Five months after Windows XP was cut loose by Microsoft, a well-meaning developer is putting together a fourth service pack for the 13-year-old operating system.
This is not a Microsoft release. The "Unofficial Service Pack 4" comes from a Greek developer who uses the online name "harkaz." Using a screen name makes me distrustful on reflex. Harkaz started the project back in September 2013 and is on his third beta, with a "Release Candidate" coming soon.
“Many users – including me – who won’t be able to upgrade their old machines to a newer OS would like to easily install all Windows updates in one convenient package. For this reason, I started working on a Service Pack 4 package," harkaz wrote on the RyanVM discussion boards, which appears to be a board dedicated to patching and updating Windows operating systems.
"SP4" is actually quite a collection. It includes
- Updates for most Windows XP components, including MCE and Tablet PC.
- Request-only hotfixes
- Microsoft .NET Frameworks 4.0, 3.5, 1.1 and 1.0 (Tablet PC only)
- The .NET 1.x, 3.5 versions are automatically installed/updated in live installations
So it's mostly a rollup of monthly fixes issued by Microsoft since the third service pack, which came out in 2008. That's a lot of fixes, so it would be tempting to use it. However, SP4 also adds security fixes that aren't technically part of commercial Windows XP. They come from the point of sale/ATM version of XP that's still in use.
Microsoft has not yet ended support for the embedded version of XP for ATMs and point of sale systems. That will run until 2019. Last May, it was revealed that through a registry hack, you could get those fixes for your XP distribution, although Microsoft back then advised people not to do it.
Surprisingly, Microsoft had no comment on this "service pack," but common sense has to prevail here. We are talking about an unofficial update from an unknown source, who most likely doesn’t have as many PCs for testing as Microsoft has. His work can undoubtedly be hijacked and mined with malware. Do I even need to tell you not to touch this thing?