Windows XP SP3: We Ought to Have More of These

By Larry Seltzer  |  Posted 2007-10-22 Print this article Print

Opinion: Roll-up updates would make it easier for most users to stay up-to-date; splashy updates with new features scare IT into delays.

Many years ago I complained about Microsofts update policies, specifically about the sheer number of updates that were available only online. What was needed was a disk version of Windows Update. If you bought a new computer and connected to the Internet, especially for a dial-up user, you faced hours of updating from Windows Update, not to mention updating Microsoft Office. OEMs are much better now than they were then about delivering systems relatively up-to-date, but you cant assume that systems bought off the shelf at your average electronics store are anywhere near up-to-date. What was needed, I argued, was a periodic CD update to bring Windows up to some baseline, such as Service Pack 2. The installed base for Windows is expected to cross the 1 billion mark. Read more here.
Windows XP SP3 will be, in effect, that kind of update. All indications are that it is a simple roll-up of updates to Windows since SP2, which shipped ages ago, back in August 2004. It will add a few critical security-related updates for applications such as Internet Explorer 7 and Windows Media Player 11.
This hands-on review says there are a few small changes in addition to the roll-up. There are some changes to clarify wording in the Control Panel Security Options applet. Also, the address bar option in the Taskbar tool bar list is gone—the victim, it is said, of a "regulatory request." I guess this makes the browser too "integrated." At least it was a worthless feature. There are also a couple of useful, if obscure features, such as kernel-level support for FIPS (Federal Information Processing Standard)140-1 Level 1 cryptography. Also, there will be improvements in black hole router detection; this is where routers drop incoming packets without informing the system. Microsoft says SP3 for Windows XP is currently planned for the first half of 2008, but no promises on that date. Ive seen stories claiming that its release is timed to coincide with that of SP1 for Windows Vista. Why you would want to coordinate the two is beyond me, but the distinction between those two updates is interesting. Like Windows XP SP2, Vista SP1 is viewed as an important update, a turning point for the products. XP SP2 made changes so important and consequential to XP that many at Microsoft wanted to call it a new version of Windows, but it was decided to downplay the changes as a service pack in order to accelerate adoption of it, in order to improve Windows security footing. Vista SP1, on the other hand, was an enterprise planning target long before Vista even shipped. Obviously, there was always going to be an SP1, but the perception that many buyers were waiting for it in order to adopt Vista gave Microsoft some perverse incentives. Microsoft wants the service pack to give that air of maturity to Vista, but it has reason to avoid changes that would require substantial new testing. For example, I had heard through the grapevine that Vista SP1 would turn DEP (Data Execution Protection) on, by default, much more extensively than in Vista or XP. This is the sort of change that can cause problems with third-party drivers. I wouldnt be surprised if Vista SP1 turns out to be more conservative than its designers had originally planned. The first big update after a release is not just about rolling up patches, its about correcting mistakes. But once a product becomes mature, periodic roll-ups are good for users. I still havent heard from Microsoft it doesnt provide them, and its not for lack of asking. Perhaps Microsoft figures people will ignore monthly updates if there are roll-ups two or three times a year. Its hard for some of us edgier people to believe, but there still are a lot of dial-up users out there, and a lot of DSL users with very slow connections. For these people, updating a system takes all night long on the computer, perhaps more. They alone are a good enough reason to make updating easier, but there are others. Security Center Editor Larry Seltzer has worked in and written about the computer industry since 1983. He can be reached at Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.
Larry Seltzer has been writing software for and English about computers ever since—,much to his own amazement—,he graduated from the University of Pennsylvania in 1983.

He was one of the authors of NPL and NPL-R, fourth-generation languages for microcomputers by the now-defunct DeskTop Software Corporation. (Larry is sad to find absolutely no hits on any of these +products on Google.) His work at Desktop Software included programming the UCSD p-System, a virtual machine-based operating system with portable binaries that pre-dated Java by more than 10 years.

For several years, he wrote corporate software for Mathematica Policy Research (they're still in business!) and Chase Econometrics (not so lucky) before being forcibly thrown into the consulting market. He bummed around the Philadelphia consulting and contract-programming scenes for a year or two before taking a job at NSTL (National Software Testing Labs) developing product tests and managing contract testing for the computer industry, governments and publication.

In 1991 Larry moved to Massachusetts to become Technical Director of PC Week Labs (now eWeek Labs). He moved within Ziff Davis to New York in 1994 to run testing at Windows Sources. In 1995, he became Technical Director for Internet product testing at PC Magazine and stayed there till 1998.

Since then, he has been writing for numerous other publications, including Fortune Small Business, Windows 2000 Magazine (now Windows and .NET Magazine), ZDNet and Sam Whitmore's Media Survey.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel