In preparation for the release of Windows XP Service Pack 2 (SP2), I want to pass along some of the insights I've gained about the upcoming service pack and some of its pros and cons. In the previous installment of this Web-exclusive VIP column, "Countdown to XP SP2: Forced Protection," (April 2004, InstantDoc ID 42496), I discussed my initial concerns with what will probably be SP2's most significant feature: the automatic enabling of XP’s Internet Connection Firewall (ICF)—which, as it turns out, will be known as Windows Firewall. When I first began exploring this feature, I worried that it would wreak havoc on corporate networks and home offices alike. As it turns out, I was wrong ... or at least I overestimated the potential problems.
Initially, I worried that an XP SP2 system on which Windows Firewall was enabled wouldn't be able to participate as a domain member because ICF passes only those communications initiated by the XP machine. If an XP client asks a Web server for information, when the Web server tries to deliver the data to the XP client, ICF says “Hmm ... incoming data ... are we being hacked? No, this data is just the answer to a question that my system asked. Go on through.” But ICF won't pass communications that weren't initiated by the XP system. For example, you won't get a response when you ping an XP system that has ICF enabled. ICF discards the ping request that your system sent to the XP system because the XP system didn't initiate the conversation. . . .
Register
