In what experts are lauding as a "paradigm shift" in
Microsoft's approach toward Internet security
XP Service Pack 2 will be distributed in a default
secure mode and automatically block pop-up ads.
The update, which will begin beta testing later this
month and is scheduled for release early next year, is
slated to include an updated, default firewall; more
restrictions over remote procedure calls and
access-control restrictions; support for the Bluetooth
1.1. standard; and security upgrades to Internet
Explorer and Outlook Express.
It will disable Windows
Messenger Service, often used by spammers to sneak in
pop-up ads, and simplify the Windows Update service.
Outlook Express no longer will download external
content by default and will be more circumspect with
"The service pack is going to be quite a paradigm
change for XP," Giga director of research Michael
Rasmussen told NewsFactor. "Microsoft has been hit
hard by MS Blaster and [other] worms, but a lot of
the newer operating systems Microsoft is working on
now are deploying in a default secure configuration," he noted.
"So, a lot of what Microsoft is building into SP2 is
technology to help secure the critical infrastructure,
which is widely exposed because of the way they're
deployed," Rasmussen said. "In my opinion, they should be applauded for
stringent security measures."
On paper, they may be the least of a computer
user's problems, but pop-up ads are among the most
unavoidable and irritating of any Internet-browsing
experience. That the new service pack addresses and
blocks them has earned Microsoft praise from industry
"Those pop-ups have gone beyond an annoyance in the
last year," Laura DiDio, a Yankee Group senior
analyst, told NewsFactor. "What Microsoft is doing
here is to deliver a tangible and clear business value
... and show customers, look, we're making a clean
environment for you from a security-feature and a
"The pop-up stuff, the
spam stuff, the security features -- the fact is that
they're trying to get the patch-delivery mechanisms
delivered in a more unified, more logical way," DiDio said.
"Pop-ups. That's a continuing
annoyance," Rasmussen agreed.
"Just having them pop up all the time -- that makes
security pop into people people's minds: How secure is
this if [ads keep] popping up all the time?" he asked.
"[Pop-up advertisers] got
in by utilizing the Messenger Service, and Microsoft
knew to disable that," Rasmussen pointed out, "which is
to be commended, because
it's going to help them in their perception battle."
Making Up for Lost Time
Naturally, some might be a little skeptical about
whether or not the new updates will help or harm their
systems. After all, this is the same company whose
notorious Windows NT 4.0 patch caused more problems
than it solved. But, along with the
fact that Microsoft has begun beta-testing its
patches, DiDio said, the very features that
SP2 will boast demonstrate that
Redmond is paying attention its customers' complaints
"It's security, security, security," she said.
"Microsoft has gotten beaten up pretty good from a
press, marketing and perfection standpoint for
security, particularly over the last year or 18
months. MS Blaster and the Sobig.F virus were
devastating attacks over the summer. So they want to
convince people they're on the case, they're going to
take care of this," she said.
"They've strengthened the firewall
and [are] shipping that turned on -- telling you it's okay, we
know you might forget. The RPC stuff, they've fixed
that and battened down the hatches there. There's more
security for access privileges designed to shut down
the risk of more Blaster worm attacks," DiDio noted.
"They're saying, 'We're going to do as much as we can to take the onus
off the customer,' and this is a huge about-face from
five years ago when Windows NT 5.1 shipped with the
guest account enabled. It shows people -- look,
Microsoft is acting in good faith, they are making a
serious, significant attempt to really address these