Windows Server SP1 Expands Security Features


Microsoft has issued significant security enhancements
to its operating system software, making the Windows Server 2003 SP1 Release
Candidate 1 (RC1) available for
download.


The Redmond, Wash., software giant has incorporated several security
features in keeping with its promise to deliver customers Trustworthy
Computing, a strategy the company instituted
in 2002 to help better protect customers’ computers from viruses and
malicious intruders.


Key upgrades include a Windows Firewall built into the OS that works around
each client and server computer on a customer’s network. Other key features
include Post-Setup Security Updates (PSSU) and the Security Configuration
Wizard (SCW), according to John Howard, an engineer for Microsoft UK who
discussed SP1 in his blog Tuesday.


“PSSU effectively locks down the computer to stop it being hacked after
installation,” Howard wrote. “Note that this is only on slipstream
installations. The SCW allows you to define the roles for a computer to
ensure that the firewall is appropriately configured.”


According to an overview of the download on Microsoft’s Web site, the main
goal of SP1 is to “reduce customer pain centered on server security.” The
document noted that it is important to refresh Windows with security updates
because of the constantly evolving nature of security threats.


The idea is to fend off malicious programmers, some of whom are growing more
adept at their work. Microsoft noted that the time between identification
and exploitation of security holes is shrinking.

For example, customers had
331 days to install a Windows fix for the Nimda worm, but only 25 days to
protect DCOM vulnerabilities exploited by the Blaster worm.


SP1 is just one in a series of steps Microsoft has taken to shore up the
defense of its software products. The company has had a bulls-eye on its back for years, with several
crackers creating programs that cause its software to short-circuit.


The company has responded by improving security in its most popular
products. While it regularly releases software patches each month, SP1 is a
broad collection of enhancements and perks that also improve OS reliability
and ease administration.


To wit, SP1 includes updates for the Internet Explorer browser to prevent
unintentional downloads of malicious code. Changes in Outlook Express let
users render e-mail in plain text rather than HTML to stymie the spread of
malicious code via e-mail.


To make updates more fluid, Microsoft is offering a Hot Patching feature in
Service Pack 1 that allows customers to apply updates to drivers, APIs
or any non-kernel level component of Windows Server 2003
without restarting the computer.


After the aforementioned firewall, security updates and configuration
wizard, new functionality in SP1 includes stronger defaults and privilege
reduction on services such as RPC and DCOM; support in processors from Intel
and AMD that prevents malicious code from launching attacks; and support for
64-bit machines.


Available for download at no additional cost to Microsoft customers, Windows
Server 2003 Service Pack 1 can be used with a number of Windows server
versions. SP1 may be applied to Windows Server 2003 Standard Edition,
Windows Server 2003 Enterprise Edition, Windows Small Business Server 2003,
Windows Server 2003 Web Edition and Windows Server 2003 Datacenter Edition.

News Around the Web