Survey Shows Admins Avoiding SP2 492
bonch writes "Tom's Hardware Guide is running an article about Windows XP Service Pack 2 and its limited acceptance by IT administrators. AssetMetrix is cited in the article as reporting that fewer than 24% of over 136,000 Windows XP PCs in 251 North American corporations even had SP2 installed. THG goes on to describe the reasons given by admins and discusses the advantages and disadvantages of installing SP2."
Applications (Score:2, Interesting)
Simple... (Score:5, Interesting)
Not I (Score:5, Interesting)
I finished doing the last update about 3 weeks ago and have not had any problems relating to SP2 yet which is great.
IMO the only negative thing about SP2 is its size/time to install. It has slowed down deployment because of the bandwidth it uses and the the time it takes to install which is a major impact to production, which means it needs to be down out of office hours which means IT support need to work over time, etc.
While deployment of SP2 was tiring and long I would rather got on with it than wait it out like some companies are doing.
not accepted or just lazy, unorganized, dumb? (Score:5, Interesting)
Installing SP2 in a large corporate environment is nothing to sneeze at, I agree, but that's no excuse for not patching.
Things shouldn't be this way (Score:5, Interesting)
Network & firewall changes (Score:3, Interesting)
Given that many of the SP2 changes relate to networks and firewalls, the bigger the corporate network the bigger the chance the upgrade will take some time to get working for everyone in a company.
If you are used to fixing problems remotely and the upgrade prevents the problem PC connecting to the network... you see the issue
SP2 soon to be FORCED upon us... (Score:5, Interesting)
So I installed it. It broke SQL Server 2000 because I hadnt patched it (but wrote information to the event log about how to fix it) but apart from that things went well...
Until I tried to run the spidering app Ive been working on at which point I discovered that XP Pro + SP2 = Castrated System! SP2 limits the number of connections pending opening to 10 (down from 50) and provides no way to change this limit!!!! Unimpressed....
Anyways, given that many pieces of software will only run on systems patched to a certain SP level Id expect that it wont take long before its a required upgrade...having to install it for documentation to work though....that rubbed me the wrong way I must say..
XP SP2 sucks for p2p? (Score:5, Interesting)
To be honest this was the first I heard about it. I just naturally assumed that shareza didn't peform as well as other dedicated P2P software applications. That registery entry seems to be missing and according to what i've read is hard coded in tcpip.sys. I found software to change the number of connections permited in tcpip.sys here [lvllord.de] and it might be covered in XP-antispy [xp-antispy.org] though I've not tested it yet.
In all fairness I have had few problems with XP SP2. Unfortunatly any problem I've had has been hardware related.
Re:SP2 is useless (Score:2, Interesting)
I was just tired to see each and every monday the same email that was telling me it was *mandatory* to install the latest Service Pack on my machine.
Since I'm not using that many programs here, SP2 works fine anyway.
Re:Alternative headline (Score:2, Interesting)
It's not avoiding to fix them, it's just trying not to have to install the machine again.
And I heard of people having BIG problems with SP2 installations.
It's better to get a firewall, an antivirus, change email client and browser.
Less things to worry about
Re:Security moanings (Score:1, Interesting)
For your info, this service pack may cause BSsOD when non-compliant programmes are used. Think about that: a service pack that changes an operating system so that the kernel can be killed by an application. No wonder admins are loathe to roll it out! Imagine the crap you'd get from the board if it turned out your in-house programs now kill Windows?
Wake me up when Microsoft do the right thing...
Justin.
Re:Security moanings (Score:2, Interesting)
Re:Its not flaimbait.. Plz dont on me (Score:4, Interesting)
Now windows installers are huge. But at least it's usually just a case of downloading and running setup.exe and all is done done for you.
Re:Not I (Score:1, Interesting)
And, from what you describe, it sounds like we spent about the same effort.
Only thing is, we upgraded to Linux.
Of course, we were lucky, since we were mostly using standard office applications that have a ready alternative on Linux (MS Office -> OpenOffice, Outlook -> Evolution, IE -> Mozilla Firefox).
We only have one Windows PC left, which is running our accounting software. Linux alternatives exist (the most suitable for us being non-free), but we're still in the process of evaluating them.
updates are downgrades. (Score:1, Interesting)
But even the small updates break loads of stuff.
Yesterday the SUS server was told to deploy the 8 updates MS brought out 2 days ago.
One of the patches totally broke the antivirus software. ( f*#$^&#kers ).
On a SP2 test machine it even had the nerf to tell us that the computer is freakin insecure because no fucking antivirus package was running.
retep vosnul.
Re:Simple... (Score:5, Interesting)
W2K does everything that we need..... it's more STABLE than XP, and we do not have application incompatability. Hell we can even run some of the old windows 95 apps and DOS apps without problems.
Wanna hear something funnier, for our critical stuff, the servers that make us $10,000 an hour running commercials, still run windows NT 4.0 because W2K is not proven to us to be as stable as NT4 in that specific use on that hardware. Also, cince those servers are on their own protected network any comments of "hax0r3d or own3d" are silly cince the script kiddie will need physical access or capable of tapping a fiber optic line, you can not access it without sitting in one of the data centers or the server locations.
Although the temptation is pretty high on that gear, imagine forcing all the top channels in a community to start playing monty python and the holy grail at midnight.
Re:Security moanings (Score:3, Interesting)
Secondly, and more importantly, no application, no matter how it is written, should be able to kill the kernel! That is just ridiculous, and in other circumstances would be referred to as a local denial of service vulnerability.
Please now hit yourself with a clue-stick.
J.
Re:Applications (Score:4, Interesting)
Some new client software that one acquaintence is being pressured to look at by her current vendor doesn't work at all under SP2. The soon-to-be-discontinued client works just fine since it's accessed via a terminal emulator and can therefore be accessed from any platform with a terminal emulator. The new one can't. Nor does it function under XP SP2.
If the vendor came out with a linux or bsd port for the new client then she could forget about MS-Windows altogether and wouldn't have to have those machines set up for dual boot. But then that would make sense.
SP2 caned all our UNIX interoperability (Score:5, Interesting)
Re:Bottom line (Score:5, Interesting)
You say that like that's a bad thing.
How long before the legal or finance departments need to use a business-critical Web site that requires IE7 for access?
I don't know, you tell me: how long before some criminally stupid web developer creates a business-critical website that requires a specific version of a browser to even work? Not just "doesn't work on Firefox" (which is already in the "criminally stupid" department) but "doesn't work on recent versions of Internet Explorer"? Yes, I know, that's already happened... but in my case it was a website that didn't work on anything later than IE 5.5. Or older, either. Basically, Doctor Evil, this is a sword that cuts both ways.
REAL security... (Score:5, Interesting)
Microsoft has yet to do the right thing. The security community has been beggng them to back out of the tight browser/desktop integration and "security zones" since 1997, and split the rendering and access functionality of the HTML control into separate components so you CAN run a locked-down sandboxed version of Internet Explorer if you want to... but instead Microsoft refuses to admit they made a mistake and patches symptom after symptom instead of attacking the disease.
That's why I, wearing my "security hat", banned all internet-capable applications that used the MS HTML control for rendering... back in 1997. As long as that ban was in effect we had zero virus and security panics, and we were the only division of our company for which that was the case.
The fundamental design of the HTML control is broken and unfixable. THe only solution is to back out of that design at a very low level, and rewrite all the applications that use it to handle access themselves. In 1997 I expected that Microsoft would do that... by now, it's obvious that they won't. They're afraid of losing face.
The right thing, from a security point of view, is to stop using Internet Explorer, Outlook, Outlook Express, Windows Media Player, Realplayer, and all other applications that use the MS HTML control to display potentially untrusted data whether they're shipped by Microsoft or some third party. Microsoft has proven over and over again for the last seven years that there is no other rational course of action.
SP2 and every other "security" patch that Microsoft provides are just smoke and mirrors.
Re:They have good reasons to avoid SP2 (Score:3, Interesting)
From experience, larger deployments of machines tend to have a much smaller pool of applications that are used. This is partly down to administration overheads, machine build overheads and user permissions - most in a large deployment won't have the ability to add new software themselves. If you use a piece of software widely, then it's easier to replace/patch/whatever. A worse scenario would be a small number of machines that are managed by their users.
"Windows admins have a good reason to be a bit careful here. Windows Service Packs have a long tradition of making systems or applications no longer function."
I'd agree with you here, although I'd also point out that a big deployment would also point towards some decent testing and a rollout plan. XP SP2 has been around for a year now, as has the knowledge that some applications break. For an IT admin to sit on a known problem for a year is a little daft, especially in a large setup. Even a gradual rollout, or rebuilding/deploying new machines with SP2 would have given useful knowledge vital to their specific setup. Instead, 12 months down the line, they're still flying blind.
The point is; the risks of upgrading to XP SP2 are known and can be managed. The risks of not upgrading to it are unknown, and potentially problematic to everyone.
Re:Security moanings (Score:3, Interesting)
Security might have to restrict potentially dangerous functionality, but if your security is breaking functionality that wasn't a vulnerability in the first place, it's not really security, it's just a bug.
Re:You mean I cant use Semagic anymore??? (Score:1, Interesting)
Also, for what it is worth, look at that list of incompatable software. Not only is WordPerfect on there, also, Zone Alarm (I use the bought version), Nortons, and Adobe (I use a few Adoboe products for years - in fact, been using Pagemaker since Windows 3.1). Right now, instaling SP2 would be a nightmare for me.
I use firewalls - hardware and software. I watch security like a hawk on my machines. I've got scanners of various sorts comming out of my wazoo.
Never had a problem in a long time, even on my old laptop running Windows ME - and how many of you can say you ran ME without a problem?
I'll probally be forced into installing it someday, but not today.
Re:REAL security... (Score:5, Interesting)
The results? Fantastic. My spyware-ridden network dropped to near-zero in terms of infestation. There is only one machine that still needs MSIE and for that, I taught that user that MSIE isn't really "gone" that she only needs to open an explorer and type in the URL or select a favorite that has been saved. Apparently ADP isn't as security conscious as they are of "ease of use and implementation." (Methinks their in-house developers only know one thing is all. One of these days I'm going to write a scathing message about the company so many depend on for payroll and other critical business functions using something known in the security community to be a huge blazing hole.)
I pray for the day when some really smart person writes replacement code that will allow a complete switchover from MSIE to Firefox -- that would include all of those APIs and things that third-party software uses to activate the MSIE rendering...it would be a good day for all.
Signs (Score:3, Interesting)
We have this methodology at work. I call it, 'Patch when it hits the fan'. Last time we did a major patch is when Nimda kicked our butts. Of course the patch was out weeks before.
The issue is that admins and systems support are lazy. We haven't moved to SP2 because no one wants to get off their butts and test.
Of course, all my systems are tested out on XP SP 2. :-p
SlashFUD (Score:3, Interesting)
Re:Simple... (Score:1, Interesting)
Well sometimes you come across bugs that need fixing
We're a Microsoft Ceritified Partner so we get five free incidents per year. We generally use them, MS support are often very good.
Re:Lazy / Time Consuming... (Score:2, Interesting)
Personally I think the positives outweigh the negatives for deploying XP SP2, any administrator that chooses not to install it does not know what there doing, or does not understand how they can manage SP2 with Group Policy. If you turn off the Firewall your software compatability issues are rare, for the most part your enterprise should have a list of accepted hardware, you test on that hardware, work out the issues, and then deploy to your sandbox, once everything is working you deploy to your enterprise. The only issues I have ever seen are from lack of competence from the Engineering team, most of the time companies hire these least denominator people that have no clue where there brain is let alone the ability to test, and deploy a service pack to the enterprise.
I would bet the percentage given in the article is the same percentage of competent Engineers to incompetent ones.
Hmmmmm interesting....
Re:Not I (Score:1, Interesting)
I told a simple story. No swearing. No attacks on anyone.
And yet my post has been marked down as a troll.
Interesting.
I remember, before we switched to Linux, that I was nervous about it, because of some of the things I had read.
For example, I had heard that Linux is unintuitive and hard to use. But when I started using it, I found that it was simple and straightforward. I am finding Linux and Gnome to be a lot like Windows 95 was. And Windows 95 was much easier to use than XP is today -- with all those extra choices showing, I never feel certain that I am doing the right thing in Windows.
I had heard that Linux had a high learning curve, but I discovered that it has basic menu-based applications, just like Windows 95. In fact, it took less time for me to become productive in Linux and OpenOffice than it did the last time we upgraded Windows (to XP) and MS Office.
I had heard that Linux has a high "cost of ownership," yet I have found the opposite to be true. When we were running Windows, it seemed like we were always calling for support, because someone's PC was locked/couldn't get on the Internet/was acting funny, and so on. Now we rarely talk to our support people. Our support costs have gone way down.
I think we're going to save money on hardware too. Before, we kept talking about an upgrade, because XP would sometimes slow down so much. Now, everyone seems happy with the hardware they've got, and the subject of upgrades has not come up.
I find it interesting that the reality we've experienced is so different from what I had been led to expect.
Sure, I had friends try to tell me about how Microsoft manipulates the media, and pays people to post things in their favor.
But I had never experienced it for myself.
Maybe now I have.
Either way, it doesn't matter. You can't hold back the truth forever, and every customer who visits our office is going to hear firsthand how successful our switch to Linux has been.