Security Center
Windows Security Center is the centralized place in Windows XP Service Pack 2 for users to learn anything about security and perform any security-related tasks. Security Center monitors the status of three major security functions:
the firewall, automatic updates, and virus protection. If Security Center detects a problem with any of these, typically at boot time, it will display an icon and balloon message in the Windows taskbar notification area.
T
he prescription offered by Windows Security Center is to have an active firewall; to allow for daily, automatic
updates of the Windows system; and to have an active antivirus with up-to-date signatures. The status of each of these prescription elements is displayed in Security Center as a stop light.
Security Center knows about Windows Firewall, and about several third-party firewalls. It knows about the most common antivirus solutions. It has an open interface that third-party antivirus and firewall vendors can use to allow Security Center to detect the presence of their software and report its status. Users can tell Security Center that they have an undetected third-party solution, or turn off notifications about specific security vulnerabilities that don't apply in their environment.
Summary
As we've seen, Windows XP Service Pack 2 addresses new challenges to the security of personal computers by making a number of basic improvements to the operating system. It reduces common attack vectors four ways: it protects the network, protects memory, handles e-mail more safely, and browses the Internet more securely. Service Pack 2 also makes it easier to keep the system up-to-date.
Network protection is provided by the Windows Firewall, improvements to the Distributed COM security infrastructure, and improvements to the Remote Procedure Call security infrastructure. Enhanced memory protection comes from support of execution protection on compatible CPUs, and "sandboxing" of the stack and heap on all CPUs.
Message handling is safer thanks to a new Attachment Execution Service, which is used by Outlook Express, Windows Messenger, and other email and instant messaging applications. Numerous improvements to Internet Explorer make browsing more secure and more stable.
In Windows XP Service Pack 2, updates can be fully automatic. Patches are smaller and can always be removed. And, finally, Windows Security Center provides a centralized user interface for all security-related maintenance.
Glossary
Antivirus: software intended to protect a
computer against harmful virus, worm, and Trojan horse programs.
Bluetooth: a low cost short-range wireless specification for connecting mobile devices and bringing them to market.
Cable modem: a device that enables a computer or router to send and receive data over cable TV lines at high speeds.
DCOM (Distributed Component Object Model): a set of concepts and program interfaces in which client program objects can request services from server program objects residing on other computers in a network. DCOM is based on the Component Object Model (COM).
DSL (Digital Subscriber Line): a technology for bringing high-bandwidth information to homes and small businesses over ordinary copper telephone lines.
Firewall: a set of programs, which may run on a computer, a router, or a dedicated device, to protect the resources of a computer or network from other computers or networks, typically by filtering network packets.
Internet: a worldwide system of computer networks using the TCP/IP protocols.
Network: a series of points or nodes (computers, routers, and other devices) interconnected by communication paths (optical fiber,
coaxial cable, twisted pair, or other physical links). Networks can interconnect with other networks and contain subnetworks.
Patch: a quick repair or fix for a program, generally provided by the software maker to be applied in the field. Multiple patches may be combined into service packs after more extensive testing.
Port: a physical or logical connection to a computer. TCP/IP ports are numbered and assigned to specific services. For example, port 80 is the default port for HTTP, used by most Web servers.
Remote procedure call (RPC): a protocol that one program can use to request a service from a program located in another computer in a network without having to understand network details.
Service Pack: an update to a customer's software that fixes existing problems and,
in some cases, delivers product enhancements. Service packs may include multiple patches that have been tested together.
Trojan horse: a program in which malicious or harmful code is contained inside apparently harmless programming or data in such a way that it can get control and do its chosen form of damage. The term comes from an episode in Homer's Iliad.
Virus: a piece of programming code usually disguised as something else that causes some unexpected and usually undesirable event. A virus is often designed so that it is automatically spread to other computer users. Viruses can be transmitted as attachments to an e-mail note, as downloads, or be present on a diskette or CD.
Worm: self-replicating virus that does not alter files, but resides in active memory and duplicates itself.
This is a preliminary document and may be changed substantially prior to final commercial release of the software described herein.
The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication.
This white paper is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS
DOCUMENT.
Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in, or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation.
Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.
© 2004 Microsoft Corporation. All rights reserved.
Microsoft, Windows, and the Windows logo are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.
