Microsoft said Wednesday that it planned to change the way it distributes its flagship Windows XP operating system software, in response to a ``worm'' that has spread over the Internet in recent days attacking tens of thousands of personal computers by exploiting vulnerabilities in Windows.

Dissemination of the worm, a virus-like program, slowed Wednesday as network administrators and individual computer users around the world took steps to protect their machines, even as Microsoft's critics stepped up their complaints that the company's industry-dominant software puts its customers at risk of such outbreaks.

In at least a partial answer to its critics, Microsoft said it would begin shipping the consumer and business versions of Windows XP with the protective network firewall completely activated, to make PCs less vulnerable to attacks.

As part of its so-called .Net strategy, the company has been selling Windows XP with the firewall only partially enabled, to make it easier for users to play games online and make use of various automated Web services -- such as programs that make it easier for a consumer to link the information in his credit-card account to his checking account online. But critics have long said that such capabilities, which can make PCs more open to network attacks, should be chosen by the user, instead of being an automatic feature of the software.

Steve Lipner, Microsoft's director of security strategy, said the company had been shipping the software without the full firewall protection turned on because customers had indicated that it was their preferred setting.

``Doing it the way we did was probably the right decision when we shipped XP,'' he said. ``Obviously, times change, and the things we do to protect our customers change.''

In the future, customers who choose to partly disable the firewall will be able to do so. The other main version of Windows now sold by Microsoft, Windows Server 2003, already has been sold with the firewall fully enabled; users can disable it if they choose.

Yet critics say that beyond the firewall setting, Microsoft continues to put its customers at risk by selling buggy software that must be fixed through periodically released software patches downloadable from its Web sites.

After a new Windows vulnerability was discovered in July, Microsoft created a software patch. But only a fraction of the users of the affected versions of Windows took that step, leading critics to warn that someone would inevitably create a worm or virus to exploit the weakness on the millions of unpatched computers. Indeed, the worm carries a message blaming Bill Gates, Microsoft's chairman, for the vulnerabilities in the company's software.

Now computer security experts are calling more loudly than ever for Microsoft to change its programming practices.

``Microsoft's approach is absolutely broken,'' said Gregor Freund, chief executive of ZoneLabs, a computer security company in San Francisco. ``You know ahead of time that 80 percent of the machines won't be patched. It's a public relations exercise.''

The worm program -- which is known by a variety of names, including W32.Blaster, MSBlast and W32/Lovsan -- travels over the Internet. It jumps from computer to computer by exploiting a Microsoft programming error in a part of Windows that is designed to let computers share various services over the Internet.

Freund said he had tried unsuccessfully for several years to persuade Microsoft to ship the company's operating systems with fewer services exposed to potential attackers. The firewall change Microsoft announced Wednesday was just such a step.

``True it might not work as well with .Net,'' Freund said, ``but the pain that users are suffering right now is dramatic.''

Computer security experts said they are bracing for an attack timed for Saturday, when Blaster is programmed to launch an attack on the Microsoft Web site from which users can download software patches protecting against the Blaster worm. This attack, embedded in the worm, will cause computers that are still infected and that are connected to the Internet to automatically visit the Microsoft site.