Microsoft isn't wrong: Many home and casual users really aren't paying close enough attention to security. And when blended-threat household-name viruses and worms start using multiple means of spreading themselves around the planet, the fact that several million consumer boxes have been plugged up (as soon as SP2 ships, at least) is a very good thing indeed.

Nevertheless, just how much might all that consumer touchie-feelie stuff get in the way? I'm going to explore all major aspects of the service pack in a multiple-part series on Windows XP SP2, based on the recently released RC2 code.

Windows Firewall
In retail boxes, Microsoft is enabling its revised Windows Firewall software firewall utility by default. Large enterprise customers will, of course, be able to disable the new Windows Firewall on network installations.

For the rest of us, some consideration may be in order to avoid potential software firewall conflicts. In my tests, the problem never cropped up. So the firewall is on -- just turn it off if you're running another one. Microsoft provides a new Windows Firewall Control Panel just for that purpose. In fact, Windows Firewall can be centrally managed with several configuration options, including group policies, command line, multicast support, and unattended setup.

There are also some advantages to having a firewall onboard. Windows Firewall offers solid basic protection, it's better than ICF (Internet Connection Firewall, the utility it replaces), and it's a lot better than nothing. Windows Firewall is easier to configure, and more importantly, it's better about staying out of the way of your applications. It also now has improved protection during boot and shutdown, something all top-notch software firewalls provide.

The biggest benefit, though, is probably as stand-in protection for mobile PCs connected to hotels and hotspot wireless networks. They're protected back in the office, but on the road or when working at home, they're often sitting ducks. It's very easy to turn Windows Firewall on, and the "Don't Allow Exceptions" mode locks things down with a very simple control.

Even so, Windows Firewall's intrusion prevention and outbound monitoring are not as robust as those of some other firewalls. In RC2, Windows Firewall also has a tendency to turn itself on after system updates, system restores, or in conjunction with the Windows Security Center (which we'll address in a future installment).

For my money, either ZoneAlarm 4.5 or 5.0 Pro or Symantec's Personal Firewall 2004 would be better bets for protecting road warriors out in the wild. On the other hand, Windows Firewall is about to be onboard, and you already paid for it.

Windows Firewall may be the largest feature in Windows XP Service Pack 2, but from an enterprise perspective, it's pretty small potatoes.