Home > Windows > Microsoft Enlists Developers in Security Push Microsoft Enlists Developers in Security Push Eugenia Loli 2004-03-01 Windows 11 Comments Microsoft is readying updates to its programming tools that will be released in tandem with Windows XP Service Pack 2, a security-oriented release of Windows due later this year. Elsewhere, ActiveWin published a preview of the SP2 for XP. About The Author Eugenia Loli Ex-programmer, ex-editor in chief at OSNews.com, now a visual artist/filmmaker. Follow me on Twitter @EugeniaLoli 11 Comments 2004-03-01 7:12 am The addition of ad blocking, a decent firewall that is easy to configure and the new html blocking in Outlook Express are great additions. My only concern is this shot http://www.activewin.com/reviews/previews/xpsp2beta/firewall-popup…. which shows that they likely still allow people to get spammed to death with messanger if they configure it thinking they are fixing MSN Messanger. 2004-03-01 10:56 am My only concern is this shot [..] which shows that they likely still allow people to get spammed to death with messanger if they configure it thinking they are fixing MSN Messanger. The screenshot shows MSN Messenger, the IM client, not the messenger service. The messenger service will not display that icon and hence a user taking note of the warning message will hopefully think twice before allowing the application access to the internet. 2004-03-01 1:58 pm Messenger service will be disabled by default when SP2 is applyed, so if a user enables it, you’ll guess that the user knows the diffrence between Messenger service and MSN Messenger 2004-03-01 3:34 pm The reviewer realy seemed impressed with the new firewall… but how serious can you take someone who is running pure software firewalls…M$ no less! 2004-03-01 4:42 pm They are ruthlessly exploiting the ridiculous holes that ship with the shrink-wrap code. They aren’t helping Microsoft but they are helping Windows users in the long run. The defect rate on Windows would merit a lawsuit in the auto industry. Once again the software industry leads the way in protecting corporate interests over consumer/client interests. And no Microsoft would not be issuing these patches if the holes were not exploited. And yes they have probably understood for some time that the product they were shipping had inherent security issues. Building a perfectly secure OS difficult. Building a reasonably secure OS is not. Out of Microsoft’s massive R&D budget, it should be easy for them to deliver industry-leading security yet they in fact deliver industry-lagging security. I will offer a prediction – that even after the next update, XP will continue to be the most hacked and vulnerable OS on the market. I would be interested to see a company offer support for end-of-life’d Win95 and market systems based on it, with the premise that these systems are on average less likely to be exploited. One major comprimise a week. Would you buy a car that had a weekly recall???? 2004-03-01 6:35 pm The reviewer realy seemed impressed with the new firewall… but how serious can you take someone who is running pure software firewalls…M$ no less! Software firewalls have their place — very useful for denying access to shady spyware-laden apps and such. I currently run ZA on my workstation machines, which all go through my Linux router/firewall box. 2004-03-01 7:45 pm I think alot of the issues addressed in the SP2 are great and it looks that MS has deciced that user input is a welcome comodity. I think MS’s problem was when they released the Pro version, they didn’t count on the success in the private sale, vs the corporate sales. I honestly think MS should also included a wizard, that offers users to tweak the services. For example, even tho many home user don’t have UPS, or Telenet, Messenger, Web Clinet, COM+, UPNP, Terminal Services, SSDP, Portable Media Serial Number, and other somewhat meaning less services that take up RAM, or even HDD space. I personally made a Services.reg file that tweaks the services which disables most of these anonying programs. I also see the IC Firewall as a huge bonus with the increase in security, and the pop-up ad blocking. Most of these can be Tweaked by third party apps that cost $$, But free ones can be found. Home users should call a professsional, and let them setup the machine custom to their preference. After all what can be turned off, can be turned back on later. And my point of view, from an OS overview, if I don’t use it, when should it be installed? – – iamcanadian – – 2004-03-01 8:58 pm funny bits from the site After these new updates I feel a lot safer browsing the web with Internet Explorer. The one feature that I really enjoy that is lacking right now are tabs. Unfortunately, I think I might have to wait until Longhorn is released to get this feature built into IE and even then it’s not guaranteed. The rendering engine for IE is also largely unchanged which is disappointing seeing the improvements being made to competing browsers like Safari and Mozilla/Firefox. That being said I remain a staunch user of IE as those browsers still don’t match up with IE but are getting closer every day. i had to laugh reading that, wake up and smell the coffee my friend. While your at it change your browser to a standards compliant better browser that has tabbing already, mozilla firefox pops to mind. With the new update process updates can now prompt you to agree to EULA’s [sarcasm?] New vulnerability released for us to give you the patch, you will have to give us full access to all of your details and your first born child, the next patch we want your kidneys. [/sarcasm?] and more annoying pop ups. If you don’t restart immediately you will start getting reminder bubbles to restart your computer. These get annoying fast and make it easy to remember to restart your computer after an update ARGGGH if i was still using windows that would be enough to make me delete it. Im sorry nothing annoys me more than pop ups you told me once now get out of my face.. Its like a wife/girlfriend constantly nagging. I want my wife/girlfriend to let me access every detail of her without complaints, not to get nagged at constantly to do chores. The coolest thing about all these updates is that they are all for free. [sarcasm?] it might be free now, but an eternal life of damnation will surely follow, by agreeing to to the terms of the eula you have voluntarily donated your soul to the devil bwah hah hah hah hah [/sarcasm?] joking aside, im glad microsoft are atlast paying some attention to security (linux must really be getting to be a great threat *grin*) but i dont trust them, and theres a heck of a lot of *annoying* new features. 2004-03-01 10:42 pm You’re car industry analogy fails because you don’t need to have a license to run a computer while you do with cars. This is understandable considering having your computer hacked or your ss# stolen is not life-threatening. Consumers need to be educated about using computers. Like cars, programs/computers can’t be abused. Windows has its exploits but so do other oses. Windows also has the curse of having the largest and stupidest user base so of course people are going to exploit windows for the most part. I’ve been running windows for a long time and the only time my computer was compromised was when I did 3 very stupid things. 1. Not scan floppies for viruses from school. 2. Install a key logger (actually a trojan). 3. Not install a firewall. These are easy problems to fix. Windows security is a problem of consumer education. 2004-03-01 10:44 pm Nice to see Microsoft getting serious about security. Does anyone know if the buffer overrun protection requires all software to be re-compiled with the new dev tools, or have the found another way? On another topic, I think it’s ok for Microsoft to start including proper firewall and antivirus tools with their distros. I can’t see any other way they can prevent the security problems they have at the moment, so it’s what they have to do. A secure Windows benefits all of us, Linux users included as it will reduce spam, stop anonymous DDOS attacks from rooted Windows boxes, and make fixing the average Windows PC a hell of a lot easier. It’s a shame for all the firewall and ant-virus companys out there, but making money of the security problems of an OS is not a great long term business plan. 2004-03-02 2:13 am >> You’re car industry analogy fails because you don’t need to have a license to run a computer while you do with cars. Having a license has absolutely nothing to do at all with consumer liability. Are you telling me if I am an unlicensed car owner (license expired, taken away by a judge), a recall does not apply to me? Licensing is a legal issue, it has nothing to do with product liability. >> This is understandable considering having your computer hacked or your ss# stolen is not life-threatening. Many recalls have nothing to do with life-threatening issues. Once again, this is a total non-issue anyway. Are you telling me that manufacturers should only assure a product when there is a chance of physical injury? >> Windows security is a problem of consumer education. Partly, but also the product ships with known open holes which are not disclosed to users, or only disclosed after the hack/fact.