The Empire Strikes Back: Win XP SP2
Microsoft may have been planning a second Windows XP Service Pack before the massive virus and worm invasions of last summer, but it's clear the attacks gave a new urgency to fixing the major weaknesses that made them possible.
"Some of the events may have been a catalyst for bringing SP2 out at this time," says Amy Carroll, director of Microsoft's Security Business Unit.
SP2 will address security on several fronts. First and foremost, the update will turn the OS's built-in firewall on by default--while making it compatible with functions that users expect to work regardless of firewall settings, such as file and printer sharing (which currently don't work with the firewall on). Two technologies that enable communication between networked PCs and that were exploited by worms--RPC (the remote procedure call) and DCOM (the Distributed Component Object Model)--will be reworked to make them less easily accessible by outsiders.
Microsoft is revamping core Windows components to prevent so-called buffer overruns--attacks that cripple PCs by writing too much data into software-allocated areas of memory. Also, the company is working with CPU vendors to enable Windows to support no-execute (NX) technology, in which the CPU prevents execution of code that a worm or virus has inserted in a memory area assigned for data only.
SP2 will change default settings for Outlook Express and Windows Messenger to make them more secure. It will also isolate e-mail and instant message attachments to keep them from damaging other parts of the system. Finally, SP2 will shore up IE's defenses against malicious Web content--for example, giving users better controls to keep ActiveX and other software from running on their PCs without their consent.
SP2 should be in limited beta as you read this and should ship by mid-2004. When it does, it could be a very big download: Microsoft says it will include all of SP1 (a 145MB download) plus all updates issued since SP1's release over a year ago.