Windows XP Service Pack 2 (SP2) is a complex update with many ramifications for IT pros. TechRepublic’s Windows XP Service Pack 2 Quick Guide drills down on critical SP2 need-to-know areas, with sections on fundamentals, changes that occur after installation, deployment procedures, problem areas, and removal.
Everybody’s talking about it: the long-awaited release of
Windows XP Service Pack 2 (SP2). It’s finally here, but you may be hesitant to
install it right away. What changes will it make to your system—and will you
like them? This is the first in a series of articles that examine the effects
of SP2 on the Windows XP operating system and its components. Much ado has been
made about the new security features SP2 provides, but in these articles we’ll
look at how these changes affect your everyday use of XP. This article focuses
on the changes SP2 makes to Internet Explorer.
Favorite new features
SP2 makes more than a dozen changes to the Internet Explorer
Web browser and how it works. Some of these are transparent to the end user and
of interest primarily to Web developers. Others may frustrate users at first,
appearing to “break” the functionality of certain Web sites as part
of the never-ending tradeoff between security and accessibility. However, SP2
adds a couple of new features to IE that are sure to be noticed—and welcomed—by
all users: the new built-in pop-up blocker and the handy Add-on Manager.
IE pop-up blocker
Advertising pop-ups are the bane of every Web surfer’s
existence. These extra windows jump out of some Web pages like a plague of
frogs, obscuring the original site and forcing you to spend time and effort
clicking each one closed. You can buy programs like IHatePopups or download
freeware like the Google toolbar with its anti-pop-up technology, but many of
us wondered why Microsoft didn’t include pop-up blocking in the browser,
especially after other browser vendors such as Mozilla and Opera added this
feature to theirs.
Well, it’s finally happened: SP2 adds a pop-up blocker to
IE, and my tests show that it works well. I visited a
popular news site that’s one of the worst offenders when it comes to pop-ups,
and I heard a number of clicking sounds—indications that IE was blocking pop-ups.
A message appeared under the address bar informing me that pop-ups had been
blocked, as shown in Figure A.
|The new IE pop-up blocker informs you when a pop-up has been blocked.|
If you want to see the pop-up that was blocked, all you have
to do is click the message bar. You’ll then be given several choices, as shown
in Figure B. Specifically, you can
allow pop-ups from this site.
the pop-up blocker settings.
|Clicking the pop-up notification bar gives you a number of options.|
You can turn off the notification bar by deselecting the Show
Information Bar For Pop-Ups option. If you turn off
the information bar, the pop-up blocker will display an icon in the status bar
to notify you of blocked pop-ups.
The information bar is also used for providing information
or options that were previously displayed in dialog boxes, such as asking users
whether they want to download active content. Turning off the bar for pop-ups does
not turn it off for other notifications.
If you want to turn off pop-up blocking (it’s on by
default), you can do so from the pop-up notification bar’s context menu, or if
you have the bar turned off, click Tools | Pop-up Blocker or click Tools | Options
and select the Privacy tab. Deselect
the Block Pop-ups check box at the bottom of the page, as shown in Figure C.
|You can turn the pop-up blocker on or off from the Privacy tab in Tools |
If you click the Settings button here or from the Tools | Pop-up Blocker menu, you can enter
the URLs of sites from which you want to allow pop-ups, as shown in Figure D. You can also select whether
to play a sound when a pop-up is blocked (that “click” I mentioned
earlier) and whether to show the information bar.
Finally, you can set the filter level to one of three
(blocks all pop-ups, but you can override it with the [Ctrl] key for a
(blocks most automatic pop-ups)
(allows pop-ups from secure sites)
|You can allow pop-ups from specified sites and set the filter level.|
IE doesn’t block pop-ups from sites that are in the Local
Intranet zone or the Trusted Sites zone. To block these pop-ups, you’ll need to
remove the sites from those zones.
IE Add-on Manager
Another welcome addition to IE is the add-on management
feature. This allows you to see a list of browser add-ons that have been
installed. Many add-ons enhance browser functionality (such as third-party
pop-up blockers or search engine toolbars), but many spyware programs are
installed as add-ons, sometimes without your knowledge. To
open the Add-on Manager, click Tools | Manage Add-ons.
In the Add-on Manager window, shown in Figure E, you can view a list of the add-ons that have been used by
Internet Explorer (all those that are installed, whether currently loaded or
not) or just those that are currently loaded. You make this selection from the Show
|Use the Add-on Manager to view and disable browser add-ons.|
To disable an add-on, you only need to highlight it in the
list and then click the Enable or Disable button under Settings at the bottom-left side of the dialog
box. You can also update an ActiveX control by highlighting it in the list and
clicking the Update ActiveX button under Update at the bottom-right side of the
A closely related feature added by SP2 is Add-on Crash
Detection. If an add-on causes IE to shut down, this feature will present you
with options to disable or upgrade the add-on.
Additional security features
Other IE features installed by SP2 might not be as visible
to the user, but they make the Web browsing experience safer and more secure.
machine zone lockdown
to download, attachment, and Authenticode handling
Local machine zone lockdown
Web sites are assigned to different security zones that have
different levels of restrictions, based on how safe the sites are assumed to
be. The local machine zone is an implicit zone that encompasses all the content
on the local computer. On XP computers without SP2, the local machine zone has
minimal restrictions because files located on your local hard disk are presumed
to be safe.
However, hackers can exploit this presumption, so SP2 locks
down the local machine zone. By default, the local machine zone is even more
restricted than the Internet zone. This might affect the functionality of some
scripts and applications that host Internet Explorer. Active content may not
display as expected. However, the information bar should provide a notification
that the file has been restricted, and you can click it to remove the lockdown.
Web objects (HTML pages, graphics files, sound files,
scripts, etc.) are cached on the user’s
hard disk for better performance. When a user attempts to access Web content
that has been cached, it’s downloaded to the browser from the local cache,
rather than from the Web server, speeding up access to the content.
Without SP2, it was possible for a Web page to access
objects that had been cached from a different Web site. This created a security
hole that could be exploited. SP2 changes this, so that when you go to a site
in a different domain, that site cannot access objects cached from a site in
the original domain. Access to scriptable objects is also blocked within the
same domain if the context has changed because you have navigated to a
different site. According to Microsoft, this might affect a few applications,
causing Access Denied errors.
Changes to download, attachment, and Authenticode handling
More information has been added to the dialog boxes that
appear when you download files and attachments. The Authenticode dialog box now
gives you information about the publisher of a signed file before opening the
These are not the only changes that have been made to
Internet Explorer by SP2, but they are the ones that will have the most impact
on end users. The pop-up blocker and the Add-on Manager, in particular, greatly
improve the user experience. Other changes make browsing safer and more secure.