- Related Stories
-
After delays, Windows security update ready to go
August 6, 2004 -
What Linux can learn from Windows
March 11, 2004 -
Seeds of destruction
January 15, 2004 -
A 20-year plague
November 25, 2003 -
Decoding the lessons of Slammer
March 4, 2003 -
Microsoft wants Internet safe for .Net
November 7, 2001 -
Microsoft attempts to allay security fears
October 3, 2001
Bill Gates and company apparently took up the challenge. On Friday, Microsoft released to PC manufacturers Windows XP Service Pack 2, an update aimed at locking down customers' computers. SP2 took more than nine months to complete and contains significant security changes to the flagship operating system.
What's new:
The release of SP2, Microsoft's security-conscious update to Windows XP, comes a year after the MSBlast worm tormented PC users.
Bottom line:
The update pulls together lessons learned from major attacks on Microsoft software. Whether it will make computers as secure as customers expect it to remains unclear.
Microsoft's overhaul of the software underwent a fast shift in direction--from a focus on features to an overwhelming concentration on security--after the rapid spread of MSBlast last summer threw doubt on the operating system's protections.
The worm compromised more than 9.5 million Windows PCs by exploiting a flaw in the software that not many customers had actually patched, even though Microsoft had made a fix available.
"This time last year was a really exciting time," said Amy Carroll, director of product management in Microsoft's Security Business and Technology Unit. "There wasn't a lot of sleep involved."
The MSBlast worm hit the Internet on Aug. 11, 26 days after Microsoft published a patch for the vulnerability that the worm used to spread. But many Windows users failed to vaccinate their systems, even though there was widespread expectation that a virus would emerge from the security hole. The result: The malicious program caused enough havoc to play some part in a major power failure that affected as many as 50 million homes in the United States and Canada, though it did not cause the outage.
A year later, the release of SP2 means that Carroll and her Redmond cohorts may get at least a few hours more winks. Through changes to the Windows XP code and configuration, the update adds better security to the operating system's handling of network data, program memory, browsing activity and e-mail messages.
Hard lessons
Major virus incidents drive Microsoft to kick-start security initiatives.
INCIDENT
July to September 2001: Code Red worm and Nimda virus grab headlines.
RESPONSE
October 2001: Microsoft creates Strategic Technology Protection Program and three months later launches the Trustworthy Computing Initiative.
INCIDENT
January 2003: Slammer spreads using a six-month-old flaw.
RESPONSE
June 2003: Microsoft revamps security updates, focuses on convincing customers to patch their systems and finds other ways to protect unpatched customers.
INCIDENT
August 2003: MSBlast echoes across the Web.
RESPONSE
October 2003: Microsoft changes its next Windows XP service pack to focus on security.
August 2003: Microsoft kicks off a "Protect Your PC" campaign.
October 2003: The software maker starts a fund aimed at rewarding people who help locate and prosecute virus writers.
Source: CNET News.com
Some security companies are tentatively hopeful that the XP software fix will bolster security in the average PC.
"It is probably too early to say whether SP2 will meet its promise," said Alfred Huger, senior director of engineering at Symantec, a security company. "That said, it's a great step in the right direction. We still have all the same fears as before, but we are in a better place to deal with them."
Those that install the update will be better protected against MSBlast-type network worms. The security revamp has multiple layers of redundancy that would have stopped MSBlast and the more recent Sasser worm from spreading, Microsoft's Carroll said.
For example, the flaw in the Remote Procedure Call (RPC) component in Windows that allowed MSBlast to spread has now been fixed, she said. Even if it hadn't, SP2 has an automatic update feature that would have installed the Microsoft patch before MSBlast propagated. Then, if a user turned off that update feature, SP2's improved firewall would have blocked the worm. And if the firewall had been turned off, Microsoft has changed the way that Windows XP interacts with such viruses, so that MSBlast's attempts to infect computers would have failed.
"There is a whole cascade of defenses that make the operating system more resilient overall," Carroll said.
Now Microsoft has to persuade consumers and corporate network administrators to apply the SP2 changes. The company has repeatedly learned that customers are less than assiduous about applying updates to their systems. The Slammer worm, which exploited a 6-month-old security hole in Microsoft SQL Server, spread widely because many companies failed to patch the flaw during that half-year.
"This is the most secure version of Windows that we have shipped yet," said Carroll, who issued a plea for customers to apply the patch. "That said, it is not a 'silver bullet,' and we are doing a lot of other things to address security."
Complicating matters, the update could cause problems with corporate homegrown applications, Microsoft has acknowledged. IBM, for one, has told employees to wait for the go-ahead from management before installing the update. To allow companies time to test how the update will affect their users, Microsoft has published a tool to enable businesses to block people from downloading and installing the update.
Giving companies a choice is one of the lessons learned by Microsoft. A handful of major worm and virus attacks in the past three years have taught the software giant that security is not simple. The result is that the company pushes for security on multiple fronts.
 | ||||
| | | ||
| Special coverage 'MSBlast' echoes across the Net  The Internet worm exploits a widespread Windows flaw. | | ||
| | ||||
| | ||||
The Code Red and Nimda worms led the company to embark on its 10-year Trustworthy Computing initiative, designed to focus Microsoft employees on building better security into products and on improving customer response. The Slammer worm convinced the software giant to stress patching and to find ways to defend systems that are not patched. And the MSBlast worm helped lead Microsoft to create Service Pack 2 and to finance a reward program for informants who help pinpoint virus writers.
Although it is harder to create network worms that can penetrate Windows XP SP2's defenses, it can be done, Symantec's Huger warned.
"It would stop the old MSBlast. I don't know if it would stop a new one," he said. "This isn't the end of the network worm, but it makes more sense (for attackers) to focus on other methods."
Security researchers are already picking apart SP2, looking for flaws. Thor Larholm, a senior security researcher with PivX Solutions, downloaded the software last Friday and continues to analyze it. The true test for the update will likely come in the next few months, once those researchers' efforts bear fruit.
"Give it a few weeks, or a few months, and you will see the first vulnerability announcements regarding Service Pack 2," Larholm said.
Of course, not all hackers are poor ignorant kids... some are intelligent criminals. Either way, I agree that they should be locked up.
Microsoft. Sound familiar? That line has been on every MS
install screen since Win95. When are all you yahoos going to
wake up and use something else? SP2 will be just as buggy as
all its predecessors.
Something interesting about the article you obviously failed to pick up on... all of those vulnerabilities were patched before the exploit was released. Just as with any other operating system, staying current helps keep you safe. Microsoft fixed their bugs before there was ever a problem. Good work on their part. Infections were caused by user negligence.
Personally, I would rather use a system that has shown continual improvement, year after year, for more years than Linux, the OS prefered by hackers, has even been alive. I also prefer to use a commercial product that keeps myself and my company shielded from intellectual property violation litigation.
You should spend some time researching bugs for real. Get away from slashdot and CNet... check out CERT. You'll probably be surprised when you compare the number of known bugs in Windows to Linux.
8^)
Robert
disks
how can you fix it Microsoft sell systems witout the boot
disks
- Windows will always be vulnerable
- by audiophile7 August 12, 2004 5:01 PM PDT
- Microsoft should redesign Windows from zero. They keep making updates and making changes to the actual structure of Windows, so, new bugs and worms are going to appear. They need to REDESIGN Windows and maybe that way is the way that they are going to stop worms and virus for a while.
- Like this Reply to this comment
-
-
- I agree...
- by August 13, 2004 11:55 AM PDT
- I agree. I also think that Longhorn is going to be close to this, which is part of the reason it is taking so long.
- Like this
-
(14 Comments)Part of the problem is that they core of Windows is so old and out of date that they just keep slapping basically one coat of makeup after another on an old dead corpse hoping to pass it off as fresh and alive.
Photoshop is the same way. It is way past time that Adobe just bite the bullet and start over so that they can do things like live filters, saving history as an action, etc.
I think the problem is that companies are terrified to do this. They see it as a very expensive nightmare and that is something they don't really want.
I also think that no matter what computer software is always going to have problems. Hell even little cell phones are turning out to be unsecure, we are seeing virii coming out for them now. I also think that Microsoft has some of the buggiest stuff around, but they do seem to be getting better. Security aside Windows XP has been the most reliable version of Windows todate and I expect Longhorn to be better, that is if it ever ships.
Robert