News

The shifting sands of Windows

• By Mike Gunderloy
• February 26, 2004

It's no particular secret that Microsoft is testing Windows XP Service Pack 2, and getting ready for a planned mid-year release. But if you're a developer, you know there's more to a new Windows release than tweaked functionality, bug fixes, and new features. There's also the inevitable list of things that won't work the way that they used to. With each new release of Windows, developers around the world cross their fingers that their own code won't end up on the "broken" list.

With this release, Microsoft is doing a better-than-before job of getting the word on changes out early. Already you can hop over to MSDN and read the 25,000-word preliminary version of Changes to Functionality in Microsoft Windows XP Service Pack 2. Though the document doesn't (yet?) cover all of the changes that are coming in this service pack, it does run through the most important category of changes: security tightening.

Depending on what your applications are doing, you might want to read this document pretty carefully. In particular, RPC and DCOM security is significantly tightened in SP2. If you're using either of these technologies to cross machine boundaries, particularly if you're not authenticating everything, you'll likely need to change code - or face sudden breakages when your users install SP2.

Of course, these changes aren't being put in place just to make your life difficult. Blocking promiscuous RPC and DCOM (as well as turning on the Internet Connection Firewall by default, securing IE scripting, and other changes) are aimed at trying to cut down the "threat surface" of this version of Windows. The less ways there are for remote code to do really bad things, the thinking goes, the less chance of a future worm or virus ripping through your system, even if you don't keep up with patches on the machine.

It's frustrating for developers when Microsoft changes the rules in the middle of the game. Depending on how far back you go, you've probably already seen this in action with five or ten or more versions of Windows. But in this case, I'm all for the changes, even if they break some applications. It's about time we saw some concrete action out of the Trustworthy Computing initiative, and tightening security on the end-user version of the operating system is a good place to start.

For more information on changes in SP2, visit the MSDN Windows XP Service Pack 2 - Security Information for Developers page at the Microsoft Security Developer Center.