Sometimes I just cant believe peoples lack of perspective, and the best current example is the resistance to adopting Windows XP Service Pack 2.
For a very long, long time now, long before SP2 was released, its been known that as a direct result of solving security problems in Windows it would cause application problems. Microsoft released several test versions of the service pack—and large customers get access to more than just the milestone betas and release candidates—to help developers and users adopt to the new platform.
This has been going on for over a year now. (Heres my first real SP2 column, just about a year old and already the compatibility issues were fairly well-understood.) And yet people are still resisting installing it, and generally for the same reason: They are worried that their programs wont work.
A study by SupportSoft, a software vendor, shows that IT managers are still worried about the impact to their applications. Seventy-three percent of them say this is their biggest concern about SP2. Fifty percent of them expect problems that will disrupt their businesses as a result of the migration.
Sorry buddy, but if your program wont work its probably because there was a problem in it. Most of the application problems Ive seen are as a result of shady window management techniques in Web applications. There are lots of other reasons a program might fail, and for most of them the proper response is to change the behavior of the application. There were reports early on of large numbers of machines crashing after installing SP2, but it turned out that this typically happened to systems already infected with spyware or adware.
And what has taken you so long? I know you have lots of interests and lots of stakeholders, but the more of them you put in front of smoothing the migration to SP2 the less you can claim that security is a real priority for you.
Of course, its easy for me to sit here and tell you to put in development work, but if the alternative is for you to continue to run Windows XP SP1, then youre going to have to think seriously about it. SP1 is not an acceptable alternative anymore.
Weve already seen many security problems pop up in Windows XP SP1 (and Windows 2000 and other earlier versions of Windows) that do not exist in SP2. This is because Microsoft actually thought seriously about security in writing SP2 to the point that they were willing to break applications that used undesirable techniques, quite a departure for Microsoft, which has in the past been far too tolerant of customers doing stupid stuff.
This last week we got our best example yet of SP1s danger. A worm that infects you just by your viewing a Web page. SP2 hasnt been perfect certainly, but life with Windows has been a whole lot less scary for SP2 users since it came out.
This isnt going to be the end of it either. There are going to be more of these SP1-only bugs, and IT managers will have to deal with the consequences of them. I think its an easy case to make that they should instead deal proactively with the application compatibility problems in SP2.
SP2 is the best real-life example of how testing is a critical function of IT these days. If youre concerned you will have application problems in SP2, test and find out. Ask for volunteers to be guinea pigs and run it, and have SP1 systems available for them as backups. Fix the problems you find. But get to it already. Youre late and SP1 isnt getting any better.
Security Center Editor Larry Seltzer has worked in and written about the computer industry since 1983.
Check out eWEEK.coms for the latest security news, reviews and analysis.
More from Larry Seltzer