Desktop Value - IntroducingWindows XP Service Pack 2

with Advanced Security Technologies

Desktop Value - IntroducingWindows XP Service Pack 2

with Advanced Security Technologies

Presenter: James K. MurrayTitle: Information Technologies ConsultantCompany: A. M. Software Services, Inc.Presentation Date: June 21st, 2004

Slide 2 Microsoft Certified Partner: A. M. Software Services, Inc.

AgendaAgenda

Microsoft Security Strategy Windows XP Service Pack 2 Feature Overview Roadmap Business Value for Partners Q & A

Slide 3 Microsoft Certified Partner: A. M. Software Services, Inc.

Security exploits are proliferating Time to exploit is decreasing Exploits are more sophisticated The current approach is

insufficient

1. Security is a top priority for Microsoft

2. There is no single solution: the solution is complex

3. This problem has to be tackled across the industry

4. Change requires innovation

Security: What customers are experiencingSecurity: What customers are experiencing

Number of days to exploit

Slide 4 Microsoft Certified Partner: A. M. Software Services, Inc.

Impact of Security BreachesImpact of Security Breaches

Loss of Revenue

Wasted Business Cycles

Damage to Reputation

Loss or Compromise of

Data

Interruption of Business Processes

Damage to Customer

ConfidenceLegal

Consequences

Slide 5 Microsoft Certified Partner: A. M. Software Services, Inc.

Risk Level

Impact toBusiness

Probabilityof Attack

ROI

Connected

Productive

Security Enabled BusinessSecurity Enabled Business

Reduce Security Risk Assess the environment Improve isolation & resiliency Develop and implement controls

Increase Business Value Connect with customers Integrate with partners Empower employees

Slide 6 Microsoft Certified Partner: A. M. Software Services, Inc.

“Give us better Give us better access control”access control”“Give us better Give us better access control”access control”

“Develop reliable Develop reliable and secure softwareand secure software”

“Develop reliable Develop reliable and secure softwareand secure software”

“Simplify Simplify critical critical

maintenancemaintenance”

“Simplify Simplify critical critical

maintenancemaintenance”

““Reduce impact Reduce impact of malware”of malware”

““Reduce impact Reduce impact of malware”of malware”

Improve UpdatingImprove Updating

Engineering ExcellenceEngineering Excellence

Authentication, Authentication, Authorization, Access Authorization, Access ControlControl

Isolation and ResiliencyIsolation and Resiliency

“Provide betterProvide betterguidanceguidance”

“Provide betterProvide betterguidanceguidance”

Deliver Security Guidance, Deliver Security Guidance, Tools, ResponsivenessTools, Responsiveness

Customers have told us …Customers have told us …

Slide 7 Microsoft Certified Partner: A. M. Software Services, Inc.

Extended supportMonthly patch releasesSMS 2003Baseline guidanceCommunity investments

Broad trainingISA Server 2004

Windows XP Service Pack 2Windows Server 2003 Service Pack 1Updating enhancements

Active protection technologyVisual Studio “Whidbey”Next generation inspection

Security TimelineSecurity Timeline

2003

H1 04

Future

H2 04

Slide 8 Microsoft Certified Partner: A. M. Software Services, Inc.

Isolation and ResiliencyActive Protection Technologies

Isolation and ResiliencyActive Protection Technologies

“Shield-style” approach will give flexibility to our customers in terms of time to test/deploy

Dynamic system protection Behavior blocking Application-aware firewalls Intrusion prevention

Slide 9 Microsoft Certified Partner: A. M. Software Services, Inc.

Isolation and ResiliencyReducing the modes of attack for the Windows client

Isolation and ResiliencyReducing the modes of attack for the Windows client

Slide 10 Microsoft Certified Partner: A. M. Software Services, Inc.

Windows XP SP2 security goalsWindows XP SP2 security goals

Help protect the system fromattacks from the network

Enable more secure Email and Instant Messaging experience

Enable more secure Internet experience for most common Internet tasks

Provide system-level protection for the base operating system

Slide 11 Microsoft Certified Partner: A. M. Software Services, Inc.

Windows Firewall Formerly known as Internet Connection Firewall

Windows Firewall Formerly known as Internet Connection Firewall

Goal and Customer BenefitProvide better protection from network attacks by defaultFocus on roaming systems, small business, home users

What We’re DoingWindows Firewall will be on by default in almost all configurationsMore configuration options

Group policy, command line, unattended setupBetter user interface

Boot time protectionMultiple profile support

Connected to corporate network vs. homeEnable file sharing on home networks with Windows Firewall on

Compatibility ImpactIn-bound network connections not permitted by defaultDynamically enable ports as necessary, but only for as long as necessary, disable when done

Slide 12 Microsoft Certified Partner: A. M. Software Services, Inc.

Windows Windows FirewallFirewall

(formerly - Internet (formerly - Internet Connection Firewall)Connection Firewall)

Slide 13 Microsoft Certified Partner: A. M. Software Services, Inc.

Email / IM AttachmentsEmail / IM Attachments

Goal and Customer BenefitConsistent system-provided mechanism for applications to determine unsafe attachmentsConsistent user experience for attachment “trust” decisions

What We’re DoingCreate new public API for handling attachments more securely (Attachment Execution Services)Default to not trust less secure attachment typesOutlook Express, Windows Messenger, Internet Explorer changed to use new API More secure message “preview”Replaces AssocIsSafe()

Compatibility ImpactUse new API in your applications for better user experience, and better determination of security implications of content

Slide 14 Microsoft Certified Partner: A. M. Software Services, Inc.

Web BrowsingWeb Browsing

Goal and Customer BenefitEnsure a more secure web browsing experience

What We’re DoingLocking down local machine and local intranet zonesImproved notifications for running or installing applications and ActiveX controls - Limit UI spoofingHTML on local machine won’t be able to script unsafe ActiveX controls or access data across domains in the Local Machine Security ZoneBlocking unknown, unsigned ActiveX controlsFiles served with mismatched or missing mime-headers and file extensions may be blockedPop-up windows will be suppressed unless they are initiated by user action

Compatibility ImpactCheck for web application compatibility new defaults

Slide 15 Microsoft Certified Partner: A. M. Software Services, Inc.

Slide 16 Microsoft Certified Partner: A. M. Software Services, Inc.

Advanced Pop-up Blocker Settings

Slide 17 Microsoft Certified Partner: A. M. Software Services, Inc.

Data Execution Prevention (DEP)Data Execution Prevention (DEP)

Goal and Customer BenefitReduce exposure of some buffer overruns

What We’re DoingLeverage hardware support in 64-bit and newer 32-bit processors to only permit execution of code in memory regions specifically marked as executeReduces exploitability of buffer overrunsEnabled by default on NX capable machinesEnsure application compatibility with NX for Longhorn

Compatibility ImpactEnsure your code doesn’t execute code in a data segmentEnsure your code runs in PAE mode with <4GB RAMUse VirtualAlloc with PAGE_EXECUTE to allocated memory as executableTest your code on 64-bit and 32-bit processors with “Execution protection”

Slide 18 Microsoft Certified Partner: A. M. Software Services, Inc.

DEP User ExperienceDEP User Experience

What the user sees on buffer overrun

Adding the app to exception list

DEP Control Panel settings

Slide 19 Microsoft Certified Partner: A. M. Software Services, Inc.

Additional Enhancements in Windows SP2Additional Enhancements in Windows SP2

Windows Update client Will use a consistent engine for reporting system state and reducing inconsistent

results on secure patch availability on a computer.

Windows Media 9 Series Player Enhanced performance and security improvements over prior versions.

DirectX 9.0b Latest, most secure DirectX components include fixes to address a network

firewall change that impacts OEM pre-installs and DirectPlay.

Bluetooth Client v2.0 Includes support for the latest version of Bluetooth (v1.2) allowing customers to

take advantage of the latest wireless devices.

Unified Windows Local Area Network (LAN) client New wireless LAN will work with a broad range of wireless hotspots enabling

customers to connect seamlessly without having to install or update a third-party client.

“SmartKey” Wireless Setup Simplifies configuration of security settings for wireless networks by using USB

Flash Drive or other removable media to transfer configuration and security keys to PCs & devices.

Automatic Updates

Configured upon SP2 installation

GUI redesigned

Slide 21 Microsoft Certified Partner: A. M. Software Services, Inc.

New Bluetooth ClientNew Bluetooth Client

Improved user experience Improved security New profiles:

Personal Area Network user (PANU) File push – Object Push Profile (OPP) Virtual COM ports

Boot-mode support for keyboards Selective suspend support Benefits

Enables scenarios without the mess of wires Extends use of a loosely connected devices for use with the PC Same devices used with PC in both corporate and consumer

contexts Easy discovery of devices with Windows Bluetooth support

Slide 22 Microsoft Certified Partner: A. M. Software Services, Inc.

Improved Wireless configurationImproved Wireless configuration

Improved detection of wireless networks

Friendlier user interface

Wireless Network Setup Wizard

WEP Key configuration/transfer using removable storage

Slide 23 Microsoft Certified Partner: A. M. Software Services, Inc.

How to discuss SP2 with your customersHow to discuss SP2 with your customers

Naming: “Windows XP Service Pack 2” In Marketing Communications: “Microsoft® Windows® XP

Service Pack 2 with Advanced Security Technologies” Why your customers should care about SP2:

Advanced security technologies and default safeguards will help provide proactive protection to help guard against hackers, viruses and other security risks.

Strong Strong SecuritySecuritySettingsSettings

Security Tools:Security Tools:Manageability Manageability

& Control& Control

ImprovedImproved& Safer User & Safer User ExperiencesExperiences

Improved FirewallImproved Firewall New Internet Explorer with Security New Internet Explorer with Security

ImprovementsImprovements Safe Attachment execution ServiceSafe Attachment execution Service

Windows Security CenterWindows Security Center Pop-up Blocker for IEPop-up Blocker for IE Firewall Centralized ManagementFirewall Centralized Management

Smartkey Wireless SupportSmartkey Wireless Support Improved Wireless LAN supportImproved Wireless LAN support Bluetooth support built-inBluetooth support built-in WM Player 9 Series and Movie Maker 2.1WM Player 9 Series and Movie Maker 2.1

Slide 24 Microsoft Certified Partner: A. M. Software Services, Inc.

SP2 Value for PartnersSP2 Value for Partners

The release of SP2 creates an opportunity for you to conduct security audits with your customers: Use Microsoft Baseline Security Analyzer to check security status on

existing systems• (http://www.microsoft.com/security/guidance/tools/default.mspx)

Check for Anti-Virus and Firewall usage/status Upgrade existing Windows XP capable systems to SP2 Upgrade older PCs to new ones with Windows XP SP2

Upgrade small business networks to Windows Small Business Server 2003 with Windows Update Services installed http://www.winnetmag.com/Windows/Article/ArticleID/

41969/41969.html Windows Security Center dramatically underlines the need for AV

software for your customers This is a great revenue opportunity for you

When your customers have SP2, they’re less likely to require support Can increase your customer satisfaction Increase your credibility as reliable source of security solutions

Slide 25 Microsoft Certified Partner: A. M. Software Services, Inc.

Closing RemarksClosing Remarks

“I've been reviewing Windows products for a decade now, and very rarely have I been able to wholeheartedly recommend any product. Windows XP Service Pack 2 (SP2), however, is such a product: Barring a massive incompatibility issue, virtually every Windows XP user should upgrade to this release as soon as possible, in order to take advantage of its enhanced security features.” Paul Thurrott, Windows & .NET Magazine

Slide 26 Microsoft Certified Partner: A. M. Software Services, Inc.

Visit the Windows XP SP2 Readiness Center on MOSB : www.microsoft.com/oem

Visit the Windows XP SP2 Readiness Center on MOSB : www.microsoft.com/oem

Make security a high priority when configuring & customizing new PCs

Make security a high priority when configuring & customizing new PCs

Help us get the Windows XP installed base updated with SP2

Help us get the Windows XP installed base updated with SP2

Call to Action for PartnersCall to Action for Partners

Evaluate pre-installed applications using Microsoft security guidelines

Evaluate pre-installed applications using Microsoft security guidelines

Download Windows XP SP2 from www.microsoft.com

Download Windows XP SP2 from www.microsoft.com

Questions?Questions?

For more SP2 feature information:http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/winxppro/maintain/winxpsp2.asp

Slide 28 Microsoft Certified Partner: A. M. Software Services, Inc.

© 2004 Microsoft Corporation. All rights reserved.This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.