News article I received via email:
If you're wondering why Microsoft is taking so long to release
Windows XP Service Pack 2 (SP2), wonder no more. The company is
working to back-port various Longhorn security technologies to SP2,
providing a middle ground between XP's default security functionality
and the security features that will be available in Longhorn.
Code-named Springboard, the new security features include an
updated version of the Internet Connection Firewall (ICF), which
Microsoft will leave on by default and which adds outbound scanning
capabilities and other features previously found only in the Microsoft
Internet Security and Acceleration (ISA) Server 2000 enterprise server
product. Springboard also includes a new version of Windows Update and
new memory-management code for defeating common buffer-overrun
Microsoft's SP2 schedule came under fire this past summer when the
company quietly revealed that the release won't ship until the first
half of 2004 (the company had told me earlier that it would release
SP2 by late 2003). Microsoft released SP1 less than a year after XP's
initial release, a schedule that most customers were comfortable with.
But delaying SP2 until the first half of 2004 would create an 18-month
gap between service packs, an interminable amount of time given the
vast number of security patches and other bug fixes that Microsoft has
released in the interim. Many of Microsoft's customers continue to
avoid installing hot fixes and other updates, waiting instead for
service packs, which collect those updates into one installable unit.
Including Springboard in SP2, however, requires a lot more testing
time. Sources close to the company tell me that beta testers should
soon get their hands on an XP SP2 beta version that includes the new
security technologies; earlier betas didn't include any of this code.
The Springboard technologies also will be available for Windows Server
2003 customers in that OS's first service pack, Microsoft says.