Perspective: Stumbling over SP2

People have Bill Gates all wrong. He doesn't want to rule the world (or at least the computerized portion of it). And although he may secretly hope that all Linux source code spontaneously combusts, that isn't his biggest wish.

No, the man just wants a return to the old days. Think back to the early 1990s, when Microsoft would introduce a new version of, say, Excel. The only things that mattered were what kinds of charts people could draw and how many formulas they could embed in spreadsheets. Customers--lots of them--willingly shelled out $300 or $400 a copy for the new software. The notion of security was left to the folks in uniform who kept reporters like me away from the customer briefing rooms, where good food and strong drinks were served.

How things change. For the past nine months, Gates has spent hundreds of millions of dollars to have his best programmers build a free update to an operating system that many people still don't want.

SP2 is finally here, and it's been one rough week for Microsoft.

For the last few years, the world's largest software company has been held hostage by tireless security assaults aimed at Windows and its Internet Explorer browser. Finally, last year, Gates and Microsoft Chief Executive Steve Ballmer had had enough: The result was Windows XP Service Pack 2, which, Microsoft said, would patch many of Windows' most gaping security holes.

Well, SP2 is finally here, and it's been one rough week for Microsoft. After telling big companies that SP2 was ready to go, one of the first things Microsoft did was make it harder to get.

Microsoft said that SP2 doesn't play well with 50 or so existing programs. Par for the course as far as Windows updates go, you might say. But unfortunately, the list includes one of Microsoft's own systems management tools that big companies could use to install SP2 to their internal PCs.

So in order to keep employees within big companies from getting SP2--and immediately crashing some of those 50 programs--Microsoft temporarily put the brakes on automated distribution, which was supposed to be one of SP2's best side benefits. Users of Windows XP Home Edition are just starting to get the update, and the remainder of XP users will be able to get it before month's end. But businesses are in no hurry. Many said this week that they'll wait for the SP2 kinks to be worked out before taking the plunge.

Then, on Wednesday, security researchers said they'd found some gaping holes in SP2 that--at least theoretically--could let malicious users gain access to SP2-protected PCs.

Did Microsoft bungle SP2's debut? With my columnist hat on, I can give you an unqualified yes. That's a shame, because by all accounts, SP2 is a fine update to Windows XP, which was already the best-ever version of Windows. And rest assured that Microsoft will work out the kinks--it has to.

For Microsoft, SP2 could finally take some of the heat off of the company and its historically cavalier attitude toward security.

Perhaps SP2's greatest accomplishment will be to increase the number of Windows users who actually install bug fixes.

Even though SP2 is a free download, it could eventually boost Microsoft's bottom line by convincing the many companies still running Windows 2000 that it's all right to move up to Windows XP--and by extension, Office XP and other programs.

And let's not forget that SP2 also fine-tunes Windows XP's internals, making it less susceptible to malicious attacks (as long as you're using the latest hardware). It also delivers in one rather pudgy download many other updates, such as Service Pack 1 and the latest security patches and bug fixes.

Perhaps SP2's greatest accomplishment will be to increase the number of Windows users who actually install bug fixes. For years, Microsoft has been saying the problem with Windows security isn't necessarily with Windows but rather with users. If they'd just take the time to install the available patches, most of their PC security problems would go away.

Easier said than done. Asking system administrators to keep their company's Windows systems up-to-date is one thing. After all, that's what they get paid to do. Still, in our IT budget-constrained world, there are fewer administrators, and those who are around are responsible for more PCs than in years past.

But expecting consumers at large to keep up with the blizzard of confusing and sometimes contradictory software patches is ludicrous. Remember, computing is mainstream. Senior citizens shop on eBay. Teenagers chat on instant messaging. Do you think any of these people understand why they should apply an "Update for Background Intelligent Transfer Service (BITS) 2.0 and WinHTTP 5.1 (KB842773)"? You'd have better luck asking them to split an atom. There's got to be a better way.

And there is, Microsoft says: It's called automatic patching. By default, SP2 turns on Microsoft's automatic updating service, which funnels the latest bug fixes directly to your PC. Well, here's the true test: If Microsoft's theory holds, there should be fewer trashed Windows PCs the next time an MSBlast-size worm slithers through town.

Since most security professionals think that the next big virus will hit sooner rather than later, we shouldn't have to wait too long for an answer.

Biography
Mike Ricciuti is CNET News.com's Cambridge, Mass., executive editor and bureau chief.

More Perspectives

[Earl Benser]

No SP2 for me

Windows is already a kludge before SP2. Without it, my PC's run <br />as well as a PC can without Unix or Linux. I don't use Internet <br />Explorer, or Outlook Express, or MSN-anything. And since my <br />PC's all run on remote from my Macs, SP2 is a total waste of <br />time, and interest. <br /><br />It also appears that it is close to a total waste of time and <br />interest for any PC. For every 'hole' MS filled, it appears that <br />more have been created. <br /><br />MS is well behind the power curve in adapting Unix for it's OS <br />structure. And Windows is so burdened with legacy requirments <br />that it's a wonder it even runs at all. I think that SP2 is an <br />unneeded band-aid on a terminal patient.

Uninformed opinion

While I agree that you are entitled to your opinion, it sounds very unimformed to me. I have seen many worthwhile additions to the functionality of the OS in SP2. Not least for me is the improvement in wireless networking and the way the OS manages those connections. Your post is just another example of the snobbery many linux\unix or Apple people show towards Windows.

[rgavel]

I'd have to agree Earl...

I have my Win XP boxes pretty much locked down to prevent adware, spyware, trojans, and viruses. Like you, I don't use IE or OE and have taken steps to ensure they can't compromise my systems.<br /><br />The last time I ran Ad-aware and Spybot they found NOTHING. Zero, zip, nada, zilch, and I hadn't run either of those programs for over a month. Why no spy/adware? I'm not running IE.<br /><br />At this point I have no intention of installing SP2 as I don't see the benefits outweighing the possible drawbacks. (Over at the SANS website close to 1000 people have given their feedback regarding the installation of SP2. Less than half of them (47%)have successfully installed it with "no problem".)<br /><br />RayG<br /><br />ps. I'm NOT a Linux or Unix developer, don't even have those installed on my systems. Yet. Not a Mac user either. I've been using various incarnations of Windows since 3.1.

The real problem with Windows

...is Microsoft's boneheaded idea that the Web can be "seamlessly" integrated into the computing experience. The interfunctionality between Windows, IE and Office leaves all three vulnerable. It's a systemic problem that no amount of security patching can ever fix completely.<br /><br />If Microsoft designed a home, it would have no walls so your living experience would be "seamlessly" integrated with the outdoors. But burgulars would have easy access to steal your stuff.

[David Arbogast]

Extremely poor analogy

Seamless integration of the Internet with the OS is the direction EVERY operating system is headed. Wake up.

no SP2 in my company

I work in the IT department of a fortune 500 company. We have advised all of our employees not to "update" because SP2 is not compatible with some of the software that we use. I certainly didn't/don't expect Microsoft to get things right these days, but SP2 is almost as embarassing as WinME. I know that if I pushed back a project as much as they did and then released it chuck full of security holes that I would reevaluate my development team.

[David Arbogast]

Doubt it

You work for a fortune 500 company?<br />And you had to advise your employees not to upgrade to SP2?<br /><br />Why does that sound fishy? <br />...maybe because most Fortune 500 companies have better control of their computing infrastructure than to put employees in a situation where they can install any software in the first place...?<br /><br />Yeah... that's it.<br /><br />If you really do work for a F500 company that has deployed Windows XP on its workstations, trust me, you'll be on SP2 before too long.

The reference to "GAPING HOLES" is misleading and inflamatory

Neither one of the "gaping holes" referenced in this article could possibly be considered major. Both take extensive manipulation of the end user to do things they most likely don't even know how to do. This is clearly a case of anti-microsoft bias with out solid research on the substance of the "gaping hole". There are many, many easier ways to convince a user to execute code than the two found here.<br /><br />The gaping hole is the end user in both of these scenarios and not the Operating System. If I can get someone to exploit these I can get them to send me their credit card and SSN as well.

[il2rb]

I completely agree...

I wouldn't cosider the security holes in SP2 as anything more then a couple of little gaps. These will be fixed in short order, which means that those who did install sp2 will be patched fairly quickly.<br /><br />And more importantly, the truth of the matter is this, there will always be security holes in software. As long as your computer is connected to a network where others can see it or get to it, then there will probably be some way for malicious users to hack that system. The goal is to make the holes as small as possible, and as difficult as possible to take advantage of.<br /><br />The only thing Microsoft can do (since they are the target of just about every evil hacker in the World) is to fix those holes as quickly as possible. And today they do an extremely good job of fixing security holes very quickly.<br /><br />Like many technologist, I think that users are partly to blame. There are still many, many home users running outdated operating systems that were NEVER designed to withstand the vicious attacks by the world of hackers. This is where we as technology folks &#38; Microsoft can help our friends and neighbors by educating them on the problems, getting them to upgrade to Windows XP with SP2 and making sure they have AntiVirus software and even in most cases make sure they have at least a hardware firewall, but also recommend a more full-featured software firewall as well (if they can't afford it, at least they have the bare bones firewall in SP2, but users really should consider a full featured firewall if they have a broadband connection). <br /><br />I also tell most of my family and friends to turn off their computers when not in use.<br /><br />But the real underlying message I'm making is that users need to be educated on what the risks are and how to defend themselves. This is where we can all help. Microsoft acknowledges this is a huge problem and has begun putting together a campaign to educate the masses on security measures they can take at home.<br /><br />In this day and age, being a good Boy Scout or neighbor is more about helping our family, friends and neighbors become educated regarding online security measures, rather then helping them carry groceries or getting accross the street :) So do your part and be a good deed, save someone's PC/MAC/etc...<br /><br />-il2rb

[al92lt1]

More MS Bashing

I found the installation of SP2 very smooth and trouble free. Two third party applications on my computer had minor glitches, but patches were available within 24 hours (Notron Antivirus and TGT Software Style XP.)

interesting definition of "troublefree"

While it doesn't sound like you had much trouble with the update, I wouldn't call an update that breaks some third party applications (even temporarily) "smooth and troublefree". Have we lowered our expectations so much that we're willing to call something less than 100% "smooth and troublefree"? I updated my PC last night and it indeed was smooth and troublefree (of course, I don't pay the Norton tax), but I don't use it for much since I also own a Mac :)

[telephonics]

SP2 and Norton

I checked with Symantec and was advised that there are no problems running any of their programs with SP2 installed.

GOOD old days you say?

Why do I have to thank Microsoft for investing any amount of dollars to get their software just a bit stable and just a bit secure??. I'm amazed that a senior editor says that. I've already payed a LOT for a software that makes my company loose money or have to hire an extra IT geek just to manage patches and fix problems related to them. <br /><br />It's not that we're beeing payed to do this your're getting it wrong, My team and me could be doing a LOT of things instead of loosing a lot of time to patch constantly many insecure systems.<br /><br />One of the things that we could be doing is testing linux in order to save money, time and have more secure computers<br /><br />Think it many more ways my friend.<br /><br />Greetings from Mexico<br />Augusto Ayala

[David Arbogast]

Augusto just wants to argue

You could also read the vast majority of reports that show Linux maintenance and administration costs more than Windows administration. TCO arguments for Linux generally do not suggest benefits in this area. You are confused, and your argument makes little sense. If you want to argue the benefits of Linux, first you need to figure out what they are. Oh, and the proper spelling is 'losing.'<br /><br />"...have to hire an extra IT geek just to manage patches and fix problems related to them."<br /><br />"My team and me could be doing a LOT of things instead of loosing a lot of time to patch constantly many insecure systems. One of the things that we could be doing is testing linux..."

RE: GOOD old days you say?

if what you've said really holds, think you may want to consider switching to another platform (Linux and OpenOffice?), i'm pretty sure the share price of MS will not be affected it.<br /><br />Greetings from Singapore.

Roll Out SP2 NOW

We are pushing SP2 as quickly as possible. The reason: we support 500 remote users who refuse to patch, install AV, or install a firewall. The constant nagging by SP2 (your computer may not be protected), the Windows firewall, and auto-update will solve more headaches than the breaking of a few apps. Given the tens of thousands of apps on the market (Amazon has 1900 just under games), SP2 breaks less than 1/10th of a percent.<br /><br />We have been testing SP2 since beta 1 and think it is the best OS upgrade ever offered by Microsoft--not patch, OS upgrade.<br /><br />Sure, people will complain. People love to complain, about change, about lack of change, about Microsoft doing nothing, about Microsoft doing something. But let's see someone step up and offer a solution (and don't start in about linux being a panacea--I am a system engineer, I use linux, I hold several linux certs AND linux has just as many holes as Windows)

I feel more secure if I have the control

Yes, indeed your's could be a good case for SP2, great, because you have absolutly NO security and something is better than nothing. <br /><br />I really feel better with a hardware firewall (embedded on my small router) where I can control the ports taht are open or closed, my antivirus software helps me a lot in stopping Outlook viruses that in other way they'ld have killed my entire network (as it happened before I had AV), <br /><br />I'm setting up my mailserver with tools to temporarily block the file extension I CHOOSE and can be analyzed by me case by case, not like the Outlook Express solution to block everything or show everything inluding PDF files( this is just fool and useless as if you don't want to have a risk of an accident never use your car and stay home forever, it's the same idea).<br /><br />Those tools give ME control over my operation and doesn't depend on how good or bad MS patches are(or OS upgrades as you called it, on the practice is the same thing), how bad or worst is MS in securing their OS, how many holes does the OS has and we don't know of their existence and (more important) if they are doing something about it or they will wait for longhorn to correct those flaws just for marketing reasons.<br /><br />I'm a technology &#38; businnes guy and I know that security CAN NOT be guided by marketing issues.<br /><br />Greetings from Mexico<br />Augusto Ayala<br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br />those thigs give ME control,

SP2 and monoculture

No one mentions the effect of automatic update: total monoculture, the perfect virus medium. It's like picking all the variants and weeds out of the cotton fields, so when that boll weevil moves through, you're going to wind up looking at bare dirt. Any security hole overlooked in the automatically-updated homogenous universe of XP machines will be available in EVERY one of them, not just the ones missing a patch, or running an old version.<br />The Linux/Unix world is not only inherently more secure because of better code, but has the advantage of a wide variety of distros, configurations and hardware.<br />When the inevitable killer asteroid comes in the form of a devastating virus that gets past the latest Microsoft automatic updates and wipes *every* hard disk on *every* machine running XP, it won't matter whether it was from a script kiddie or a cyber-terrorist. The result will be as devastating to the Microsoft monoculture as the Chicxulub impact was to the dinosaurs. Even compassionate assistance from the survivng mammals who can gen up Linux rescue CDs is unlikely to recover much of the $billions of economic damage.

[David Arbogast]

goodness....

"The Linux/Unix world. . . has the advantage of a wide variety of distros, "<br /><br />LMAO... That is the first time I've heard anybody seriously suggest that endless splintering of an OS is a worthwhile advantage. <br /><br />What little security benefit you get from running every variant of Unix known to man is greatly overshadowed by increased administration costs. This has been proven so many times, its not even funny. Even in the Unix and open-source world people try to stick to standards for a reason... limiting the differences between systems results in increased usability and lower maintenance/administration costs. Drop the word "monoculture" from your vocabulary. It may be a little too big for you to fully understand.

You make an interesting point here

Dear Scott,<br /><br />In my opinion there is not exactly a monoculture of Windows installations. Some machines still run their 3.11s or 95s, others their NTs of all flavours (NT 4.0, 5.0, 5.1 and, finally 5.2).<br /><br />The problem with WindowsUpdate arose only on the verge of ServicePack 3 for Windows 2000 (NT5.0Sp3) which also made thoroughy impossible to get rid of such goodies like, first and foremost, InternetExplorer, MediaPlayer, OutlookExpress and other OS-unrelated applications.<br /><br />There is _no_ problem if you still use your older WinNT-Installation. However, you have to strip the operating system of IE first, and probably of other 'extensions' which are prone to phone home as well.<br /><br />If you do that, you can run Windows NT for years. Many of my colleagues do. <br /><br />However, things changed completely with the Edition of ServicePack3 for Windows 2000. Upon this ServicePack the operating system has been hardened to an extent which renders any future de-installation of all invariantly insecure code virtually impossible. <br /><br />NT 5.1 aka. Windows XP is even worse in this respect. There is hardly any clear control of what the system is doing, mostly without ever being asked to.<br /><br />Some work has been done on NT 5.2 aka. Server 2003 in order to stop getting the machine infected within minutes after it is connected. As a result, the newly installed OS prevents any connection whatsoever - all connectivity is disabled by default.<br /><br />Though this approach has been grossly ridiculed<br /><a class="jive-link-external" href="http://thedailyfarce.com/technology.cfm" target="_newWindow">http://thedailyfarce.com/technology.cfm</a><br />it seems to be still the foundation of the current and future ServicePacks. Microsoft tries hard to convince the customers that it's a feature, which they deserve. Most probably it is true.<br /><br />Therefore, if you'd like to stay away from the cracking business of those haX0r3 who try to 0wn your machine, you have got to pick a decent operating system first.<br /><br />Of course, this could be a flavor of Windows NT, as well as BSD or MacOS-X, LinuX-Kernel GNU, AIX, Solaris, or yet another famous UniX. <br /><br />If the former is your choice, then use your brains and apply the contemporary advice on security<br /><a class="jive-link-external" href="http://www.technewsworld.com/story/34984.html" target="_newWindow">http://www.technewsworld.com/story/34984.html</a><br />which means that you should by no event use WinXP.<br /><br />It means precisely that you are not allowed to use Win2000 if it is equipped with SP3 or later. To put it plain: don't use InternetExploder or any other technology which wouldn't run without it.<br /><br />This could mean you will be better off dumping Windows alltogether in favor of a better system. If you played with a thought of getting a Mac or Linux box - just go and get it, test it, try it out a nd switch only if you are completely convinced you get there more bang for your buck<br /><a class="jive-link-external" href="http://www.novell.com/news/leadstories/2004/aug16/index.html?sourceidint=homepage_solutionsatwork" target="_newWindow">http://www.novell.com/news/leadstories/2004/aug16/index.html?sourceidint=homepage_solutionsatwork</a><br /><br />Otherwise you will be probably better off if you tried to make your Windows boxes as secure as possible, by means of a NAT-router, for example.<br /><br />Against data loss there is only one means of choice on every OS in the world: frequent backups.<br /><br />Kind Regards,<br />Leszek KENSBOK

[Jan Modaal]

Re: SP2 and monoculture

"The Linux/Unix world is not only inherently more secure because of better code"<br /><br />The Linux/Unix world is only inherently more secure because the computer skill of the average person using them dwarf the average skill of a Windows user.<br /><br />If people aren't interested in securing their Windows PC they won't have any interest in securing their Linux/Unix (that includes patching, updating, running a firewall, running anti-virus software).<br /><br />Before you jump the gun and make a claim about how *nix is secure by default: *nix has to deal with security vulnerabilities the same way Windows does. Those do get fixed by vigilant patching and maintaining your system, but you can't count on the average user to want to bother with that.<br /><br />When you compare Windows and *nix, both administrated by people with comparable skill on each respective platform you'll find that both can and do compare in terms of stability, reliability and security.<br /><br />Your point about source code is rather besides the point and shows the main difference in use between *nix and Windows. 99.9% of all Windows users couldn't care less whether Windows comes with source code or not, they just want it to work and they want it to work without twiddling with any settings.<br /><br />If some people are dumb enough to open executable attachments while running Windows with Administrator privileges, what makes you think they'd be any safer/better off running *nix and doing the same while running as root?

Of course I complain, I have reason to do so

Ok, from MS point of view those Apps that are broken could be seen like "Casualties of war" right?, after all, there just 1/100000 of all the apps that they think there are out there right?, OK everybody can "understand" that piont of view, but, if for me one of those apps is critical, I don't care what's the proportion, FOR ME IS EVERYTHING. Do you get it now?, and even more.. How MS knows if only 50 sofware titles are the ones that have problems?, what about those billions of programs developed that are regional and not worldwide used?, MS doesn't even know of their existence,, and if I use just one of them and have problems again for me is EVERYTHING.<br /><br />I'm NOT a casualty of war nor my company. And we should all fell this way AND THAT'S WHY I HAVE REASONS TO COMPLAIN. If you are ok with that point of view that means that your more worried about Microsoft than your own company.<br /><br />I'm surprised that if you use Linux you don't see the difference, if I have a specific need, Linux could ADAPT TO IT and not the other way around as in the MS world.. you have to know this if you use or administrer Linux or Unix.<br /><br />I'm also surprised to know that your are a Linux guy and haven't implemented one of the many Open Source Firewalls that are there for you for FREE that are tremendously more robust than the firewall that MS is installing on SP2.<br /><br />A lot of surpises for me in one single message.<br /><br />Greetings from Mexico<br />Augusto Ayala

[dwhite25]

MS stops supporting Hebrew is Spanish next

Yes I'll be the only Linux system administrator my HND <br />course will be turning out this year the only one who won't <br />get a HND in Windows System Administrator and doesn't <br />care

[il2rb]

Now we know you're unenlightened

Anyone who claims that OS/X is more "efficient" the Windows XP needs their head examined! Running OS/X on equivalent hardware as a Windows XP machine will hardly be as fast or faster then the Windows machine. You're crazy if you think otherwise... <br /><br />We have both at work and we had to upgrade the Macs to the biggest fastest system they sell just to get decent performance for Photoshop, whereas the XP users are running on machines from a year or so ago and are just as fast, if not faster. After all OS/X is based on the NexT OS which was a real BEAST, even on the fastest processors of that time.<br /><br />Now maybe if you were talking about Linux being more efficient, then I would agree, but Mac... No way.<br /><br />Regardless, those who feel SP2 is worthless, that's an uneducated, unenlighted point of view, but so be it for you. If you want to stay unenlightened then go right ahead (there's a word for that, but that's another story). As for everyone else, it is well worth it.

[Earl Benser]

Check your own lights

1. Except for emergency cases, no one runs an XP emulator on a <br />Mac - that would make you both very slow and very defective.<br /><br />2. OX X is not a modified NexT OS, but rather a new design <br />based on Darwin Unix.I thought everyone knew this, even PC <br />users.<br /><br />3. SP2 is still an attempt to patch a sinking boat.

Yes Linux could be more expensive so what?

The TCO has been MS "strongest" argument against Linux. I'm going to accept it just to show the issue that is really important. Manteining Linux could be more expensive than maintaining Windows.. Ok, so what?<br /><br />For a very serious bussiness decision, short term cost is not the only factor to have in mind. Maybe for now there are few sysadmin with linux skills, maybe is hard to find certification or training(let's not count IBM, Novell, RedHat and so on). It's expensive FOR NOW to have a geek to learn from him self Linux, getting info from newsgroups or websites. that's your TCO in the short run...<br /><br />BUT in the long run what do you see?, installing software that helps your needs without aditional licence expenses; getting software updates an security enchancements as they appear or as you choose to have them, you won't loose people's time every time you have to reboot your server or reinstall your Windows XP/ME on the desktop?.<br /><br />In the long run TCO looks very different from the TCO MS is making a BIG marketing campain.<br /><br />Maybe for some cases Linux indeed is a lot more expensive than MS; but is like having a wound that hurts, in the short run it will be more expensive to get a tratment than just deal with the pain. but in the long run, the money you will lose for not beeing able to work will be more than what the tratment costed.<br /><br />Greetings from Mexico<br />Augusto Ayala<br /><br />Thanks for correcting my bad English, though I thought that we were debating technical ideas, not spelling issues :). Be a good global citizen my friend, if you posted an error in spanish I would correct you not on the posting but sending you a personal email :).

Your English

Good for you Augusto. I was wondering if English was your first language because of where you were based. Your English is excellent.<br /><br />To be fair you do see a lot of bad spelling and grammar on the net but English is always their mother tongue.

Uninformed opinion

Coming from the executive editor and bureau chief of News.com, I'd have expected more informed opinion, not.<br /><br />A big service pack such as SP2, for an o/s that has thousands, if not millions, of applications, is bound to cause incompatibilities. Is that surprising? So companies are asking for ways to delay the installation of SP2 to make sure their existing apps continue to run. The companies cannot do that unless SP2 is released, can they? So it's not really a case of an 'update people don't want' or ms 'making it harder to get', as you so nicely put it.<br /><br />As for the 'gaping holes in SP2' security researchers have apparently found, theoretically, it can appear in other o/s as well.<br /><br />Next time you put the columnist hat on, don't bother, it doesn't make a difference.

Microsoft is on the right path

First of all, kudos to MS for finally bringing SP2 out. It should help, many people do not patch until a service pack is out, this should close many holes.<br /><br />Secondly, Apple sucks. They are letting their systems die a slow death again, as in the 80's. Why would anyone purchase a closed system that cant easily/if at all be upgraded? a operating system the company loathes to patch after a year/have to purchase another operating system? or a system that is a couple of years behind in most popular software, ie games? (Before anyone goes off about the games comment, I will wager anyone that more kids own computers than adults. You cant tell me that the computers are not primarily used to play games. If you bring up companies, for every 1 Apple system you find, there will be over 1000 Window based sytems.)<br /><br />Third, linux will never catch on in most of our lifetimes unless forced upon society by a country. Brand name is everything, when people shop for computers, they want microsoft windows/ie/office, not Linspire/Red Hat/KDE. No one knows linux, it is not user friendly, and the learning curve is too steep for most people.<br /><br />Last but not least, I dont care how many fanboys there are for Apple &#38; Linux, why would anyone waste their time on writing a virus/adware/spyware for something that no one uses. What kind of accomplishment is that? Where is their fan fare? Why do you think that people are writing viruses for cellphones now? a huge audience/ user group

[Earl Benser]

Excellent!

You raise the concept of 'dumb' to new heights.

Path to Destruction - Clear you mind from MS

You have 2 valid points and one ridicules point that I want to address.<br /><br />Your Point 1. "kudos to MS for finally bringing SP2 out..." I will give them kuduz as well as they have a large target audience to please; with multiple target platforms, with largest scale of users (very dumb to very intelligent) and having marketing on there butts to push a product out that might not be ready. Microsoft is not a great software company, there an awesome marketing company.<br /><br />Your Point 3. "Linux will never catch on..." I believe you may be wrong there. Linux is catching on in a big way, but probably were you do not see it, In the Server Room. Linux is replacing a large amount of MS servers, because of there lack of security, scalability, and just being dog slow. I think you might need to do a little more research and now more about your statements before you post something so un-informing.<br /><br />Point 2. "Apple Sucks...." To give you a little insight. I have never owned a MAC, nor have I thought to buy one until when the moved over to OSX. Why, because they are doing it better. I would have never been the one to think that, but they are. I believe you fail to realize. Apple is targeting another set of users for now. The are not after the Corporate Business users at work, but more of the Home user that has a lot of Computing knowledge, and want to get the most out of there computing experience. <br /><br />Don't get me wrong I appreciate Microsoft, They have keep me employed over the last 14 years with all there bugs, security updates, targeted virus attacks, and lastly Service Packs!!!! <br /><br />All I ask, Just look at other options, because one day Microsoft will be beat and there want me the following of groupies As I see today!!!!<br /><br />--out--

[Philips]

Time to learn from open source?

Probably Linux distributors can give good lesson to MS on how <br />to make large updates. Point here is that none of Linux <br />distributors have resources to make an update of size of whole <br />OS. Everyone is using incremental approach: updating <br />component after component, introducing new feature one by <br />one.<br /><br />Still it is important to make versioning transparent for ISVs. I <br />believe this is approach taken by Sun in Solaris: after some <br />amount of small updates, they are released as one big updated <br />with bumped version number. If customer already have had all <br />updates installed - software update utility can just install one <br />little update which will simply correct version number.<br /><br />Seems to me, that here again MS is victim of its own gargantua <br />posture.

business not personal

The decision to use SP2 or not is a business one specific to a companies needs and issues, it shouldn't be a personal battle between IT workers.<br /><br />As my last post stated, we have not rolled out SP2 yet because of software conflicts. We would rather deal with the security issues (and we've done so extremely well) than have our tens of thousands of associates create extra software problems for us to get under control.<br /><br />If SP2 works for you and your needs, then fabulous, that's what it's there for. But if it just creates a whole new list of headaches to deal with, then hold off.<br /><br />Either way, let's please keep this professional. This is an intelligent tech discussion, not an "über newb battle".

Mac v PC

I have heard these arguements a thousand times. I have never used a Mac so I can't comment on it's ease of use except to say everyone I know who has got one loves it.<br /><br />I use a PC because I know how they work and I can build my own to my exact specifications and budget. It runs all the software that I need and the OS is OK and getting better in every incarnation.<br /><br />There was a time when if you wanted to do desktop publishing you had to have a Mac. In it's early years the Mac had all the killer applications so you had to have one. Now the PC has Photoshop and DTP so you do not have to buy a Mac.<br /><br />If Linux can become a bit more user friendly and gain a bigger desktop user base then companies like Adobe will start to write for it. You might then be faced with a secure, free operating sytem that is easy to use with all the top end apps that you need. I would certainly consider moving to Linux if that happens.<br /><br />Last time I installed Linux on a machine I could not spend the time getting to grips with mounting drives, the file structure and all the (to me) arcane problems of installing software - tar balls anyone. However, I am fairly sure that Linux will become a major player for desktop PC's. There are a LOT of servers out there running Linux so it will be a matter of time.

PC v Mac

I have not used a Mac, only PCs before, having run 3.1, 95, 98SE, ME, 2000 and XP but I have worked in a photographic shop and found MAC users very frustrating. As the vast majority of computers are PCs, there is a major compatibility problem and often I want to say "If you had a PC you'd do this..." or "You should have bought a PC!" Generally I find they have bought one simply to be different or "trendy".<br /><br />I really do not see what all the moaning about Windows is about. Fair enough, earlier incarnations in the Windows 95/98/ME family could be unstable. Windows 2000, based on NT and with the NT file system I found very stable but not too user friendly. Windows XP combines the stability of 2000 with user friendliness.<br /><br />I am in no way an expert but I built my own PCs, installed XP and networked them together, upgraded them etc with the greatest of ease. Mac users would have me believe my system would soon be crashing and infested with viruses and adware. Not so. I have never had any problems with viruses or adware. All you need to do is follow a few simple rules. I have AVG antivirus and Adaware (both free) which have prevented any problems. Periodically I check what's running at start up against the list at www.answersthatwork.com. With my PCs I can upgrade them, shuffle bits round and choose from a vast array of programmes and cracks (most of them free!) that are never found for Macs. I really don't see what the fuss is about.<br /><br />To cap it all of course an equivalent system of Macs would have cost several times more.<br /><br />Oh and if you're worried about it looking 'boring' get a stainless steel or perspex case with cold cathode lights to mod it if you must!

[Jan Modaal]

Gross misinformation

I've grown very weary these past few days about the lack of professional journalism concerning SP2. Any little bit of information about SP2 gets blown out of proportions because Microsoft bashing "sells".<br /><br />I have to wonder if Mike Ricciuti ever even read the knowledge base article concerning all those programs that SP2 "breaks". If he had, he might have noticed that there is no mention of anything "crashing", but that the programs simply won't work well with the default settings of the Windows Firewall.<br />Which is something that anyone who has actually ever used/installed a hardware or software firewall or router knows about.<br />The title "Some programs seem to stop working after you install Windows XP Service Pack" might have been poorly chosen by Microsft, but it's the way they have been naming KB articles for years so nothing there to get excited about either.<br />The firewall can easily be turned off if needed, or exceptions can be set, just like on any other firewall like ZoneAlarm.<br /><br />Someone here mentioned that Microsoft would do well to look at the way open source software is distributed. That again shows a complete lack of perspective. Microsoft announced that it expects 100 million downloads of SP2 in the first month and with all respect to Linux, I don't know of any Linux distro capable of handling 8000 terabytes of data transfer in a month (estimating an average 80Mb/download).<br /><br />Instead of scaring the ones who don't have the expertise or knowledge to know better away from installing SP2, they should be encouraged to.<br />Instead of critizing Microsoft for delaying the release of SP2 through Windows Update, critize all the companies who did nothing for the past months when SP2 was available for public download as a release candidate.<br />I would except any decent software development company or major coorporation to have trial tested and releasd updates or have a company strategy on the update long before it became RTM.<br /><br />There was plenty of time to communicate with Microsoft or peers concerning SP2 when it was in the RC stage. Anyone who isn't ready for it now has only him- or herself to blame.<br /><br />SP2 is a much needed critical update to Windows XP. Microsoft was critized for making the default setting insecure, then when they implement a layer of security that is enabled by default they get pounded on because it takes some work to customize for a particular system. You can't have it both ways, pick a standpoint and stand by it.

[neptolac]

Let's blame spyware/adware on MS...

Sure, let's all point the finger (and you know exactly WHICH finger I'm referring to) at MS for the spyware/adware problem. Let's not look at the actual companies like Gator/Claria, 180 Solutions, WhenU, etc., whose crapware is bundled in with "free" programs like your weather programs, your file-sharing programs, your pop-up blocking toolbars, etc., not to mention those lovely grey boxes that pop up extolling the virutes of this stupid frickin' plague on the 'net that you can't get rid of until you give up and hit "Yes" to them. <br /><br />It's also the fault of the uninformed and/or disinterested public who have used AOL (or other lame providers with proprietary software) for years and then decide to go with a standard ISP for broadband and have absolutely no clue as to what they're doing. They're the ones who keep this garbage alive, and then they blame the ISPs for their own ignorance to the licensing agreements of their stupid "WeatherBug."<br /><br />Sure, Microsoft releases software with more holes than Swiss cheese. Do you know a company that DOESN'T release a service pack or updated version of their software when bugs are found? And don't even SAY Mac or Linux/Unix - OS X is up to 10.3.something (and, surprise surprise, high-speed ISPs won't support 10.0 because its configuration JUST DOESN'T WORK,) and there are too many variations of the Linux kernel to even comprehend anymore. Sure, there aren't as many viruses for these other operating systems, but that doesn't mean they're not without their own security problems. They're just so few and far between and count for such a small percentage of the online population that nobody really gives a damn.<br /><br />So you can blame whoever you want. Just don't go crying to your ISP because you're too lazy to take the few extra seconds to put down the Cheetos and type in the URL for a weather website or a search engine. You don't require these so-called "free" utilities, and your ISP isn't responsible for your ignorance to the problem of spyware/adware and spam... not to mention that at least 80% of high-speed customers leave their systems on and wide-open 24/7.<br /><br />These programs harvest your information - websites you visit, things you subscribe to, etc., and they get your email address as well. Your friend Stephanie at WeatherBug has to pay her bills too... and she does, 3-5 cents at a time, by dropping pop-up after pop-up onto your screen, loading up your inbox with ads, and taking a virtual dump on your computer. So think before you click. And, for everyone's sake, INSTALL A FIREWALL AND AN ANTI-VIRUS PROGRAM!