Feel Free To Be a Stick in the Mud
It's been a little over a month since Microsoft started streaming SP2 to Windows XP Professional customers over Automatic Update. That means you've got another three weeks or so to go until Oct. 25—the two-month anniversary of the service pack's full U.S. release—before you should start installing it.
There's no question that you should be testing SP2 aggressively, deploying it on pilot systems and kicking homegrown applications back to in-house developers to get them in line with Microsoft's new specs. SP2 is a critical service pack to deploy, just as Microsoft says.
The well-publicized downside of all SP2's changes is the number of applications that break when Windows XP SP2 installs. Microsoft worked hard for nine months in advance of the release to help ISVs get their apps in shape. Still, the company discovered embarrassing last-minute problems with major applications including Microsoft CRM, Microsoft Security Baseline Analyzer and its popular game Halo. In all, Microsoft documented nearly 50 commercial applications that stop working properly when the firewall starts. Another Microsoft list shows 38 commercial applications that are known to suffer a loss of functionality, such as failing to install.
By now all the new features should be thoroughly familiar. The on-by-default Windows Firewall blocks many more types of traffic and is more configurable through Group Policy. The Windows Security Center dashboard shows whether anti-virus software is running, if a firewall is up and whether Automatic Updates is set to pull down new patches. New features in Internet Explorer protect against malicious Web downloads, and IE has stronger default settings in the Local Machine zone. The Add-on Manager helps detect spyware.
SP2 will also help protect your network against zero-day exploits, like those that targeted IE just before SP2 shipped. But those appear to be rare. Two extra months of testing shouldn't increase your exposure too much.
Microsoft has been forced to agree that it needed to give users more time to get up to speed. The company provided a tool to allow administrators to instruct Windows XP systems to delay installing SP2 from Automatic Update for 120 days. Microsoft later expanded the tool's delay period to 240 days.
If Microsoft had problems with its own apps, you can bet that among ISVs—where anticipating the service pack was important, but far from job one—problems are still being discovered. Holding off on deployment will keep you out of your ISVs' de facto SP2 beta programs, as they continue to work through support bugs and get their Web site FAQs up to date. That can only make your eventual rollout go more smoothly.
Scott Bekker is editor in chief of Redmond Channel Partner magazine.