Software developers can now test drive the latest update
to Microsoft's Windows XP operating system after the company
released a beta version of Windows XP Service Pack 2 (SP2) to
testers in its MSDN developer programme.
The company released the advance copy of XP SP2 to give IT
professionals a chance to test and give feedback on latest features
and configuration changes in SP2. Many of those changes were
introduced to make computers running XP less susceptible to viruses
and worms, such as the recent Blaster.
Microsoft called the XP SP2 beta version release a "milestone"
in its effort to make XP and its customers more secure. The
features released this week are a "subset" of those that will be
included in the final release of SP2. Beta testers' feedback will
help Microsoft determine which features to include and omit.
(
www.microsoft.com/presspass/newsroom/winxp/WindowsXPSPFS.asp.)
Among the changes in the operating system is an improved version
of firewall software that ships with XP. Formerly known as the
Internet Connection Firewall, that software is now called the
Windows Firewall and is turned on by default, blocking Windows
communications ports that are not being used by software
applications installed on an XP machine.
Beta testing will ensure the Windows Firewall does not disrupt
software applications running on Windows when SP2 ships to
customers, Microsoft said.
Microsoft also turned off a controversial administrative tool
called Windows Messenger service, which allowed computers on a
network to display text messages in pop-up desktop windows. That
feature had been discovered by spammers and used to
display advertisements and had recently been the subject of a
critical security patch from Microsoft.
Other security changes in XP SP2 are more subtle.
Microsoft changed Windows implementation of RPC (Remote
Procedure Call) that will make it harder for attackers to exploit
that service. Recent worms such as Blaster and Nachi used a
security vulnerability in RPC to infect Windows machines.
The company also locked down the Component Object Model (Com)
that governs the way software applications run in the Windows
environment and exchange information over a computer network.
Security holes in a component of Com called the Distributed
Component Object Model (DCom) were behind the Blaster and Nachi
internet worms earlier this year.
Changes in the software used to compile Windows XP's underlying
computer code has also made the operating system less vulnerable to
buffer overrun attacks, which are flaws in underlying software code
that can allow hackers to crash Windows or take control of
vulnerable systems.
On the application front, Microsoft has changed the Internet
Explorer web browser, Outlook Express e-mail client and Windows
Messenger instant messaging program, making it harder to use those
programs for launching malicious programs disguised as web page
downloads or e-mail and IM file attachments.
Windows XP SP2 also contains a host of other enhancements,
including improvements to the Automatic Update feature so that
updates are easier for users with low-capacity dial-up connections
to download and install.
Other improvements include a new version of Windows Media
Player, better support for wireless hotspots and wireless devices
such as keyboards, wireless printers and PDA using the Bluetooth
wireless technology.
Feedback from developers on the beta version of XP SP2 will be
used to improve the final version of the product, due in the first
half of 2004.
Paul Roberts writes for IDG News Service