4 of 15Image
2002: The era of Trustworthy Computing begins
Windows XP had been on the market for only a few months when Bill Gates distributed his now-famous Trustworthy Computing memo. The rise of the Internet had painted a giant target on Windows, and criminals had been successful in exploiting the server version of Windows in 2001 with two devastatingly damaging worms, Code Red and Nimda. As Microsoft's Michael Howard noted a decade later, "His memos are rare, and this one signaled the start of something big within the company."
Gates's memo basically halted all new development and sent every developer at Microsoft back to square one for security training. Windows security headaches continued for the next few years; building security into the core of Windows profoundly affected the development process for the next five years.
2003: The dawn of Patch Tuesday
The security problems that had plagued Windows XP at its launch continued in summer of 2003 with a widespread malicious software attack called MSBlast/32 (aka Blaster). It spread over networks using the RPC protocol and caused affected computers to go into a spontaneous reboot loop. In October of that year, Microsoft made the controversial decision to release updates on a regular schedule. The second Tuesday of each month became known as Patch Tuesday. Instead of scrambling to install updates as soon as they arrived, enterprise customers could plan updates for a regular window each month.
For more details, see Larry Seltzer's "The triumph of Patch Tuesday" and my "Ten years of Windows malware and Microsoft's security response."
2004: Windows XP Service Pack 2 arrives
In the wake of multiple security problems, Microsoft had focused all its efforts on re-engineering its development process, leading to a new way of designing software and writing code: the Security Development Lifecycle. Windows XP Service Pack 2, code-named "Springboard," was one of the first products to come out of that initiative. As Jim Allchin told Mary Jo Foley, this could easily have been a separate Windows release instead of just a service pack. The decision to release it as a free service pack was a deliberate one, designed to get its significant improvements on as many desktops as possible, as quickly as possible.
And as I noted a few years later, many one-time critics decided by this time that "the interface wasn’t so bad after all (and if you really hated it you could make it look just like Windows 2000)."