New hope for Windows

The Microsoft executives were out in force at the RSA security conference last week. In meeting after meeting, they told the press (who dutifully passed the news along to you) about significant new security enhancements being developed for Windows XP Service Pack 2.

This major upgrade to the current version of Windows includes some completely new security features, some features that are improved over earlier versions, and some features that are supposed to make machines with SP2 play better in the enterprise.

One of the most talked-about new features is the embedded firewall that will come with Windows XP. While this OS already has a personal firewall built-in, it’s not particularly useful, and it’s not enabled by default. Many, perhaps most, users don’t even know it exists. This will change with the new upgrade; the firewall will be enabled by default, and Microsoft says it will be improved over the current version.

There are those that dispute how much of an improvement this will be. Fred Felman, vice president of marketing at Zone Labs, says Microsoft is leading users into a false sense of security with a firewall that doesn’t protect as it should.

Microsoft, for its part, does note that many users (especially in the enterprise) will want something more robust. But the director of Microsoft’s Security Business Unit, Amy Carroll, points out that having a working firewall that’s turned on and in use is a lot better than not having one at all.

And that appears to be the story for the changes in the works for SP2. None of them are the ultimate security solution, but the changes that are coming — from the ability to manage the firewall and the new Windows security center remotely to the new OS hooks for better integration of anti-virus and other third-party security products — are intended to improve Windows’ overall security picture.

That’s what we should expect, at least. The new security initiative was introduced a year ago, and the company undertook a massive effort to fix Windows’ basic security level. But this isn’t a task any company can accomplish overnight. Windows XP is vast and was written during a time when the Internet wasn’t what it is today — changing its direction is akin to steering a supertanker with an oar. It can be done, but it takes a long time before you see any effect.

The fact that we’re seeing an effect after a year is good news. The fact that it’s not perfect is no surprise at all. In fact, it’s safe to say that Windows’ security problems will never be completely solved and that major security changes are unlikely before the launch of the next major version. There are noticeable changes already, though — changes you can see when comparing Windows 2003 Server against 2000 Server. No, it’s not perfect, but the number of significant security issues in 2003 Server so far is far fewer than in the earlier version.

For the enterprise, the release of SP2 is good news indeed, but remember, it’s not a perfect solution. You still need to manage your Windows security as you have in the past. It may just be a little less intense and a little easier to integrate than what you’re used to.