The upcoming release of Windows XP Service Pack 2 will make a lot of changes to our systems. I have tried to hit some of the main points in the last two installments of this series. In this issue I will try to explain the Internet Explorer Zone changes planned in the update.
You have two Internet Explorer security zones set up on your computer - Internet and Local Intranet. (Go to Tools | Internet Options and click on the Security tab to see them). These zones are used to allow or block certain things from happening when you are online, and they are set up with different security levels by default. The idea is that you can allow certain program behavior if you are connected to a local network (like an office is) and block that same behavior if you are connected to the Internet.
There is a third zone that is set up on your computer, but it is not one you can see or control. The Local Machine Zone is used for Web pages that are stored on your computer - usually a part of a program that you have installed. The Local Machine Zone has always been considered to be safe, so there have been no restrictions on what a program can do if it has a Web component in it. Unfortunately, attackers try to take advantage of the Local Machine Zone to run code that can cause damage or read files from your computer.
Windows XP Service Pack 2 will lock down the Local Machine Zone so that programs cannot have free reign unless they have a security aspect built into them. This is a very good thing for us, but developers may need to make some changes to their programs because of this. Look for updates to some programs that have Web functionality in them as the Service Pack nears release.
Finally, there are several new security settings in the different zones on the Security tab. A security setting for Java could be used to disable the Microsoft Java Virtual Machine (MSJVM), but this setting would also disable a Java virtual machine from any other software vendor (like Sun). Windows XP Service Pack 2 contains an Internet Explorer security setting that works exclusively with the MSJVM and allows other Java virtual machines to function correctly.
The Binary Behaviors setting is also new. Binary behavior is a programming technique that allows developers to write code in one part of a program and refer to it in other areas of the program. When you move your mouse over a link and the link turns a different color, you are seeing an example of a behavior. These behaviors have never been restricted by the security settings, which means that they could operate in the Restricted Zone. This could allow attackers to execute certain types of programs even though your security settings would normally prevent the program from running.
Like the MSJVM setting, the default value for this setting is Enable for all zones except the Restricted Sites zone. In the Restricted Sites zone, the default value is Disable.
That wraps up the Windows Service Pack 2 overview for now. There are some other things Microsoft mentions in their documentation, but they have nothing more than the line "This content is not available in this preliminary release." As that content is made available, I will pass along the pertinent details.
Credits to Mark Rider.
