RealTime IT News

Security Makeover for ICF, Windows Server 2003

Under its new 'secure the perimeter' initiative, Microsoft plans to introduce a major tweak to the way Windows Server 2003 connects to remote systems and a makeover to the Internet Connection Firewall (ICF) integrated into Windows XP.

The new safeguards will be added to the first Service Pack for Windows Server 2003 to block remote connections until a thorough inspection for infections can be performed, internetnews.com has learned.

The Service Pack is scheduled for release in the second half of 2004.

A Microsoft spokesperson said SP1 for Windows Server 2003 will include technologies to enable remote access connection client inspection and intranet client inspection to protect corporate networks from potential infections introduced by mobile systems.

The release date for Windows Server 2003 SP1 has also been pushed back to add security technologies outlined by Microsoft CEO Steve Ballmer in October.

During a presentation at the inaugural Microsoft Worldwide Partner Conference in New Orleans, Ballmer announced an all-out offensive to address the security "crisis" in the industry, a plan that includes a major overhaul Software Update Services (SUS), a little-known tool that automates the deployment of security patches.

Microsoft is mum on details of the service pack, noting that Windows Server 2003 "has demonstrated high levels of quality and customer satisfaction." The spokesperson said the security-related updates would include role-based security configuration, remote access client inspection and intranet client inspection.

"(The service pack) will be a point in time collection of updates to Windows Server 2003," the spokesperson said.

The software giant is also planning a major ICF makeover to add new capabilities to the embedded firewall in the Windows XP operating system. For a start, Microsoft has instructed OEM partners to turn on the firewall by default on all new Windows XP-based system to guard against the spread of viruses.

In existing XP systems, the ICF feature is turned off by default and is not clearly visible to even the most savvy computer users. However, in the Windows XP SP2, the spokesperson said that ICF would be updated to close ports when they aren't in use and to improve the user interface for configuration.

Additionally, he said Microsoft would add improved application compatibility when ICF is on, and enhanced enterprise administration of ICF through Group Policy.

Microsoft also plans to disable the Windows Messenger Service which is a text-only broadcast service used by IT administrators to send alerts to warn users of pending outages and server maintenance.

The company also will introduce new capabilities to XP to include technologies for memory protection, network protection, safer e-mail and safer Web browsing, the spokesperson disclosed.

The service pack, currently in beta, is expected to include pop-up ad blocker to the Internet Explorer browser and other technologies to give developers "much more granular control over how applications communicate over the network," the spokesperson explained.

The plan is to give developers the ability to prohibit applications from executing from arbitrary locations in memory.

"Together, these capabilities add to a defense-in-depth approach to keeping Windows PCs secure," he added.

The Windows XP SP2 is scheduled for release in the first half of 2004.