News

Gates Shows Off Windows XP Service Pack 2

New security features promise more secure desktops, says Microsoft chairman at RSA Conference 2004.

(San Francisco) Windows XP Service Pack 2 is slated to be one of Microsoft's biggest releases this year, and will include new security tools that promise to make the operating system much more secure.

At his keynote presentation at RSA Conference 2004, Microsoft Chairman and Chief Software Architect Bill Gates addressed a number of security topics and ignored others, including questions about recent vulnerabilities discovered in Windows.

Gates emphasized that Microsoft has the biggest research and development budget of any software company—about $6 billion. He said that the lion's share of that "bucket" of R&D money goes for security research, and showed some of the results, including the new features of XP SP2.

The most important one is the Windows Security Center, which was shown in public for the first time. It's a screen that shows the status of three key items for keeping XP safe.

  • The Windows Firewall. This replacement for the Internet Connection Firewall will be on by default, unlike previous versions.
  • Anti-virus software, including whether it's installed, and if it's current.
  • Automatic Updates, and whether or not it's enabled.

"For consumers," Gates said, "The message is simple: Automatic Updating should be turned on."

Settings for all three items are configurable from the screen, and can also be managed through group policy or scripts. An interesting feature of the firewall is that it blocks all ports by default, and alerts the user if a program across the Internet tries to access a port on the XP computer. When that happens (the example shown was of an Internet-based game), a warning message pops up asking if the user wants to open the port. If Yes is clicked, the port's opened and the session can continue; the port is automatically closed after the session ends. With XP SP2, administrators will also have the ability to block any ports from being opened on an end-user's computer. The product was demonstrated by Zachary Gutt, a Microsoft product manager in the business security unit.

Bill Gates and Gavin Jancke (r)
Bill Gates, Microsoft Chairman and Chief Software Architect Bill Gates observes as Gavin Jancke, Development Manager with Microsoft Research, shows new biometric ID-card technology during Gates' keynote presentation at RSA Conference 2004. (Photo: Microsoft.)

To reinforce his point about Microsoft's security emphasis, Gates displayed a chart showing that for the first 292 days following Windows 2000 Server's release, Redmond issued 38 "critical" and "important" security bulletins for vulnerabilities. During the same time period for Windows Server 2003, there were nine bulletins.

Gates also briefly addressed the recent Internet release of Windows source code. Although Microsoft hasn't said how the code was stolen, he did confirm that it wasn't one of its shared-source partners.

Turning to the next version of Visual Studio, code-named "Whidbey," Gates said it will include new tools for developers that will encourage safer coding practices, including development of applications that don't require a user to have administrative privileges to install or run programs. There will also be a built-in tool, called PREfast, that will scan the code and search for vulnerabilities like buffer overflows.

Looking further into the future, Gates said that coming generations of Windows will include "Active Protection Technology," (APT) which makes computers—both clients and servers—more resilient in both preventing and containing attacks. Using a methodology called "behavior blocking," a computer would be able to recognize behavior that's out of the ordinary and protect itself. For example, it would note the way the Blaster worm tried to exploit the Remote Procedure Call (RPC) vulnerability, and take action to prevent the exploit, perhaps by shutting down RPC or closing ports.

Gates also updated the Microsoft roadmap, although much has not changed. In the first half of 2004, expect to see releases of XP SP2, Software Update Services (SUS) 2.0 and Internet Security and Acceleration (ISA) Server 2004. In the second half of 2004, look for Windows 2003 SP1. In the cloudy future (no dates were given) will come APT, Whidbey and the Next Generation Secure Computing Base.

About the Author

Keith Ward is the editor in chief of Visual Studio Magazine.

comments powered by Disqus

Reader Comments:

Mon, May 16, 2005 Anonymous Anonymous

are we smokin out at lunch or what?

Tue, Jan 18, 2005 Anonymous Anonymous

is this what we were supposed to read for mgsc 290 with prof. ross?

Wed, Sep 8, 2004 Ife Martins Nigeria

We all know that using linux is one thing that qualifies one a good PC user but that notwithstanding, it's rather absurd or will i say stupid to compare the Windows family to Linux in the sense that even a buffon will use windows for unbelievable things but for linux, it involves a great deal of "protocols" leading to features that are far behind Windows ME not to talk of it's elders like 2000pro (server, ADV-server), XP and the forthcoming "kill 'em all Longhorn".
I also use linux likewise windows but i refuse to get biased. If people want to compare linux to anything from the stable of microsoft(if that is their prob) they are only granted such privileges with Win 3.1 and DOS Shell.

Mon, May 17, 2004 Anonymous Anonymous

Erm......I just want to point out that I installed linux for the first time ever and the amount of patches I had to download was insane! Windows is far more versatile to Linux and it seems easier to run and manage. Fair enough Bill is making a fortune but you can't blame the man. I just see jealously and a bunch of geeks intent on making the world of computing as complicated as possible.

Wed, Apr 14, 2004 YabbaDabba Sydney

MS could have been greedy and released it as Win2004 - but be gratefull - all of you - that we have free updates rather than expen$ive upgrades.

Sun, Mar 28, 2004 Anonymous Anonymous

Windows Rules, and anyway, who sez linux is free? I believe windows xp professional is the best as far as service and performance for every cent of your software spending is concerned.

I mean, even a trained monkey can run a windows machine at the cost of peanuts, try doing the same for a linux geek; linux is an employment generation scheme as far as i am concerned.

Thu, Mar 25, 2004 Lee Carolinas

If you can't get linux to install properly, you aren't doing it right. Period. It's not complicated. On a desktop level Windows has linux beat for the moment, simply because of the number of coders writting and supporting stuff. On a server level if you are doing mail, web, or anything internet related I'll choose linux anyday of the week over windows for security and stability. There might be 100+ patches but I don't have to take my entire server down to install them unless you count a kernel patch.

Back to the topic at hand. I'm glad microsoft is getting more serious about security. I've spent too much of the last year cleaning of the mess left by worms exploiting holes in Microsoft's email server and clients.

Wed, Mar 10, 2004 london_mcse Anonymous

Any one who suggests using Linux on workstations in a business environment has IMHO not actually worked in the real world.
Simple fact If you have a windows problem/issue then it might cost you to get a solution but a soloution you will get!
So far I have tried to install Linux several times in different flavours and it has NEVER behaved properly.
People use IT as a business investment NOT A GEEKS TOY

Thu, Mar 4, 2004 Joe New York

Linux just isn't there yet. Look at Windows from a programmer's eyes. All the best hackers are working for Linux, so they just can't think what we are prone to try and do with their software.

Wed, Mar 3, 2004 Anonymous Anonymous

QWR

Mon, Mar 1, 2004 Matt Huntsville

Oh, yeah, and the NT4 guy needs to get out of the stone age. Of COURSE life sucks on NT4!

Mon, Mar 1, 2004 Matt Huntsville

For consumers, having things locked down by default is a GREAT idea... the thought of millions of unprotected XP boxes connected directly to cable modems scares me! As for the IT guys who are bitching, I've got two words: Job Security. Hey, that's why they pay us the big bucks, right? Besides, EVERYTHING is configurable with group policy. Don't be such pussies!

Sat, Feb 28, 2004 EJ NY

I agree, I haven't had to visit a single PC in my network to apply patches or updates in years. As far as admining the new firewall features, get some friggin skills man, you must really suck as an NT admin.

Fri, Feb 27, 2004 Anonymous Anonymous

quote: We will have to visit every machine and realistically just turn it off. Here are some of the things that we rely on that will no longer work - Backups, the Admin $hares, any RPC including Computer Mgmt. snapin, Event Viewer, GP Editor, the Messenger service, Remote Desktop, shared Filemaker Pro Databases. Given this scenario, do we really want to go around to all of the machines and try to open each of the necessary ports, after attempting to figure out which ones need to be opened? No, we'll just end up turning it off, which itself will be a huge problem when you have to deal with that many machines.
Response: That sucks, d00d. Better start learning how to do logon scripts and other network management functions, because you can realistically change almost everything across the entire network very easily.

Fri, Feb 27, 2004 Anonymous Anonymous

Im sure it will be just like 2003's existing firewall in that if you dont want it, you turn it off. At any rate, Im sure ZoneAlarm will still be much better than the Windows default firewall; they arent looking to replace other programs, just to provide baseline security.

Fri, Feb 27, 2004 NotTester Russia

I'm test SP2 at my home computer
hmm.. him live.... and work...
cool...

Thu, Feb 26, 2004 Anonymous Anonymous

Where I work, there are about 3000 Win XP machines on an NT 4 network. Almost of them are set to auto install Windows Updates, which means SP2 will be installed automatically, no SUS just the MS site. We won't be able to use GP to turn off or configure the firewall. We will have to visit every machine and realistically just turn it off. Here are some of the things that we rely on that will no longer work -
Backups, the Admin $hares, any RPC including Computer Mgmt. snapin, Event Viewer, GP Editor, the Messenger service, Remote Desktop, shared Filemaker Pro Databases.
Given this scenario, do we really want to go around to all of the machines and try to open each of the necessary ports, after attempting to figure out which ones need to be opened?
No, we'll just end up turning it off, which itself will be a huge problem when you have to deal with that many machines.

Thu, Feb 26, 2004 MC NZ

Maybe you moaners need to get together and design your own software that works first time out of the box and never needs an update, welcome to the real world

Thu, Feb 26, 2004 Michael Jacksonville

I honestly do not understand why you guys bash microsoft and bill gates for being successful. If it wasn't bill gates who invented and constructed microsoft, it would have been someone else. if you are so unhappy with the products, do not use them. buy macs, or switch to unix or linux, run novell. personally, i do not see why it is necessary to bash people for trying to make life easier on us and make money doing it... if you want to be mad at someone, be mad at the hackers and malware producers that keep screwing up your network to begin with. bill gates and his crew cannot cover all the bases in designing and programming. there will always be people who will try to bust the codes and invade your network.

Thu, Feb 26, 2004 Anonymous Anonymous

Group Policy should allow you to control all of these settings (SUS, New firewall, AV Checker). You may need to add a new Administrative Template, but you should have all of the control you need.

Thu, Feb 26, 2004 David Phila PA

I think it is a great step forward... people will obviously complain about the security issues and in the same breath complain that it requires more work to manage. Can't please them all the time... sometimes cant please them ever. The natural evolution of windows is to be a more secure computing environment.

Thu, Feb 26, 2004 Anonymous Anonymous

It's the ultimate Catch 22 situation. MS has created software that has made our lives so much more productive and yet the aspect that makes everything work so well together also allows 'criminals' to bog us down with security. Ferari makes cars that go 200 mph, but if some jerk puts spikes on the road do we say they should have anticipated this? Then they start throwing rocks at my ferari, do I then complain about a crack wind shield or dent? The should just make a tank so I'll be safe, but there's no performance in a tank. Remember it's the Felon's out there who are making our lives miserable, not MS.

Wed, Feb 25, 2004 LinuxHater Redmond

Gates takes the cake! He does it so well they should name a Bank after him$$. More power to him. Soon there will be no other OS's to compare with, Microsoft will have the OS, Antivirus, Browser, .Net developement tools, Finacial Apps, Patch Management, Content Management. What's left? Game Consoles, oops, that one is covered also. Hardware? or maybe spacecraft, oops, Paul Allen has that one. Damn I guess it must be sweet to be Microsoft.

Wed, Feb 25, 2004 anonymous Anonymous

i installed redhat linux 9 and it is worst than windows 2000 or xp. as soon i installed it has 120 updates to be downloaded. yo microsoft is microsoft and i am confident that no one will beat their technology, cuz bill has a lot of money.

Thanks
Anonymous, MCSE

Wed, Feb 25, 2004 Anonymous Anonymous

I wonder if there would be a way to push SP2 across the network with firewall and AV disabled, autoupdates pointed to local SUS and so on.

Wed, Feb 25, 2004 Anonymous Anonymous

OK 6 billion in R&D, when we MS realease some software that works out of the box first time......

Wed, Feb 25, 2004 Anonymous Anonymous

Its sad when a company has a big roll out for a service pack. They need to fix their garbage, not add features.

Wed, Feb 25, 2004 Anonymous Anonymous

Wow, more smoke and mirrors. Rename one service and turn it on by default, thus creating more work. Create a check point for AV software...seems like another bloatware piece for hackers to attack. Turn on auto update, just for SP2a when they change the cost of the whole deal. No thanks. I'll take care of it myself. Work on the code, and stop blowing sunshine up my a$$.

Wed, Feb 25, 2004 Anonymous Anonymous

Just use Linux and save yourself the grief and aggravation...

Wed, Feb 25, 2004 Anonymous Anonymous

As a network administrator, I view XP SP2 as more work in an already busy schedule. We already have numerous measures in place to protect our desktops and being forced to use the XP firewall will add another component that needs to be managed. Even if it is just a checkbox to turn it off, it still is another task that needs to be done. And there is a good chance that it might interfere with some of our agency applications which means that we will have to perform extended testing before we deploy.

Wed, Feb 25, 2004 Anonymous Anonymous

I might get rid of ZA once I get the SP.

Tue, Feb 24, 2004 Ray CA

I'm currently using the XP SP2 Beta with Zone Alarm and there are no conflicts

Tue, Feb 24, 2004 Charles Anonymous

I sure hope this helps with all the security holes!

Tue, Feb 24, 2004 Anonymous Anonymous

what will happen if you have zone alarm.
i think there will be a conflict with 3rd party software (norton antivirus and zonealarm)and the internal firewall

Add Your Comment Now:

Your Name:(optional)
Your Email:(optional)
Your Location:(optional)
Comment:
Please type the letters/numbers you see above

Redmond Tech Watch

Sign up for our newsletter.

I agree to this site's Privacy Policy.