Windows XP SP2 to Come Late in First Half 2004

The earliest that Windows XP Service Pack 2 will ship is at the end of the first half of 2004, according to Mike Nash, corporate vice president for Microsoft's security business unit.

"Ideally by the end of the first half of 2004," Nash said of the ship date during a Tuesday morning Webcast about Windows XP Service Pack 2. "But that ship date is really going to be a function of [customer] feedback."

The service pack focuses heavily on improving the security of Windows XP through enhancements to the firewall, browser, e-mail functions and underlying operating system code. The security-related overhaul is part of Microsoft's "Springboard" initiative that deepens the Trustworthy Computing efforts by shoring up the security of software that is already on the market.

Microsoft is set to deliver a first beta of the service pack, geared toward IT professionals, this month. The beta code is nearly complete, Nash said. Microsoft Chief Information Officer Rick Devenuti said the SP2 beta is deployed internally on 2,000 Microsoft machines. Microsoft also plans a wider Beta 2 release of the service pack in the first half of 2004, which will be aimed at consumer users as well as IT.

One of the most controversial changes in Windows XP Service Pack 2 is Microsoft's decision to turn the firewall on by default in Windows XP SP2. In addition to the enabled by default change, Microsoft is also renaming the technology in SP2 from "Internet Connection Firewall" (ICF) to "Windows Firewall."

When enabled, ICF often broke enterprise applications, including system management tools, because of its all-or-nothing approach to protecting systems. With a more granular approach in the Windows Firewall, which will close ports by default and allow applications to open them on a case-by-case basis, Nash said, "We can turn the Windows Firewall on by default because we're not worried about it breaking applications."

The firewall will work in two modes -- managed and unmanaged. Under the managed mode, corporate IT will have the ability to specify what applications may open ports -- when a user runs afoul of the policy the Windows Firewall will furnish the user with a simple notice that the application isn't allowed to open ports. In the unmanaged mode for home users and similar environments, the user will have the option of allowing the application to open the requested port.

Microsoft also is adding a "Windows Firewall Approved List" tabbed window that allows users or administrators to specify settings. In response to complaints that ICF could not be managed via Group Policy, Microsoft is making the Windows Firewall manageable through Group Policy, Registry settings and the Command Line.

While the firewall is the centerpiece of the security changes in Windows XP SP2, Microsoft is also reworking security in other areas of the operating system. The service pack will add pop-up blocking capabilities and Internet Explorer will block untrustworthy files from loading in Web pages. Devenuti said the last feature has helped Microsoft improve the security of non-secure sites attached to the company's internal applications.

Microsoft is also building in the ability to limit spoofing and to support the new generation of processors that prevent execution of code in inappropriate sections of the operating system.

Nash said the pop-up blocking cannot yet be managed by Group Policy but that the developers were looking at adding that capability. He also said Microsoft had no plans to incorporate the virus scanning technology Microsoft acquired from the Romanian anti-virus firm GeCAD Software Srl. in SP2. The service pack will also deliver the 1.1 version of the .NET Framework as an optional download.

Nash updated the development roadmap for Service Pack 1 of Windows Server 2003 in a way that raised the possibility of a 2005 delivery. "A beta is planned for the first half of calendar 2004," Nash said. "Ideally, [it] will ship in the second half of calendar 2004."

When asked whether some of the security measures added to Windows XP and then Windows Server 2003 might be added to Windows 2000, Nash didn't rule it out: "Right now we're evaluating what's appropriate, and what we'll be able to do for Windows 2000. Our next priority is Windows Server 2003 Service Pack 1. But we are looking for feedback on Windows 2000."

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.


comments powered by Disqus

Subscribe on YouTube