So Now Will You Install SP2?

By Larry Seltzer  |  Print this article Print


Desktop-as-a-Service Designed for Any Cloud ? Nutanix Frame

Opinion: Whatever excuses you had just aren't good enough anymore. The problems without SP2 far exceed those from installing it.

Sometimes I just can't believe people's lack of perspective, and the best current example is the resistance to adopting Windows XP Service Pack 2.

For a very long, long time now, long before SP2 was released, it's been known that as a direct result of solving security problems in Windows it would cause application problems. Microsoft released several test versions of the service pack—and large customers get access to more than just the milestone betas and release candidates—to help developers and users adopt to the new platform.

This has been going on for over a year now. (Here's my first real SP2 column, just about a year old and already the compatibility issues were fairly well-understood.) And yet people are still resisting installing it, and generally for the same reason: They are worried that their programs won't work.

A study by SupportSoft, a software vendor, shows that IT managers are still worried about the impact to their applications. Seventy-three percent of them say this is their biggest concern about SP2. Fifty percent of them expect problems that will disrupt their businesses as a result of the migration.

Sorry buddy, but if your program won't work it's probably because there was a problem in it. Most of the application problems I've seen are as a result of shady window management techniques in Web applications. There are lots of other reasons a program might fail, and for most of them the proper response is to change the behavior of the application. There were reports early on of large numbers of machines crashing after installing SP2, but it turned out that this typically happened to systems already infected with spyware or adware.

What will be the next great worm? Find out here.

And what has taken you so long? I know you have lots of interests and lots of stakeholders, but the more of them you put in front of smoothing the migration to SP2 the less you can claim that security is a real priority for you.

Next Page: An unacceptable alternative.

Of course, it's easy for me to sit here and tell you to put in development work, but if the alternative is for you to continue to run Windows XP SP1, then you're going to have to think seriously about it. SP1 is not an acceptable alternative anymore.

We've already seen many security problems pop up in Windows XP SP1 (and Windows 2000 and other earlier versions of Windows) that do not exist in SP2. This is because Microsoft actually thought seriously about security in writing SP2 to the point that they were willing to break applications that used undesirable techniques, quite a departure for Microsoft, which has in the past been far too tolerant of customers doing stupid stuff.

This last week we got our best example yet of SP1's danger. A worm that infects you just by your viewing a Web page. SP2 hasn't been perfect certainly, but life with Windows has been a whole lot less scary for SP2 users since it came out.

This isn't going to be the end of it either. There are going to be more of these SP1-only bugs, and IT managers will have to deal with the consequences of them. I think it's an easy case to make that they should instead deal proactively with the application compatibility problems in SP2.

For insights on security coverage around the Web, check out eWEEK.com Security Center Editor Larry Seltzer's Weblog.

SP2 is the best real-life example of how testing is a critical function of IT these days. If you're concerned you will have application problems in SP2, test and find out. Ask for volunteers to be guinea pigs and run it, and have SP1 systems available for them as backups. Fix the problems you find. But get to it already. You're late and SP1 isn't getting any better.

Security Center Editor Larry Seltzer has worked in and written about the computer industry since 1983.

Check out eWEEK.com's for the latest security news, reviews and analysis.

More from Larry Seltzer

Larry Seltzer has been writing software for and English about computers ever since—,much to his own amazement—,he graduated from the University of Pennsylvania in 1983.

He was one of the authors of NPL and NPL-R, fourth-generation languages for microcomputers by the now-defunct DeskTop Software Corporation. (Larry is sad to find absolutely no hits on any of these +products on Google.) His work at Desktop Software included programming the UCSD p-System, a virtual machine-based operating system with portable binaries that pre-dated Java by more than 10 years.

For several years, he wrote corporate software for Mathematica Policy Research (they're still in business!) and Chase Econometrics (not so lucky) before being forcibly thrown into the consulting market. He bummed around the Philadelphia consulting and contract-programming scenes for a year or two before taking a job at NSTL (National Software Testing Labs) developing product tests and managing contract testing for the computer industry, governments and publication.

In 1991 Larry moved to Massachusetts to become Technical Director of PC Week Labs (now eWeek Labs). He moved within Ziff Davis to New York in 1994 to run testing at Windows Sources. In 1995, he became Technical Director for Internet product testing at PC Magazine and stayed there till 1998.

Since then, he has been writing for numerous other publications, including Fortune Small Business, Windows 2000 Magazine (now Windows and .NET Magazine), ZDNet and Sam Whitmore's Media Survey.

Submit a Comment

Loading Comments...