• Training news
  • 2009 news archive
  • 2008 news archive
  • 2007 news archive
  • 2006 news archive
  • 2005 news archive
  • 2004 news archive
  • 2010
  • 2011
  • 2012

• Bookmark and share
  • Technorati favourite
  • Delicious
  • Digg
  • Reddit
  • Facebook
  • Stumble Upon

• Recent pages
  • Microsoft Windows Server
  • What's new in Microsoft ISA Server 2004?
  • Firefox downloads hit one billion mark
  • Microsoft Visual Studio
  • Social networking - a security time bomb?

Microsoft Windows XP SP2 - handle with care!

Seldom has a software patch received so much press attention. If you're unaware of Microsoft's launch of Windows XP Service Pack, you must be spending all your time watching the Olympics!

25 August 2004

Service Pack 2 is focused on one thing: security. Microsoft has come in for some rough PR on the security front, Windows XP especially. It’s not hard to see why: the default user is an administrator and the default action for shares is for everyone to have total control - the default settings for sharing alone are inferior to Windows 2000 Professional. For broadband users (ie most of us) Windows XP is something of an accident waiting to happen. Anyway, Redmond has taken this criticism seriously and been very busy developing Service Pack 2 - and Microsoft hopes that it will be rapidly deployed across the Windows XP community.

There’s no need to dwell on the new features - as these will be amply covered in the mainstream press - so we’ll just touch on them briefly.

Internet Explorer gets a pop-up blocker, a file download monitor/blocker, a bar to display better information about Web page risks, easier management and removal of Explorer add-ins, and an attachment manager to monitor and disable unsafe attachments. Media Player has been made more secure and there’s another update for DirectX.

Security is now managed in one place - the Windows Security Centre. The much criticised Windows Firewall has been upgraded from being a waste of CPU resources to quite a respectable and secure software firewall - which is now turned on by default, and is easier to configure.

There’s very little in terms of new functionality - although we now see improved support for Wireless networks and support for Bluetooth.

So - almost all the focus is on security, which is no bad thing.

However, more than any other Windows update before, XP SP2 should give IT professionals (and users) pause for thought. This is not an update to be applied lightly. At well as being over 100Mb, SP2 updates many Windows components and almost represents a version upgrade - as the security changes impose fundamental low-level changes.

This update is definitely one to test, test and test again.

Many of the issues relating to SP2 have been explored during beta testing and are documented on Microsoft’s Web site, on pages which make for sobering reading. SP2 breaks a very large number of applications, or, as Microsoft says, some programmes ‘seem to stop working’ and others ‘behave differently’. With the emphasis on security, you’d expect file sharing applications to bite the dust, but applications which are affected include: Microsoft Office, Nero Burning ROM, Inoculate IT, eTrust, Norton Anti-Virus, McAfee Virus Scan, WordPerfect Office, InstallShield, Quicken, Microsoft CRM, Microsoft Operations Manager, SQL, SMS, Visual Studio, Norton Firewall, Real Player, PC Anywhere, Zone Alarm and even Executive Software’s Diskeeper - to name but a few. So, SP2 is hardly something to deploy lightly then.

For applications which don’t work, your only option is to visit Microsoft’s Web site to see if there is a workaround, or to wait for an update from the vendor. Microsoft is essentially saying that SP2 is the way that Windows works now, so vendors have to ‘get on with it’. In the case of major vendors like Symantec, you won’t have to wait long, if at all. The fixes for some issues are a little intense for non-technical users - like opening specific ports on the built-in firewall, for example.

It’s arguable that SP2 represents the Windows XP that should have been shipped in the first place, and the extra security will ultimately be welcomed, but it’s going to be an update with ‘teething problems’.

Not least of these is the fact that even just prior to its mainstream deployment via the Windows Update Web site, German security researchers Heise Security uncovered two large security holes in SP2 - flaws which could potentially allow virus writers to simply bypass any of the built-in security measures of Windows XP. So expect updates for SP2 almost instantly!

Although it’s ‘just a service pack’ the best approach with SP2 is to treat it as a complete OS upgrade, not a bundle of fixes. To aid the updating process and speed adoption, Microsoft is recommending that all PCs have ‘automatic updates’ turned on in Windows Update. Given the possible issues, that hardly seems sensible, although for uneducated home users, you can see the logic.

A quick install on Microsoft Virtual PC will let you play with the new features of SP2 and have a hunt around to see what’s changed. After that, it’s time to install on some real machines, but it’s preferable to deploy it on ring-fenced machines that mirror your production desktops - and test away.