Some people are anxious to download and install the Service Pack 2 (SP2) update to the Microsoft XP operating system, but just as many others seem wary of the 80-MB security-focused package and foresee possible problems with it.
For its part, after repeatedly warning of the potential for application conflicts, Microsoft this week published a list of popular programs that might be fouled by SP2. These conflicts could either get ironed out after deployment or might snowball into a security mess, analysts suggested.
Industry observers agreed, however, that regardless of how secure Microsoft’s updated, default firewall and other security measures make Windows XP, a reassessment of corporate and consumer security defenses in place might also provide improved security as a side benefit.
Programs Stop Working
In a recent “Knowledge Base Article” posted online, Microsoft advised users on SP2’s default security firewall and its potential blockage of applications — including games and Microsoft’s own software.
There also have been reports of popular Internet sites that cannot be accessed with the SP2-updated Windows XP and Internet Explorer browser.
Applications Microsoft listed that are impacted and require changes, such as creating exceptions or turning off the firewall or antivirus features of SP2, included software from Computer Associates, Veritas, Macromedia, McAfee, Bindview, EMC and Symantec. Games that could be fouled by the updated XP included, “Unreal Tournament 2003” from Atari and “Need for Speed Hot Pursuit 2” from EA.
Microsoft also reported that its own SQL server and .Net software would also be impacted by updated versions of Windows XP.
Meta Group Vice President Steve Kleynhans said the list from Microsoft was a good thing, adding that it followed early warnings from Microsoft that SP2 would impact applications used daily.
Kleynhans told TechNewsWorld such a list is fairly common with an operating system update, and he indicated the “tweaks,” or changes, required to make most applications work with SP2 are minor ones.
Kleynhans said that although the relatively large update might cause disruptions, the benefits would outweigh the pain in the long run.
The analyst indicated that despite the continued support required for SP2 — which includes an update for its own CRM 1.2 customer relationship management software — Microsoft had little choice but to respond to the constant attack on its operating system.
“They’ve been forced into a position. As a dominant market leader, this is just the basics of what they’ve got to do,” Kleynhans said.
Advising to Wait
Gartner research Vice President Richard Stiennon told TechNewsWorld his firm is recommending that corporate and consumer users wait two to three months before updating with SP2. The package comes with an automatic update process that can run in the background or perform the update in chunks.
The analyst said there is the potential that Microsoft’s update could “snowball.” However, Stiennon added, if past is precedent, “Microsoft will get past this, too.”
While there is no doubt attackers are busy continuing their attempts to thwart Microsoft’s latest security push — this week also included a flare-up of the MyDoom virus — Stiennon said the software giant is less of a target in today’s landscape.
“Don’t forget, the hacker ecosystem has changed,” Stiennon said. “Microsoft is not the target [of attackers], Microsoft is a partner — they create all those openings for spyware.”
Stiennon added that it will be interesting to see what Microsoft puts out September 13, the second Tuesday of next month and the scheduled, regular security update from the company.