• silicon.com
• Technology
• Security

By Jo Best, 13 May 2004 16:45

NEWS Microsoft has been showing off its Service Pack 2 offering and dropping some serious hints as to what users can expect from the security-focused, soon-to-be-ubiquitous offering.

The message from the Redmond types is that SP2 is not just a collection of patches, it's a more comprehensive addition of security code as well as other software bits and bobs – like an overhaul of the wireless LAN user interface – that will turn up on users' desktops as well.

SP2 will herald the change to a system provisionally known as 'delta patching' – a term that Microsoft says will be changed to something "more fluffy" when the pack is eventually released – whereby patches will only download changes to a file, not the entire file itself. It's a change that Microsoft reckons will cut download times by 80 per cent and is aimed as a nod to the dial-up populace.

The Windows firewall will also benefit from the new release, with the firewall – newly renamed Windows Firewall from Internet Connection Firewall in a Snickers/Marathon-style piece of corporate branding genius – default switched to on, unless there's another one already in place.

David Overton, technical specialist for Microsoft, said the number of businesses running corporate firewalls on the desktop was "much, much less than we would like".

The firewall will also be the first app to load once an SP2-installed machine boots up. It's a lesson that Microsoft got from Blaster, where the delay between a machine loading and the firewall kicking in was just long enough for malware writers' creations to get a foothold.

The default settings will also have all ports closed, except when an application needs to send data through – with the idea of scuppering the zombie-making virus plagues of late.

Paul Randle, Windows XP product manager, said that SP2 is intended to keep users "one move ahead" of the malware mischief makers but would never outfox all of them. "There's no silver bullet – we're not saying if you install Service Pack 2, you'll never have a virus attack", he said.

And while MSN has had pop-up blocking in place for some time, SP2 will take things a step further. Adware and spyware writers' favourite tricks will be banned by the pack: Microsoft have promised no more pop-unders, no more unwanted Flash ads, no ads bigger than the screen so that you can't find the close box, that kind of thing.

That said, settings can be changed for Flash fans, with certain sites permitted to show such ads via the permissions list and links that open sub-windows of sites getting the legitimacy thumbs-up from SP2's writers.

Corporate networks will also be able to gain greater control of policies to stop the security slackers bringing in viruses via connections to infected work laptops or home PCs.

As system administrators often vocally testify, end users are still a key area of security weakness; Microsoft is banking on dialogue to conquer the problem. Neglecting to reboot a machine after installing a patch is one bugbear - it leaves users thinking they're patched and leaving their machine wide open as ever.

Microsoft says the dialogue boxes will be "more persistent" – one option will see the 'Remind me later' option for the post-patch reboot disappearing altogether. The number of times such rebooting is needed has also shrunk, the theory goes.

On some subjects, the Redmond faithful are keen to adopt a more Trappist approach. Reveal its targets for how many XP users the Redmond giant wants to get SP2-ed? No. A date for release? Not quite. It hasn't been decided, but Randle said the Microsoft team were working on a provisional timetable that would see the service pack hit users at the end of July.