Sometimes I just can't believe people's lack of perspective, and the best current example is the resistance to adopting Windows XP Service Pack 2.
For a very long, long time now, long before SP2 was released, it's been known that as a direct result of solving security problems in Windows it would cause application problems. Microsoft released several test versions of the service pack—and large customers get access to more than just the milestone betas and release candidates—to help developers and users adopt to the new platform.
This has been going on for over a year now. (Here's my first real SP2 column, just about a year old and already the compatibility issues were fairly well-understood.) And yet people are still resisting installing it, and generally for the same reason: They are worried that their programs won't work.
A study by SupportSoft, a software vendor, shows that IT managers are still worried about the impact to their applications. Seventy-three percent of them say this is their biggest concern about SP2. Fifty percent of them expect problems that will disrupt their businesses as a result of the migration.
Sorry buddy, but if your program won't work it's probably because there was a problem in it. Most of the application problems I've seen are as a result of shady window management techniques in Web applications. There are lots of other reasons a program might fail, and for most of them the proper response is to change the behavior of the application. There were reports early on of large numbers of machines crashing after installing SP2, but it turned out that this typically happened to systems already infected with spyware or adware.
What will be the next great worm? Find out here.
And what has taken you so long? I know you have lots of interests and lots of stakeholders, but the more of them you put in front of smoothing the migration to SP2 the less you can claim that security is a real priority for you.
Next Page: An unacceptable alternative.
Of course, it's easy for me to sit here and tell you to put in development work, but if the alternative is for you to continue to run Windows XP SP1, then you're going to have to think seriously about it. SP1 is not an acceptable alternative anymore.
We've already seen many security problems pop up in Windows XP SP1 (and Windows 2000 and other earlier versions of Windows) that do not exist in SP2. This is because Microsoft actually thought seriously about security in writing SP2 to the point that they were willing to break applications that used undesirable techniques, quite a departure for Microsoft, which has in the past been far too tolerant of customers doing stupid stuff.
This last week we got our best example yet of SP1's danger. A worm that infects you just by your viewing a Web page. SP2 hasn't been perfect certainly, but life with Windows has been a whole lot less scary for SP2 users since it came out.
This isn't going to be the end of it either. There are going to be more of these SP1-only bugs, and IT managers will have to deal with the consequences of them. I think it's an easy case to make that they should instead deal proactively with the application compatibility problems in SP2.
For insights on security coverage around the Web, check out eWEEK.com Security Center Editor Larry Seltzer's Weblog.
SP2 is the best real-life example of how testing is a critical function of IT these days. If you're concerned you will have application problems in SP2, test and find out. Ask for volunteers to be guinea pigs and run it, and have SP1 systems available for them as backups. Fix the problems you find. But get to it already. You're late and SP1 isn't getting any better.
Security Center Editor Larry Seltzer has worked in and written about the computer industry since 1983.
Check out eWEEK.com's for the latest security news, reviews and analysis.
More from Larry Seltzer
Commentary 
