Microsoft Preps Release Candidiate 2 Of Windows XP SP2 For Mid-May

During the company's April security briefing, Rebecca Norlander, Group Manager of Microsoft's Security Business and Technology Unit, gave a demonstration of the much-anticipated service pack and said the company is considering adding spyware capabilities to a future version of Windows and/or service pack.

While noting that the next major release candidate will be available next month, Norlander advised solution providers and customers to hold off on full corporate deployment until the Windows XP SP2 code is finalized. Partners and customers were also advised to apply the forthcoming Windows updates to remote PCs and laptops, and on edge severs, to reap the most benefit of the new features.

Norlander also said Microsoft is working closely with third-party antivirus and firewall software vendors to ensure compatibility of those applications with the new Windows Security Center in Windows XP SP2, and is roughly 70 percent complete on the antivirus front. "We have published that [we'll have] RC2 in mid-May, and we're still targeting the first half for this year," she said.

As it preps for the next milestone, however, Microsoft executives were less forthcoming about the release of Windows Update Services, formerly Software Update Services 2.0, and the Windows Server 2003 Service Pack 1, which also has major security features for the Windows server.

Mike Nash, corporate vice president of the Security Business and Technology Unit, said only that the Windows Update Services would be released to manufacturing during the second half of 2004. Last month, Nash acknowledged a delay in the planned release of SUS 2.0 to the second half of 2004. The patch management software for the Windows server was originally planned for the first half of 2004.

He stressed that Windows XP SP2 remains on schedule but all depends on customer feedback. "We're targeting the first half of this year," said Nash, during the hour-long briefing. "The only reason that would change is customer feedback."

One security analyst said the Windows XP SP2 is solid, but the testing process needs to be considerable given the wide number of new features in the security pack and the need for the Windows update to be tested against numerous third-party products. "Overall, it is pretty solid. But the issue may not be how solid it is. The patches, for example, are well-tested. The issue is the number of changes that it makes [to Windows XP]. Because of the number of changes and the nature of changes, such as turning on the firewall by default, this service pack needs to be tested as if it was a new release, to ensure that all the application compatibility and other issues are uncovered, and administrators understand the implications of the improvements," said Michael Cherry, an analyst at Directions on Microsoft, a newsletter in Kirkland, Wash.

In the meantime, Microsoft is making available new prescriptive security guidance and training to partners and customers. Executives said the company has 123 best-practice guidance documents on its security site as of April, up from 17 security documents last November, as well as 28 checklists, three free e-learning security clinics and 59 how-to guides.