First, go get it: (disclaimer -- this is beta code, don't install it on a production machine)

Now, what do you think? This has been an interesting ride for us. Six or seven months ago, SP2 was just another service pack -- bug fixes mostly, some targeted customer-driven design changes, sure, but mostly following the cardinal rule of a service pack: Thou Shalt Not Add Features. Service Packs are about improvements -- in stability, reliability, security, supportability... generally as many “-ity”'s as possible. Adding a feature as a rule does not help in that way. A new feature is another set of opportunities for reducing -itys. And besides, most of our enterprise customers don't like us to introduce features (unless, of course, its a feature that they specifically want) in a service pack. One of the goals is that a Service Pack should be a no-brainer install -- install it and everything is better. Adding features means that customers they need to evaluate those new features in the context of their deployment, and decide whether nor not they can support them, etc. etc. It's a big deal. So, by avoiding adding features, we help make it easier for a company to decide to deploy the service pack, and take advantage of the ity-improvements.

So, back six or seven months ago, a key decision was made: The built-in firewall was going to be on by default. This was a big deal. Lots of apps and in-box components were not tested with a firewall -- the assumption was “if the app didn't work, turn off the firewall“. Now that assumption could not be made. An amazing amount of end-to-end testing was put into a place in an amazingly short period of time. Key components were changed to be firewall aware, the firewall gained all new more prominent UI, and the game was on. 

The on-by-default firewall put an interesting spin on things. SP2 was going to be a scenario-breaker. People were going to have to think very hard about how and when to install it. It was a big step for a service pack. But the state of the world demanded it. But, it was also an opportunity. Many teams had detailed plans for security changes in their components for Longhorn. Across the board, many of those plans were brought forward to Windows XP SP2. You can see the results of that by browsing the “changes to functionality” document.

Since I'm in the Networking UI arena, that's obviously what I care most about. There have been lots of changes, some obvious, some not-so-obvious. The firewall is an obvious one. The Network Experience team (the team I'm part of) was responsible for all of the changes to the firewall user experience and functionality. In other areas, we had a few security-related features that were already in the works to be released as add-ons -- we merged these into the SP2 release.

First, we tackled wireless networking from a security and usability standpoint. There was a complete redesign of the wireless connection UI. The security of the network you're connecting to is now much more prominent, and we do a much better job of ensuring that you can connect to secure networks easily (and that you're warned when you're connecting to non-secure networks). We also added a wizard that will help set up new home wireless networks securely (see the link off of the wireless connection UI). Finally, we added support for Wireless Provisioning Services, a new technology that lets hotspots deploy secure networks (today they're almost all deployed as “open“ networks, which lets anyone with a wireless card sniff your data out of the air).

We also added Bluetooth Personal Area Networking (PAN) support. PAN is a Bluetooth profile that essentially creates a standard IP network over a Bluetooth connection. PAN support is the first step to enabling rich Bluetooth networking scenarios, which can be secured using the well-tested IP-based security standards (IPSec, 802.1x, etc.). Devices supporting the PAN profile are already on the market, and there should be many more in the coming year (demand it from your vendor!).

We also made significant changes to the Network Setup Wizard. This wizard has a little bit of bad reputation. If you didn't pay attention while going through it, it could configure your computer in ways you might not have expected. This has made some web sites recommend avoiding the wizard, which is unfortunate, becaues the wizard is intended to help you to set up your computer to be a good citizen in home network -- for instance, it can enable file sharing (which is off by-default), including setting up the firewall so it actually works. It can set up your computer to be a gateway for other computers or to be a client of a gateway. Anyway, we changed several things to make sure that the default path is benign, and added support for the firewall, among many other things. We're quite proud of the new Network Setup Wizard (I had wanted to add a version number, say “1.5” to let people know things had changed, but we ultimately decided against it). 

It's an exciting time for us. SP2 is a big and important release, and we're looking forward to the feedback.