Microsoft is making it clear that Service Pack 2 (SP2) for Windows XP — a more than 220-MB software update dubbed “XP plus” and “mini-Longhorn” by some industry watchers — will have a sizeable effect on other applications as it seeks to shut out security weaknesses in enterprise systems.
The Redmond, Washington-based software giant claims it has worked hard to test the impact of SP2’s security features, such as a default-enabled firewall. However, the company also is spending a fair amount of energy and resources to warn developers about applications that could be at risk in an upgrade.
“They’re making a lot of noise with the development community that they need to look at their programs and do the testing,” Meta Group vice president Steve Kleynhans told TechNewsWorld, noting that service packs have changed from the days when they were mere collections of bug fixes.
“Now, service packs are like mini-releases in terms of the testing [Microsoft does] and the cautions to the market,” he said.
For Security’s Sake
Microsoft officials have indicated that although they are taking steps to prevent problems from occurring when SP2 is installed, security is the priority — and there will be no quarter given to unsecure applications that introduce vulnerabilities.
Kleynhans said that while all software would be created according to proper procedure in a perfect world, the reality of programming shortcuts and developer ignorance means security brings sacrifice.
“When you’re tightening down, you’re taking away certain functionality,” he said — but if some of that functionality is used by other applications, “you break them.”
Kleynhans added that Microsoft has been particularly vocal in its warnings about SP2 because of the service pack’s new security settings.
Put to the Wall
Gartner vice president Richard Stiennon, who has called the recent spate of viruses and worms the price Microsoft must pay for “making protocols willy nilly just to get the job done,” said SP2 likely will be treated as a completely new platform for companies.
“This service pack is a major upgrade and should probably fit into most organizations’ test and deployment procedures in place now for switching between platforms,” Stiennon told TechNewsWorld.
The analyst, who predicted slow uptake of the service pack, indicated the security emphasis marks a change for Microsoft — one the company has been forced to make as vulnerabilities loom large.
“They’re making a bigger deal out of [SP2] because it addresses so many security issues,” Stiennon said. “It’s a pretty big change in direction, but they’re being pushed to the wall. They have to do this.”
Taking IT Medicine
Despite Microsoft’s efforts to help developers and other software makers avoid breakdowns during the SP2 rollout — the company is offering online training and assisting larger vendors — there is still some sentiment that Microsoft is trying to spread the blame for its security woes or is leaving out some developers.
However, Meta Group’s Kleynhans said that, for the most part, any improvement in Microsoft product security mitigates the misgivings of developers and companies whose products might be affected.
“There’s been a little bit of grumbling, but who’s going to argue with Microsoft doing something about security?” he said.