[dba-Tech] Windows XP Service Pack 2

Jon Tydda Jon.Tydda at alcontrol.co.uk
Thu Dec 18 03:13:07 CST 2003


Thought you might all be interested in this...

Jon
Internet Explorer to block pop-ups by default
[PC Pro] 12:45
http://www.pcpro.co.uk/?news/news_story.php?id=51384
Microsoft has outlined its security strategy over the next year and
confirmed that Windows XP Service Pack 2 will block pop-ups by default. 
Service Pack 2 will be out in beta before the end of the year, with a final
release in the first half of 2004. It will also contain an improved
Firewall, which will be turned on by default and will boast an improved user
interface to allow finer tweaking. It can also be administered centrally
from within corporate networks. 
The pack will block HTML email from downloading images by default and
attachments in email and Windows Messenger will have limited permissions
when run. 
In a bid to tackle some of the security holes that have been taken advantage
of by virus writers, Microsoft will also reduce the permission associated
with RPC and beef up the DCOM infrastructure. Viruses such as Blaster made
full use of weaknesses in these technologies when it rampaged across the
Internet last August. 
Similarly the buffer overruns which are the frequent subject of critical
updates from Microsoft will be better defended, using technologies such as
'No Execute' where certain processors are able to distinguish between
application code and data and can choose not to execute code that a virus
inserts. 
Microsoft has also outlined the first service pack for Windows Servr 2003,
which will contain security templates based on the role to which the server
is put ie an email server will have different security requirements than a
print server. Further tools will allow the scanning of remote computers that
connect over VPN or wireless routes before letting them on to the network. 
By the end of next year, Microsoft says it will made a number of
improvements to its patching systems. Firstly, there will be just two patch
installer: one for the Windows system and legacy apps and one for the
current generation of applications. There will also be only one patch
scanning engine so that users won't get inconsistent results. 
Patches will be smaller: only the changes to files will be included, not the
entire file that needs fixing. Reboots will be reduced, with Windows Server
2003 getting hot patching - allowing it to update server components on the
fly. However, the monthly patch releases may well include one that requires
a reboot, so the difference here may be less noticeable. 
Microsoft says it has extended the internal testing mechanisms to improve
the quality of patches and by mid 2004 promises that nearly all patches will
be able to be rolled back after installation. 
Finally, Microsoft will host all its patches at a single point: Microsoft
update. Corporates will also be able to 'mirror' the content of Microsoft
Update inside the company network. 
Microsoft will also focus on providing further resources such as step by
step guides, security seminars and monthly security webcasts.


The information in this e-mail is confidential and may also be legally
privileged. The contents are intended for recipient only and are subject
to the legal notice available on request from : webmaster at alcontrol.co.uk
ALcontrol Laboratories is a trading division of ALcontrol UK Limited.
Registered Office: Templeborough House, Mill Close, Rotherham, S60 1BZ.
Registered in England and Wales No 4057291


More information about the dba-Tech mailing list