Microsoft Hones Security Strategy ... Again

"Windows XP SP2 \[Service Pack 2\] is a release that's totally focused on security," Gates said. "And, in fact, today, this is the primary focus of the Windows team. We've got some portion of them still working on the major featured-oriented release that's off in the future, code-named 'Longhorn,' \[that is\] very exciting, but we prioritized the resources and the activities around what's an intermediate release under the name SP2 that is just security oriented." Microsoft will ship XP SP2 by midyear, I'm told, and will include three key features: a new, more powerful Windows Firewall; a more secure version of Microsoft Internet Explorer (IE); and the new Windows Security Center, which is a dashboard of sorts for security settings. I've examined XP SP2 quite a bit here in Windows & .NET UPDATE, but if you need more information, I've written a comprehensive overview for the SuperSite for Windows at the following URL:

SUS 2.0
A major update to Microsoft's free patch-management service, Software Update Services (SUS) 2.0, is due this spring as well and should be a significant enhancement. I can't write much about this exciting product yet, but stay tuned.

Microsoft Update
Due concurrently with XP SP2, Microsoft Update will consolidate all Microsoft's product update downloads into one site customized for your system. So users with both Windows and Microsoft Office, for example, will see updates to both of these systems when they visit Microsoft Update.

ISA Server 2004
A major refresh of Microsoft's corporate firewall product, Internet Security and Acceleration (ISA) Server 2004, will ship in the first half of the year. ISA Server will sport a significantly enhanced UI, real-time monitoring, a Visual Policy Editor, and integration with Microsoft's other products, including support for filtering Exchange HTTP traffic.

Windows Server 2003 SP1
Due in the second half of 2004, Windows 2003 SP1 will feature a roles-based Security Configuration Wizard (SCW) that will help you securely set up and duplicate servers across your business. The SCW blocks unnecessary ports and services, making for a more secure system; so, for example, if you want to configure a Windows 2003 server as a Web server, it will be a Web server and nothing else.

Moving past 2004, Microsoft has more nebulous software releases coming down the pike. A technology currently called Active Protection Technology will make "computers resilient in the presence of worms and viruses by preventing and containing attacks," according to Gates. "Active Protection Technology represents the next generation of how systems will watch activities and understand what the appropriate policies should be." The idea is that prevention is all well and good, but Microsoft feels it should design the OS to respond correctly if errant code somehow makes it inside the system. The company is also working on something called Exchange Edge Services, an extensible technology which "will relay email to and from the Internet, allowing users to add and apply email routing rules as well as advanced filters from Microsoft and other software makers to minimize junk email and to locate and neutralize viruses." It's unclear how Exchange Edge Services will be delivered. It might be an add-on for Exchange Server 2003 or included in a new Exchange version.

There's more, of course, but I'm out of space again and could potentially spend the rest of my life detailing Microsoft security enhancements. But in an effort to at least portray some good news, consider the following: In the first 300 days after the launch of Win2K, Microsoft issued 38 critical or important security bulletins. Windows 2003 has suffered through only 9 such incidents in the same amount of time. Hey, maybe Windows security really is getting better.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.