Microsoft has issued significant security enhancements to its operating system software, making the Windows Server 2003 SP1 Release Candidate 1 (RC1) available for download.

The Redmond, Wash., software giant has incorporated several security features in keeping with its promise to deliver customers Trustworthy Computing, a strategy the company instituted in 2002 to help better protect customers' computers from viruses and malicious intruders.

Key upgrades include a Windows Firewall built into the OS that works around each client and server computer on a customer's network. Other key features include Post-Setup Security Updates (PSSU) and the Security Configuration Wizard (SCW), according to John Howard, an engineer for Microsoft UK who discussed SP1 in his blog Tuesday.


"PSSU effectively locks down the computer to stop it being hacked after installation," Howard wrote. "Note that this is only on slipstream installations. The SCW allows you to define the roles for a computer to ensure that the firewall is appropriately configured."

According to an overview of the download on Microsoft's Web site, the main goal of SP1 is to "reduce customer pain centered on server security." The document noted that it is important to refresh Windows with security updates because of the constantly evolving nature of security threats.

The idea is to fend off malicious programmers, some of whom are growing more adept at their work. Microsoft noted that the time between identification and exploitation of security holes is shrinking.

For example, customers had 331 days to install a Windows fix for the Nimda worm, but only 25 days to protect DCOM vulnerabilities exploited by the Blaster worm.

SP1 is just one in a series of steps Microsoft has taken to shore up the defense of its software products. The company has had a bulls-eye on its back for years, with several crackers creating programs that cause its software to short-circuit.

The company has responded by improving security in its most popular products. While it regularly releases software patches each month, SP1 is a broad collection of enhancements and perks that also improve OS reliability and ease administration.

To wit, SP1 includes updates for the Internet Explorer browser to prevent unintentional downloads of malicious code. Changes in Outlook Express let users render e-mail in plain text rather than HTML to stymie the spread of malicious code via e-mail.

To make updates more fluid, Microsoft is offering a Hot Patching feature in Service Pack 1 that allows customers to apply updates to drivers, APIs or any non-kernel level component of Windows Server 2003 without restarting the computer.

After the aforementioned firewall, security updates and configuration wizard, new functionality in SP1 includes stronger defaults and privilege reduction on services such as RPC and DCOM; support in processors from Intel and AMD that prevents malicious code from launching attacks; and support for 64-bit machines.

Available for download at no additional cost to Microsoft customers, Windows Server 2003 Service Pack 1 can be used with a number of Windows server versions. SP1 may be applied to Windows Server 2003 Standard Edition, Windows Server 2003 Enterprise Edition, Windows Small Business Server 2003, Windows Server 2003 Web Edition and Windows Server 2003 Datacenter Edition.