Establishing Digital Trust: Don't Sacrifice Security for Convenience
UPDATED: Only 24 percent of the 136,000 Windows XP PCs in 251 North American companies have upgraded to Service Pack 2 (SP2), according to a new survey from AssetMetrix Research Labs.
SP2 is loaded with several new security features, including a revamped Windows firewall, to help shore up system defenses.
Aside from concerns about security, the research arm of the AssetMetrix asset intelligence firm said companies who don't use SP2 risk incompatibilities with future Microsoft products, such as Internet Explorer 7. There is also the potential for a support gap when Microsoft nixes support for Windows XP Service Pack 1 in September 2006.
Steve O'Halloran, managing director of AssetMetrix Research Labs, said end users and small businesses view SP2 as a hassle in the wake of a daily dose of hot fixes for security flaws. SP2 is essentially a new operating system download totaling 266 megabits.https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i
The potential that SP2's size will break certain applications has users wary of the upgrade, and they simply won't download it, he said. But XP users face a crucial deadline in the lifeline of the operating system. On April 12, Microsoft's Automatic Update service will deliver SP2 to XP-based machines.
The Redmond, Wash., software giant had offered to do it sooner, but acceded to customer wishes to optionally suspend SP2 delivery via their Automatic Update service for eight months. Customers were concerned that SP2 would break certain applications, rendering them useless on their computers.
"It reminds you of high school days," O'Halloran said, "where all of a sudden the mid-term paper was due tomorrow and you ask the teacher for an extension and finally the teacher gives you a two-week extension.
"Then it's the weekend before the extension deadline and you haven't done anything about the paper. Companies are trying to put pressure on Microsoft to forego the download."
O'Halloran said Microsoft has allowed a significant period of time to accommodate companies' demands to test and validate Windows XP SP2 within their IT infrastructures.
Despite the fear of broken applications, O'Halloran said he was surprised by the results of the survey.
"I was anticipating some kind of polarization of either companies that were wholly embracing it, or wholly embargoing it. For whatever reason, we saw a mixture of people who accepted SP or didn't. That led us to understand that if there was a policy surrounding SP2, it was not being observed either through end-user action, or through management tools."
Of the respondents, eighty-four, or nearly 41 percent of companies using XP, seem to be avoiding an SP2 upgrade, while just 17, or approximately 8 percent, seem to be upgrading.
The other 52 percent of the companies surveyed showed no decision about SP2, leaving themselves open to support issues by allowing multiple editions of Windows XP to exist in their infrastructure.
The analyst said that Ottawa, Canada-based AssetMetrix Research Labs recommends companies install, test and verify SP2 before the April 12 deadline to avoid service interruptions.
Users can choose to accept or deny SP2, but they should deploy a policy mechanism, whether it's a tool from Microsoft Active Directory or Windows SMS.
As another alternative, AssetMetrix is offering Update Policy Manager, a free feature included within AssetMetrix's PC inventory tool that can enforce corporate policy on Windows updates by disabling the end-user's ability to modify the Microsoft Update Service. This will ensure that important security patches are installed on the PCs.
A Microsoft spokesperson said Microsoft consistently recommends that organizations take the necessary time needed to evaluate SP 2 and develop a deployment plan that best meets their needs.
The company also said it is seeing an up-tick in enterprise customers that are either deploying, or committing to deploy, SP2. For example, Merrill Lynch has committed to deploy SP2 across 50,000 desktops by the middle of the year, Microsoft said. Law firm Holland & Knight has completed its deployment of SP2 across 3,500 desktops.