If you’re an active and with-it PC fan, your first reaction to all of this discussion might be, “Service Pack, Schmervice Pack. I already have antivirus software, anti-spyware software, and a sophisticated firewall. Do I really need to install Service Pack 2?”
The answer is yes—if you want to feel safe. The three items listed in the Security Center may represent the big-ticket changes in SP2, but they’re not the only changes. Microsoft also made hundreds of additional changes to make Windows XP more secure in the modern era.
Many of these changes are generally invisible to you. They’re deep-seated code changes designed to thwart hackers.
Here are just a few examples:
The RPC service (remote procedure call) lets a program on one computer run a program on another by remote control. In the original Windows XP, if you can believe it, Microsoft permitted anonymous RPC connections, meaning that strangers could wiggle into your computer. (This is, for example, how the Blaster worm of 2003 caused such global damage.) In Service Pack 2, anonymous connections are no longer permitted.
Some viruses and Trojan horses did their damage by causing buffer overruns—they basically filled up your memory to the point of overflow, thereby incapacitating your PC. In Service Pack 2, Windows is designed to contain any program that makes such an attempt.
Before Service Pack 2, there was a brief interval during the startup process when the Windows firewall hadn’t yet kicked in. During those few seconds, your PC was vulnerable to Internet invasion.
Fortunately, that window of opportunity has been slammed shut. The firewall now includes something called a boot-time filter that protects the PC during startup and shutdown.
Service Pack 2 also introduces some small feature changes to Internet Explorer, the standard Web browser.
As you can read in Chapter 11, there’s a new feature designed to pop-ups off your screen—that is, those infuriating advertisements that pop up in front of, or behind, the Web window you’re actually trying to read. Internet Explorer is probably the last Web browser on Earth to offer a pop-up blocker, but better late than never. You can find the details of the pop-up blocker in Section 11.1.7 .
An add-on, in Microsoft lingo, can be any bit of software that beefs up your Web browser. Some examples:
Plug-ins, like the Flash or QuickTime plug-ins that let you view online animations and movies.
ActiveX controls, little programs that can download and run right within your browser window.
Add-on toolbars, like the popular Google toolbar.
Figure 10-7. Top: The Information Bar appears automatically just underneath your toolbars. (The first time, a dialog box will call your attention to it.) The bar’s purpose: to let you know about potentially insidious security violations in your browser. Bottom: When you click the Information Bar, you’re offered the chance to see the pop-up just this time, to permit all pop-up windows from this Web site, install the questionable program, and so on. But unless you’re sure that the result is safe, you should decline.
The trouble is, any of these little goodies might, in fact, be malicious. Before SP2, they could install themselves behind your back (so-called “drive-by downloads”). Some add-ons might be designed to simulate a Windows dialog box on your screen, for example, tricking you into downloading spyware.
The bad guys will find it much more difficult to play such pranks from now on, (which isn’t to say that they won’t figure out another way to gum up your works). Whenever a Web site attempts to install an ActiveX control, open a pop-up window, or send a file to your PC, a new toolbar will appear to warn you. You’ve just met the Information Bar (Figure 10-7).
The Information Bar lets you know what the Web site is attempting to do—and if you click the bar itself, a shortcut menu offers you the chance to proceed (Figure 10-7, bottom). But if you’re not absolutely positive that the download, plug-in, or pop-up window is safe, you should decline.
Microsoft has also made it easier for you to track and manage which plug-ins you’ve installed in Internet Explorer. Just choose the Tools→Manage Add-ons command. As you can see in Figure 10-8, the resulting control center lets you turn add-ons on or off individually, see (sometimes) where each one came from, and see how often it’s been used.
Figure 10-8. Browser add-ons are a frequent source of Internet Explorer crashes. By turning certain add-ons off, you can greatly speed up your trial-and-error troubleshooting process. This box also lets you update any ActiveX controls you’ve installed, which is another way to keep safe and keep current. (To turn something off, use the Show drop-down menu to choose “Add-ons that have been used by Internet Explorer. Next, highlight an entry in the leftmost column and click Disable. Also, pay close attention to the “Publisher” column, although it’ll be blank for many add-ons; you may wish to designate certain software companies as trustworthy, and not others.)
Tip
Microsoft has beefed up Internet Explorer’s defenses to a considerable degree. But if you’d like to avoid all of its weaknesses—remember that Internet Explorer is the Number 1 target of Internet nastiness—consider switching to a superior, more modern browser like Mozilla Firefox (http://www.mozilla.org). Thanks to its greater speed, far superior interpretation of Web-page standards, tabbed windows, pop-up blocker, auto-password fill-ins, autoform fill-ins, easy-to-understand downloads window, and other features, you’ll never look back.
Another way that Internet baddies have fun is to seize control of your browser window, displaying their own material in a window size that’s so big, it even covers up your toolbars.
Once you install SP2, they can’t pull this particular stunt anymore. Scripts (programs that make other programs do stuff) aren’t allowed to resize or move Internet Explorer windows any more.
Microsoft has spent years pleading with people not to open attachments sent by email. Nevertheless, people still blithely double-click attached files, which is how one virus after another gets unleashed on their systems. Never underestimate the power of a subject line that says “I love you,” “Your refund check,” or “Anna Kournikova pics.”
Tip
Even seemingly innocent files like .jpg photographs may turn out to be virus installers. The evildoers simply name the file something like “Flowers.jpg .exe” (see the 42 spaces?).You don’t see the final filename extension, because it doesn’t fit in your email window. (You don’t even see it in the icon’s name when it’s on your desktop.) So you go ahead and open it, and boom—you’re infected.
If you use Outlook Express for email, Internet Explorer for Web downloads, or Windows Messenger for chat, you’ll now find it a lot harder to open the kinds of files that can harbor viruses. (If you’re keeping score at home, that means not only .exe files, but also those with filename extensions .ade, .adp, .app, .asp, .bas, .bat, .cer, .chm, .cmd, .com, .cpl, .crt, .csh, .fxp, .hlp, .hta, .inf, .ins, .isp, .its, .js, .jse, .ksh, .lnk, .mad, .maf, .mag, .mam, .maq, .mar, .mas, .mat, .mau, .mav, .maw, .mda, .mdb, .mde, .mdt, .mdw, .mdz, .msc, .msi, .msp, .mst, .ops, .pcd, .pif, .prf, .prg, .pst, .reg, .scf, .scr, .sct, .shb, .shs, .tmp, .url, .vb, .vbe, .vbs, .vsmacros, .vss, .vst, .vsw, .ws, .wsc, .wsf, and .wsh.)
When such a file arrives as a file attachment in Outlook Express, you’ll find that you can’t open or save it (Figure 10-9). If you double-click the message to open it into its own window, a little info strip lets you know that the file has been “blocked.”
Note
The software that blocks and quarantines these files isn’t actually written into Outlook express, Internet Explorer, and so on. It’s now part of Windows, and those programs are simply tapping into it. The point here is that Outlook, Eudora, and other programs may eventually tap into the same feature in successive versions.
If you’re really, truly sure that the attachment is safe and virus-free (for example, if you sent it to yourself from the office), here’s how you can unblock the attachment and open it.
Figure 10-9. To open a block the file, you must locate the file’s icon on the hard drive, right-click it, choose Properties from the shortcut menu, and finally choose the Unblock option. It’s a heck of a lot of hassle, but eliminates the casual release of viruses by the ranks of the clueless.
Choose Tools→Options→Security. In the resulting dialog box, turn off “Do not allow attachments to be saved that could be a virus.” Click OK.
If Microsoft could, it would send a lawyer through your screen at this point to sign a disclaimer. Outlook Express is no longer blocking your attachments. You’re on your own now, pal.
Set the attached file free of Outlook Express.
That is, if you see the attachment’s icon (because you’ve double-clicked a message to open it), drag the icon to any visible part of your desktop. Or right-click it and choose Save As from the shortcut menu.
If a little paper clip icon appears instead, click it to reveal the attachment’s name—and, while the little menu is open, drag the attachment’s icon to the desktop. (Or, from the little menu, choose Save Attachments, and choose a folder location for it.)
Double-click the icon on your desktop.
A Security Warning dialog box may appear, as shown in Figure 10-10.
Turn off “Always ask before opening this file,” if you like, and then click Run.
The file opens normally, spewing viruses and spyware all over your PC. (Just kidding.) If you turn off “Always ask,” you’ll never be interrupted by the security warning again.
Note
Alternatively, you can right-click the file’s icon on the desktop and, from the shortcut menu, choose Properties. In the dialog box, you’ll see a button called Unblock. Clicking it is exactly the same as turning off “Always ask before opening this file” as described in step 4. (Furthermore, clicking Unblock makes the Unblock button itself disappear in future appearances of the Properties dialog box.)
There are two kinds of graphics you might see in an email message:
An image attached to the message, like a baby picture from your Aunt Ethel. (Outlook Express still shows you this kind of picture, as long as you haven’t turned on the plain-text option described below.)
A programmed reference to a graphic that’s actually sitting out on a Web site somewhere. When you open the message, Outlook Express fetches the graphic and displays it right in the message.
Or, rather, used to. The problem is that when an email program sends its little “Fetch hither yon graphic” message, the Web site that receives the signal now knows that you’ve opened the original message. Boom—you’re a gold nugget for spammers, who will sell your valuable address to hundreds of other spammers who are delighted to learn that they’ve found another sucker.
So in SP2, Outlook Express no longer displays pictures that aren’t actually attached to the messages.
Tip
You can turn off this feature by choosing Tools→Options→Security tab and turning off “Block images and other external content in HTML e-mail.”
And why would you want to? Because some perfectly safe messages may not look right without their graphics, that’s why. (Some PayPal email messages, for example, use that fetch-a-graphic-from-a-Web-site technique to display the PayPal logos.)