Expect the release of Windows XP Service Pack 2 (SP2) Release Candidate 2 (RC2) this week, unless yet another security-oriented emergency sets back the oft-delayed release. Sources tell me that Microsoft is already deploying XP SP2 RC2 internally and that the company gave beta testers the code late last week. However, a recent spate of "extremely critical" flaws in Microsoft Internet Explorer (IE) 6--which also affect the supposedly ultra-secure IE version in XP SP2--might ultimately push back XP SP2 RC2 yet again. If that happens, the delay would be the third major postponement of this product.
XP SP2 has followed a winding, seemingly never-ending path since its inception more than a year ago, when Microsoft designed the product to be a simple collection of bug and security fixes. But after the MyDoom and Sasser electronic attacks late last summer, Microsoft Group Vice President Jim Allchin, in a story that's quickly becoming as apocryphal as Chairman and Chief Software Architect Bill Gates's supposedly instant conversion to the Internet in 1995, announced to the troops that he had had enough. Microsoft subsequently pulled back SP2 from its humble origins and infused the product with a bevy of security-oriented technologies originally slated for Longhorn, the next major Windows release.
These technologies include a new always-on Windows Firewall; a Security Center dashboard; integration with third-party firewall and antivirus tools; more secure versions of IE, Microsoft Office Outlook Express, and MSN Messenger; and several under-the-hood enhancements. Such a major change to SP2 necessitated delays, and Microsoft backpedaled the release to the first half of 2004 so that developers could make the changes. However, last month, after releasing XP SP2 RC1, Microsoft revealed that it would delay SP2 until sometime this summer, closer to the company's XP Reloaded midlife XP marketing campaign.
Whether the company can hit even that date is unclear. XP SP2 RC2, originally due in June, has slipped several times, and last week's reports about four dangerous new IE vulnerabilities had Microsoft security watchdogs scrambling. Adware companies are already exploiting some of those flaws to launch unwanted pop-up ads on user systems, and some people worry that the vulnerabilities can be used to deliver far more dangerous payloads. Microsoft is reportedly working on an emergency fix for these problems that the company will release outside its usual monthly security releases.
In the meantime, Microsoft recommends that users practice so-called "safe browsing," and the company has posted instructions for doing so on its Web site (see the URL below). Among other suggestions, the site advises users to set IE's security level to High. However, my advice is to skip IE altogether and look for an alternative. I personally use the Mozilla Foundation's Mozilla Firefox (which is free and under constant development); Opera Software's Opera 7.51 is also quite good. Both browsers are safer than and offer much more functionality than IE.
Increase Your Browsing and E-Mail Safety
Mozilla Firefox 0.8
Opera 7.5.1