Login:
Password:
Lost Password?
Print this article  |  E-mail this article  |  Comment on this article

Microsoft Sets SP2 Installation Deadline

By David Worthington, BetaNews

September 8, 2004, 9:15 PM

The clock is ticking for organizations that chose to delay the deployment of Windows XP Service Pack 2. Come April 12, 2005, a tool that temporarily blocks the delivery of the Service Pack through automatic updating will cease to operate, thus allowing the upgrade to download.

Microsoft supplied the tool to customers in response to a chorus of demand for some additional time to test and validate installations prior to deployment in valuable production environments.

The Service Pack is a significant and far reaching upgrade that modifies core Windows functionality, plugs security holes and introduces brand new features. The upgrade pushed so many changes onto customers that some large organizations, including IBM, issued mandates instructing IT personnel to stall the adoption of the Service Pack until network administrators were certain that mission critical applications were not incompatible with the upgrade.

"In a report Jupiter Research published in April, I predicted that the release of Service Pack 2 would be disruptive for businesses, slowing down Windows XP upgrades through the latter part of 2004 into the first half of 2005--at least a six month impact. I see Microsoft's allowing businesses to delay SP2 updates as indication how disruptive many businesses see the massive update," senior Jupiter analyst Joe Wilcox told BetaNews.

During the beta process and upon the software's release, Microsoft Support worked with customers to inform them of known application incompatibilities. The software giant also extended the lifetime of the update blocking utility from 120 days to 240 days to match typical planning and testing schedules.

Some of the Service Pack's functional attributes include a new version of Internet Explorer with a built-in pop-up blocker and download manager; memory protection against buffer overruns; e-mail safeguards in Outlook Express; a stateful inspection firewall; refined permissions in RPC and DCOM; Windows Security Center; and new security settings for Windows Media Player 9.

SP2 also addresses every public security advisory for the operating system up until the time it was released to manufacturing as well as some undocumented security vulnerabilities uncovered during Microsoft's internal code auditing.

"Companies choosing to delay SP2 deployment must mitigate the potential security risks against potential software compatibility problems. Considering that the most visible security changes would benefit consumers, most businesses that are otherwise up to date should be able to manage risk. Of course, the better risk management would be timely transition to SP2," said Jupiter's Wilcox.

Add a Comment (21 Comments)

BetaNews reserves the right to remove any comment at any time for any reason. Please keep your responses appropriate and on topic. Foul language and personal attacks will not be tolerated.

Name (required):

E-mail (required):

Enter Your Comment:

By spkslattery

posted Sep 10, 2004 - 9:50 PM

I have tested XP2 with the core of my apps and client apps including NetScreen Remote and Citrix MetaFrame XP 3 SSL VPN's with RSA SecureID's and McAfee Entercept (v5) HIPS and hanven't had any problems whatsoever. If SP2 can reduce the support calls for our retail support staff, so be it. The only "issue" is that it is damn big and slow to deploy. UpdateExpert (firewall disabled) deployment of SP2 across a 100Mbps switched network to a P4 2.6GHz, 512MB RAM, 7200rpm HD still takes at least 30 minutes not including post reboot time. This is definitely something to be mass deployed at night.

Score: 0

By Neoprimal

posted Sep 12, 2004 - 5:41 AM

Who mass deploys patches and critical updates when people are actually using their computers at work anyway?

Score: 0

By Niro

posted Sep 11, 2004 - 3:14 AM

...........

Score: 0

By Niro

posted Sep 11, 2004 - 3:13 AM

wrong thread;p

Score: 0

By Niro

posted Sep 11, 2004 - 3:12 AM

LOL...apparently you have not learned how to read...you might wanna learn that first if you're thinking about switching to linux.

Oh and no...you don't HAVE to update to SP2.

Score: 0

By locke_th

posted Sep 10, 2004 - 10:43 AM

I wonder...are they actually forcing this down our throats, or do we have the option of -not- installing it?

I get the impression that they're saying that we're going to have it installed, one way or the other, weither we like it or not.

If that's the case, then I'm going to be switching to Linux very, very quickly.

Score: 0

By Niro

posted Sep 11, 2004 - 3:14 AM

LOL...apparently you have not learned how to read...you might wanna learn that first if you're thinking about switching to linux.

Oh and no...you don't HAVE to update to SP2.

Score: 0

By locke_th

posted Sep 11, 2004 - 9:55 AM

Wow...you ask for a little clarification, and you get burned...real mature, people.

I'll be blunt; I don't trust Microsoft in any way, shape or form...so I'm very cautious about anything I hear or see from them.

But, for all this, thank you for clearing that up; I was a bit worried. As soon as I know all my programs aren't going to bite the dust, I'll install SP2. Fortunately for me, a friend of mine sent away to Microsoft for a CD containing SP2, and also got them to send me one ^^ No long downloads for me ^^

Score: 0

By Neoprimal

posted Sep 12, 2004 - 5:50 AM

I feel your distrust....and believe me I was exactly like you a few years ago. I'm no advocate of MS but consider this....this company gets burned no matter what they do. At this point I think they are genuinely trying to make things better (hey, didn't say it's all clear and no smokescreen), their little "let pirates by, but change their PID" is something to look at. Still....consider what you're asking...."is MS forcing SP2 down our throats" - if they are, people complain; if they don't, how many lazy corp. IT personnel and general users will stick to SP1, get 1000 worms and spread it to 100000000 people and companies who chose not to get it?
Either way they see fire, so they pick the lesser burn, which is to force corps to get it, for their own good.
As far as I know, whoever doesn't want SP2 won't have to get it from Win Update, but at that point there will have to be definite user intervention to prevent the update.

Score: 0

By Niro

posted Sep 15, 2004 - 10:55 PM

companies don't HAVE to update either. What they're doing is preventing users from downloading and installing SP2 on their own. Once this patches deadlne expires, users will be able to download SP2 and install it on their own if they want.

This can obviously cause problems if you haven't tested all programs to make sure they work with SP2 and a user decides to install SP2 on their workstation and breaks an incompatible program. If that happens, just re-image the PC I guess with a corporate standard one, but a company that needs more then 6 months to test and install a critical security update has other issues to deal with.;)

Score: 0

By Snowblindgrafix

posted Sep 11, 2004 - 9:00 PM

If you don't trust Microsoft why do you have a Microsoft OS on your computer? Apple updates OSx and there is always a new build of Linux available. Update and upgrade is just a part of computing. You update your drivers and BIOS don't you? Why not your OS??

Score: 0

By bourgeoisdude

posted Sep 10, 2004 - 5:20 PM

Let me see if I follow you here. Microsoft is making a tool specifically designed to delay a specific automatic update (which they do not usually--SP2 is an exception) and the only let it work until April 12, 2005, leaving no time at all to test sp2 (a measily 8 months), not to mention you can disable automatic updates forever and GOD FORBID update manually...man, that darn Microsoft...

Score: 0

By tannman1

posted Sep 9, 2004 - 2:34 AM

XP2 service pack 2 while great for security renders many of the apps I use daily useless. What does the consumer do?? I will wait and see what remedy the developers of my apps take. The bad part is one of those apps is my broadcast software that isnt one I can replace with another at least until the orginization I work for does

Score: 0

By Neoprimal

posted Sep 12, 2004 - 5:55 AM

Developers (some) are like mosquitos and will suck until they can't anymore - in this case, I'm talking about waiting and buying time. I've seen companies on 10 year old software....TEN YEARS OLD - running from diskettes. In many cases, we can't blame the OS maker, blame the lazy programmers. School for 4-5 years, make 10 programs and a lot of money and DREAD having to update for a new OS'.
That's why when the time comes for me to own a business, I will go with the most expensive corporate programming companies instead of smaller more obscure ones.

Score: 0

By Niro

posted Sep 11, 2004 - 3:17 AM

I've had zero compatibility issues with any of our applications, inhouse and not. I just have to disable firewall otherwise some of our multicast apps don't communicate properly...also some weirdness is causing our machines to drop every other ping to the internet when the firewall is enabled...but works fine when disabled.

Score: 0

By crystalfusion

edited Sep 9, 2004 - 12:48 AM

It breaks VPNs for most clients, including NetScreen Remote and even Microsoft's own L2TP over IPSec. It sounds like a problem with the routing table and they have no fix for it yet. Hope they fix it before April 12th.

Here's a good thread on it: XP SP2 and XP's VPN Client
http://forums.anandtech....36&threadid=1372637

Score: 0

By RobertM

posted Sep 8, 2004 - 11:10 PM

This article should read "April 12, 2005"--not 2004. ;-) (It's OK; I didn't realize it the first time I read the article, either!)

But there was actually always a "deadline;" they've just doubled the expiration time (from 120 to 240 days, which makes it now April 12) to help with the transition.

Score: 0

By utomo

posted Sep 8, 2004 - 10:49 PM

I Think instead of pushing user to use the sp2 which considered as not satisfied. better if microsoft preparing for sp2, which reducing the problems found in SP2. and if many people happy with it they will use it by them self.
but dont create another incompatibility problems again. otherwise people will csream and did not like it.

Score: 0

By GoodThings2Life

posted Sep 9, 2004 - 4:53 PM

You make this same post on every single article about SP2. Stop it... it's annoying, and your thoughts don't make any sense.

Incidentally, to all those commenting on the matter, the tool will work on consumer PC's too. :)

Score: 0

By pipdipchip

posted Sep 8, 2004 - 11:06 PM

Don't they mean 2005 or did I miss something?

Score: 0

By bourgeoisdude

posted Sep 9, 2004 - 9:53 AM

They fixed it now (though it seems they had to temporarily bring down their dns server to do so...)

Score: 0

Nov 21 - 6:51 PM ET Coalition urges better laws for e-mail and cell phone privacy

Nov 21 - 6:42 PM ET How is Internet advertising faring in this bad economy?

Nov 21 - 6:15 PM ET From out of the Amazon Cloud, an AWS winner emerges

Nov 21 - 5:20 PM ET Mufin music finder enters public beta, adds widgets

Nov 21 - 5:01 PM ET Google launches its SearchWiki semantics plug-in

Nov 21 - 4:57 PM ET Asus previews a slimmer, less costly Eee PC

Nov 21 - 4:32 PM ET New Adobe Media Player ushers in AIR 1.5

Nov 21 - 2:11 PM ET AT&T to add Pantech's low-cost C630 phone to 3G lineup

Nov 21 - 1:11 PM ET iPhone gets firmware 2.2 update

Nov 21 - 11:51 AM ET The Dell surprise: Higher earnings on lower revenue