Where is the Windows 2000 Service Pack?
With the release of Service Pack 2 for Windows XP, Microsoft has taken a significant step toward removing the security holes and insecure configurations that have made Windows such an easy target for malicious hackers and scammersbut only for 10 percent of Windows users.
Click here to read eWEEK Labs review of Service Pack 2.
For the 90 percent of Windows users who dont run Windows XP, there is no improved default configuration ridding the system of unnecessary services that are tempting targets for attackers. There is no greatly improved firewall protection. And, worst of all, there is no new version of Internet Explorer, one of the main causes of security problems in Windows (and there likely never will be).
Microsoft officials say those who want these improvements should upgrade to Windows XP. But there are many companies that have only recently completed their migrations to Windows 2000 and dont have the stomach (or budget) to start a wholesale move to XP.
And, really, the improvements in XP SP2 are fixes, not new features. Theyre more analogous to the faulty tires Ford replaced on its Explorer SUVs than to a new drive train.
And, come to think of it, imagine if Ford tried to get away with Microsofts business model. If Ford rolled out a vehicle whose doors wouldnt lock and whose engine was susceptible to remote takeover, the company would have to recall and fix every affected model, not just the most recent one.
Of course, when it comes to software, vendors are never responsible for any of the problems they cause (thanks to the one-way "contracts" known as EULAs). So, basically, Microsoft gets applauded for doing something instead of nothing.
I certainly wont give Microsoft a hand for leaving 90 percent of its user base out in the cold. I dont think thats a good way to do business or earn customer loyalty.
If Microsoft wants to address Windows security problems effectively and keep the majority of its customers happy, it should release a service pack for Windows 2000 similar to XP SP2. This would greatly improve the security of a big chunk of the Windows user base, especially on the corporate side. And because the underlying architectures of Windows 2000 and Windows XP are nearly identical, this shouldnt be tough to do.
Such a service pack would improve Windows security and reliability for many more Windows systems than XP SP2 will. In addition, it might actually serve Microsofts goal of getting companies to upgrade from Windows 2000that is, companies would be more apt to upgrade if they saw that Microsoft isnt giving users of previous-generation operating systems the short end of the support stick.
By far, however, the most significant thing Microsoft can do to improve security is to start offering new versions of IE for all Windows systems, not just in new Windows versions.
Some suspect Microsoft is already taking this step. There has been evidence that IE development is being ramped up within Microsoft, such as some personnel reorganization into IE groups and the starting of blogs by key IE developers.
But if Microsoft does plan to release a new stand-alone version of IE, it sure is doing a good job of hiding it. In fact, on his blog, IE developer Dave Massy said, "There are currently no plans to release a new version of Internet Explorer prior to Longhorn, when it will be delivered as part of the new OS."
Click here to read a review of the latest Longhorn build.
Lets hope that the word "currently" is the loophole here and that there will be a new IE for all Windows users. Im glad IEs problems are causing it to lose market sharegreater browser diversity will mean developers will write to standards instead of to a single platform.
But IE is still the most widely used browser out there, and an insecure version of IE on that many systems is scary.
If Microsoft really wants to show the world that security is its highest priority for all its products, the company should take care of a lot more of its users.
Labs Director Jim Rapoza can be reached at email@example.com.