Network Access Protection compatibility (NAP). Announced a
while back, this feature enables Windows XP computers to leverage the
NAP feature in Windows Server 2008. This is also found in Windows
Vista. From a compliance perspective this is a big win, as this element
enables users to better protect their network by evaluating the
connected system’s heath status, for example, the antivirus pattern
level and the patch level of the respective machine. If the computer at
time of connection complies with the prerequisite policy element then
the machine is allowed network access, if the policy is not met then
the machine is quarantined to a network segment, which has limited
access to resources. This limited access allows for the machine to be
updated to an acceptable level before being scanned again and approved
to be used on the production network.
From a remote access
perspective this feature is useful as travelling users are known to be
in “promiscuous mode”, meaning they will connect to any network or
computer that they may come across during their time away from the
office. This in turn may leave the computer exposed and the
vulnerability could be exploited or malware could slip past the
antivirus defences. This would potentially lead to a compromise and
result in unauthorised access or the malicious software could propagate
once the remote user connects. The quarantine option scans and verifies
that the computer is protected and set to an acceptable level before
being allowed access through to the remote environment. This is a long
awaited feature and is welcome in many circles. For more information
see Network Access Protection.
Product Key-less install option. As with Windows Vista,
XP SP3 installs can proceed without entering a product key during
setup. But keep your product key handy as thirty days later you will
have to enter the key in or your operating system will be reduced to a
limited mode version. Kernel Mode Cryptographic Module. This feature is a
kernel module that "encapsulates several different cryptographic
algorithms," not quite sure what that entails but I am sure this
feature is going to be used to better enhance how XP handles crypto
requests at the application layer. More encryption, more protection, as
long as the keys are secure. I look forward to this feature and am
interested in how vendors will leverage this. "Black hole" router detection algorithm. This feature enables the XP client to identify routers that drop packets. This is a backported feature found in Windows Vista.
Simple Policy Update for Windows XP: A welcome feature
that helps make things easier when it comes to the mysterious topic of
XP IPSec; the creation and maintenance of IPSec filters. The
simplification of this feature makes it a lot easier to rollout IPSec
for domain and network communication. Digital Identity Management Service (DIMS): This
feature enables the users logged into any domain based computer to
seamlessly access their certificates and private keys for applications
and services.
Wi-Fi Protected Access 2 (WPA2): This feature adds
support for WPA2, or IEEE 802.11i standard. More security for wireless
communication is a true relief as natively XP lacked the ability to do
this without a third party component. From a security perspective this
is a welcome change. I am not sure how many organizations will
implement this technology just yet as previously it has suffered from
complex design.
1,073 fixes are part of this update. These updates upgrade Windows
XP to the very latest version including all the hardware support and
software upgrades that are not included in Windows update. A common
question is: do I need to install service pack 1 and 2 before
installing service pack 3; the simple answer is no, service pack 3
already contains the updates and features of service pack 1 and 2.
Performance
After installing it was found that the performances on the laptop
improved by 16%. Figures have been reported in the industry of up-to
25% but this still needs to be clarified. The official figures are
closer to 10%.
My view
Some companies are still rolling out Windows XP; in the European
banking and trust sector. XP is now the standard and because of the
significant effort and resources required in changing an Operating
System I do not see organizations changing their tack in the near
future. Microsoft would be better off making small changes to the
operating system that would eventually amount to an upgrade by using
windows update, than by versioning and completely changing the platform
every few years. In this way the hardware would limit the feature set
and the customer experience would be dynamic.
|
