Microsoft aims to save users from themselves in XP update

IDG News Service - Most security issues and virus outbreaks happen because people don't know how to protect themselves or don't bother to do what they know they should. In the latest update to Windows XP, Microsoft Corp. has focused on helping people become more aware of what they need to do and encouraging them to actually do it, Ryan Burkhardt, lead program manager for Service Pack 2, said today.
A new test version of SP2, called Release Candidate 1, was made available to beta testers yesterday, and the completed update will be released by midyear, Burkhardt said.
In RC1, if someone receives an e-mail with an .exe attachment or other file types that are regularly used to spread so-called malware, it will be identified and blocked or the receiver will confirm that he wants to open it, Burkhardt said at the CeBIT trade show in Hanover, Germany. The AES (Attachment Execution Services) application programming interface is a public API that lets developers add attachment security to their e-mail client and browser applications. In Outlook Express, Burkhardt said, file types known to be dangerous will be blocked and an explanation given to the user. The user will be given a choice of whether to open suspicious but less dangerous file types.
Developers of other software, such as Qualcomm Inc.'s Eudora e-mail software, may decide to block different file types or to block none but prompt users with warnings, Burkhardt said.
Outlook Express will also no longer download graphics and other external content in HTML by default because these can be used to validate e-mail addresses. "If the sender is not in the user's contact list, it will be treated as potentially unsafe" and won't be displayed, Burkhardt said.
Many of the security features now being released have been included in XP since it was first launched but were turned off by default, Burkhardt said. "The climate was different then; there were fewer attacks, and fewer people had broadband," he said.
Users often make halfhearted attempts to ensure security. For example, many users choose to automatically download security updates but not to automatically install them, he said. "And then they don't install them themselves. That's what happened with Sobig -- a lot of people had downloaded the updates but hadn't installed them," Burkhardt said.
To try to solve this, users will see a new prompt when setting up their PC that will explain the benefits of automatic downloads and installation, to encourage them to use those features, he said.
The background download service has alsobeen adapted to help users on slower connections. The download speed will be scaled to suit what the user is doing, speeding up and using the available bandwidth when the user is doing something like reading e-mail and slowing down when they are more actively using the bandwidth, such as when they surf the Internet, Burkhardt said.
Windows Firewall will now be turned on by default, and Windows Messenger will be turned off.
In another move that will cheer Web surfers, RC1 will include a pop-up advertisement blocker, turned on by default. It was included in the first beta version of SP2 but was turned off by default, Microsoft said.