UPDATED: Intent on stopping the spread of Internet viruses,
Microsoft has begun beta-testing a security-monitoring
feature for its Windows XP Service Pack 2 (SP2) that will be included in the
final product in mid-2004.
The tool, which checks for third-party anti-virus and firewall software and
lets users know whether it is enabled or not, is among the operating system
enhancements the Redmond, Wash., company is developing as part of its
Security Center initiative to rebuff viruses, worms, trojans and crackers
Microsoft will also provide free online training and
documentation, to include application program interfaces
to help developers make the most of SP2’s security features, Chairman Bill
Gates said at this week’s RSA Security conference in San Francisco. It’s the
first time the company has offered training materials with a Windows service
pack release.
Tony Goodhew, a Microsoft product manager, said that with the many
vulnerability issues in the computing world, the company needed to make security its first priority. The Trustworthy Computing initiative and SP2 are results of
that push.
The code changes that went with security enhancements, however, were
sweeping, prompting officials to create a developer’s forum so applications
created for the OS were compatible with applications by independent software
vendors (ISVs).
“We realized that as we were making these changes, we were going to impact a
lot of ISVs so we’ve been doing extensive work
testing the top applications that people use,” he told
internetnews.com. “We have an application compatibility group
that is running tests against the top 400 to 700 applications to see how
they work with SP2.”
Goodhew said feedback has been positive. The site, with its online training
and extensive documentation, has made it easier
to develop applications that are compatible with Windows XP without going
back and debugging after the application is
released.
“Developers themselves are taking security more seriously in their
applications,” he said.
Microsoft has been criticized for the security flaws that have allowed
trojans to propagate from computers that run its
Windows operating systems. In many cases, the company patched the holes, but
not all users downloaded or updated their
systems.
The virus scanner and firewall software monitors are Microsoft’s answer to the vexing problem of limiting the damage of a break-in. With SP2, a pop-up screen will show users what security options are enabled, and allow them to modify those settings.
Goodhew said the new forum is a place where developers can come together to
talk about an issue that’s come to the forefront in recent times – security.
He points out that many of the biggest Internet worms of recent times — MyDoom,
Blaster
and NIMDA —
were caused by users who didn’t update their systems to block the viruses.
In the case of NIMDA, he said, a patch was out 331 days before the attacks
began.
“I do personally believe that Windows gets unfairly caught up in some of the
social engineering aspects of these worms and
viruses,” he said. “Users need to think about some of the things they are
doing and whether that’s the safe thing to do.
Users are becoming more sophisticated.”
Corrects earlier version which incorrectly stated SP2
would include a built-in virus scanner. The offering actually includes a pop-up monitor that checks the settings of third-party anti-virus and firewall applications,
and allows users to modify them if necessary.