Why some companies are skittish about Windows XP Service Pack 2

Jonathan Yarden offers his view of the Windows XP Service Pack 2. With all the hoopla surrounding its release, was it practically irrelevant?

Want more advice for locking down your network? Stay on top of the latest security issues and industry trends by automatically signing up for our free Internet Security Focus newsletter, delivered each Monday!

When it comes to the Internet, particularly Internet security, Microsoft is constantly playing "catch-up." It may be news to a lot of people that Microsoft was a late player when public Internet access first became available. Security has always been a thorn in Microsoft's side, and Windows XP Service Pack 2 only serves as more evidence of this.

After making its rounds on the Internet in August and September 2004, Windows XP Service Pack 2 headed toward retail shelves early last October. However, how many organizations actually hurried to deploy the long-awaited update?

With the Internet a virtual battlefield today, SP2 claims to be the cure for most of Windows XP's ills. But according to some informal interviews with fellow IT pros, many companies feel SP2 is somewhat irrelevant for a number of reasons.

Throughout these conversations, three primary themes appeared to explain organizations' ambivalence toward SP2.

It's irrelevant

For many organizations, Windows XP SP2 simply doesn't apply to their environment. Legacy systems are still proving to be a difficult issue for Microsoft to address.

All of the companies I spoke with have at least some systems running Windows XP, but it's primarily on servers and new computers. And some companies wipe the hard drives on preinstalled systems and revert to Windows 2000.

Many companies still view Windows XP as "too new," and they continue to focus on Windows 2000, for which they've already purchased corporate licenses. In addition, I was somewhat surprised to find out just how many organizations are still using Windows 98 systems.

It's unnecessary

In the companies I talked to that are running Windows XP, many feel that SP2 isn't necessary. With multiple layers of Internet security by way of firewalls, content scanners, and enterprise virus scanning, these organizations consider their Internet security to be sufficient.

Regardless of whether this justification is truly accurate, their perception is that SP2 is a service pack to fix Internet problems. Companies that are comfortable with their Internet security feel there's no reason to apply SP2.

In my opinion, this is perhaps an area where Microsoft needs to better educate customers. Weighing in at more than 100 MB, SP2 addresses more than Internet security issues.

It's incompatible

Many corporations also expressed concerns about software compatibility. In fact, the most common fear seemed to be whether XP would even boot after they applied the update.

Even Microsoft recommended performing a complete backup before applying SP2. Of course, this is never a bad idea, but it tends to scare companies from applying updates.

SP2 can also cause previously operating software to not work, and there's a list of known incompatibilities. Microsoft can't possibly test all of the possible versions of all third-party software for compatibility, so that nixes an SP2 update for many companies.

Editor's Picks

Free Newsletters, In your Inbox