Top 10 Reasons to Install Windows Server 2003 SP1

Reduce your server's attack surface.

Security Configuration Wizard (SCW), one of the new features added to Windows Server 2003 in Service Pack 1 (SP1), uses an intuitive, role-based process to guide administrators through reducing the attack surface. With SCW you can disable unused services easily and quickly, block unnecessary ports, modify registry values, and configure audit settings.

Help protect newly installed servers.

In today's security environment there is a continual search for new and potentially exploitable system vulnerabilities. Post-Setup Security Updates (PSSU), another new feature of Windows Server 2003 SP1, blocks all incoming traffic to newly installed servers until the latest patches to Windows Server 2003 are downloaded and applied. PSSU also guides configuration of Automatic Updates when you first log on.

Get firewall protection from startup to shutdown.

Windows Firewall, the same core firewall technology in Windows XP Service Pack 2, is built into Windows Server 2003 SP1. Windows Firewall in Windows Server 2003 SP1 allows granular control over server and client computers through the use of Group Policy. Moreover, Windows Firewall provides boot-time protection, lowering the risk of attack just after a server is started up and while it is shutting down.

Bolster your defenses with "no execute" hardware support and software.

Data execution prevention (DEP) is a set of hardware and software technologies that performs additional checks on memory to help protect against exploitation of your system by malicious code. Windows Server 2003 SP1 fully utilizes the DEP capabilities built into servers by many manufacturers and further augments those capabilities with DEP software of its own.

Help protect your system services with stronger default settings and reduced privileges.

Services such as remote procedure call (RPC) and DCOM are integral to Windows Server 2003 and make an attractive target for hackers. By requiring greater authentication for calls of these services, Windows Server 2003 Service Pack 1 helps establish a minimum threshold of security for all applications that use these services, even if they possess little or no inherent security.

Isolate out-of-date virtual private network (VPN) assets.

VPN Quarantine automatically provides the means for limiting network access for machines on virtual private networks that are not current with regards to security updates. This prevents you from having to write your own ad hoc scripts to affect this facet of sound network security.

Monitor and audit your Internet Information Services (IIS) configuration settings.

The metabase is the XML-based, hierarchical store of configuration information for Internet Information Services 6.0. The ability to audit this store allows network administrators to track what, when, who and how a metabase change has been made.

Windows Firewall Policy Management.

Windows Server 2003 SP1 includes new Group Policies that help IT professionals centralize client and server firewall management, including application rules, port rules, and firewall logging at the client and server to help improve security in the enterprise while maintaining centralized configuration and deployment.

Help secure Internet Explorer.

Internet Explorer now contains many enhancements to help secure Windows Server 2003. For example, Internet Explorer now more effectively stops downloads of spurious files and prevents Web pages from accessing cached objects.

Avoid potentially unsafe e-mail.

Windows Server 2003 SP1 includes additional refinements to help protect the network. With Outlook Express you can now open mail in plain-text mode, preventing HTML messages from running malicious code. Outlook Express prevents e-mail from downloading external content, stopping a means by which spam senders can validate your e-mail address. Outlook Express also checks e-mail attachments with Attachment Manager, eliminating the need for your own custom code to do so.

另外，除了昨天发布的64位WinXP RTM版、Windows Server 2003 Standard x64 Edition、Windows Server 2003 Enterprise x64 Edition、Windows Server 2003 Datacenter x64 Edition等外，微软还于今天发布了DirectX 9.0 SDK April 2005 Update。微软官方表示，在这版Update当中包含Direct3D Extension Library (D3DX)、工具、样本、文档的更新，还包含针对x64和x86平台的DirectSound Runtime Debug文件以及DirectX 9.0c Runtime和Redistributable更新。根据已经安装这版本更新的用户表示，DirectX 9.0 SDK April 2005 Update的DirectX 9.0c Runtime当中包含1个debug版本的d3d9d.dll文件，据传微软的DirectX 9.1也将在年内推出。