Complete code review fends off attacks, claims company
Network IT Week, 06 Sep 2001
Microsoft has said it has stamped out buffer overflows with the upcoming release of Windows XP. Jim Allchin, vice president, claimed the company has done a complete code review of its operating system and removed all buffers which could overflow.
Deliberate buffer overflows have become a common method of attack for hackers who send extra data containing code to trigger certain actions.
The Code Red worm exploited a buffer overflow flaw in the indexing service DLL of Microsoft's IIS web server. The server, which uses beta versions of Windows XP, was among those vulnerable to Code Red buffer overflows.
But developers have questioned whether it is possible to remove all buffer overflows as not all are easily visible, especially in a complex operating system such as Windows XP.
Jon Collins, head of research at Sundial Consultancy, questioned the wisdom of such a definite statement by Microsoft. "It is a surprisingly definite announcement, similar to saying that the company has tested 100 per cent of its code," he said.
"XP is essentially a merger of NT and 95 in root forms, and both systems don't withstand change well. They need a clean install to operate efficiently. If Microsoft has done it, it's a great achievement," he added.
In the wake of the Court of Appeals decision, Microsoft chairman Bill Gates said the company will roll forward with its aggressive new initiatives in the PC and web markets, including the launch of its upcoming operating system, Windows XP, on 25 October.
Microsoft has dropped plans to include Smart Tags in Windows XP after realising that the technology would not be ready in time for the operating system's 25 October launch.
First Looks Editor Ian Williams gets hands on with the Sony Ericsson Xperia X1
Google's announcement this week that it plans to step into...
Do you agree?
Have your say on this article