Microsoft enlists developers in security push

To encourage use of the security features in Windows XP SP2, the company is preparing a midyear release of service packs for its core developer products: Visual Studio.Net and the .Net Framework.

Martin LaMonica Former Staff writer, CNET News

Martin LaMonica is a senior writer covering green tech and cutting-edge technologies. He joined CNET in 2002 to cover enterprise IT and Web development and was previously executive editor of IT publication InfoWorld.

See full bio

Martin LaMonica

March 3, 2004 3:06 p.m. PT

2 min read

Microsoft is preparing updates to its programming tools that will be released in tandem with Windows XP Service Pack 2, a security-oriented release due out later this year.

The company is building service packs for its Visual Studio.Net 2003 development tool and the .Net Framework--the software plumbing, or "runtime," needed to run Web services applications on Windows, a Microsoft executive told CNET News.com. The changes, which are designed to guide developers on how to use the latest security features, are slated for release around the middle of the year, which is when Microsoft plans to ship Windows XP SP2.



		Get Up to Speed on... Enterprise security Get the latest headlines and company-specific news in our expanded GUTS section.

"We're going to aim to have the release of (Windows XP SP2 and the tools service packs) as close as possible. Ideally, they'll come out together," said Tony Goodhew, product manager in Microsoft's developer division.

The tools service packs will help developers determine whether existing applications need changes to run on the update to Windows XP. It is also meant to encourage developers to exploit the planned security features, Goodhew said.

In conjunction with the updated tools, Microsoft is offering free Web-based training and documentation on its developer Web site, which describes the implications for developers of the security changes in Windows XP SP2. This is the first time the company has offered free training related to a service pack, the company said.

Last week, Microsoft Chairman Bill Gates detailed changes that will be found in Windows XP Service Pack 2 to provide better security for desktop PCs applications, such as the Internet Explorer Web browser and Outlook e-mail program. The company has enhanced its firewall and made changes in how Windows interacts with a computer's memory to prevent "buffer overruns," a technique commonly used by malicious hackers.

Goodhew said that providing service packs for Visual Studio.Net and the .Net Framework is important to adding security to Windows desktop applications across the board, not only those written by Microsoft.

"We realize that security is a developer issue. It's not just us--it's an industrywide thing. We want to be good citizens in making our own software more secure and (also) assist our customers--developers--to write more secure applications," he said.

As the operating system, browser and e-mail get more secure, hackers will turn their attention to other applications, Goodhew noted. For example, the Slammer worm, which caused widespread disruption last year, exploited a vulnerability in Microsoft's SQL Server database, which runs on server computers, he said.