RealTime IT News

Microsoft Packs New Security Tools Into XP Beta

UPDATED: Intent on stopping the spread of Internet viruses, Microsoft has begun beta-testing a security-monitoring feature for its Windows XP Service Pack 2 (SP2) that will be included in the final product in mid-2004.

The tool, which checks for third-party anti-virus and firewall software and lets users know whether it is enabled or not, is among the operating system enhancements the Redmond, Wash., company is developing as part of its Security Center initiative to rebuff viruses, worms, trojans and crackers .

Microsoft will also provide free online training and documentation, to include application program interfaces , to help developers make the most of SP2's security features, Chairman Bill Gates said at this week's RSA Security conference in San Francisco. It's the first time the company has offered training materials with a Windows service pack release.

Tony Goodhew, a Microsoft product manager, said that with the many vulnerability issues in the computing world, the company needed to make security its first priority. The Trustworthy Computing initiative and SP2 are results of that push.

The code changes that went with security enhancements, however, were sweeping, prompting officials to create a developer's forum so applications created for the OS were compatible with applications by independent software vendors (ISVs).

"We realized that as we were making these changes, we were going to impact a lot of ISVs so we've been doing extensive work testing the top applications that people use," he told internetnews.com. "We have an application compatibility group that is running tests against the top 400 to 700 applications to see how they work with SP2."

Goodhew said feedback has been positive. The site, with its online training and extensive documentation, has made it easier to develop applications that are compatible with Windows XP without going back and debugging after the application is released.

"Developers themselves are taking security more seriously in their applications," he said.

Microsoft has been criticized for the security flaws that have allowed trojans to propagate from computers that run its Windows operating systems. In many cases, the company patched the holes, but not all users downloaded or updated their systems.

The virus scanner and firewall software monitors are Microsoft's answer to the vexing problem of limiting the damage of a break-in. With SP2, a pop-up screen will show users what security options are enabled, and allow them to modify those settings.

Goodhew said the new forum is a place where developers can come together to talk about an issue that's come to the forefront in recent times - security. He points out that many of the biggest Internet worms of recent times -- MyDoom, Blaster and NIMDA -- were caused by users who didn't update their systems to block the viruses. In the case of NIMDA, he said, a patch was out 331 days before the attacks began.

"I do personally believe that Windows gets unfairly caught up in some of the social engineering aspects of these worms and viruses," he said. "Users need to think about some of the things they are doing and whether that's the safe thing to do. Users are becoming more sophisticated."

Corrects earlier version which incorrectly stated SP2 would include a built-in virus scanner. The offering actually includes a pop-up monitor that checks the settings of third-party anti-virus and firewall applications, and allows users to modify them if necessary.