January 2009 / Vista Service Pack 2, Internet Explorer Alert
With the upcoming 2009 release of Windows Vista Service Pack 2, Microsoft is hoping to recreate the success of the Windows XP Service Pack 2 and breathe new life into their current operating system. Will Vista Service Pack 2 prove as successful as XP’s, or will the updates fail to impress? In this month’s Tech Brief we’ll break down all the changes in the upcoming service pack, and help you decide when the right time is to install it.
Also in this issue we’ll discuss an important announcement from Microsoft concerning Internet Explorer and a security vulnerability that can leave your computer open to hackers.
Vista Service Pack 2
What is a Service Pack?
The Windows Vista Service Pack is essentially a collection of all the updates that Microsoft has released for the Vista operating system since the last service pack was deployed (back in March of 2008). In addition to those updates, all the contents of the previous service pack are included as well as some typically noticable new security and feature enhancements.
What is included in Vista Service Pack 2?
Although the service pack is still in its final beta testing and the publicly released version may be slightly modified, the following are the major updates which Microsoft has mentioned will be included.
- Support for recording to Blu-ray discs
- Improved performance for Wi-Fi connections after returning from sleep mode
- Support for Bluetooth v2.1
- Supports exFAT, a file system that supports UTC timestamps for correct file synching across different time zones
- A simpler Wi-Fi connection feature called Windows Connect Now
- Improved power management (up to 10% better depending on the configuration) and the ability to manage those settings through group policy if Windows Server 2008 is deployed
- Support for the VIA 64-bit Nano CPU
- Adds Windows Search 4.0, the current version of Microsoft's desktop search engine. Search 4.0 improves background indexing while providing additional configuration options that improve end-user control over the search engine. (note that Search 4.0 is currently available as an optional download from Windows Update)
- Improves performance of the RSS feeds sidebar
- Improved DirectX graphic display and high-definition video playback
- Better support for Webroot Spysweeper anti-spyware software as well as Webroot Personal Firewall
- A new feature which cleans up service pack aftereffects and recovers storage space by deleting the previous versions of the files that are updated by the service pack.
When should you upgrade?
Since Vista Service Pack 2 isn’t scheduled to be deployed to the general public until possibly as late as the second half of 2009, you do have some time before you’ll be faced with the decision of installing right away or waiting. Thrive recommends you wait to install the service pack on any work computer until instructed by your IT department, as there may be features that they want turned on or off. As for your home computer, you should install the service pack when it’s made available since it will contain import security updates that you should have in place.
Internet Explorer Vulnerability Alert
In December, Microsoft sent the Internet security world scrambling by announcing that a vulnerability had been discovered which affects all versions of its popular Internet Explorer (IE) web browser. What makes this security breach so dangerous is that your computer can by compromised by simply visiting an infected website, as opposed to the more common method of downloading an infected file. This threat first appeared in China a few weeks ago where hackers were using it to steal online video game passwords to resell on the black market. With the vulnerability now public, security experts feel that it is only a matter of time before hackers worldwide start to use it for more nefarious financial gain.
How Does It Work?
According to Microsoft: “The vulnerability exists as an invalid pointer reference in the data-binding function of Internet Explorer. When data binding is enabled (which is the default state), it is possible under certain conditions for an object to be released without updating the array length, leaving the potential to access the deleted object's memory space. This can cause Internet Explorer to exit unexpectedly, in a state that is exploitable."
In simplified terms – using a vulnerability in IE’s database, hackers can place lines of code on a website which will cause IE to shut down in a manner which leaves your computer open to outside access.
How Can You Protect Yourself?
Unfortunately Microsoft has not deployed a security update for IE yet, and there is no clear timeframe on when one might be ready. In the meantime they have released a set of recommendations for protecting yourself, but since they include editing the Windows Registry, Thrive does not recommend users on work computers follow them unless instructed by their IT department.
- Do not visit foreign websites, especially those from China where this vulnerability was first noticed.
- Visit only trusted websites.
- Make sure your firewall is turned on and monitoring for outside intrusion.
- Consider using an alternative web browser such as Firefox or Google Chrome. Not that although on IE is affected by this vulnerability, no browser is impervious to all threats.
In Closing
With at least 10,000 websites so far being identified as infected, this threat is growing fast. With Microsoft giving the matter its full attention though, it’s only a matter of weeks (if not days) until a security patch is released. In the meantime, following the above steps to protect yourself and being extra careful while online should give you an advantage to staying safe. As always, if you have any questions about the topics we discussed in this month’s Tech Brief, please feel free to contact us for more information.