Security

Problems with XP SP3 highlight the need to beware of updates

Microsoft finally shipped SP3 for Windows XP, but even with the final release not everything works right. The last thing you want is for users to blindly install Service Packs or other updates without testing them in advance. Here's what you do about it.

It has taken Microsoft four years to ship another service pack for Windows XP. After all that time, you might think that they'd get it right. However, even as SP3 went to RTM, problems cropped up with SP3, including problems that it caused with Microsoft's own Dynamics line of software.

With the practically unlimited hardware and software combinations that are out there, you can't necessarily blame Microsoft if things break when they ship something as significant as a service pack. Even simple patches and fixes can sometimes break things. That's why it's often a good idea not to configure Automatic Updates on Windows software. You need to have a strategy in place to deal with updates and to test them in advance.

Where to begin?

Of course, in some cases users can receive updates automatically and you don't have to worry about them. For lower-level users doing noncritical work, you may think you can save yourself some time by just enabling Automatic Updates. Usually the places where updates and service packs cause the most damage is where you're using custom applications or rely a lot on non-Microsoft solutions. So for those users, you may want to have a testing regiment in place before you allow them to receive updates. The main difficulty with such a strategy is that you can spend a lot of time doing triage.

It's often easier to have a blanket policy in place. Either allow Automatic Updates for everyone, hope for the best, and deal with the fallout, or block updates for all users and distribute them on an as-needed basis once you're sure they work properly.

Do-it-yourself distribution

It's a gamble which is the better strategy. In the short term, certainly the most labor-intensive option is to block automatic updates and distribute them yourself. If you've standardized the workstations in your organization, you should keep back a representative machine with typically installed software. Apply the patches and do some testing yourself. If everything seems to be fine, then you can push the patches and service packs out.

Microsoft helps with the blocking of XP SP3 and Vista SP1 with the Windows Service Pack Blocker Tool Kit. Even if you have Automatic Updates installed, this tool will prevent them from loading the target service packs for up to a year. This gives you the flexibility of allowing Automatic Updates without having to worry about dealing with bad results from the service packs.

Another alternative is to set up your own update server and redirect workstation updates to it. Microsoft's Windows Server Update Services will help you get that job done. Third parties create update services as well, such as PatchLink, PatchQuest, and Patch Authority.

Finally, you can also just create individual MSI files for each patch or update and then push them out via Group Policy. This takes a little more effort than the other solutions, but it gives you the maximum flexibility about who gets what and when. If you don't like Active Directory and Group Policy, you can use things like ZENworks and LANDesk to do essentially the same thing.

Avoid fixes that break things

Service packs and updates have the ability to introduce as many problems as they fix. As an IT leader, you need to have a strategy in place before you deploy them. You may get lucky and not encounter any problems. However, it's just as likely that when the updates fix one thing they break something else along the way. Do some testing in advance, and you can save yourself time in the long run.

13 comments
Dave51
Dave51

I loaded the SP3 onto my machine AMD processor and MSI mainboard, I went to MSI update and on loading the activeX update control I get mulitple reboots. It has been said on some blogs that if you have an image as the HP lap tops have and the Intel pro. is re-enabled causing this problem but I do not. Any one else got a fix, I had to reload via a Ghost backup I did after loading SP3.

jacs1ec
jacs1ec

sp3 was the worse for my PC blocked the task manager and have conflicts with Mozilla Firefox. I uninstalled it but the problems continue. Ah, and the automatic updates are off when Windows starts and I have to activate it manually

jd
jd

XP SP3 apparently disabled the firewall on Windows Live OneCare and I finally had to resort to e-mailing them for the solution. Other than that, no problems.

Mason.Paul
Mason.Paul

So in reality your saying that there is no gruntee that SP3 will fix any problems in the OS or other MS software. I have seen other News Groups, Autodesk Inventor, where it has actuall caused more problems that it solved So in reality we're wasting our time with installing SP3.

dkopstain
dkopstain

uninstalled sp3.only update security updates.had same problem with mine.amd processor and msi board with radeon video card.same problem.

Mason.Paul
Mason.Paul

Disabled the boot screen, there is no need for it, it slows down boot time and, as you have discovered, it can cause problems. It can be disabled from the BIOS setup menu

shhite
shhite

I have installed XP3 on 3 of our systems as a test with no issue including a drivers laptop that works in the field. There are no conflicts with any of our programs including Symantic firewal and Anti-virus, Novel, Office, and our re-pros system.

mphkz7666374
mphkz7666374

from what i have seen there is no reason or even a offer of service pack 3 for the 64 bit version of xp pro i always have auto update turned off ..,.and regulary check the update site...whats up with that

john3347
john3347

I have installed the SP3 update on my computers with the only known problem being an incompatibility with D-Link wireless adapters. An update from D-link cured that. Otherwise, I can detect no difference whatsoever in any of my XP computers as a result of the upgrade. I had hoped that some of the little frustrations of Windows XP (frustrations which are just multiplied and expanded, not cured, with the introduction of Vista) would be eased; but no such luck.

sanderson
sanderson

We are running WSUS 3.0. We've deployed XP SP3 to our test & dev group, but are allowing an extra week for them to find and fix any suspected issues. So far so good... we plant to deploy SP3 to the masses tomorrow.

tdh2112
tdh2112

We also use WSUS, although we are still on 2.0. I'm in the process of fixing issues with a few clients so that we can upgrade to 3.0. We've been using it since it was known as SUS, and I have been very pleased with it, although I've had a few wishes that have yet to be fulfilled.

jrosewicz
jrosewicz

I use WSUS 3.0 for our MS updates and Group Policy for the rest. It works great! I've held off pushing out SP3, but my test systems seem to be running fine with our software.

Editor's Picks