Sunday, August 15, 2004

Companies Cautious on Windows XP SP2

By Keith Regan
E-Commerce Times
08/10/04 11:47 AM PT

While security features that block malicious code in e-mails and on Web pages have gotten most of the attention, the update also features architecture changes designed to make it harder for hackers to take over a machine remotely if they do gain access. "SP2 is somewhere between an upgrade and a whole new version of Windows," Gartner analyst Richard Stiennon told the E-Commerce Times.

While eager to take advantage of the enhanced security features of Microsoft's (Nasdaq: MSFT) long-awaited SP2 update, many corporate users of Windows XP will be cautious in activating it.

Microsoft did extensive compatibility testing aimed at ensuring SP2 would work with as many third-party applications as possible, but many network administrators plan to run the update through the paces themselves.

IBM (NYSE: IBM) has confirmed that it is telling employees to delay downloading the SP2 update until network administrators can determine potential effects on Big Blue's systems. Many other companies are expected to follow suit.

Microsoft released the XP SP2 update, which reportedly cost $1 billion to develop, last week. The software maker expects some 100 million updates to be applied within two months. New machines loaded with the updated version of XP will be available starting next month.

While security and antispam features that block malicious code in e-mails and on Web pages have gotten most of the attention, the update also features architecture changes designed to make it harder for hackers to take over a machine remotely if they do gain access.

"SP2 is somewhere between an upgrade and a whole new version of Windows," Gartner analyst Richard Stiennon told the E-Commerce Times. "For that reason, enterprises are going to want to carefully make sure it's going to work with all the applications they use."

Citing the security enhancements in particular -- which many believe will delay, minimize or stop many hack attacks -- Microsoft has encouraged users to activate the automatic update feature in XP, which would allow the computer to connect to a Microsoft server and download the update in full.

Conflicts Seen
Part of the delay in releasing the software can be attributed to its failure to work well with Microsoft's own applications, including its customer relations management software. Now there are reports that other companies' software has experienced problems as well. Some versions of peer-to-peer file-sharing software are among those said to have been affected.

The enhanced security features might also cause conflicts with third-party firewalls and other security appliances. Published reports have suggested that users of Zone Alarm firewalls reported bugs after installing the update.

In most of those cases, the problem can be worked around, but it will take time, said Ken Dunham, director of malicious code intelligence for the computer security firm iDefense

"In each instance, there might be a different workaround, so it's going to take time to get them all in place," Dunham told the E-Commerce Times. "Microsoft did extensive testing, but no one is going to put such a major update onto their networks without doing their own due diligence."

Rushing the update into place would likely place a major burden on corporate help desks, which would be forced to field questions about crashing applications and other problems.

"Users will want the update because it is a security upgrade," Dunham added. "But they don't need to be the first to have it."

Boon for Business?
Because of the possible complications, patch-management companies and third-party vendors who help companies manage their networks could see a windfall.

Joi Deaser, a spokesperson for SupportSoft, told the E-Commerce Times that her company's customers have been asking for help, with most of the concerns surrounding security and management of problems that might arise when the service pack goes live.