Microsoft will turn off Messenger, turn on firewall

Microsoft Corp. will detail plans to disable the Windows Messenger Service and activate the Internet Connection Firewall (ICF) by default on Windows XP machines in an effort to protect computers from malicious attacks, a company executive said Tuesday.

The changes will be described at an informal lunchtime presentation during Microsoft's Professional Developers Conference (PDC) in Los Angeles by Jason Garms, an architect in Microsoft's Security Business Unit (SBU), and are targeted for release in Windows XP Service Pack 2, according to Amy Carroll, director of product management in SBU.

The announcement follows weeks of statements from Microsoft Chief Executive Officer Steve Ballmer and other company executives that the company was looking at ways to increase the ability of Windows to "shield" itself against threats from computer viruses, worms and hackers, rather than relying on other companies' products to do so.

Among other things, Microsoft will announce a new API (application programming interface) for RPCs (remote procedure calls) that limits access to resources on the local machine, Carroll said.

The new API will give developers more tools to control the flow of data to and from Windows applications and apply more specific security policies that cover actions taken by client and server applications, according to Pete Lindstrom, an analyst at The Spire Group LLC.

Security vulnerabilities in RPC and the distributed component object model (DCOM) that Microsoft disclosed in July led to the creation of the W32.Blaster worm, which ravaged corporate networks and home computers worldwide in August.

To address concerns about Web and network-borne attacks that exploit vulnerabilities in its products, Microsoft will be describing plans that it has to strengthen the default configuration of the Internet Explorer Web browser's Local Machine and Local Intranet security zones, Carroll said.

The configuration of those zones controls what actions are and are not permissible when connecting to resources on a user's local network. Microsoft is interested in soliciting developers' feedback about whether the changes are the right approach for security issues, Carroll said.

The company will also be talking about its plan to recompile Windows using new technology that is designed to sniff out security vulnerabilities in the code, Carroll said.

Buffer overruns are a common avenue for attacks against Windows systems, allowing hackers to send long streams of data that cause Windows machines to crash or to unintentionally execute code written by the attacker. On Tuesday, Microsoft will be encouraging developers to take advantage of the same compiler technology in the latest editions of Visual Studio to catch buffer overruns and other problems in their code, Carroll said.

While Microsoft executives hinted at many of these changes in recent weeks, the decision to disable the Windows Messenger Service is new.

The service has been a standard part of Windows operating systems since the introduction of 32-bit operating systems in the mid- 1990s, according to Russ Cooper, Surgeon General of TruSecure Corp. and moderator of the NTBugtraq newsgroup.

Using text commands entered from a command prompt, users can create a pop-up window containing messages on other users' desktops connected over a home network, corporate network or the Internet, according to Richard Smith, an independent security consultant in Boston.