As software security holds its place as a top priority among enterprise networks, engineers at Microsoft
are building proactive PC monitoring capabilities into its next generation Longhorn operating system, a move that’s being widely embraced.
According to those in the know, Longhorn engineers are packing new
technologies into the OS to check against a central patching Web service for security holes on computers. If a user does not have a patch installed, Longhorn’s active protection technology will kick in to adjust the firewall or PC settings to block specific attack vectors without having the patch installed.
The operating system will then issue security warnings to the user and proactively block open ports or adjust registry settings to plug security holes.
Robert McLaws, president and chief software architect of Interscape Technologies, an
independent software partner of Microsoft, said the plan is to have Longhorn keep watch over computers for unusual activity and network spikes to pinpoint potential hacker attacks.
“Some people are going to scream bloody murder that ‘Big Brother’ is watching and taking control of their systems but, if they don’t care enough to keep their systems secure, then they have lost that right to complain,” McLaws said.
McLaws, an Internet security advocate who publishes the PatchDayReview.com site to simplify security alerts out of Redmond, said the security capabilities being introduced with Windows XP Service Pack 2 (SP2) is a sneak peek at what
Longhorn will offer.
“It will watch your computer and try to analyze what you are doing. It will look for abnormal activity. If it finds that your computer just sent 50,000 e-mail messages, it will cordon off that area to block your computer from used by hijackers. If your PC becomes an attack machine, Longhorn will proactively stop that from happening,” he explained.
He said some of the protection technologies are being ported back to SP2, which is currently in beta and includes major changes to Windows XP’s embedded Internet Connection Firewall (ICF) and default tweaks to thwart buffer overflows
The service pack will also introduce monitoring of browsing, e-mail and instant messaging for malicious attachments or code and automatic blocking of certain types of attachments, like executables, by default. Microsoft’s flagship Internet Explorer browser will be overhauled to include a new add-on management and crash detection tool and several modifications to its default security settings.
“I love the new firewall and the security enhancements [in the service pack],” McLaws added.
McLaws, a .NET developer and consultant, believes Microsoft must do more to put security on the front burner for non-technical, mom-and-pop customers. “The main reason people aren’t downloading and installing patches is because Microsoft makes them so hard to understand. People don’t have a clue what Microsoft is saying.”
Frustrated by the hardcore technical language in Microsoft’s alerts, McLaws created and launched the PatchDayReview.com site with simple language and direct links to the relevant patches. A typical posting on the site comes with a color-coded warning system and very straightforward explanations of the risks.
He sometimes changes Microsoft’s ratings if he determines that a flaw has major risk. “Anything that has to do with e-mail in any way, shape or form, gets a critical rating. I’ll change Microsoft’s rating because that’s the biggest concern for users.”
The site is focused mainly on patches issued once a month by Microsoft and is organized by categories and individual entries. To simplify the delivery mechanism, McLaws is using category-specific RSS
He plans to add .NET alerts to the RSS feeds to shuttle security alerts via MSN messenger.
“There’s a big disparity between the end-user bulletins and the TechNet bulletins [for IT admins]. The end-user bulletin is not enough and, on the TechNet side, it is too much. I try to give an even balance of that on the site.”
“The biggest problem is that these Microsoft security guys are techies. And techies are very poor communicators. That’s where PatchDayReview comes in. We’ll clean up the language and simplify it for users.”