RealTime IT News

Microsoft: Windows XP SP2 Will be Disruptive

Worried that the full release of its Windows XP Service Pack 2 (SP2) will break and disrupt existing applications, Microsoft has created an online training course for developers to explain the intricacies of the security-centric OS update.

The launch of a training course is an unusual move for the software giant, which has changed many Windows XP defaults to tighten security and to simplify the software update process. "[SP2] is more than a normal roll-up of bug fixes. It is also being used to deliver a significant upgrade to enhance Windows XP security," the company said on its Microsoft Software Developer Network (MSDN) portal.

The service pack, now in beta, will make significant changes to deal with increased network protection, memory protection, improved e-mail security and enhanced browsing security; but these changes will lead to major disruption unless developers tweak their applications, the company explained.

Enterprise developers are urged to pay attention to the changes in network protection. Specifically, Windows Firewall, the RPC Interface and DCOM Security enhancements have been modified in SP2. Unless developers prepare for these changes, there will be disruptions.

For instance, the Internet Connection Firewall (ICF) will be turned on by default to reject unsolicited inbound connections through TCP/IP version 4 (IPv4). In a detailed explanation, Microsoft made it clear that IT administrators and users must make specific changes to allow applications to open certain ports.

"Windows Firewall includes an explicit setting in the firewall to enable the automatic opening and closing of ports for RPC for each profile. Thus, applications and services do not have to open specific ports in order to use RPC for inbound connections. By default, however, RPC will be blocked by Windows Firewall. This means that an application or service needs to allow the RPC ports in Windows Firewall during the installation process," the company explained, noting that some older applications may need to be manually configured.

With SP2, Microsoft is also introducing Execution Protection to protect memory space from misuse. The company explained that Execution Protection would prevent code execution from data pages such as the default heap, various stacks, and memory pools. But, Microsoft warns, some application behaviors are expected to be "incompatible with execution protection."

"Applications which perform dynamic code generation (such as Just-In-Time code generation) that do not explicitly mark generated code with Execute permission might have compatibility issues with execution protection." The company is supplying specific instructions and code samples to explain the implications of the changes for application developers.

Developer implications for changes in e-mail security and enhanced browsing have also been posted as part of the course manual.

As previously reported, the enhanced browsing changes includes a major overhaul to the Internet Explorer browser. Specific changes include a new add-on management and crash detection tool and several modifications to the browser's default security settings.