Of course, there are real problems, and Ive been a victim of one of them myself. A Web-based application I use regularly breaks under Windows XP SP2. The developers havent figured out the exact problem yetI dont have the source, so it would be difficult for me to figure out the problembut I wouldnt be at all surprised to find out that what it was choking on was something the developer really didnt want to do, like overflowing a buffer. Users of SP2 get a lot of warnings, especially early on in using it, when they try to run programs that break policy. Rarely are you actually prevented from doing anything, just warned and asked to make a conscious decision to engage in activity that could be insecure. Microsoft has developed extensive tools for managing the deployment and management of SP2 on a managed network, and I agree with TruSecures Cooper that enterprises will likely use these tools to roll SP2 out in a relatively crippled state.For all the whining Microsoft is getting now, theres no serious argument to make that these changes arent necessary. The next year or so will be a busy one for Microsoft support, but things will get better thereafter. And a willingness on Microsofts part to break these old, dangerous applications is more important than just cleaning up an existing mess. Its also a break with the past and with Microsofts enthusiasm for letting developers make programs that do whatever they want. Security means that programs need to have bounds, and those bounds need to be enforced. It must be a scary thing for Microsoft, but its an important moment, and they need to move on with it. Security Center Editor Larry Seltzer has worked in and written about the computer industry since 1983. Check out eWEEK.coms Security Center at http://security.eweek.com for security news, views and analysis.
Consider this paper on managing the Windows firewall on a network. They can then turn on features as they are more thoroughly tested, or turn them off if they cause problems in the real-world deployment.