If you're wondering why Microsoft is taking so long to release Windows XP Service Pack 2 (SP2), wonder no more. The company is working to back-port various Longhorn security technologies to SP2, providing a middle ground between XP's default security functionality and the security features that will be available in Longhorn.
Code-named Springboard, the new security features include an updated version of the Internet Connection Firewall (ICF), which Microsoft will leave on by default and which adds outbound scanning capabilities and other features previously found only in the Microsoft Internet Security and Acceleration (ISA) Server 2000 enterprise server product. Springboard also includes a new version of Windows Update and new memory-management code for defeating common buffer-overrun attacks.
Microsoft's SP2 schedule came under fire this past summer when the company quietly revealed that the release won't ship until the first half of 2004 (the company had told me earlier that it would release SP2 by late 2003). Microsoft released SP1 less than a year after XP's initial release, a schedule that most customers were comfortable with. But delaying SP2 until the first half of 2004 would create an 18-month gap between service packs, an interminable amount of time given the vast number of security patches and other bug fixes that Microsoft has released in the interim. Many of Microsoft's customers continue to avoid installing hot fixes and other updates, waiting instead for service packs, which collect those updates into one installable unit.
Including Springboard in SP2, however, requires a lot more testing time. Sources close to the company tell me that beta testers should soon get their hands on an XP SP2 beta version that includes the new security technologies; earlier betas didn't include any of this code. The Springboard technologies also will be available for Windows Server 2003 customers in that OS's first service pack, Microsoft says.
