When is it safe to install Windows XP Service Pack 2?

The uproar and consternation surrounding the release of Service Pack 2 for Windows XP continues. What I find remarkable is that this conglomeration of patches is causing more consternation in the tech community than the security flaws the patches were designed to overcome.

Microsoft has released a list of more than 200 software applications (many games, lots of anti-virus and spam-filtering tools but also standard business software such as PageMaker, Arcserve – and Microsoft Office) whose default behavior will be broken by the installation of SP2. See the editorial link below for a list of apps that may experience problems.

Another Microsoft article discusses what to do if an application or service fails after installing SP2 (see editorial link below).

It all began when Microsoft released a document advising that “The best way to ensure you get Windows XP Service Pack 2 when it is released is by turning on Automatic Updates today” (see editorial link below). Shortly after, Gates and company bowed to the wishes of their corporate customers and instituted ways to delay the release of the patchwork update to the Automatic Updates service that Microsoft has been touting as a major security improvement to its operating systems.

It was just a year ago, in fact, that Microsoft was pushing everyone to install the Automatic Updates service to automate the distribution of patches and fixes. It seems that not only will SP2 require changes to the services and applications you use, but also the Automatic Updates service can easily choke when trying to download the 257M-byte patch file to all your servers and desktops.

Unpacking and installing the massive file will also tie up most CPU cycles on a machine for quite some time. Would you want that to happen to all of your users at 9 a.m. Monday? Or, to put it another way, do you like seeing your phone lit up like a Christmas tree?

For four months (through mid-December), you can block the automated download and installation while managing the rollout on your own. After that, the automated release will begin. If you have managed to install SP2 by then, expect to spend the Christmas holidays fixing, configuring and even re-installing operating systems, applications and services throughout your network.

There are three methods offered by Microsoft to disable automated patching: an executable file (to run on each XP computer to change a registry setting); a group policy template (to apply to Active Directory); or a URL embedded in an e-mail message to each user.

I especially like that last one – we’ve spent many months trying to convince users NOT to click on links or attachments in e-mail even if they think they know the sender, but now we’re supposed to expect they will click on this one. Most likely they will, as the preaching about viruses hasn’t seemed to sink in with many of them!

To reiterate what I’ve said before (and hopefully won’t have to repeat again), if your network is protected installing SP2 to your desktops can be a slow, deliberate process. First, work out all the kinks in the lab and only then (and after the foolhardy have rushed to install it and suffered the consequences) should you consider moving it out to your users.