Windows XP SP2 Delayed Until Late 2004

Aiua writes "BetaNews is reporting that Microsoft has pushed back the release date for the second Windows XP service pack to the third quarter of 2004 without giving any reasons." Update: 08/19 12:52 GMT by M : Another article claims it will be out three months earlier, no later than June 2004.

calendar? or fiscal?

[David E. Smith]

Since the article doesn't include sources or citations or anything, we can't even be sure if they're referring to calendar year 2004, or fiscal year 2004 (which, for MSFT, I believe runs from July 2003 through June 2004).

If they're referring to fiscal year 2004, that's between January and March of next year, which isn't nearly so bad.

One thing I don't really get...

[Sheetrock]

I don't use Windows XP, but I've worked on trying to patch machines that are running it. What I don't understand is why the process of discovering, downloading, and applying security patches has to be as difficult as it currently is.

For example, when trying to find a patch for the vulnerability that Blaster is currently exploiting on many systems, I had to wade through a multi-page document filled with fluff in order to determine whether or not it was indeed about the vulnerability I thought it was, then find a download link, then be presented with a multipage license agreement -- all for one fix.

My thought is that Microsoft would do better to be a little more proactive in their approach. Antivirus software for the platform is capable of downloading and applying updates to itself, and it wouldn't be a bad idea for Microsoft to take a page out of their book. If I used XP, I'd appreciate having the machine automatically seek out the patches I need and apply them (particularly the most critical) without requiring my intervention or even my knowledge really to do so... and I'm a relative expert compared to the vast majority of the people who just want to play Solitaire and do their taxes.

Re:The press release has a typo in it

[jez_f]

Then why hasn't Microsoft [microsoft.com] changed the typo on this page

Even the press releases have bugs in now :)

Re:Microsoft doesn't need to have reason....

[Mr_Silver]

Reasons... who needs reasons? When you're Microsoft, you don't have to give reasons for anything.

When you're pretty much any company, you don't have to give reasons to everything you do. At least not publically.

Even Apple is perfectly entitled to do the same.

Re:The press release has a typo in it

[the_pooh_experience]

Then why hasn't Microsoft changed the typo on this page

Does msblast.exe, Chinese gov't outlawing internal use of MS software, MS losing German gov't contracts to linux distributers, and court cases mean anything? MS has plenty on their plate, and I think an html typo is the least of their worries.

Re:Without reason?

[DrunkenPenguin]

No, no. The Blaster hole was fixed about a month ago. People just didn't patch their products.

What I ment was that the Blaster incident was probably the last nail in their coffin - maybe they finally had enough and decided to take security a little bit more seriously from now on. That would explain the delay.

Re:Microsoft acting odd

[yanestra]

Something strange is happening at Microsoft ...

IE development ended (sort of)
Outlook express development ended
Service packs under long delay

Just an observation.

They're freeing their capacities for the adoption of a new, brilliant concept, which they have bought from the company formerly known as "SCO":

Unix

It will provide the users with more stability and security.

Re:Without reason?

[iainl]

If Microsoft want to makee auto-updating default for the clueless without offending business users who would (presumably) want it disabled, so they can control rollout of fixes themselves (both to reduce bandwidth by using the full downloads and the software delivery mechanism of their choice, and just because they want to give things a proper test first), why not do what I think they should have done all along - first only make it the default for XP Home Edition, and second make it a configurable during install.

Re:Without reason?

[lpp]

For Joe User and for admins of relatively small business networks, 3 weeks is ample time to try out a service pack to make sure it doesn't break anything that you rely on and to roll things back if it does. For the admins of larger networks, where there may be an even larger number of applications that have to be compatibility tested, 3 weeks may not be enough. If previous MS supplied patches hadn't fscked up application stability in the past, this might not be an issue, but as they have, it is.

Re:now for the real question

[aflat362]

Not every article on slashdot will have profound significance to your life. Get over it.

Re:Without reason?

[swordboy]

Microsoft have been talking about making auto-updating enabled by default in a service pack which may be linked to the delay.

It doesn't matter...

The blaster patch on Win2K requires at least SP2 [microsoft.com] which requires 8 hours, 10 minutes to download via dial-up. Because of this, I disable auto-updates on any dial-up PC that I work on. It just isn't bandwidth effective.

IMHO, Microsoft should be *required* to send critical updates on a CD package via postal mail. The updates should be hands-free, though I doubt that we'll still have trouble getting newbs to run a fix on a PC that doesn't appear to be broken.

The other twist would be the built-in firewall software. Simply run updates to auto-configure it to block known exploits. Anyway that you look at it, there is a big problem.

Service Packs

[chefbb]

I'm quite content to not have to deal with another XP service pack for a while. The last one for XP gave me fits on several computers that required a complete re-install. And the recent 2K server service pack 4 took our email server out of comission for a day till we uninstalled it. Microsoft's service packs are generally not to be trusted...

Wrong date?

[Flopper]

Heise (german newsticker) thinks that it could be a turner of the numbers. Q3 2004 instead of Q4 2003?
We don't know but the size of the patches I had to download some days ago should be enough to release a new one. /:

Holy Crap? You have to be kidding me!

[gosand]

I can't believe this! Software not being released on time? I'll bet that this is the first time in the history of software development that someone didn't hit their target release date. Oh the humanity! Won't someone please think of the children...

Hmm, it's Tuesday. Must be "bitch about Microsoft not issuing updates". Tomorrow is "bitch about Microsoft issuing too many updates".

There is enough valid stuff to complain about when it comes to Microsoft, let's not start just speculating wildly.

Re:Microsoft doesn't need to have reason....

[cioxx]

When you're pretty much any company, you don't have to give reasons to everything you do. At least not publically.

Not entirely. You need to figure the "software industry factor" into the equation before making such a blanket statement. If Ford Motor Co. decided to implement considerably radical changes to their automobile line, they'd list the reasons why it was necessary, which in turn would have to come under public and government scrutiny. Same with any other company that doesn't deal with software.

Somehow software industry is a banana republic that gets off the hook in respect to accountability. If Microsoft was in a business of producing pharmaceuticals, I doubt they would be in a business long enough if Bill Gates didn't go on morning shows personally to assure the public that their drugs are safe, despite the major problems surrounding their product line.

Even Apple is perfectly entitled to do the same.

While I'm a very big Apple fan, and advocate their product use at every given opportunity, at the same time I understand how this corporation is known to employ predatory practices from time to time. Killing off smaller competitors, pushing their own standards forward, etc. The paradox lies in Apple's ability to get it right most of the time. But that doesn't mean that Apple would be better than Microsoft have they had 90% market share. When AAPL breaks the 50% market share (hypothetically speaking that is), you'd see far worse anti-user practices than that of Microsoft. I can guarantee that.

Software industry doesn't abide by rules of accepted business practices. "Any company" cannot act like Microsoft, otherwise they'd be out of business.

Re:Without reason?

[Karl Cocknozzle]

What I ment was that the Blaster incident was probably the last nail in their coffin - maybe they finally had enough and decided to take security a little bit more seriously from now on. That would explain the delay.

...and after that, the tiger will change his stripes and George W. Bush will stop telling lies.

Come on, lets get real. You can't secure something as dreadfully wide-open as Windows with a Service Pack. If they say they can, thats just a lie. If they THINK they can, then they should consult a psychiatrist about their tenuous grip on reality.

A project that complex has to be built against a secure design from the drawing board forward. You can't just decide, deployment +18 months later that you're going to now change the software to make it secure. Hey MS has known about this hole for a while (the Slashdot story was, what, two months ago?) and only patched it last month.

It is also possible they want to synchronize the release of "secure" windows XP with the sunset of Windows 2000 to encourage people to upgrade. I'll say this, that MS will be seen for what they are if this turns out to really be the strategy. IT Managers who have struggled against MS worms, virii, and trojans for years will now see that secure Windows was only released to coincide with him forking over thousands of dollars to "upgrade" to a product with features that should have been in (because they were advertised as being there) 1.0. I refer to the ability to plug it into a network without becoming an instant DDoS zombie.

Don't hate on Microsoft

[Anonymous Coward]

(posted anonymously due to the fact that I'm making a post in Microsoft's favor)

How come whenever Microsoft releases a patch people are all up in arms about it, yet my Redhat box gets patched EVERY DAY because I keep getting errata from Redhat Online saying this vulnerability exists etc etc.

Re:Competition ruling

[nolife]

this mindless MS bashing just isn't funny anymore.

Some people see the current and past actions of MS over the last 10 years and have formed a very negative opinion of how they do business. Your opinion may be different, that does not make it mindless bashing. I consider it to be frustration based on past experience.

Re:Microsoft acting odd

[Cyno]

I think they want to integrate voice activation stuff into Longhorn. If they're really serious about this sort of thing then it might take some resources.

Plus they have a lot of explaining to do about their trustworthy computing intiative. We'll see how that pans out.

Re:Register Reports a leak of Service Pack 2

[Jugalator]

Uninstallations of service packs work if you tell the installer to support uninstallation. I wouldn't call the backup data "cruft", since without it, it wouldn't be able to reconstruct your previous SP. Cruft to me = unnecessary features / bloat, which uninstall data definitely isn't as long as you care about being able to uninstall it.