Security for all
|Microsoft has decided to make its Service Pack 2 patch available to users of all Windows XP versions - licensed and pirated.|
By Chua Hian Hou
May 5, 2004
Both legitimate and unlicensed users of Microsoft's XP operating system software will be able to download the Service Pack 2 security patch for free
Microsoft's increasing concern over information security has translated into its decision to bite the bullet and make its upcoming SP2 (Service Pack 2) security patch available to all users - including those using pirated copies of its Windows XP software.
"We haven't explicitly done anything to SP2 to exclude it from pirated copies," said Microsoft group product manager Barry Goffe. The United States-based executive was interviewed via telephone.
This is unlike SP1 (Service Pack 1), which had features to prevent users with pirated copies from downloading it. In SP2's case, the mammoth 80MB to 250MB patch can be downloaded and installed on computers running both legitimate and pirated copies.
Users can also request a free CD copy of SP2, although shipping charges could apply, something which the company has yet to finalise, said Mr Goffe.
"It was a tough choice, but we finally decided that even if someone has pirated copy of Windows, it is more important to keep him safe than it is to be concerned about the revenue issue," he added.
He admitted, however, that it is more than altruism that helped Microsoft come to this decision.
"Having these unsecured users means bigger worm and virus outbreaks - which also impacts the Internet and consequently, our legitimate users as well."
The most visible changes SP2 will introduce to XP is the new Windows Firewall, a renamed, upgraded version of the ICF (Internet Connection Firewall) firewall system that shipped with the original Windows XP, and the new aggressive attitude towards security updates and controls.
Unlike ICF, Windows Firewall is turned on by default, and automatically locks up ports like DCOM (Distributed Component Object Model) popular among worm-writers.
New technology allows it to dynamically open and close ports on demand. For example, when an approved online gaming application is given permission to send or receive data over the Net, the port is opened for it, and when the application shuts down, the port is closed.
"We wanted a firewall good enough for most consumers' needs, and we believe Windows Firewall is it," said Mr Goffe.
SP2 will also make XP more aggressive towards sloppy users. For example, features like the automatic patch updating feature or Windows Firewall will no longer go away quietly if ignored, and will continue to pester users to download new patches periodically. To balance this, the company is working on coming up with more user-friendly warnings and reports of any suspicious activities that occur.
Besides these two changes, there are many other under-the-hood security features aimed at "stopping malicious code like worms, phishing attacks like websites that hijack web browsers to trick users into giving out personal information, and improving security against the buffer overrun attacks favoured by virus-writers," said Mr Goffe.
Other than security-related upgrades, SP2 also introduces a much-awaited anti-pop-up ad feature, and is integrated with the Internet Explorer Web browser to allow users to stop pop-ups that the user did not explicitly request.
The service pack is scheduled for a "first half of 2004" launch date, and the company is currently testing its first release candidate or RC1. There is expected to be at least another release candidate tested before the actual patch release.
Meanwhile, Mr Goffe noted that pirate users should not assume that the change of heart in SP2 means that Microsoft is going soft on piracy.
"We have and are developing new technologies to combat piracy for our software, but for SP2 we'll make one exception."
|Service Pack 2 will introduce Windows Firewall to XP. It is turned on by default.|
The current release candidate of SP2 (275MB) can be downloaded from:
www.microsoft.com/technet/ prodtechnol/winxppro/maintain/ sp2predl.mspx
The new and improved version of Internet Connection Firewall comes turned on by default, and is much more aggressive in turning on and off ports.
Internet Explorer will now prevent websites using scripting to open an endless array of new windows, or dubiously shaped windows outside of your viewing area that can potentially be used to capture personal information.
Internet Explorer pop-up blocker
PC users will no longer have to depend on third-party add-ons or turn off scripting altogether to stop irritating advertising pop-ups.
An improved Outlook
With SP2, the free Outlook Express e-mail browser program's preview window will be on 'lockdown' mode. This means that Outlook Express will no longer execute attachments, which contributed to the spread of mass-mailing viruses like SoBig.F.
It also stops Outlook Express from automatically displaying linked pictures, which was one way spammers used to differentiate live accounts from inactive ones.
This central administration console helps you keep track of your computer's security settings by putting all the security information in one easy-to-access location.
Media Player 9
Windows Media Player 9 will be installed together with SP2.
This fixes security problems in earlier versions of the media player.
It also saves you a fairly big download if you have not already installed Media Player 9 on your PC.