XP SP2 is going to be so much more that a combination of fixes and updates, it provides a whole new layer of security infrastructure, settings and policies that defend against viruses and worms.

So if you are a developer why should you care, doesn't Service Packs only really concern system administrators and how they can get them deployed?

Oh no, IMHO developers of all types should keep an ear to the ground about what is going to be included in a service pack, as it may introduce a change that could affect your application and this is especially the case with SP2 for Windows XP.

At the most basic level, SP2 is all about security, as well as the typical scenario of a service pack being an accumulation of all hotfix’s and updates that have occurred since RTM. The basic breakdown of the changes is increased network protection, new memory protection, improved email security and enhanced browsing security.

So looking at the table below, a developer will especially have to focus on some of the changes that are going to occur.

XP SP2 Change

Web Dev

App Dev

IS/IT Admins

Users

Increased Network Protection

X

X

X

X

New Memory Protection

 

X

 

 

Improved Email Security

 

X

X

X

Enhanced Browsing Security

X

 

X

X

If you develop Web sites or Web applications, let me give you some examples of what is going to change (NOTE this is not a complete list of changes, but the high-level areas of change):

  • If your Web site/application opens up new windows or creates popups, then some of the new changes may affect you
  • If your Web site/application uses ActiveX control, the settings and security policy have changed here
  • Do you have downloads from your site. With SP2, non user initiated downloads are blocked by default, there is tighter MIME type handling and lots more
  • Do you use Internet Explorer to show HTML files from a CD, DVD or filesystem. The local machine security zone has been hardened and this may affect what you use in your scripts

If you are an Application developer that makes use of COM, DCOM, and COM+ or indeed if you do some sockets programming, then there are enhancements in the security that should you read up on. Enhancments include:

  • Windows Firewall enhancements
  • RPC Interface restrictions
  • DCOM Security enhancements
  • Do you develop your own ActiveX controls that are hosted within a browser page, then you will need to checkout the changes 
  • Do you reuse the Web Browser control, then you will need to checkout the changes 
  • Do you develop plugins or addons to Internet Explorer, e.g. Browser Helper Objects, Toolbar Extensions, then you will need to checkout the changes

Overall I think everyone that develops software or is a system administrator will need a high-level understanding of what is going to change with SP2 and consider testing applications as early as possible.

Over the next few weeks  I will breakdown some of the detail and focus on some of the areas that I am interested in, but I will also post some of the links that would be required to have a depth or breath based understanding of what is going to change.