Microsoft watchers turn to the ranks of the software company’s employee bloggers for info that never makes it into the notoriously tight-lipped company’s official communications. But they’d better hurry: Posts can disappear as quickly as they spread across the Web.
In one item posted and removed in Tuesday, a Norwegian Microsoft manager published an e-mail from Redmond to partners detailing its distribution plans for the service pack. In a separate blog, a Microsoft developer explains how the team honed its vision for what XPSP2 should encompass.
In his blog, Jan O. Kiese, partner group manager for Microsoft Norway,
posts concrete details about the rollout for the service pack, released to
manufacturing on Monday.
“This is a partner-ready mail, distributed internally in Microsoft to
partner-managers so we can communicate with our partners,” Kiese told
internetnews.com.
On Monday, according to the e-mail, the Network Install Package was
posted to
the Microsoft.com Download Center and the main technical subscription
programs. “This SP2 package is intended for IT Professionals Developers and
will not be broadly publicized,” the e-mail states.
According to the blog, Redmond will begin a low-volume release in
English via Automatic Update, initially limited to those who have
downloaded installed pre-release versions.
Mid-August, business customers who use Software Update Services will
begin to be prompted to do the download. By the end of August, Microsoft
expects to make its downloads available to all, with a limit of 2.5 million
downloads a day.
A Microsoft spokesperson couldn’t confirm whether the low-volume release
would begin today, but he said that the end of August target for full
distribution is correct.
In a Microsoft corporate blog, Tony Chor, group program manager for the
Internet Explorer team, provided insight into the development process, from
spec to gold master.
“After setting goals and defining the scope of the project,” Chor wrote,
“the team realized that time was too short to do everything it wanted to.
That’s when the security orientation of this service pack took shape. The
specific goal was preventing users
from having their machines taken over by malicious code. “There were a bunch
of other good things that happened,” Chor writes, “but security was clearly
the focus.”
For Internet Explorer, the team realized it needed to make architectural
changes to beef up the machine’s defenses and improve the UI to
help users make better security decisions for themselves by giving them
clearer messages and more control.
IE divides the world into five trust zones: restricted,
Internet, intranet, trusted, and local machine zone (LMZ). Attacks that
allow malicious sites to move from zones of lower privilege to one of higher
privilege are known as zone elevation attacks. It also walls off different
domains accessed by the computer, so that the script and controls from one
site cannot access the information on another
site, in order to prevent what are known as cross-domain attacks.
“In XP SP2, we strengthened the barriers between zones and between
domains,” Chor writes. “We give the user an opportunity to stop the attack
by blocking active behaviors in the LMZ and thereby stop the attackers from
really utilizing the capabilities of the LMZ.
“We have improved the fences and
doors that separate your yard from the street and your yard to your house,” Chor explained in the blog.
“If someone manages to get through the barriers, s/he will find your
valuables locked in a safe inside the house. We have made it harder to break
in and less interesting if you do.”
But the SP2 team needed to make users more involved in their own
security, and that involved improving the interface and automatic alerts
and messages from the software.
SP2 provides clearer dialogs for activities, such as installing software,
and adds some tricks to prevent spoofing. For example, to prevent scamsters
from covering an address window or dialog box with deceiving text, in XP SP2
IE windows cannot cover IE UI.
Users now have to actively take action for downloading, opening new
browser windows or changing the home page.
“IE in XP SP2 stops all currently known critical exploits,” Chor writes,
“so its a heck of a lot more secure than pretty much any other browser.
