News

Windows XP SP2 Deadline: Are Your Systems Ready?

• By Lana Gates
• April 11, 2005

It’s April 12, and do you know where your Windows XP systems stand? The mechanism to temporarily disable delivery of Windows XP Service Pack 2 (SP2) expires today. Microsoft allowed temporary disablement through Windows Update and automatic updates for a period of eight months, starting August 16, 2004, to give customers more time for validation and testing of the update. But now, time’s up.

Designed to provide better protection against hackers, viruses and worms, and to improve the manageability of security features in Windows XP, SP2 is viewed by Microsoft as a crucial update. It blocks all executable program files, closes all TCP/UDP communications ports, enables firewalls, disables pop-up windows and disables some communication protocols.

Some in the industry believe this new enforcement of Service Pack 2 poses an imminent threat of software incompatibility problems and other network security issues. Market research firm IDC, however, says that is not the case.

“SP2 will be sent to Windows Update Server users, but not to all users,” explains Al Gillen, IDC research director, system software. “If corporate users are not set up to automatically download patches, fixes and service packs, they won’t be installed. If the company uses a local update server in their corporate network, the IT department chooses what is allowed to be applied to the client machines,” he adds.

Gillen believes SP2 only poses a serious threat if the application uses unusual ports or has atypical network behavior. Yet even then, he says, it is possible to configure the security options to allow most applications to function.

“While the generic install of XP SP2 may disrupt some applications, in many of the cases, by configuring the security parameters appropriately, the majority of problems should be able to be mitigated or eliminated,” Gillen continues.

What kinds of problems could result from this? SP2 automatically closes ports that may be needed for other applications. Without making ways to keep those ports open, the applications will not work. In addition, organizations that deploy Web-based applications could run into problems if the user or network manager doesn’t configure each computer to allow pop-ups for that Web site.

Another potential problems could arise because Microsoft’s Software Update Services will only prevent automated deployment to systems configured to point directly to the Software Update Services server. If new systems have been added to the network with the default Windows Update settings, those systems will receive the forced install. Additionally, remote users connected outside an organization’s network could install SP2 manually or automatically when logging on to a home network where they have administrative rights.

Despite the potential issues, Gillen does not believe any threatened incompatibility issues will impact the application development industry. “If anything,” he cautions, “app developers will need to think about the run-time environment where their apps will install, and either check for system configuration to verify there is no problem that will impact the application before installing, or explicitly adjust system configuration and/or settings to make sure the app will function properly.”