Microsoft Urges Update, But IBM Will Test First

After extensive investment, testing and delay, Microsoft (Nasdaq: MSFT) has made its Service Pack 2 (SP2) for Windows XP available and is urging corporate and consumer users to update the operating system, which has been bombarded by Explorer browser and other vulnerabilities.

An enormous batch of security upgrades and other fixes typical of a full software update, SP2 has been widely anticipated as a provider of better security -- as well as a potential breaker of other applications.

Microsoft provided the patch to Windows XP users with an easier automatic update. Industry force IBM (NYSE: IBM), however, said it would not install the update until it could test the final release of SP2 on its own.

"You always have to test," Yankee Group senior analyst Laura DiDio told TechNewsWorld. "All of the networks are so heterogeneous these days, you can't predict where and how these things will interact."

Security Shot

Nevertheless, analysts agreed that system administrators -- who have battled an increasing number Windows vulnerabilities, attacks and outbreaks -- are happy to have some reinforcement from Redmond.

"The IT departments are battle-weary," DiDio said. "They are damn sick and tired of getting alerts every day. Windows has come under constant, deliberate assaults and attacks."

DiDio added that while SP2 will provide greater security for both individuals and corporations, the security struggle will continue.

"This is a pretty big weapon in the ongoing war, and you can expect them to spend billions more," DiDio said. "This is not the be all and end all."

Rollout Roll of Dice

Meta Group vice president Steve Kleynhans said companies eager to shore up security will likely update Windows XP systems fairly quickly. The update, however, will not necessarily be easily absorbed, as evidenced by Microsoft's warnings that the update might cause problems with its own customer relations management software.

Still, the analyst indicated that companies will update with SP2 but perhaps turn off the firewall, which is now a default feature from Microsoft with the update. Kleynhans told TechNewsWorld, "In the end, most companies will end up implementing SP2. They may not turn on all of the capabilities, but ultimately, they'll [update]."

Testing or Turning Off

Gartner (NYSE: IT) research vice president Richard Stiennon said companies will test SP2 as if it were a new version of an operating system.

Stiennon told TechNewsWorld that the impact of SP2, which reportedly has already thwarted access to popular Web sitesm, might also force companies simply to turn off all of the security features contained in the update.

Stiennon said it will take time to evaluate how much SP2 actually improves security. "It won't have an overall impact on reducing threat exposure for a long time," he said.

More Than Microsoft

DiDio said SP2 will not fully solve the security issues that have cost companies time and other resources, but it will make things more difficult on attackers, who have grown more cunning in their assaults on Windows.

"It doesn't mean you're not going to have a hack," DiDio said. "But a hack delayed is often a hack thwarted."

DiDio explained that it is up to Microsoft to fix security holes in its software and provide updates such as SP2, but it is up to consumers and companies to protect themselves with their own security steps.