Windows XP Service Pack Is Out, Well Maybe Not Really

Republicans, who take joy in pointing out the policy flip-flops of

presidential candidate John Kerry --- perceived or real --- must be

having a field day with Microsoft.

As I sit here and write, I've just learned that the Big M has taken an

enormous U-turn, deciding to withhold Service Pack 2 for Windows XP from

general release, allowing corporations a chance to test it. Released to

manufacturing on Aug. 6 with great fanfare (read the press release:

http://www.microsoft.com/presspass/press/2004/aug04/08-06WinXPSP2LaunchPR.asp),

SP2 was to have become available for automatic downloading to everyone

on Aug. 16. Now, the earliest date is Aug. 25. Companies that use

Microsoft's patch-management service did receive SP2, but can elect to

hold up distribution.

All of this applies only to XP Professional Edition. Systems running XP

Home Edition and which are configured for automatic updates will still

get SP2 beginning on Aug. 18.

As for our rather modest network, I opted to go ahead, downloading SP2

using my Microsoft Developer's Network subscription. When you download

from MSDN, you get an .iso file, an image of a CD-ROM's entire contents.

Similar to a ZIP file, the contents of the .iso file are extracted then

burned to the CD.

My report is pretty simple: it all worked flawlessly --- and quickly.

The entire process on a PC workstation, including system integrity

check, hunt for adequate available resources, archiving the old

environment, and actual installation of the new files took about 15

minutes, requiring just one reboot at the end. Afterwards, all of our

software worked just fine. Naturally, I did a full backup before

embarking on this potentially dangerous journey, but I never needed to

restore anything.

That isn't to say that SP2 is perfect. Already, a hot-fix has been

issued to address error messages that pop-up when programs attempt to

connect to loopback addresses other than 127.0.0.1. But hey, software is

never really finished, is it?

That's not all. The company issued a statement saying "After you install

Windows XP SP2, client applications may not successfully receive data

from a server." No problem there, right? You can find out more about

that showstopper at

http://support.microsoft.com/default.aspx?kbid=842242. The problem is

that with Windows Firewall enabled by default, unsolicited connections

to the computer are blocked.

Plenty of commercial products don't much care for SP2. These include

various versions of AutoCAD, BMC Patrol for Windows 2000, ARCserve,

ColdFusion MX Server, Symantec AntiVirus Corporate Edition, Backup Exec,

and more. Indeed, even Microsoft's own Baseline Security Analyzer (MBSA)

requires an update to version 1.2.1, due in late August, from the

current version 1.2. Visual Studio .NET will have problems with remote

DCOM debugging and Microsoft SMS 2003 Server will have trouble with the

Windows XP SP2 Client Event Viewer.

And what about the zillions of internally developed specialty

applications in current production around the world? There's plenty that

could get broken, so they all need testing. If one of those applications

is regulating your insulin drip, delaying deployment of SP2 would

probably be a prudent decision. A bunch of games have known problems,

too, but you'll have to research that on your own. After all, this is

Solutions Integrator, not Games Integrator.

But wait, there's more. The German firm Heise Security is reporting that

it has already discovered two flaws in SP2, specifically in a new

security feature that warns users before executing files that originate

from an untrusted location (zone) such as the Internet. Hopefully, these

guys will have a hand in the development of SP3. (Read Heise's report at

http://www.heise.de/security/artikel/50051.)

Required reading: You'll find the release notes for SP2 at

http://support.microsoft.com/default.aspx?scid=kb;en-us;835935. Plan to

spend time with the wealth of information contained here.

Finally, if you haven't gotten your hands on SP2 and must have it right

now, this is the place to go:

http://www.microsoft.com/downloads/details.aspx?FamilyId=049C9DBE-3B8E-4F30-8245-9E368D3CDB5A&displaylang=en

Should you allow your customers to install SP2? You don't really need me

to answer that, do you?

Top 10 Hot Internet of Things Startups
Join the discussion
Be the first to comment on this article. Our Commenting Policies