After extensive investment, testing and delay, Microsoft has made itsService Pack 2 (SP2) for Windows XP available and is urging corporate andconsumer users to update the operating system, which has been bombardedby Explorer browser and other vulnerabilities.
An enormous batch of security upgrades and other fixes typical of afull software update, SP2 has been widely anticipated as aprovider of better security — as well as a potential breaker of otherapplications.
Microsoft provided the patch to Windows XP users with an easierautomatic update. Industry force IBM, however, said it would not install the update until it could test the final release of SP2 on its own.
“You always have to test,” Yankee Group senior analyst Laura DiDio told TechNewsWorld. “All of the networks are so heterogeneous these days, you can’t predict where and how these things will interact.”
Nevertheless, analysts agreed that system administrators — who havebattled an increasing number Windows vulnerabilities,attacks and outbreaks — are happy to have some reinforcementfrom Redmond.
“The IT departments are battle-weary,” DiDio said. “They are damn sickand tired of getting alerts every day. Windows has come under constant,deliberate assaults and attacks.”
DiDio added that while SP2 will provide greater security for bothindividuals and corporations, the security struggle will continue.
“This is a pretty big weapon in the ongoing war, and you can expect themto spend billions more,” DiDio said. “This is not the be all and endall.”
Rollout Roll of Dice
Meta Group vice president Steve Kleynhans said companies eager to shoreup security will likely update Windows XP systems fairly quickly.The update, however, will not necessarily be easily absorbed, as evidenced by Microsoft’s warnings that the update might cause problems with its own customer relations management software.
Still, the analyst indicated that companies will update with SP2 but perhapsturn off the firewall, which is now a default feature from Microsoftwith the update. Kleynhans told TechNewsWorld, “In theend, most companies will end up implementing SP2. They may not turn onall of the capabilities, but ultimately, they’ll [update].”
Testing or Turning Off
Gartner research vice president Richard Stiennon said companies will test SP2 as if it were a newversion of an operating system.
Stiennon told TechNewsWorld that the impact of SP2, which reportedly has alreadythwarted access to popular Web sitesm, might also force companies simply to turn off allof the security features contained in the update.
Stiennon said it will take time to evaluate how much SP2 actually improves security. “It won’t have an overall impact on reducing threat exposure for a long time,” he said.
More Than Microsoft
DiDio said SP2 will not fully solve the security issues that have cost companies time and other resources, but it will make things more difficult on attackers, who have grown more cunning in their assaults on Windows.
“It doesn’t mean you’re not going to have a hack,” DiDio said. “But a hack delayed is often a hack thwarted.”
DiDio explained that it is up to Microsoft to fix security holes in its software and provide updates such as SP2, but it is up to consumers and companies to protect themselves with their own security steps.