Microsoft hopeful security update spurs user uptake

25 Aug 2004

Microsoft hopes that 60pc of Irish consumers will be running the Windows XP operating system in the next nine months as part of a shift to using the newly released XP Service Pack 2 which addresses many users’ security concerns.

This is the first time that the software giant, which regularly issues new features and bug fixes for its software, has taken to launching a service pack with its own branding. The company has even called this latest update “one of the most important service packs ever released”.

Windows XP Service Pack 2 with Advanced Security Technologies, to give its full name, has been designed to offer greater protection to users from threats such as viruses and malicious code.

Available from today at Microsoft’s Windows update site, it is aimed at eliminating many PC vulnerabilities that worms or malware such as Blaster have exploited in the past. The service pack is designed to prevent rogue code such as that found in executable attachments or website popup windows from changing a PC’s settings without the user’s knowledge or consent.

“It’s making Windows on the PC more secure than before,” said Clive Ryan of Microsoft’s client and information worker business group. The service pack is only available as a direct upgrade to PCs running Windows XP. “We’d encourage anybody to upgrade to XP and then enable the security technologies in SP2 on top of that,” said Ryan.

Microsoft is also heavily promoting the new service pack to businesses and many major Irish customers have already been briefed about the new release; some are already testing the newly hardened operating system. According to research commissioned for Microsoft last year, 37pc of Irish organisations already run the original Windows XP, although more than 50pc are still running the older Windows 2000. Many business customers have a mix of older and newer Microsoft operating systems.

The SP2 release has not gone entirely smoothly; last month Microsoft delayed the launch citing quality concerns. Some corporates have publicly held off implementing the upgrade over compatibility issues. More recently it emerged that more than 40 programs have conflicts with the service pack. The list, published on the Microsoft website, includes several widely used Microsoft products including SQL, Visual Studio .Net and SMS 2003 Server.

The list can be found under the heading ‘Some programs that seem to stop working when you install Windows XP Service Pack 2’. Ironically, XP SP2 also creates problems with some security products such as Antivirus Corporate Edition 8.0 from Symantec, MacAfee NetShield 4.5 and CA eTrust 7.0.

Microsoft recommends that organisations perform tests on the service pack before rolling it out company-wide. Although some default settings may affect the behaviour of certain programs, these can be changed and adjusted. “Most third-party applications in use in Ireland such as Oracle, SAP and Peoplesoft will work on SP2 with no changes but bespoke tools we obviously can’t guarantee, so there may be a need for some tweaks,” said Ryan.

Service pack 2 also contains several features for IT managers intended to make it easier to secure PCs within a company network. End users will now also be prompted by the system if their antivirus software is switched off, for example. A firewall feature, present in the original XP but buried in the background, is now turned on by default in SP2.

Although the compressed file sizes have not been finalised, Microsoft anticipates that the corporate download could be more than 200Mb and the home version of the software may weigh in at up to 65Mb.

Home users still on dial-up connections can opt for a staggered download, over several sessions, to avoid being online for long periods all at once. Alternatively a CD-Rom with the service pack will also be widely available free of charge in computer retailers and distributors, as well as by ordering from Microsoft.

Already security researchers have spotted some flaws in SP2 but Ryan pointed out that these require very specific sets of user actions in order for these to be exploited, making it unlikely to be easily done, if at all. He accepted that SP2 would not be a panacea for users’ security worries. “Software is now so complex we wouldn’t stand up and say ‘this is foolproof’ but what we can say is that an Sp2-protected system is an order of magnitude more secure than a non-SP2 system.”

By Gordon Smith