Internet Explorer to block pop-ups by default

By Matt Whipp

Posted on 16 Dec 2003 at 12:45

Microsoft has outlined its security strategy over the next year and confirmed that Windows XP Service Pack 2 will block pop-ups by default.

Service Pack 2 will be out in beta before the end of the year, with a final release in the first half of 2004. It will also contain an improved Firewall, which will be turned on by default and will boast an improved user interface to allow finer tweaking. It can also be administered centrally from within corporate networks.

The pack will block HTML email from downloading images by default and attachments in email and Windows Messenger will have limited permissions when run.

In a bid to tackle some of the security holes that have been taken advantage of by virus writers, Microsoft will also reduce the permission associated with RPC and beef up the DCOM infrastructure. Viruses such as Blaster made full use of weaknesses in these technologies when it rampaged across the Internet last August.

Similarly the buffer overruns which are the frequent subject of critical updates from Microsoft will be better defended, using technologies such as 'No Execute' where certain processors are able to distinguish between application code and data and can choose not to execute code that a virus inserts.

Microsoft has also outlined the first service pack for Windows Servr 2003, which will contain security templates based on the role to which the server is put ie an email server will have different security requirements than a print server. Further tools will allow the scanning of remote computers that connect over VPN or wireless routes before letting them on to the network.

By the end of next year, Microsoft says it will made a number of improvements to its patching systems. Firstly, there will be just two patch installer: one for the Windows system and legacy apps and one for the current generation of applications. There will also be only one patch scanning engine so that users won't get inconsistent results.

Patches will be smaller: only the changes to files will be included, not the entire file that needs fixing. Reboots will be reduced, with Windows Server 2003 getting hot patching - allowing it to update server components on the fly. However, the monthly patch releases may well include one that requires a reboot, so the difference here may be less noticeable.

Microsoft says it has extended the internal testing mechanisms to improve the quality of patches and by mid 2004 promises that nearly all patches will be able to be rolled back after installation.

Finally, Microsoft will host all its patches at a single point: Microsoft update. Corporates will also be able to 'mirror' the content of Microsoft Update inside the company network.

Microsoft will also focus on providing further resources such as step by step guides, security seminars and monthly security webcasts.