Since 2001, since Microsoft released Windows XP, the information security situation has changed significantly. On September 9, 2002, Microsoft released Windows XP SP1, which was repaired 325 for Windows XP, with 33 and security. Ben years later, there were more than 64 security bulletins for Windows XP SP1, with an emergency and important (Important) level of security announcements more than 80%. During this time, another feature of malicious attacks is to attack the security vulnerability of the operating system, and the user's system settings, network environment and security awareness, also provide the machine to these attacks.
In fact, after the release of Windows XP a year, Microsoft began to implement a trusted computing plan. In the trusted calculation of the white paper, Microsoft puts forward the means of implementing the trusted calculation (Means):
Design security: reduce software vulnerability
Default security: Reduce attack surface
Deploy security: Safety measures are easier to implement
User communication: Help users learn to protect themselves
In Windows XP SP2, the above methods and ideas have been well practiced. First, although SP2 is not a new operating system, 140 in all 818 repairs are the Base Operating System to compensate for software vulnerabilities in the design phase. In addition, by default Windows firewall, Internet Explorer, Outlook Express, Windows Update, etc. are safe settings. Third, the Windows Security Center is not only convenient for the security settings of the system, but also intelligently prompts the user security issues, for example, when there is no timely update of viral protection software, the security warning will pop up.
Windows XP SP2 Feature Overview
In Windows XP SP2, Microsoft provides a variety of security technology to help users resist malware and other risks, thereby improving the overall security capabilities of Windows XP. These security technologies include:
Network Protection Such security technology includes Windows firewall enhancements and remote process call interface restrictions, which helps to provide better protection for network-based attack behaviors such as impact wave (MSBLASTER). These enhancements include: Default to turn on the Windows Firewall, close the port unless the port is used, the improved configuration user interface, the improved Windows firewall turns the application compatibility and the enterprise management tool for Windows Firewall through Group Policy. The attacked surface of the remote process call service is reduced, which is run at a lower privilege level. The DCOM architecture also increases access control restrictions to reduce the risk of hit by the network.
Memory Protection Some software allows too much data to be copied to computer memory, and the attack of malware can take advantage of this security weakness. Usually this phenomenon is called buffer. Although any single technique does not completely eliminate this problem, Microsoft is using a variety of security technology from different angles to mitigate such attacks. First, use the latest compilation technology to restore the core Windows components to increase the protection of buffer overflow. In addition, Microsoft is working with microprocessor manufacturers to make Windows support microprocessors based hardware-based data execution protection (Data Execution prevention "features. Data Execution Protection The memory location of the application is not enabled by the CPU, unless these locations explicitly contain the executable code. In this way, when the worm or virus is inserted into the program code and enters the storage section that is marked as only the data, the application or Windows component will not run it.
To view and set data execution protection, click the Start button, in the pop-up menu, right-click My Computer, and select "Properties" in the shortcut menu. In the Open System Properties dialog box, select the Advanced tab, click the Settings button in the Performance option, and select the Data Execution Protection tab in the Open Performance Options dialog. Email Processing Security Technology helps abort viruses (such as Sobig.f) via email and instant messaging. These techniques include security enhanced default settings, using an attachment execution service (AS Attachment Execution Service) application interface to improve attachment. This enhances the security and reliability of communications applications such as Microsoft Outlook, Outlook Express and Windows Messenger, and WINDOWS Messenger. As a result, potential unsafe accessories transmitted by e-mail and instant messaging are isolated, and other parts of the system will be affected as little as possible.
Browse Secure Technology in Microsoft Internet Explorer provides protection against malicious content in Web. One of the improvements is to lock the local area to avoid running malicious scripts and enhances organization harmful web downloads. In addition, a better user control and user interface can help prevent malicious ActiveX controls from running in the case of user unaffected.
A very important part of the computer maintenance security program is to maintain the latest software and security updates of the computer, and understand the importance of updating the protection of computer security. Knowledge with security attacks and trends is also important. For example, some known viruses and worms have a certain day or several weeks before the start of a valid attack, and the corresponding software updates are available. The added new technologies help end users stay up to date. These technologies include security centers, providing a unified location of computer security information, as well as Windows Installer, providing software installation security options. Security center
The security center is a unified interface for Windows XP SP2 for security settings and management, which can access the security center from the Control Panel, or quickly open the security center quickly from the alarm information prompt when needed. The security center is shown below.
The security center automatically monitors the firewall, automatic update, and viral protection. If these settings appear anomalies, the security is abnormal, and is warned in different colors and methods according to different severity. For example, after modifying the default settings of the automatic update, the security center is changed to yellow and prompts the settings. As shown below.
If automatic update is turned off, Windows security alerts and information prompts are displayed in the notification area, as shown below.
Click Warning Information, you can open the security center, as shown below. Click the Enable Auto Update button to return to the normal security setting status.
In the Security Center, you can manage security settings, which include Internet options, automatic updates, and Windows firewalls. In addition, you can access the resources. You can set the security center to inform the user (you can turn off the notification, but do not recommend this).
For Windows systems added to the domain, security settings are determined by the network administrator, and the security center will no longer be prompted. Firewall
Windows firewall is one of the important improvements of Windows XP SP2. Unlike previous ICF (Internet Connection Firewall), by default, the Windows firewall is enabled, and once the firewall is turned off, the security center will issue a warning message.
Another important improvement is that Windows Firewalls will use static rules when Windows startup, which is called boot-time policy. At this point, the computer is allowed to run basic network tasks such as DNS and DHCP. Once the Windows firewall service runs, load and apply Run-Time Policy and delete the startup filter. When the startup of the Windows firewall is the unique features of the operating system's software firewall. Although there is currently no online attack at any start-up, this security design of the Windows firewall reflects the design concept of active protection, the descent design.
Windows firewalls can be set via a variety of ways. In the Control Panel, you can access Windows Firewall settings through the Network and Internet Connections and the Security Center. If the network connection is displayed on the right side of the taskbar, the mouse right click on the network connection and select "Change Windows Firewall Settings" as shown below.
"Windows Firewall" dialogs have 3 tabs
General tab: You can "Enable" or "Close" Windows Firewall, if the firewall is enabled, you can select "Do not allow exceptions", which will prevent all active to the computer, and do not notify the user when blocking. This will be suitable for more unsafe network environments.
Exceptions Tab: By default, Windows Firewall Allows Exceptions, 4 programs and services are listed in the Exceptions tab, and "Remote Assistance" is allowed by default, as shown below. Other 3 programs and services will be automatically enabled according to Windows settings. For example, if the shared folder is set, "file and printer sharing" will be automatically enabled.
When other programs are blocked, the user will be queried, and if the release block is selected, the program is added to the exception list. As shown below.
Programs can be added to an exception list or delete programs in an exception list (except for default 4 programs and services). You can also edit the communication range (IP address) of the exception program (IP address) to communicate only with a certain computer, as shown below. The same settings are also suitable for ports.
Advanced tab: You can set the selected one or more network connections, or you can specify a secure log to record the discarded packets and successful connections. The Restore is the default value button to make it easy for users to quickly set to the default security status. As shown below.
Automatic update
Keep the Windows system and software in the latest state, one of the important guarantees for security. Practice shows that open Windows automatic updates can avoid almost all malicious attacks using system vulnerabilities. Therefore, Windows automatic updates are considered to be an important three important steps that guarantee system security. In fact, many users do not turn on the automatic update function, causing the system under the danger of attack, even malicious attacks, causing unnecessary losses.
Windows XP SP2 The default opens Windows automatic updates. If the user changed the automatic update setting, it will be reminded or warned, as previously shown. The Windows Update Services have been upgraded to version 5, and the update service is more efficient, and the user is more convenient. Alternatively, automatic update supports more types such as secure patches, key updates, cumulative update packages, service packages, etc. For a slow network connection user, the Bits Background Intelligent Transfer Service has greatly improved the transmission bandwidth efficiency. When using Windows Update services, less data can be transmitted and data faster, reduce the pressure of updating the enterprise network. The main features are as follows:
You can specify a time download update, such as a time period specifying the network idle.
You can set only the part of the file that only downloads only the file changes only. For example, if a 1MB file changes only one byte, BITS will only transfer several bytes instead of the entire 1MB file.
Recovered from network transmission failures. During the download process, if the network fails or loses loss, BITS can continue to transfer from the breakpoint instead of re-starting download.
Virus protection integration
Windows XP SP2 does not include virus protection software, but can be integrated with anti-virus software to better ensure the security of the system. Windows XP SP2 can detect whether anti-virus software is installed, if not detected, will issue a warning; for the detected anti-virus software, if it is not updated to the latest state, it will be warned information; in addition, if the virus is turned off, Virus real-time monitoring , Or the service starts failed, and the warning message will also pop up. As shown below.
At present, domestic anti-virus software vendors have introduced software products or patches compatible with Windows XP SP2.
Internet Explorer
Microsoft Internet Explorer is the main Internet browser program in Windows, users' browsing experience and security are important considerations for Windows XP SP2. IE security is also the basis for system security. Block pop-up windows
In view of the reality of the pop-up window being abused, Windows XP SP2 pop-up block blocks, providing control selection for the user from blocking unnecessary poppical windows. By default, most pop-up windows are blocked. Once the pop-up window is blocked, an information prompt window will be displayed and a prompt is given in the information column, and the sound prompt can be heard. As shown below.
The information prompt window explains the feature of the information bar, which can no longer populate this information next time, the window will no longer pop up the window. Click the "Understanding the File Bar" to open the Help window for IE related content.
Click the information bar, you can select a number of operations as shown below. If it is the first time to access the site, you can select "Temporary Allow Popup Window" to see if the content of the pop-up window is useful information; if you need the pop-up information of this site, you can choose "Always allow the pop-up from the site. Window "; click the Settings command, you can further set the information bar," Turn off the pop-up block block ", will allow any site to display the pop-up window; do not select the" File Bar of the pop-up window ", in the pop-up window The information bar will not be displayed when it is blocked. At this point, you can set it from the IE status bar.
Select "More Settings" to open the Popup Window Block Program Settings dialog. In this dialog, you can manually enter the address of the allowable site; you can choose whether to play the sound and display information columns, and different filter levels (the default level is middle), as shown below. In addition, press the CTRL button while opening the web page, will not block the pop-up window.
The pop-up window in the following cases will still be displayed
Open through the user clicking
Open by running in this unit
Open by an Empirical ActiveX Control from the Web Sites (INSTANTIATED)
Open from a trusted site or a local intranet area
File download and installation tips
When downloading the file from the IE, a prompt window will appear, as shown in the following figure. The prompt window displays the icon of the file and the size of the file. Depending on the different types and security of the download file, the icon below the title of the prompt window is also different.
Safety warnings are also received when installing a plus or downloaded program. For signed programs, there can be more options to determine how to handle procedures from the same distributor in the future.
Add item management and crash detection
The load item adds a variety of functions to IE (such as additional toolbars, buttons, etc.), which makes browsing more interesting or efficient. Many add items come from Internet, most add-on items prompts users of the condition of the condition of the condition of the disease. Download and install. However, some add items may be downloaded without confirmation. There are also some add-on items that are installed with Windows. You can manage the add-in to the Internet Explorer. From the Tools menu, select the Administration Add Item command to open the dialog. As shown below.
Select "Enabled" add-on, select "Disable" from the bottom of the dialog or select "Disabled" addable, then select Enable from the bottom of the dialog. After restarting Internet Explorer, set the job.
If the load item causes the web page to not be displayed or forced to close, and pop-up the crash report detects the load item problem, you can use this add-in. Or if you are an ActiveX add-on, you can try to update it to solve the problem. Outlook Express
Since Outlook Express uses the MSHTML control to process HTML content and automatically runs the scripts in the HTML header in the HTML header. Now you can read the message in plain text to reduce risk.
Some spam makers will include a picture that references to its site in the email message. Previously, when the user received these messages, the image was downloaded automatically, and its email address was valid and may be added to the spam recipient address list. In Windows XP SP2, Outlook Express restricts downloading external HTML content, avoiding users from being spammers to verify email addresses and receive spam. This feature is also convenient for the user who dials the Internet, eliminating the trouble of dialing the network when you try to read the message after you disconnect the message.
In addition, the updated Outlook Express integrates an attachment execution service (AES Attachment Execution Service) Blocks to save or open potential unsafe mail attachments.
Windows Messenger
In Windows Messenger, transfer unsafe files will be automatically rejected. To understand a list of files that are usually considered unsafe, see http://support.microsoft.com/default.aspx?scid=kb;zh-cn;291369
In addition, Windows Messenger has a user to select a display name different from its mail address. This is because some virus programs can discover the E-mail address and related contacts from the saved chat record to invade the privacy of users.
Tablet PC
Windows XP Tablet PC Edition is automatically upgraded to Tablet PC 2005 after installed Windows XP SP2. And in the input panel, handwritten identification, it has great improvements in integration with Office System.
Windows Installer 3.0
Other techniques and improvements
Better wireless network support
Bluetooth device support
USB device write protection
Add and delete the display update options in the program list
More improved management tools
in conclusion
Windows XP SP2 is a revolutionary improvement to Windows XP, which has improved and enhanced all aspects of security as a starting point, from system, management, users. Also tablies to the ease of use and user experience. Windows XP SP2 not only solves the problems in the past, but also prevents preventive repair in the future of attacks. In order to alleviate malware tools and cause hazards even without installing patches.
