Microsoft execs have demoed some of the new security features available in the much-hyped Windows XP Service Pack 2 update, but were faced with a barrage of questions over how it will interact with commercial anti-virus and firewall programs.
Speaking at the company's monthly Executive Circle webcast, Mike Nash, corporate VP of the Security Business and Technology Unit (SBTU) showed off new features to simplify the management of security technology like anti-virus and desktop firewalls, and to protect users from malicious e-mail attachments.
Nash also summoned other security group executives to talk about the company's plans and to field questions from customers curious about whether the new version of XP will interfere with network and desktop security products that are already being used.
Rebecca Norlander, group manager for the SBTU, spoke with Nash and confirmed that a second test version of Service Pack 2, known as Release Candidate 2 (or RC2) will be released in May, and that the final version of XP Service Pack 2 (SP2) is still on schedule for the first half of the year. More release candidates are possible after the RC2 release, depending on customer feedback, Norlander said.
Demonstrating XP SP2 for Nash, Norlander displayed the new Windows Security Center, which consolidates security configuration information, and displayed features in the Outlook e-mail client that will strip out malicious attachments or warn users when unknown and potentially harmful programs are trying to run.
In a question-and-answer session, Nash and Norlander responded to frequent queries from customers, submitted electronically, about how third-party anti-virus products and firewalls would work with the new Windows version.
A query from someone named "Pablo" asked Norlander whether the Windows Firewall will work with common third-party firewalls like those by Network Associates and Zone Alarm. Microsoft is working hard on compatibility testing, but it is ultimately up to customers to make the Windows Firewall run alongside another firewall product, Norlander said.
Microsoft encourages all XP customers to run the new version of the Windows Firewall so they can benefit from boot time security, a new feature in XP SP2 that protects Windows systems from attack while they are booting, she said. Customers who encounter compatibility problems between the Windows firewalls and other firewalls should report them to Microsoft and to the firewall vendor, she said.
A similar question was asked about whether third-party antivirus products automatically appear in the new Security Center. Microsoft responded that the company expects around 70 percent of commercial anti-virus products to be recognized by Windows XP SP2 and to appear in the new Security Center management interface when XP SP2 is released.
Customers who experience problems with their existing anti-virus package were also told to contact Microsoft and the anti-virus vendor and report the problems.
Asked whether new security features make desktop anti-virus and firewall products unnecessary, Nash said that companies should understand what security features are in Windows XP SP2 and to "evaluate your security products to see what's right for your environment," but that Microsoft is working to make Windows interact with and manage a variety of third-party products.
There has been speculation within the information technology community that Microsoft's tougher stance on security in XP SP2 might cause some applications to stop working. In an interview with IDG News Service in March, a Microsoft product manager warned that changes to default settings in Windows XP SP2 could affect the way older applications run.
Microsoft is reaching out to developers and large software vendors with training courses to discuss the impact of XP SP2 on existing applications and help making software applications compatible with the new version of XP, Microsoft said.
Nash and others encouraged Microsoft customers to download and test the first test release of Windows XP SP2, and to report any problems they encounter to the company.