Microsoft is expected to roll
out a service pack for Windows XP early next week that is chock full of security-related goodies for Windows customers. But customers running Windows 2000 are not expected to see a similar package.
As previously
reported, the software giant will unveil a security makeover to XP’s embedded Internet Connection Firewall (IFC) to thwart hacking attempts and provide new tweaks in order to block e-mail borne viruses.
But the service pack is arriving at a time when 70 percent of
U.S. enterprises have not yet migrated to the XP platform, which is a major concern, according to Gartner analyst John Pescatore.
“The majority of enterprise desktops are running Windows 2000 desktops. Only 30 percent of corporate clients are running XP but Microsoft hasn’t said what they’ll do about improving security for Windows 2000. We’re urging them to give out security updates
for Windows 2000,” Pescatore said in an interview with internetnews.com.
Pescatore said he expects more customers to upgrade from their Windows 2000 platforms after Microsoft ends its support for Windows 2000, which is slated for late in 2004, and after the coming XP service ships (in the second quarter next year).
But even then, he expects about half of all
enterprises in the U.S. will still be running Windows 2000.
“We’ve asked Microsoft for quite some time now if the same improvements will be available for Windows 2000 but no one is saying. The XP
improvements are necessary for the consumer market but, in the enterprise,
similar improvements are needed for Windows 2000,” Pescatore
reiterated.
A spokesman for Microsoft confirmed there won’t be a major security
overhaul available for Windows 9x and 2000 customers. “We recommend those customers employ a third party firewall and anti-virus software,” the spokesman said.
He said the Windows 2000 Service Pack 4 (SP4) was available to provide the security updates
to the Windows 2000 operating systems, nothing that Windows 2000 SP4
contained a collection of
fixes dealing with security, application compatibility, operating system
reliability and
setup.
Gartner’s Pescatore described the coming Windows XP SP2 beta as a “very
necessary update” to deal with the growing scourge of hacker attacks,
virus distribution and spam e-mail.
Joe Wilcox, a Jupiter Research analyst who tracks Microsoft for the Microsoft Monitor
Weblog, has provided the most details of what’s expected in the XP service
pack, describing it as a major rollout that warrants extensive review by
businesses and developers.
“For example, the patch will introduce monitoring of browsing, e-mail and
instant messaging for
malicious attachments or code. This will be done through a new application programming interface
(API) called Attachment Execution Services,” he wrote on his blog. “The changes mean Outlook
Express will block certain
types of attachments, like executables, by default. Microsoft first
introduced this feature to
Outlook 2000 as part of an update and made it standard in subsequent
versions. Like Outlook 2003
and MSN, Outlook Express will block external content, such as clear gifs
(a.k.a. Web beacons),” Jupiter’s Wilcox said. (Jupiter Research and this publication are owned by the same parent company.)
Additionally, Microsoft’s flagship Internet Explorer browser has been
tweaked to add a series of warnings whenever a user tries to download
executable files from the Web. “Service Pack 2 will place more limitations
on scripts running from Websites or remote servers,” Wilcox noted.
The XP update is also expected to disable unnecessary services that
open ports to potential hacks by worms or spam.
“Perhaps the most
significant will be Remote Procedure Call, which was a vehicle for
spreading Blaster. Service Pack 2 will disable RPC operation in what
Microsoft calls the Internet Zone but not necessarily the Intranet Zone,”
Wilcox said, explain that the update would increase the demarcation
between the two zones.
Microsoft also plans to protect against the ubiquitous buffer
overflows, the most common software security flaw. New compiler
technology will be added to XP to detect buffer overruns and stop
malicious code from running on the computer. Wilcox said Microsoft also
plans to better protect buffer overruns in heap memory, noting that this
protection would only work with some
microprocessors.