Power User: In '04: better XP, WiFi; more spam
- By John McCormick
- Jan 22, 2004
Look for a major upgrade to the Microsoft Windows XP operating system this year.
As more agencies head toward XP migration, Microsoft Corp. is beta- testing XP Service Pack 2 with recompiled code that Microsoft hopes will eliminate a lot of buffer overrun vulnerabilities as well as other flaws that keep security patchers busy.
If you're about to upgrade to XP, consider delaying until the service pack is out of testing.
Last fall Microsoft began releasing security patches monthly rather than weekly, in part because IT managers simply don't have time to apply patches every week.
XP SP2 will give some protection between the time a vulnerability is reported and the time a manager gets around to patching it.
The Internet Connection Firewall will be enabled by default in this service pack, but with changes to the way ICF handles opening and closing of ports. Adding a service to the so-called white list, available only to the administrator, will automate the port handling. Another change will move the responsibility for closing unneeded ports from applications to the operating system.
SP2 will support the NX or 'no execute' flag present in some CPUs. NX sets aside designated memory spaces for data storage only. Even if malware gets pushed there by a buffer overrun, it won't execute.
Outlook Express' ability to block attachments will be improved, and SP2 will have additional ActiveX controls to block spyware.
Microsoft has said these and other changes will cut the number of patches necessary to protect networks by as much as 80 percent.
High-speed Internet access already is an essential office tool. This year, look for a big push to satellite broadband for mobile users.
For example, the TracNet mobile Internet system is priced at $5,995 plus a monthly fee starting at $99, plus 99 cents per minute. KVH Industries Inc. of Middletown, R.I., sells this mobile satellite antenna and Internet service for up to five users in and around a vehicle using IEEE 802.11b wireless connections. This is the standard DirecPC service with added tweaks such as a rooftop antenna you don't have to align.
For homeland security, disaster response and mission-critical travel, this would be an inexpensive way to equip a mobile unit to bypass local cellular services and land lines.
If you had any doubt that the new federal spam law'the Controlling the Assault of Non-Solicited Pornography and Marketing Act'was mostly an end-run around better state laws, you only have to look in your inbox.
The tried-and-true ADV notice in the subject line wasn't good enough. Can-Spam says the notice can go anywhere in the message'that is, a spammer can comply with the law by placing a small note at the very bottom of a message. By the time you find the notice you've already figured out it was an ad.
By some estimates, businesses'and probably government agencies'spend about $1 per message to deal with spam, which now makes up more than half of all e-mail traffic.
For spammers, Can-Spam is a terrific law. For e-mail users and IT administrators, it's terrible'worse than no legislation at all because it overrides good state antispam laws. John McCormick is a free-lance writer and computer consultant. E-mail him at firstname.lastname@example.org.