Microsoft's release of a version of Windows XP that can squeeze into all sorts of devices, from slot machines to set-top boxes to cash registers, has a catch: If you're not careful, you could find that a virus has crashed your video recorder, or a hacker has invaded your refrigerator.
With Windows XP Embedded, the software company is aiming to give makers of so-called "embedded" devices--basically, any digital device that isn't a PC--an easy way of building machines that are compatible with the software of the PC world, while including only as much complexity as is needed. The software is to be used in cash machines from NCR, slot machines from Bally Gaming and Systems, in point-of-sale devices from Olivetti, and in a next-generation video set-top box from Fujitsu-Siemens. It will doubtless find other applications too.
But manufacturers are finding that they have to deal with the security issues inherent in the PC world. With Windows compatibility comes vulnerability to all sorts of Windows-specific attacks. "When you add functionality, these things become an issue," said Craig Robertson, business development manager with Fujitsu Siemens' broadband solutions division.
In developing Fujitsu Siemens' Activy broadband video device, the company had to deal with problems that don't come up in the design of, say, the typical DVD player. For example, the device can browse the Web, so the company had to make sure it couldn't accidentally download a virus embedded in a Web page. "You could get viruses, unless it is dealt with. You have to configure the gateway not to execute code," Robertson said. "That way, an HTML document or a Flash file could contain a virus, but it could not be executed."
Manufacturers also have the option of allowing more expandability, such as the ability to update browser software, but allowing only "signed" drivers and applications, which have been approved by Microsoft.
"There is always complexity in terms of how you set it up," said Aubrey Edwards, director of the embedded and appliance platforms group at Microsoft.
Microsoft has gained a reputation for favouring openness and functionality over security, but it is trying to correct that with newer releases of Windows. Edwards pointed out, for example, that the most recent version of the email program Outlook blocks some files by default. Outlook is notorious for its vulnerability to virus attacks, since it allows users to easily execute programs attached to incoming messages.
Companies such as Fujitsu Siemens say they are attracted to XP Embedded because it makes it relatively quick easy to build new devices. Microsoft provides all the software they need in most cases, including hardware drivers and Internet software. XP may not be as customisable as Linux--which gives companies open access to the source code so they can make whatever changes they like--but devices using it are guaranteed to keep up with the latest technologies on the PC desktop, Microsoft argues. "If you use XP Embedded you don't have to be in the software maintenance business," Edwards said. "Microsoft will do that for you."
Microsoft has high hopes for XP Embedded, which follows more than two years on from its predecessor, Windows NT Embedded. NT Embedded was itself based on 18-month-old technology, having been developed from the Windows NT 4.0 desktop operating system, and Edwards says that is the main reason it did not have wide appeal.
NT Embedded lacked some basic features, such as power management and Direct X, which had already made their way into newer versions of the desktop OS, and it would not run some newer applications, such as the newer versions of Internet Explorer.
With XP, Microsoft began developing the embedded OS at the same time as the desktop version, and XP Embedded launched a month after the version for PCs. "Now it is in synch with the desktop," Edwards said.
Staff writer Matthew Broersma reported from London.