and user interfaces help prevent malicious ActiveX controls and spyware from running without the user's knowledge. Computer maintenance A very important part of the security program is keeping the latest software and security updates on your computer and understanding the importance of updates in protecting your computer. Knowledge of security attacks and trends is also important. For example, several days or weeks before the effective attack of some known viruses and worms, corresponding software updates are already available. The added new technology helps end users stay up to date. These technologies include a security center that provides a unified location for computer security information, as well as a Windows Installer that provides security options for software installation. Security Center
Security Center is a unified interface for security setup and management of Windows XP SP2. You can access the Security Center from the control panel, or you can quickly open the Security Center from the alarm information prompt when security settings are required. . The security center is shown below. The Security Center automatically monitors the status of firewalls, automatic updates, and virus protection. If these settings are abnormal, they are warned in different colors and manners depending on the severity. For example, after you have modified the default settings for automatic updates, the underlying markup for automatic updates in the Security Center turns yellow and prompts you to check the settings. As shown below. If automatic updates are turned off, Windows security alerts and informational prompts appear in the notification area, as shown in the following figure. Click on the warning message to open the Security Center as shown below. Click the "Enable Automatic Updates" button to return to the normal security settings. In the Security Center, you can manage security settings, including Internet options, automatic updates, and Windows Firewall. In addition, you can access related resources. You can also set how the Security Center notifies users (you can turn off notifications, but this is not recommended). For Windows systems that are added to the domain, the security settings are determined by the network administrator and the Security Center will no longer notify you. Firewall
Windows Firewall is one of the major improvements in Windows XP SP2. Unlike the previous ICF (Internet Connection Firewall), by default, the Windows Firewall is enabled, and the Security Center will issue a warning message once the firewall is shut down. Another important improvement is that Windows Firewall will use stateful filtering for static rules when Windows starts. This static rule is called a boot-time policy. This allows the computer to run basic network tasks such as DNS and DHCP. Once the Windows Firewall service is running, the run-time policy will be loaded and applied and the startup-time filter will be removed. The security of the Windows Firewall at startup is based on the unique features of the operating system's software firewall. Although no cyber attacks at startup have been discovered, this security design of Windows Firewall reflects the proactive and proactive design philosophy. There are several ways to set up a Windows firewall. In the "Control Panel", you can access Windows Firewall settings through "Network and Internet Connection" and "Security Center". If the network connection is displayed in the notification area on the right side of the taskbar, right-click on the network connection and select "Change Windows Firewall Settings" as shown below. The "Windows Firewall" dialog has a total of 3 tab general tabs: you can "enable" or "close" the Windows firewall, if the firewall is enabled, you can choose "Do not allow exceptions", which will block all active communication to the computer, and Do not notify the user when blocked. This will be suitable for less secure network environments. Exceptions tab: By default, the Windows Firewall allows exceptions, four programs and services are listed in the Exceptions tab, and "Remote Assistance" is allowed by default, as shown in the following figure. The other 3 programs and services will be automatically enabled based on the Windows settings. For example, if a shared folder is set, File and Printer Sharing is automatically enabled. When other programs are blocked, the user is asked, and if Unblock is selected, the program is added to the exception list. As shown below. You can add programs to the exceptions list or delete programs in the exceptions list (except for the default of 4 programs and services). You can also edit the communication range (IP address) of the exception program to communicate with only the computer you are setting up, as shown in the following figure. The same settings apply to the port. Advanced tab: You can set up one or more selected network connections, or you can specify a security log to log dropped packets and successful connections. The "Restore to Defaults" button allows the user to quickly set to the default security state. As shown below.