Windows service pack improves security but may clash with third-party software

Microsoft laid out the details of its plans for the development of Windows 2003 and its 64-bit roadmap during an exclusive...

Microsoft plans to ship the first service pack for Windows 2003 on 28 March.

The release will build on the results of the company’s Trustworthy Computing initiative and will include many of the security enhancements in the Windows XP SP2 desktop operating system, which Microsoft made available last August.

The release of the first service pack for Windows 2003, about 18 months after the original operating system shipped, is testimony to the stability of the product, the company said.

Several new security features are included in the service pack, such as "no execute", the processor-based security measure that tackles buffer overflow attacks, and DCom and RPC lockdown.

These prevent hackers from using the DCom and RPC services to attack a server.

In a briefing Microsoft acknowledged that these security features could lead to incompatibilities with third-party software.

"We have tested hundreds of applications to date and a handful ran into issues," said Samm DiStasio, a member of the Windows development team.

Systems management software had proved the most likely to produce incompatibilities with the service pack, DiStasio said, but added that suppliers had provided updates to overcome the problems where these had been identified.

Along with the XP SP2 security features, Windows 2003 SP1 will offer a security configuration wizard. This will provide a means for system administrators to find out what services are being run on a Windows 2003 server and disable any that are not required.

Clyde Rodriguez, a member of the Windows development team who focuses on core operating system engineering, said Windows 2003 SP1 would also boost the performance of Secure Sockets Layer security, which is used widely in software that provides secure log-ins for services such as internet banking.

Other improvements to security include boot time network protection to prevent hacking attacks before the system is fully running, and VPN quarantine to prevent insecure devices accessing the network.

Read more on IT risk management