RASTABT
1
By Chua Hian Hou
May 5, 2004
Both legitimate and unlicensed users of Microsoft's XP operating system software will be able to download the Service Pack 2 security patch for free
Microsoft's increasing concern over information security has translated into its decision to bite the bullet and make its upcoming SP2 (Service Pack 2) security patch available to all users - including those using pirated copies of its Windows XP software.
"We haven't explicitly done anything to SP2 to exclude it from pirated copies," said Microsoft group product manager Barry Goffe. The United States-based executive was interviewed via telephone.
This is unlike SP1 (Service Pack 1), which had features to prevent users with pirated copies from downloading it. In SP2's case, the mammoth 80MB to 250MB patch can be downloaded and installed on computers running both legitimate and pirated copies.
Users can also request a free CD copy of SP2, although shipping charges could apply, something which the company has yet to finalise, said Mr Goffe.
"It was a tough choice, but we finally decided that even if someone has pirated copy of Windows, it is more important to keep him safe than it is to be concerned about the revenue issue," he added.
He admitted, however, that it is more than altruism that helped Microsoft come to this decision.
"Having these unsecured users means bigger worm and virus outbreaks - which also impacts the Internet and consequently, our legitimate users as well."
The most visible changes SP2 will introduce to XP is the new Windows Firewall, a renamed, upgraded version of the ICF (Internet Connection Firewall) firewall system that shipped with the original Windows XP, and the new aggressive attitude towards security updates and controls.
Unlike ICF, Windows Firewall is turned on by default, and automatically locks up ports like DCOM (Distributed Component Object Model) popular among worm-writers.
New technology allows it to dynamically open and close ports on demand. For example, when an approved online gaming application is given permission to send or receive data over the Net, the port is opened for it, and when the application shuts down, the port is closed.
"We wanted a firewall good enough for most consumers' needs, and we believe Windows Firewall is it," said Mr Goffe.
SP2 will also make XP more aggressive towards sloppy users. For example, features like the automatic patch updating feature or Windows Firewall will no longer go away quietly if ignored, and will continue to pester users to download new patches periodically. To balance this, the company is working on coming up with more user-friendly warnings and reports of any suspicious activities that occur.
Besides these two changes, there are many other under-the-hood security features aimed at "stopping malicious code like worms, phishing attacks like websites that hijack web browsers to trick users into giving out personal information, and improving security against the buffer overrun attacks favoured by virus-writers," said Mr Goffe.
Other than security-related upgrades, SP2 also introduces a much-awaited anti-pop-up ad feature, and is integrated with the Internet Explorer Web browser to allow users to stop pop-ups that the user did not explicitly request.
The service pack is scheduled for a "first half of 2004" launch date, and the company is currently testing its first release candidate or RC1. There is expected to be at least another release candidate tested before the actual patch release.
Meanwhile, Mr Goffe noted that pirate users should not assume that the change of heart in SP2 means that Microsoft is going soft on piracy.
"We have and are developing new technologies to combat piracy for our software, but for SP2 we'll make one exception."
Full story here
May 5, 2004
Both legitimate and unlicensed users of Microsoft's XP operating system software will be able to download the Service Pack 2 security patch for free
Microsoft's increasing concern over information security has translated into its decision to bite the bullet and make its upcoming SP2 (Service Pack 2) security patch available to all users - including those using pirated copies of its Windows XP software.
"We haven't explicitly done anything to SP2 to exclude it from pirated copies," said Microsoft group product manager Barry Goffe. The United States-based executive was interviewed via telephone.
This is unlike SP1 (Service Pack 1), which had features to prevent users with pirated copies from downloading it. In SP2's case, the mammoth 80MB to 250MB patch can be downloaded and installed on computers running both legitimate and pirated copies.
Users can also request a free CD copy of SP2, although shipping charges could apply, something which the company has yet to finalise, said Mr Goffe.
"It was a tough choice, but we finally decided that even if someone has pirated copy of Windows, it is more important to keep him safe than it is to be concerned about the revenue issue," he added.
He admitted, however, that it is more than altruism that helped Microsoft come to this decision.
"Having these unsecured users means bigger worm and virus outbreaks - which also impacts the Internet and consequently, our legitimate users as well."
The most visible changes SP2 will introduce to XP is the new Windows Firewall, a renamed, upgraded version of the ICF (Internet Connection Firewall) firewall system that shipped with the original Windows XP, and the new aggressive attitude towards security updates and controls.
Unlike ICF, Windows Firewall is turned on by default, and automatically locks up ports like DCOM (Distributed Component Object Model) popular among worm-writers.
New technology allows it to dynamically open and close ports on demand. For example, when an approved online gaming application is given permission to send or receive data over the Net, the port is opened for it, and when the application shuts down, the port is closed.
"We wanted a firewall good enough for most consumers' needs, and we believe Windows Firewall is it," said Mr Goffe.
SP2 will also make XP more aggressive towards sloppy users. For example, features like the automatic patch updating feature or Windows Firewall will no longer go away quietly if ignored, and will continue to pester users to download new patches periodically. To balance this, the company is working on coming up with more user-friendly warnings and reports of any suspicious activities that occur.
Besides these two changes, there are many other under-the-hood security features aimed at "stopping malicious code like worms, phishing attacks like websites that hijack web browsers to trick users into giving out personal information, and improving security against the buffer overrun attacks favoured by virus-writers," said Mr Goffe.
Other than security-related upgrades, SP2 also introduces a much-awaited anti-pop-up ad feature, and is integrated with the Internet Explorer Web browser to allow users to stop pop-ups that the user did not explicitly request.
The service pack is scheduled for a "first half of 2004" launch date, and the company is currently testing its first release candidate or RC1. There is expected to be at least another release candidate tested before the actual patch release.
Meanwhile, Mr Goffe noted that pirate users should not assume that the change of heart in SP2 means that Microsoft is going soft on piracy.
"We have and are developing new technologies to combat piracy for our software, but for SP2 we'll make one exception."
Full story here