One of the more interesting things on the agenda this week was a briefing around the local availability of the significantly delayed Service Pack 2 (SP2) for all editions of Microsoft`s Windows XP operating system.
I must admit I was curious about what kind of song and dance Microsoft would be able to muster in the face of reports of hundreds of application clashes with SP2. Expecting an issue-ducking routine, I was surprised by Microsoft`s approach, presented by Jonathan Hatchuel, Microsoft SA product and solutions marketing manager.
Call me gullible, but I know cow manure just as well as anyone when I see it, and I didn`t see any there. Well, hardly any. In a refreshingly frank approach, Hatchuel revealed a new image of Microsoft as a software company finally making a serious and concerted effort to tackle the problem of security.
Instead of claiming SP2 to be a security panacea of any kind, Hatchuel describes SP2 simply as "the next step in the long journey to achieving trustworthy computing". Unless I am very much mistaken, Microsoft is definitely changing its tune.
What`s new?
SP2`s "shields up" approach has been developed around tackling the four key areas of security vulnerability through networks, mail attachments, memory overruns and the Internet.
To solve the problem of malicious attacks through unprotected ports, Microsoft has re-engineered the firewall. All ports are protected by default. There is also default blocking of all unauthenticated remote procedure calls (RPCs), often used in spoofing, phishing and denial-of-service attacks.
Protection against malicious attachments is provided through information to enable users to make informed decisions, as well as a new attachment manager. This enables users to set rules to block or allow attachments.
In SP2, the far safer message preview of Outlook has been built into Outlook Express for the first time, ensuring that no external content is downloaded by default.
A significant change to the operating system involves a way of using processor technology to avoid memory overruns by preventing the execution of malformed code in system memory and processor.
To counter Web browsing threats, there have been several enhancements aimed at reducing deceptive behaviour such as preventing Web addresses from being disguised and blocking pop-ups from executing.
The introduction of a dashboard view of security settings is another welcome innovation in SP2. The new Security Centre makes it possible to access firewall, automatic update, anti-virus, and Internet security information and settings from a single location.
Incompatibility issues
Unless I am very much mistaken, Microsoft is definitely changing its tune.
Warwick Ashford, technology editor, ITWeb
The issue of incompatibility has perhaps drawn the most criticism, but Hatchuel says this is mostly because applications are either listening on a blocked port or making unauthorised RPC calls.
Although it seems few incompatibility issues require actual code changes, I agree with those commentators who say if code is incompatible with SP2, it should probably be changed anyway.
While Hatchuel says Microsoft has tried to make it easier for users to make decisions and put them in control of their security settings, my biggest concern is that I will be spending more time making security decisions than doing anything else.
I am looking forward to installing SP2 to see if my fears are as groundless as Hatchuel claims. He concedes that at first there are lots of decisions to be made, but says these diminish as the security system becomes configured.
What next?
Microsoft appears to be getting real about customer expectations as well as recognising the ridiculous broadband limitations with which South African Internet users have to contend.
Instead of having to face downloading the whopping 265MB SP2 file, Microsoft SA has won a dispensation to distribute SP2 on CD. Hatchuel says Microsoft is encouraging automatic updates as part of the Windows SP2 install and not before to avoid the download.
The first shipments of the SP2 CDs should be arriving shortly, having been ordered from overseas because of an apparent lack of local capacity.
Although Hatchuel was unwilling to put a price tag on this logistical exercise being undertaken especially for the South African market, he was quick to point out that it represents a significant cost to Microsoft.
It`s a great gesture that is bound to be appreciated, but how much of a choice did Microsoft really have if it wanted to be sure to avoid invoking the wrath of the majority of its customers?
SP2 was released to manufacturing early this month, but Hatchuel says depending on customs, the first copies of SP2 should arrive soon for distribution through retail stores, OEMs and magazines. They can also be ordered from the Microsoft Web site, bank Web sites, or by calling 0860 2255 67.
Finally, Microsoft is urging caution for large organisations. Hatchuel says installation requires planning and testing before mass installation. There is also a tool for modifying Automatic Update to download any critical updates, but not until SP2 users are confident they are ready.
No doubt the cynics will say Microsoft`s candid approach was just a clever variation of the song and dance act I had expected. On the other hand, maybe for the first time in its almost 30-year history, Microsoft is getting real about the market, its customers, and the security concerns of the industry.
Share