Windows XP Service Pack 2: "A victory for the security guys"

Microsoft has hailed Windows XP Service Pack 2 (SP2) as a "victory for the security guys" and its new features have been welcomed by users at the software giant's annual Tech Ed conference in Amsterdam this week.

A test release of SP2 was issued two weeks ago and the final version is expected to be ready sometime in July, although Microsoft is yet to set a firm date for the delayed update.

At a whopping 300MB, the Windows XP update is being touted by Microsoft as another step towards its goal of 'trustworthy computing'. The security enhancements were demonstrated to developers at Tech Ed this week.

Steve Riley, product manager in Microsoft's security business unit at Redmond, acknowledged that SP2 has taken longer than expected to pull together.

"It takes time to finally get this stuff right," he said.

He nicknamed SP2 "Shorthorn" in reference to some of the features that have been added in from the development of Microsoft's next major version of its operating system, codenamed Longhorn.

Riles said: "This is stuff we discovered in the development of Longhorn that we thought we have got to get into the OS now."

Among the changes in SP2: the newly renamed Windows Firewall comes switched on as default and uses only an inbound logging system. Riley said traditional ZoneAlarm and Norton firewall products that ask users to authorise outbound traffic cause too much confusion.

Spyware and pop-up ads are also tackled in SP2 and the title and status bar will now always be visible on the screen to limit the impact of ads that spoof Windows dialogue boxes or take over the whole screen.

Riley said there has been a noticeable increase in "zone elevation" attacks in which secure windows can be navigated to a lower security zone that would leave the information in the hands of attackers.

SP2 is a key part of Microsoft's Trustworthy Computing initiative, which Riley said will take 10 years.

"It's about making the hackers work harder," he said.

silicon.com spoke to a developer at the conference from the University of Southampton who welcomed the security enhancements in SP2.

"It's a huge step forward for preventing Trojans and the firewall is a huge step in the right direction," he said.

On a separate note, this year's Amsterdam Tech Ed has featured much drum-banging - literally. All delegates received a tom-tom drum on the opening day and are encouraged to make a noise when they approve of speakers.