I thought I ought to post this link in light of my recent post about WinXP SP2 news coverage.
The Register did an analysis of the security features in Service Pack 2 and concluded that it just plain wasn’t enough. Lots of services are still on by default, and as others have pointed out, the firewall only checks incoming connections, meaning once the spyware gets on your machine, the firewall won’t do you any good.
It’s an interesting read, and it approaches the issue from a completely different perspective. Rather than “It breaks stuff (which probably shouldn’t have worked in the first place),” it’s “It doesn’t do enough to fix stuff.”
To be fair, even the Register concludes that it is at least better than XP SP1, so the security isn’t all in your head. But there is the risk that people will think installing it is enough, when they still need to practice safe computing and make some effort to harden the system.