In 2004 Microsoft will release Win XP SP2 (this will be a free download). It will not only contain bugfixes, but also some changes to make it more secure:
- Network protection. These security technologies will help provide better protection against network-based attacks, like Blaster, through a number of innovations, including enhancements to Internet Connection Firewall (ICF). The planned enhancements include turning on ICF in default installations of SP2, closing ports except when they are in use, improving the user interface for configuration, improving application compatibility when ICF is on, and enhancing enterprise administration of ICF through Group Policy. The attack surface of the RPC service will be reduced as well as running in a reduced privilege. The DCOM infrastructure will also have additional access control restrictions to reduce the risk of a successful network attack.
- Memory protection. Some attacks by malicious software leverage software vulnerabilities that allow too much data to be copied into areas of the computer's memory. These vulnerabilities are typically referred to as buffer overruns. Although no single technique can completely eliminate this type of vulnerability, Microsoft is employing a number of security technologies to mitigate these attacks from different angles. First, core Windows components are being recompiled with the most recent version of our compiler technology to help mitigate against buffer overruns. Additionally, Microsoft is working with microprocessor companies to help Windows support hardware-enforced "no execute" (or NX) on microprocessors that contain the feature. NX uses the CPU itself to enforce the separation of application code and data, preventing an application or Windows component from executing program code that an attacking worm or virus inserted into a portion of memory marked for data only.
- Safer e-mail. Security technologies will help stop viruses (such as SoBig.F) that spread through e-mail and instant messaging. These technologies include default settings that are more secure, improved attachment control for Outlook Express and Windows Messenger, and increased Outlook Express security and reliability. As a result, potentially unsafe attachments sent through e-mail and instant messages will be isolated so that they cannot affect other parts of the system.
- Safer browsing. Security technologies delivered in Internet Explorer that will provide improved protection against malicious content on the Web. One enhancement includes locking down the local machine zone to prevent against the running of malicious scripts and fortifying against harmful Web downloads. Additionally, we will provide better user controls and user interfaces that help prevent malicious ActiveX® controls and spyware from running on customers' systems without their knowledge and consent.