Most security issues and virus outbreaks happen because people don't know how to protect themselves or don't bother to do what they know they should. In the latest update to Windows XP, Microsoft is focusing on helping people become more aware of what they need to do, and encouraging them to actually do it, says Ryan Burkhardt, lead program manager for Service Pack 2.
Advertisement
A new test version of SP2, called Release Candidate 1, was made available to beta testers this week, and the completed update will be released in mid-2004, Burkhardt says.
Get the Message
In RC1, if someone receives an e-mail with an .exe attachment, or another file type that's regularly used to spread so-called malware, the message will be identified; then, either the message is blocked or the recipient must confirm that they want to open it, Burkhardt says, speaking at the Cebit trade show here.
The AES (Attachment Execution Services) API is a public application programming interface that lets developers add attachment security to their e-mail client and browser applications. In Outlook Express, Burkhardt says, file types known to be dangerous will be blocked and an explanation given to the user. The user will be given a choice of whether to open suspicious but less-dangerous file types.
Developers of other software, such as Qualcomm's Eudora e-mail software, may decide to block different file types, or to block none but prompt users with a warning for each, Burkhardt says.
Also, Outlook Express will no longer download graphics and other external content in HTML by default, as these can be used to validate e-mail addresses. "If the sender is not in the user's contact list, [the content] will be treated as potentially unsafe" and will not be displayed, Burkhardt says.
Already Available
Many of the security aspects now being released have been included in XP ever since it was first launched, but were turned off by default, Burkhardt says. "The climate was different then; there were fewer attacks, and fewer people had broadband," he says.
Users often make halfhearted attempts to ensure security but don't follow through, Burkhardt says. Many users, for example, have chosen to automatically download updates, but not to automatically install them, he says. "And then they don't install them themselves; that's what happened with Sobig--a lot of people had downloaded the updates, but hadn't installed them," he says. To try to solve this, when users are setting up their PC a new prompt will appear to explain the benefits of automatic downloads and installation, and to encourage them to use it, he says.
The background download service has also been adapted to help users on slower connections. The download speed will be scaled to suit what the user is doing, speeding up and using the available bandwidth when the user is simply reading e-mail, for example, and slowing down when the person is more actively using the bandwidth, such as when they surf the Internet, Burkhardt says.
Windows' firewall will now be turned on by default, and Windows Messenger will be turned off.
In another move that will cheer Web surfers, RC1 will also include a pop-up advertisement blocker, turned on by default. This tool was already included in the first beta version of SP2 but was turned off by default, Microsoft says.
Source:
http://www.pcworld.com/news/article/0,aid,115278,00.asp
Threaded Mode
