Frequently berated for the poor security performance of its software, Microsoft is due to release a major overhaul of its Windows XP operating system adding significantly improved protection. Windows XP Service Pack 2 is a free add-on for the software but, unlike the patches released by the company on a regular basis, SP-2 is a major upgrade which fixes numerous flaws and adds additional features. Facing an increasingly hostile online environment Windows users have suffered a seemingly endless barrage of hackers, viruses and other security issues, many of which XP seemed ill-equipped to cope with, prompting Microsoft to make security its number one priority.
Due for release in August, SP-2 will be available as a download from the Microsoft website but the company has said it will send a free CD to dial-up users on request. The security enhancements range from simple interface tweaks, such as ensuring that when a pop-up confirmation box appears the safest option is always highlighted by default, to technical under-the-bonnet changes that most users are unlikely to notice. The software includes new measures to tackle spyware and pop up ads, and the Windows Firewall will now be switched on by default.
Microsoft’s security reputation has suffered badly in the past, but SP-2 has enjoyed a relatively warm reception from security experts. Graham Cluley, senior technology consultant at security vendor Sophos said “I think it is definitely a step in the right direction and we will be encouraging as many people as possible to upgrade to the new service pack because of the extra security it offers. The principle in the past has always been ‘Turn all the functionality on, make it as easy for the user as possible, do not worry about security’ but now they are going from the other angle which is ‘Make it as secure as possible and put the onus on the user to turn off security features only if they really want to’. Having the firewall installed by default has got to be a sensible idea, that will help reduce the kind of attacks we’ve seen by Blaster and Sasser in the past.“
Many of the features in SP-2 were developed for Microsoft’s next generation of Windows, codenamed ‘Longhorn’ but the company decided to make them available in the current version of the operating system as part of its Trustworthy Computing drive to build confidence in its software. Even if this initiative succeeds, it is unlikely that the security problem will disappear for good, Cluley added “There is no such thing as a completely secure operating system, technology is part of the anti-virus answer but there is other things such as user education – you really need a multi layered approach. Some of the things they are doing will certainly reduce the risk but it is not going to mean the end of the virus problem.”