7 of 17Image
The work that eventually became XP SP2 was originally supposed to be a new version of Windows. But the multiple security threats that had hammered Microsoft over the previous several years caused Microsoft to concentrate all work on security and de-emphasize changes in the user interface.
As Windows boss Jim Allchin later told Mary Jo Foley, the decision to make this a free service pack and not a paid upgrade was a deliberate attempt to maximize its adoption. Microsoft had seriously underestimated the security challenges that it would confront with Windows XP, and the improvements in SP2 really did make a difference.
For businesses, it offered much better administrative tools and deployment options than Windows 2000. For consumers, it included the Security Center shown here, which has continued to evolve to this day.
And it turned on the Windows Firewall by default, fixing the mistake that had been so helpful to earlier network-based worms.
In January 2005, Microsoft released the first version of the Malicious Software Removal Tool. It has updated this tool and delivered it as part of the Patch Tuesday update delivery every month since then. The goal of the MSRT is to remove “specific, prevalent malicious software families” from supported Windows versions.
It’s been extremely effective at its primary job, cleaning up millions of PCs in the past seven years. An unanticipated benefit of releasing the monthly tool is that it provides Microsoft with copious amounts of data about the prevalence of malware “in the wild.”
Full details about the MSRT, including a list of which families of malware were included in each monthly update, is available in a lengthy and well-maintained Knowledge Base article.
The Win32/Zlob family launched in 2005, and three years later it was the undisputed king of malware. Among infected computers that Microsoft counted in 2008, there was a one-in-four chance that Zlob was to blame.
What made Zlob so effective was was this crude but effective social engineering. The intended victim clicked a link to play a media file, and a dialog box like the one shown here popped up. Users who had been conditioned to install media codecs for various sites found this a perfectly reasonable request.
The primary purpose of Zlob initially was to frighten the victim by displaying persistent pop-up ads for rogue security software. By 2008, it had become a vehicle for delivering DNS changers and early versions of rootkits, as this Trend Micro analysis makes clear. It was also one of the first attempts at cross-platform malware, with a Mac version discovered in 2007.
Today, Zlob is mostly a bad memory and is no longer widely found in the wild. But its descendants are still going strong.