Microsoft is trying to reduce security holes in its Windows
XP operating system by disabling the package's Windows Messenger
Service and activating its Internet Connection Firewall by
default.
The decision was announced at Microsoft's Professional Developers'
Conference last week. It follows chief executive Steve Ballmer's
statement last month that Microsoft was looking at ways that
Windows could shield itself against attacks instead of relying on
third-party solutions.
Microsoft has now deemed the Windows Messenger Service
non-essential, after discovering a buffer overflow in the program
that allows attackers to remotely place and run malicious code on
vulnerable XP machines.
The company has already released a security patch, but has bowed to
user calls for the feature to be disabled by default as a way of
improving corporate security.
Amy Carroll, director of the Microsoft security business unit, said
the change would be contained in the soon-to-be-released Windows XP
Service Pack 2.
Carroll also said Microsoft was considering changes to the default
settings of the Internet Explorer browser to make it more secure
against potential attacks.
She said the size of Microsoft security patches had been reduced by
35% in the past year, in order to make them easier to manage and
install. The size would be reduced by 80% by May 2004, she added.