Channel Insider content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

Sometimes I just can’t believe people’s lack of perspective, and the best current example is the resistance to adopting Windows XP Service Pack 2.

For a very long, long time now, long before SP2 was released, it’s been known that as a direct result of solving security problems in Windows it would cause application problems. Microsoft released several test versions of the service pack—and large customers get access to more than just the milestone betas and release candidates—to help developers and users adopt to the new platform.

This has been going on for over a year now. (Here’s my first real SP2 column, just about a year old and already the compatibility issues were fairly well-understood.) And yet people are still resisting installing it, and generally for the same reason: They are worried that their programs won’t work.

Next Page: An unacceptable alternative.

Of course, it’s easy for me to sit here and tell you to put in development work, but if the alternative is for you to continue to run Windows XP SP1, then you’re going to have to think seriously about it. SP1 is not an acceptable alternative anymore.

We’ve already seen many security problems pop up in Windows XP SP1 (and Windows 2000 and other earlier versions of Windows) that do not exist in SP2. This is because Microsoft actually thought seriously about security in writing SP2 to the point that they were willing to break applications that used undesirable techniques, quite a departure for Microsoft, which has in the past been far too tolerant of customers doing stupid stuff.

This last week we got our best example yet of SP1’s danger. A worm that infects you just by your viewing a Web page. SP2 hasn’t been perfect certainly, but life with Windows has been a whole lot less scary for SP2 users since it came out.

This isn’t going to be the end of it either. There are going to be more of these SP1-only bugs, and IT managers will have to deal with the consequences of them. I think it’s an easy case to make that they should instead deal proactively with the application compatibility problems in SP2.

For insights on security coverage around the Web, check out Security Center Editor Larry Seltzer’s Weblog.

SP2 is the best real-life example of how testing is a critical function of IT these days. If you’re concerned you will have application problems in SP2, test and find out. Ask for volunteers to be guinea pigs and run it, and have SP1 systems available for them as backups. Fix the problems you find. But get to it already. You’re late and SP1 isn’t getting any better.

Security Center Editor Larry Seltzer has worked in and written about the computer industry since 1983.

Check out’s for the latest security news, reviews and analysis.

More from Larry Seltzer