Windows XP Service Pack 2 (SP2) is a complex update with many ramifications for IT pros. TechRepublic's Windows XP Service Pack 2 Quick Guide drills down on critical SP2 need-to-know areas, with sections on fundamentals, changes that occur after installation, deployment procedures, problem areas, and removal.
Everybody's talking about it: the long-awaited release of Windows XP Service Pack 2 (SP2). It's finally here, but you may be hesitant to install it right away. What changes will it make to your system—and will you like them? This is the first in a series of articles that examine the effects of SP2 on the Windows XP operating system and its components. Much ado has been made about the new security features SP2 provides, but in these articles we'll look at how these changes affect your everyday use of XP. This article focuses on the changes SP2 makes to Internet Explorer.
Favorite new features
SP2 makes more than a dozen changes to the Internet Explorer Web browser and how it works. Some of these are transparent to the end user and of interest primarily to Web developers. Others may frustrate users at first, appearing to "break" the functionality of certain Web sites as part of the never-ending tradeoff between security and accessibility. However, SP2 adds a couple of new features to IE that are sure to be noticed—and welcomed—by all users: the new built-in pop-up blocker and the handy Add-on Manager.
IE pop-up blocker
Advertising pop-ups are the bane of every Web surfer's existence. These extra windows jump out of some Web pages like a plague of frogs, obscuring the original site and forcing you to spend time and effort clicking each one closed. You can buy programs like IHatePopups or download freeware like the Google toolbar with its anti-pop-up technology, but many of us wondered why Microsoft didn't include pop-up blocking in the browser, especially after other browser vendors such as Mozilla and Opera added this feature to theirs.
Well, it's finally happened: SP2 adds a pop-up blocker to IE, and my tests show that it works well. I visited a popular news site that's one of the worst offenders when it comes to pop-ups, and I heard a number of clicking sounds—indications that IE was blocking pop-ups. A message appeared under the address bar informing me that pop-ups had been blocked, as shown in Figure A.
|The new IE pop-up blocker informs you when a pop-up has been blocked.|
If you want to see the pop-up that was blocked, all you have to do is click the message bar. You'll then be given several choices, as shown in Figure B. Specifically, you can choose to:
- Temporarily allow pop-ups.
- Always allow pop-ups from this site.
- Change the pop-up blocker settings.
|Clicking the pop-up notification bar gives you a number of options.|
You can turn off the notification bar by deselecting the Show Information Bar For Pop-Ups option. If you turn off the information bar, the pop-up blocker will display an icon in the status bar to notify you of blocked pop-ups.
The information bar is also used for providing information or options that were previously displayed in dialog boxes, such as asking users whether they want to download active content. Turning off the bar for pop-ups does not turn it off for other notifications.
If you want to turn off pop-up blocking (it's on by default), you can do so from the pop-up notification bar's context menu, or if you have the bar turned off, click Tools | Pop-up Blocker or click Tools | Options and select the Privacy tab. Deselect the Block Pop-ups check box at the bottom of the page, as shown in Figure C.
|You can turn the pop-up blocker on or off from the Privacy tab in Tools | Options.|
If you click the Settings button here or from the Tools | Pop-up Blocker menu, you can enter the URLs of sites from which you want to allow pop-ups, as shown in Figure D. You can also select whether to play a sound when a pop-up is blocked (that "click" I mentioned earlier) and whether to show the information bar.
Finally, you can set the filter level to one of three settings:
- High (blocks all pop-ups, but you can override it with the [Ctrl] key for a particular site)
- Medium (blocks most automatic pop-ups)
- Low (allows pop-ups from secure sites)
|You can allow pop-ups from specified sites and set the filter level.|
IE doesn't block pop-ups from sites that are in the Local Intranet zone or the Trusted Sites zone. To block these pop-ups, you'll need to remove the sites from those zones.
IE Add-on Manager
Another welcome addition to IE is the add-on management feature. This allows you to see a list of browser add-ons that have been installed. Many add-ons enhance browser functionality (such as third-party pop-up blockers or search engine toolbars), but many spyware programs are installed as add-ons, sometimes without your knowledge. To open the Add-on Manager, click Tools | Manage Add-ons.
In the Add-on Manager window, shown in Figure E, you can view a list of the add-ons that have been used by Internet Explorer (all those that are installed, whether currently loaded or not) or just those that are currently loaded. You make this selection from the Show drop-down list.
|Use the Add-on Manager to view and disable browser add-ons.|
To disable an add-on, you only need to highlight it in the list and then click the Enable or Disable button under Settings at the bottom-left side of the dialog box. You can also update an ActiveX control by highlighting it in the list and clicking the Update ActiveX button under Update at the bottom-right side of the dialog box.
A closely related feature added by SP2 is Add-on Crash Detection. If an add-on causes IE to shut down, this feature will present you with options to disable or upgrade the add-on.
Additional security features
Other IE features installed by SP2 might not be as visible to the user, but they make the Web browsing experience safer and more secure. These include:
- Local machine zone lockdown
- Object caching
- Changes to download, attachment, and Authenticode handling
Local machine zone lockdown
Web sites are assigned to different security zones that have different levels of restrictions, based on how safe the sites are assumed to be. The local machine zone is an implicit zone that encompasses all the content on the local computer. On XP computers without SP2, the local machine zone has minimal restrictions because files located on your local hard disk are presumed to be safe.
However, hackers can exploit this presumption, so SP2 locks down the local machine zone. By default, the local machine zone is even more restricted than the Internet zone. This might affect the functionality of some scripts and applications that host Internet Explorer. Active content may not display as expected. However, the information bar should provide a notification that the file has been restricted, and you can click it to remove the lockdown.
Web objects (HTML pages, graphics files, sound files, scripts, etc.) are cached on the user's hard disk for better performance. When a user attempts to access Web content that has been cached, it's downloaded to the browser from the local cache, rather than from the Web server, speeding up access to the content.
Without SP2, it was possible for a Web page to access objects that had been cached from a different Web site. This created a security hole that could be exploited. SP2 changes this, so that when you go to a site in a different domain, that site cannot access objects cached from a site in the original domain. Access to scriptable objects is also blocked within the same domain if the context has changed because you have navigated to a different site. According to Microsoft, this might affect a few applications, causing Access Denied errors.
Changes to download, attachment, and Authenticode handling
More information has been added to the dialog boxes that appear when you download files and attachments. The Authenticode dialog box now gives you information about the publisher of a signed file before opening the file type.
These are not the only changes that have been made to Internet Explorer by SP2, but they are the ones that will have the most impact on end users. The pop-up blocker and the Add-on Manager, in particular, greatly improve the user experience. Other changes make browsing safer and more secure.
Debra Littlejohn Shinder, MCSE, MVP is a technology consultant, trainer, and writer who has authored a number of books on computer operating systems, networking, and security. Deb is a tech editor, developmental editor, and contributor to over 20 additional books on subjects such as the Windows 2000 and Windows 2003 MCSE exams, CompTIA Security+ exam, and TruSecure's ICSA certification.