Windows & .NET Magazine Security UPDATE--July 2, 2003

1. In Focus: Win2K SP4: A Few Things to Know

by Mark Joseph Edwards, News Editor, mark@ntsecurity.net

Microsoft has released Windows 2000 Service Pack 4 (SP4). So far, I haven't heard about any installation problems, except on Citrix MetaFrame XP systems, and I don't know exactly what those problems are. You can find installation information in our Windows & .NET Magazine Forums discussions. \[http://63.88.172.222/forums/messageview.cfm?catid=10&threadid=39892\]

As usual, the new service pack contains all the previous fixes that Microsoft has made available for Win2K. SP4 might offer a good way for you to update systems with all fixes available. I'm aware of one caveat--though so far few users have openly complained about the following occurrence.

If you have Windows Update service disabled on your systems--and I'm willing to bet that most of you do--when you install SP4, the installation program reenables Windows Update without notifying you. That move isn't exactly user-friendly, so heads up.

Also, you should take time to read the SP4 Supplemental End User License Agreement (EULA). You'll notice that Item 3, "Automatic Internet-based Services," describes several features that automatically contact Microsoft or third-party computers--in some cases, without prompting you before doing so.

In five instances, Win2K might contact Microsoft without prompting you first. The first is, of course, the Windows Update service itself. Microsoft points out that when you connect a device to your system, the correct device driver might not already be on your system. So for "ease of use" regarding Plug and Play (PnP) functionality, your system might contact Microsoft's computers transparently to obtain the proper drivers.

The second instance is rather vague because Microsoft doesn't iterate all the circumstances under which such contact might occur. According to the company, "If you are connected to the Internet, several features of the software are enabled by default to retrieve content from Microsoft computer systems and display it to you. When you activate such a feature, it uses standard Internet protocols, which transmit the type of operating system, browser and language code of your Computer to the Microsoft computer system so that the content can be viewed properly from your Computer. These features only operate when you activate them, and you may choose to switch them off or not use them. An example of this feature is Appshelp." So you have one example, Appshelp, but Microsoft doesn't offer any other examples.

The third instance in which your system contacts Microsoft transparently involves X.509 digital certificate revocation lists (CRLs) and root authority updates. Your system might also contact third parties in the process of validating certificates.

The fourth instance involves Digital Rights Management (DRM). When you download licenses to use secured content, your system also receives a list of revoked content (DRM-secured content that has been compromised). Also, if content owners ask Microsoft to revoke licenses, the revocations will be included in any revocation list. You can switch off DRM features that access the Internet if you want to.

The final instance in which software might contact Microsoft transparently involves Windows Media Player (WMP). If you don't have the proper codec, when you try to play media, the software might check for new codecs. In addition, WMP periodically checks for updates to the player itself.

Another thing about SP4 is that if you install SP4 on a system that has SP2 installed, SP4 will upgrade that system to 128-bit encryption. Also, SP4 contains more than 650 patches. Some of those patches are reportedly new security patches, which, if true, is a good reason to install the service pack--although I'm not sure why Microsoft would place new security fixes in a service pack without releasing associated security bulletins.

Before you install SP4, take time to do some reading. Read the EULA, of course, and consider reading comments from those who've installed the service pack in our Forums or on your favorite mailing lists. You can find comments in our Forums by searching on "SP4". \[http://search.win2000mag.net/query.html?qt=SP4&st=1&rf=1\]