Nobodys surprised by the application problems cropping up as users install Windows XP Service Pack 2. As I said in my last column, you have to expect these, plan for them, and not let it dissuade you from making the migration as soon as is practicable.
But Microsoft has begun to address these both generally and specifically with a Knowledge Base article entitled "Some programs seem to stop working after you install Windows XP Service Pack 2." This is good, but they could do better.
Every clown with a security Web site is collecting SP2 stories (well, Im not doing it, so almost every clown). Microsofts application list should be more than a list; it should be an invitation to share experiences and results.
Like all bug databases, this one would have a hefty dose of redundancy and subjectivity. No doubt people would intentionally lie as well. But there could be verified and unverified sections to it, and the latter would carry a penalty of low credibility. Normal users looking for reliable information could restrict themselves to the parts confirmed by Microsoft (or perhaps others Microsoft designates as reliable), but unverified information can be useful, too.
In fact, Microsoft should have done this a while ago. An effort like this should have begun around the time of the first Release Candidate. The right way to do it would be to include a special application or ActiveX control to let users post reports that included system configuration information. At the risk of raising some privacy alarms, I think it would be useful to include a unique identifier for the PC on which the problem was observed. With this information, Microsoft could do a fair amount of automated analysis of results.
Microsoft has tools like this for regular beta testers, but for some projects it helps to be not only getting more data, but also seen getting more data. Entries would need to be moderated of course, if only to filter out the vulgar and plainly nonsensical, but I can imagine a user ranking system being interesting, even if it ends up discrediting the users.
The actual Microsoft Knowledge Base article is both interesting and useful, but its also obviously only a scratch on the surface of the issues with SP2. And while the format of a Knowledge Base article is good, for example, for the generic instructions in the upper section about how to determine if you have a firewall problem, the list of applications below will grow too big.
The most interesting independent reports Ive seen so far are on NTBugTraq, a mailing list that is respected, but which has been rather sleepy until the arrival of SP2. Incredibly, it appears that users have been complaining to the moderator about too much information since the SP2 reports started rolling in. (NTBugTraq is getting some hysterical reports, but because its moderated by a guy with his head screwed on straight, it has a much higher signal-to-noise ratio than some of the trash Ive read.)
A source of a large amount of moderated information would be useful for users, and there has to be more than what Microsoft has provided so far. They have done an excellent job on providing background information for administrators and developers, but theyve fallen short on testing data. Let all this be a lesson for SP3, or perhaps for Longhorn.
Security Center Editor Larry Seltzer has worked in and written about the computer industry since 1983.
Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.
More from Larry Seltzer