J
John R. Sellers
By Paula Rooney Courtesy of CRN
Microsoft plans to make available Release Candidate 2 of Windows XP Service
Pack 1 in May in preparation for final availability during the first half of
2004, company executives said during a briefing on Tuesday.
During the company's April security briefing, Rebecca Norlander, Group
Manager of Microsoft's Security Business and Technology Unit, gave a
demonstration of the much-anticipated service pack and said the company is
considering adding spyware capabilities to a future version of Windows
and/or service pack.
While noting that the next major release candidate will be available next
month, Norlander advised solution providers and customers to hold off on
full corporate deployment until the Windows XP SP1 code is finalized.
Partners and customers were also advised to apply the forthcoming Windows
updates to remote PCs and laptops, and on edge severs, to reap the most
benefit of the new features.
Norlander also said Microsoft is working closely with third-party antivirus
and firewall software vendors to ensure compatibility of those applications
with the new Windows Security Center in Windows XP SP2, and is roughly 70
percent complete on the antivirus front. "We have published that [we'll
have] RC2 in mid-May, and we're still targeting the first half for this
year," she said.
As it preps for the next milestone, however, Microsoft executives were less
forthcoming about the release of Windows Update Services, formerly Software
Update Services 2.0, and the Windows Server 2003 Service Pack 1, which also
has major security features for the Windows server.
Mike Nash, corporate vice president of the Security Business and Technology
Unit, said only that the Windows Update Services would be released to
manufacturing during the second half of 2004. Last month, Nash acknowledged
a delay in the planned release of SUS 2.0 to the second half of 2004. The
patch management software for the Windows server was originally planned for
the first half of 2004.
He stressed that Windows XP SP2 remains on schedule but all depends on
customer feedback. "We're targeting the first half of this year," said Nash,
during the hour-long briefing. "The only reason that would change is
customer feedback."
One security analyst said the Windows XP SP2 is solid, but the testing
process needs to be considerable given the wide number of new features in
the security pack and the need for the Windows update to be tested against
numerous third-party products. "Overall, it is pretty solid. But the issue
may not be how solid it is. The patches, for example, are well-tested. The
issue is the number of changes that it makes [to Windows XP]. Because of the
number of changes and the nature of changes, such as turning on the firewall
by default, this service pack needs to be tested as if it was a new release,
to ensure that all the application compatibility and other issues are
uncovered, and administrators understand the implications of the
improvements," said Michael Cherry, an analyst at Directions on Microsoft, a
newsletter in Kirkland, Wash.
In the meantime, Microsoft is making available new prescriptive security
guidance and training to partners and customers. Executives said the company
has 123 best-practice guidance documents on its security site as of April,
up from 17 security documents last November, as well as 28 checklists, three
free e-learning security clinics and 59 how-to guides.
Microsoft plans to make available Release Candidate 2 of Windows XP Service
Pack 1 in May in preparation for final availability during the first half of
2004, company executives said during a briefing on Tuesday.
During the company's April security briefing, Rebecca Norlander, Group
Manager of Microsoft's Security Business and Technology Unit, gave a
demonstration of the much-anticipated service pack and said the company is
considering adding spyware capabilities to a future version of Windows
and/or service pack.
While noting that the next major release candidate will be available next
month, Norlander advised solution providers and customers to hold off on
full corporate deployment until the Windows XP SP1 code is finalized.
Partners and customers were also advised to apply the forthcoming Windows
updates to remote PCs and laptops, and on edge severs, to reap the most
benefit of the new features.
Norlander also said Microsoft is working closely with third-party antivirus
and firewall software vendors to ensure compatibility of those applications
with the new Windows Security Center in Windows XP SP2, and is roughly 70
percent complete on the antivirus front. "We have published that [we'll
have] RC2 in mid-May, and we're still targeting the first half for this
year," she said.
As it preps for the next milestone, however, Microsoft executives were less
forthcoming about the release of Windows Update Services, formerly Software
Update Services 2.0, and the Windows Server 2003 Service Pack 1, which also
has major security features for the Windows server.
Mike Nash, corporate vice president of the Security Business and Technology
Unit, said only that the Windows Update Services would be released to
manufacturing during the second half of 2004. Last month, Nash acknowledged
a delay in the planned release of SUS 2.0 to the second half of 2004. The
patch management software for the Windows server was originally planned for
the first half of 2004.
He stressed that Windows XP SP2 remains on schedule but all depends on
customer feedback. "We're targeting the first half of this year," said Nash,
during the hour-long briefing. "The only reason that would change is
customer feedback."
One security analyst said the Windows XP SP2 is solid, but the testing
process needs to be considerable given the wide number of new features in
the security pack and the need for the Windows update to be tested against
numerous third-party products. "Overall, it is pretty solid. But the issue
may not be how solid it is. The patches, for example, are well-tested. The
issue is the number of changes that it makes [to Windows XP]. Because of the
number of changes and the nature of changes, such as turning on the firewall
by default, this service pack needs to be tested as if it was a new release,
to ensure that all the application compatibility and other issues are
uncovered, and administrators understand the implications of the
improvements," said Michael Cherry, an analyst at Directions on Microsoft, a
newsletter in Kirkland, Wash.
In the meantime, Microsoft is making available new prescriptive security
guidance and training to partners and customers. Executives said the company
has 123 best-practice guidance documents on its security site as of April,
up from 17 security documents last November, as well as 28 checklists, three
free e-learning security clinics and 59 how-to guides.