Microsoft Changes Its Tune on Porting SP2 Fixes

 
 
By eweek  |  Posted 2004-09-23
 
 
 
Microsoft has been reticent to commit publicly on how, when and whether it would make the browser-specific security fixes that it delivered as part of Windows XP Service Pack 2 available to users of older versions of Windows.

But this week, the Redmond software vendor issued a definitive statement regarding its back-porting intentions. The decision: No SP2 fixes—not even ones such as the SP2 pop-up blocker or the ActiveX control blocker—will be offered for users of older versions of Windows and IE (Internet Explorer).

Microsofts message is that if you want any of these features, you must upgrade to Windows XP and/or Windows XP Tablet Edition running SP2. Next year, Microsoft will make the appropriate SP2 security fixes, including some of the IE ones, available to Windows Server 2003 users via Service Pack 1.

Microsoft never publicly committed to providing any of the SP2 fixes for users of older versions of Windows or Internet Explorer. But company officials privately told a select group of developers earlier this year of plans to port some of the IE-specific fixes to the version of IE 6 for Windows 2000 (Service Pack 5 update).

It also told some partners that it was "considering strongly" the idea of making the IE-specific SP2 fixes available for Windows NT, Windows 98, Windows 98 Second Edition and Windows Millennium Edition.

Read more here about what Microsoft privately told developers about its SP2 plans.

When asked of these plans, a Microsoft spokesman provided the following statement: "We never committed to back-porting technologies. Our commitment has been to provide the greatest possible level of security to all our customers. We will continue to do this for IE and for previous versions of Windows.

"Trying to retrofit older technologies—which were never designed with the current environment in mind—with current advancements creates a set of challenges that makes it difficult for customers to deploy and doesnt provide a level of security that we feel confident in providing to our customers," the spokesman said.

"Based on these conclusions, Microsofts resources are focused on keeping customers current with latest security updates and developing new products that will make them safer and more productive," he added.

Click here to read about the U.S. Computer Emergency Readiness Teams suggestions on whether to install SP2.

Some Microsoft customers said they see the companys refusal to back-port SP2 security fixes to older versions of Windows and IE as little more than Microsofts attempt to force users to upgrade to Windows XP. Quite a number of enterprises are still running older versions of Windows, especially Windows 2000, on the desktop.

Microsofts decision not to port SP2 fixes to Windows 2000, in particular, doesnt sit well with Michael Cherry, senior analyst with a Kirkland, Wash.-based research outfit called Directions on Microsoft.

"I dont really think they have any requirement to make any fixes or changes available on the old 9.X code base of Windows 98 and Windows ME," Cherry said. But "the one version of Windows that I have a problem with is Windows 2000, which I believe is still in mainstream support.

"There may be technical reasons why adopting the changes in IE to Windows 2000 is difficult, but Microsoft should be able to overcome this. After all, they own the code for both products," Cherry said.

To read the full story on Microsoft Watch, click here.

Rocket Fuel