Overall, the service pack is reducing the number of things turned on in Windows XP unless the user decides they need to be turned on. The adjustment means the operating system now ships "following the idea of least privilege. The surface for attack has been made as small as possible," because viruses, worms, and other exploits often find a way into a system through little-used but open features, Devenuti said.
In the meantime, Microsoft is working on additional security features for Windows, but customers will have to wait until 2007 for the Longhorn version of Windows to appear. One is to include "behavior blocking," or a self-monitoring feature in Windows that can tell when the machine is being put to use outside a range of normal patterns.
"We know using Notepad to send E-mail to everybody in the address book is not normal. Block it. The machine will remain infected but it won't have a chance to infect everyone else's," noted Devenuti.
Microsoft is in the process of simplifying its method for updating its software. "Right now, we have eight different flavors of updates. We're moving to only two, one for operating systems and one for applications," he said.
Microsoft will also seek to reduce the size of updates and build in a rollback capability so that customers may install them more quickly, and return to an earlier version if something goes awry. Many IT organizations hesitate to install security patches or updates without extensive testing against existing systems to make sure the additions won't disrupt their operations, Devenuti said, adding that, "Customers have told me 'the medicine has got to be less painful than the disease.'"