Microsoft has said it has stamped out buffer overflows with the upcoming release of Windows XP. Jim Allchin, vice president, claimed the company has done a complete code review of its operating system and removed all buffers which could overflow.

Deliberate buffer overflows have become a common method of attack for hackers who send extra data containing code to trigger certain actions.

The Code Red worm exploited a buffer overflow flaw in the indexing service DLL of Microsoft's IIS web server. The server, which uses beta versions of Windows XP, was among those vulnerable to Code Red buffer overflows.

But developers have questioned whether it is possible to remove all buffer overflows as not all are easily visible, especially in a complex operating system such as Windows XP.

Jon Collins, head of research at Sundial Consultancy, questioned the wisdom of such a definite statement by Microsoft. "It is a surprisingly definite announcement, similar to saying that the company has tested 100 per cent of its code," he said.

"XP is essentially a merger of NT and 95 in root forms, and both systems don't withstand change well. They need a clean install to operate efficiently. If Microsoft has done it, it's a great achievement," he added.