The shifting sands of Windows
It's no particular secret that Microsoft is testing Windows XP Service Pack
2, and getting ready for a planned mid-year release. But if you're a developer,
you know there's more to a new Windows release than tweaked functionality, bug
fixes, and new features. There's also the inevitable list of things that won't
work the way that they used to. With each new release of Windows, developers
around the world cross their fingers that their own code won't end up on the
With this release, Microsoft is doing a better-than-before job of getting the
word on changes out early. Already you can hop over to MSDN and read the
25,000-word preliminary version of Changes
to Functionality in Microsoft Windows XP Service Pack 2. Though the document
doesn't (yet?) cover all of the changes that are coming in this service pack, it
does run through the most important category of changes: security
Depending on what your applications are doing, you might want to read this
document pretty carefully. In particular, RPC and DCOM security is significantly
tightened in SP2. If you're using either of these technologies to cross machine
boundaries, particularly if you're not authenticating everything, you'll likely
need to change code - or face sudden breakages when your users install SP2.
Of course, these changes aren't being put in place just to make your
life difficult. Blocking promiscuous RPC and DCOM (as well as turning on the
Internet Connection Firewall by default, securing IE scripting, and other
changes) are aimed at trying to cut down the "threat surface" of this version of
Windows. The less ways there are for remote code to do really bad things, the
thinking goes, the less chance of a future worm or virus ripping through your
system, even if you don't keep up with patches on the machine.
It's frustrating for developers when Microsoft changes the rules in the
middle of the game. Depending on how far back you go, you've probably already
seen this in action with five or ten or more versions of Windows. But in this
case, I'm all for the changes, even if they break some applications. It's about
time we saw some concrete action out of the Trustworthy Computing initiative,
and tightening security on the end-user version of the operating system is a
good place to start.
For more information on changes in SP2, visit the MSDN Windows
XP Service Pack 2 - Security Information for Developers page at the
Microsoft Security Developer Center.
Mike Gunderloy has been developing software for a quarter-century now, and writing about it for nearly as long. He walked away from a .NET development career in 2006 and has been a happy Rails user ever since. Mike blogs at A Fresh Cup.