Want more advice for locking down your network? Stay on top of the latest security issues and industry trends by automatically signing up for our free Internet Security Focus newsletter, delivered each Monday!

When it comes to the Internet, particularly
Internet security, Microsoft is constantly playing “catch-up.” It
may be news to a lot of people that Microsoft was a late player
when public Internet access first became available. Security has
always been a thorn in Microsoft’s side, and Windows XP Service
Pack 2 only serves as more evidence of this.

After making its rounds on the Internet in
August and September 2004, Windows XP Service Pack 2 headed toward
retail shelves early last October. However, how many organizations
actually hurried to deploy the long-awaited update?

With the Internet a virtual battlefield today,
SP2 claims to be the cure for most of Windows XP’s ills. But
according to some informal interviews with fellow IT pros, many
companies feel SP2 is somewhat irrelevant for a number of

Throughout these conversations, three primary
themes appeared to explain organizations’ ambivalence toward

It’s irrelevant

For many organizations, Windows XP SP2 simply
doesn’t apply to their environment. Legacy systems are still
proving to be a difficult issue for Microsoft to address.

All of the companies I spoke with have at least
some systems running Windows XP, but it’s primarily on servers and
new computers. And some companies wipe the hard drives on
preinstalled systems and revert to Windows 2000.

Many companies still view Windows XP as “too
new,” and they continue to focus on Windows 2000, for which they’ve
already purchased corporate licenses. In addition, I was somewhat
surprised to find out just how many organizations are still using
Windows 98 systems.

It’s unnecessary

In the companies I talked to that are running
Windows XP, many feel that SP2 isn’t necessary. With multiple
layers of Internet security by way of firewalls, content scanners,
and enterprise virus scanning, these organizations consider their
Internet security to be sufficient.

Regardless of whether this justification is
truly accurate, their perception is that SP2 is a service pack to
fix Internet problems. Companies that are comfortable with their
Internet security feel there’s no reason to apply SP2.

In my opinion, this is perhaps an area where
Microsoft needs to better educate customers. Weighing in at more than 100 MB,
SP2 addresses more than Internet security issues.

It’s incompatible

Many corporations also expressed concerns about
software compatibility. In fact, the most common fear seemed to be
whether XP would even boot after they applied the update.

Even Microsoft recommended performing a
complete backup before applying SP2. Of course, this is never a bad
idea, but it tends to scare companies from applying updates.

SP2 can also cause previously operating
software to not work, and there’s a list of known
incompatibilities. Microsoft can’t possibly test all of the
possible versions of all third-party software for compatibility, so
that nixes an SP2 update for many companies.