http://reviews.cnet.com/4520-3513_7-5324906.html?tag=cnetfd.plugSome XP SP2 changes are harder to see. Microsoft used this release to harden its operating system; in other words, Microsoft recompiled all its Windows system binaries to include a new flag, GS, which will mitigate buffer overflows, a common method used by criminal hackers (crackers) to overwrite legitimate code with malicious code on your PC. A buffer overflow is the method the Sasser worm used to infect PCs. Windows XP SP2 also makes important changes to core Windows components, such as DCOM and RPC. (Flaws within the DCOM RPC led to the damaging MSBlast attack last year.)
To fully block the aforementioned buffer overflow and the Internet worms that feed on them, you'll need to follow fine print: turns out the necessary No Execute setting isn't present in the current hardware architecture of most 64-bit and 32-bit processors on the market today. This data execution protection, or DEP, is currently available only on newer AMD and a handful of Intel's Itanium server chips. In other words, the new Windows DEP changes won't help you unless you're running XP SP2 on a machine with AMD or Intel Itanium processors. My colleague, David Berlind, has suggested that large companies looking to upgrade their hardware fleet should wait until after the first of the year, after Intel has released its chips.
And remember what I said above about the XP firewall? That it's new and improved? Well, I need to qualify that statement. Despite the firewall's improvements, it's not invincible. A month ago, I asked Fred Felmen, vice president of marketing for Zone Labs, what impact Windows XP SP2 might have on third-party firewalls such as his Zone Labs ZoneAlarm. He said the Microsoft firewall protects only against inbound threats, not outbound threats, such as keystroke-logging Trojans that report your passwords and credit card info to others. Also, the lack of outbound protection means your infected PC could still participate in distributed denial-of-service attacks. In short, I recommend keeping your third-party firewall enabled alongside Microsoft's. Two firewalls are better than one.