• United States

XP SP2 deployment is smooth – so far

Aug 23, 20045 mins

As Microsoft smooths out the ripples after last week’s big splash with Windows XP Service Pack 2, users say they found fewer problems than they expected, but some complain that late code changes and lingering compatibility issues will serve to refuel testing efforts and further delay full-scale deployments.

As Microsoft smooths out the ripples after last week’s big splash with Windows XP Service Pack 2, users say they found fewer problems than they expected, but some complain that late code changes and lingering compatibility issues will serve to refuel testing efforts and further delay full-scale deployments.

The biggest deployment issues last week involved tweaking the Windows Firewall, which is turned on by default, to open ports or configure exceptions to ensure applications such as anti-virus and management work correctly.

Microsoft also issued a hot fix to correct an IP addressing bug that was crippling VPN software and another that will make it possible to edit new XP SP2 Group Policy Objects from older Windows platforms.

The company also fixed a bug that prevented users with Software Update Services, which lets corporations centrally manage patch deployments from inside their firewalls, from controlling the installation of XP SP2.

“We have seen fewer problems than expected and not anything major,” says Russ Cooper, moderator of the NT BugTraq Web site and senior scientist for TruSecure, which develops security and risk management products and services. He says preliminary results of his online survey of more than 600 people show 43% of users plan to deploy the software in the next 30 days or less and 25% in the next three months, while 14% were undecided on when to deploy.

Some users, however, discovered compatibility problems with applications they already had tested and blamed last-minute changes Microsoft made to the XP SP2 code.

“If I am upset about anything it is the fact that Microsoft did make what I consider to be significant last-minute [code] changes in the final days and weeks without providing even those with extraordinary access [to source code] the ability to test their applications,” says Jeff Altman, president of Secure Endpoints, a consulting firm in New York.

Barry Goffe, group product manager for Windows product marketing, says “a fair number of changes were made between the release candidate and final code,” but adds that this is normal procedure for all software development.

Others found severe incompatibility problems with homegrown applications and some say the XP SP2 code is not ready for enterprise deployments.

“It’s sloppy code,” says Ian Hayes, a security manager for a major government contractor he asked not be named. “This service pack may be more suitable for XP Home users but not for people who use power apps or security tools that run XP Pro.”

Hayes says he found that SP2 erased restore points used to roll back to a stable operating system configuration, forcing the rebuilding of some desktops. “It’s going to be a long slow evaluation,” he says.

A German research firm reported it found two bugs, but Microsoft officials refused to comment on what it labeled “unsubstantiated issues.”

But with nearly 300 applications already affected by XP SP2, some large corporate customers aren’t exiting the test phase.

“We have decided not to do SP2 at this point,” says Richard Mickool, executive director of information services at Northeastern University in Boston. “We’re just not sure of what applications and how many it will break. Until we know what and how, we want to work carefully around that.” 

Service Pack evaluation

With Windows XP Service Pack 2 out now for a week, users report they are seeing fewer problems than expected. The two most prevalent issues require a hotfix or a firewall configuration change to correct.
Issue: Solution: How to get help:
Access to multiple local-host addresses blockedMicrosoft issued a pre-SP3 hotfix that corrects the problem that affects mostly SSL VPN software.Users need to call Microsoft Professional Support Services.
Windows Firewall on by defaultMicrosoft released a list of some 250 applications that might behave differently, such as showing an extra dialogue box, and a shorter list of some 40 applications that require firewall configuration changes before they will function correctly.Check with the specific vendor or look at a list on Microsoft’s Web site.

Others also say they are allowing for prudent evaluation periods, but say problems they are finding with broken applications is the price for converting to a more secure operating system.

Joe Doyle, network engineer for Promega in Madison, Wis., is at the start of his final three weeks of testing. “Knowing that changes to the [operating system] will help mitigate new worms and viruses and protect our users, sometimes from themselves, lets us as systems administrators sleep better at night.”

“With the firewall turned on by default that means a whole class of attacks on Windows will no longer succeed. And hooray for that!” says Mark Rockman, programmer and systems administrator for Alphagenics in Rockville, Md., who already has rolled out XP SP2 on his small network without incident.

But others had enough incidents to know that XP SP2 won’t make it out of their test labs for some time.

“We have a lot of homegrown applications that did not work well with SP2. It will be six months before we roll it out,” says Chip Logan, IS manager for Alvey Systems, which manufactures material handling equipment, with U.S. headquarters in Danville, Ky.

In the end, users say XP SP2’s greatest feature might be that Microsoft is starting to understand security.

Network World Senior Editors John Cox, Tim Greene and Ellen Messmer contributed to this story.