Windows XP SP2: Trouble Ahead for Developers, Users

By Larry Seltzer  |  Posted 2004-06-15 Print this article Print

Opinion: It sounds like a small milestone, but the second release candidate of Service Pack 2 is a big deal—it's the last rehearsal for the pack's significant turns in security.

The major security changes in Windows XP Service Pack 2 mean big trouble for developers and users, a fact highlighted by Microsofts introduction this week of the packs second release candidate—the last major test before it hits the streets. Microsoft has a history of major releases with understated names, and Windows XP Service Pack 2 (SP2) is no exception. Windows for Workgroups 3.11 was a major technical upgrade over Windows for Workgroups 3.10 or Windows 3.11. Windows NT 3.51 had huge changes compared with Windows NT 3.50—a version you didnt want to run. So it is with Windows XP SP2 and the parallel Service Pack 1 to Windows Server 2003. Like those earlier .01 Windows updates, it implements large changes in the internals of Windows.
But SP2 also adds major new user features. SP2 changes are largely but not exclusively related to security enhancements, with a few nonsecurity touches thrown in, such as a new Bluetooth stack (golly gee, just what I was waiting for).
Release Candidate 2 (RC2) of SP2, released this week, should be the last extensive trial run before SP2 hits the streets in late July, or so the plans go now.

Will XP SP2 cause problems for users and developers? You can bet your last dollar it will. If the security changes in Service Pack 2 were not going to cause problems, they would have been done long ago. Most of them, anyway. Applications will break. Network connections will fail, or appear to fail. Users will be forced to upgrade programs and devices that may not be under active support. This is something Microsoft tries not to do.

But even in forums reflexively hostile to Microsoft, there is a general recognition that SP2 will make Windows XP a more secure product. Microsoft has done some things that are basically invisible but will make a difference, such as recompiling large amounts of the operating system with compiler options that prevent most buffer overflows. (Actually, the options the company uses should prevent most stack overflows. Heap overflows are generally more difficult to exploit but wouldnt generally be fixed by this option.)

Next Page: A security wizard will greet users with a freshly installed SP2.

Larry Seltzer has been writing software for and English about computers ever since—,much to his own amazement—,he graduated from the University of Pennsylvania in 1983.

He was one of the authors of NPL and NPL-R, fourth-generation languages for microcomputers by the now-defunct DeskTop Software Corporation. (Larry is sad to find absolutely no hits on any of these +products on Google.) His work at Desktop Software included programming the UCSD p-System, a virtual machine-based operating system with portable binaries that pre-dated Java by more than 10 years.

For several years, he wrote corporate software for Mathematica Policy Research (they're still in business!) and Chase Econometrics (not so lucky) before being forcibly thrown into the consulting market. He bummed around the Philadelphia consulting and contract-programming scenes for a year or two before taking a job at NSTL (National Software Testing Labs) developing product tests and managing contract testing for the computer industry, governments and publication.

In 1991 Larry moved to Massachusetts to become Technical Director of PC Week Labs (now eWeek Labs). He moved within Ziff Davis to New York in 1994 to run testing at Windows Sources. In 1995, he became Technical Director for Internet product testing at PC Magazine and stayed there till 1998.

Since then, he has been writing for numerous other publications, including Fortune Small Business, Windows 2000 Magazine (now Windows and .NET Magazine), ZDNet and Sam Whitmore's Media Survey.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel