Microsoft
is to disable the Windows Messenger Service and activate the
Internet Connection Firewall (ICF) by default on Windows XP
machines in an effort to protect computers from malicious
attacks.
The changes will
be described at an informal lunchtime presentation during
Microsoft's Professional Developers Conference (PDC) in Los Angeles
by Jason Garms, an architect in Microsoft's Security Business Unit
(SBU), and are targeted for release in Windows XP Service Pack 2,
according to Amy Carroll, director of product management in
SBU.
The announcement
follows weeks of statements from Microsoft chief executive officer
Steve Ballmer and other company executives that the company was
looking at ways to increase the ability of Windows to "shield"
itself against threats from computer viruses, worms and hackers,
rather than relying on other companies' products to do so.
Among other
things, Microsoft will announce a new API (application programming
interface) for remote procedure calls (RPC) that limits access to
resources on the local machine, Carroll said.
The API will give
developers more tools to control the flow of data to and from
Windows applications and apply more specific security policies that
cover actions taken by client and server applications, according to
Pete Lindstrom, an analyst at The Spire Group.
Security
vulnerabilities in RPC and the distributed component object model
(DCOM) that Microsoft disclosed in July led to the creation of the
W32.Blaster worm, which hit corporate networks and home computers
worldwide in August.
To address
concerns about web and network-borne attacks which exploit
vulnerabilities in its products, Microsoft will describe its plans
to strengthen the default configuration of the Internet Explorer
Web browser's Local Machine and Local Intranet security zones,
Carroll said.
The configuration
of those zones controls what actions are and are not permissible
when connecting to resources on a user's local network. Microsoft
is interested in developers' feedback about whether the changes are
the right approach for security issues, Carroll said.
The company will
also talk about its plan to recompile Windows using technology
designed to sniff out security vulnerabilities in the code, Carroll
said.
Buffer overruns
are a common avenue for attacks against Windows systems, allowing
hackers to send long streams of data that cause Windows machines to
crash or to execute code written by the attacker.
While Microsoft
executives hinted at many of these changes in recent weeks, the
decision to disable the Windows Messenger Service is new.
The service has
been a standard part of Windows operating systems since the
introduction of 32-bit operating systems in the mid- 1990s,
according to Russ Cooper, moderator of the NTBugtraq security
newsgroup.
Using text
commands entered from a command prompt, users can create a pop-up
window containing messages on other users' desktops connected over
a home network, corporate network or the internet, according to
Richard Smith, an independent security consultant in Boston.
Within the past
year, spammers discovered the feature and began using it to barrage
unsuspecting users with pop-up messages containing solicitations,
he said.
Paul Roberts writes for IDG News Service