XP SP2 deployment is smooth – so far

But some users complain about unexpected changes

As Microsoft smooths out the ripples after last week's big splash with Windows XP Service Pack 2, users say they found fewer problems than they expected, but some complain that late code changes and lingering compatibility issues will serve to refuel testing efforts and further delay full-scale deployments.

The biggest deployment issues this week involved tweaking the Windows Firewall, which is turned on by default, to open ports or configure exceptions to ensure applications such as antivirus and management work correctly.

Microsoft also issued a hot fix to correct an IP addressing bug that was crippling VPN software and another that will make it possible to edit new XP SP2 Group Policy Objects from older Windows platforms.

The company also fixed a bug that prevented users with Software Update Services, which lets corporations centrally manage patch deployments from inside their firewalls, from controlling the installation of XP SP2.

"We have seen fewer problems than expected and not anything major," says Russ Cooper, moderator of the NT BugTraq Web site and senior scientist for TruSecure, which develops security and risk management products and services. He says preliminary results of his online survey of more than 600 people show 43% of users plan to deploy the software in the next 30 days or less and 25% in the next three months, while 14% were undecided on when to deploy.

Some users, however, discovered compatibility problems with applications they already had tested and blamed last-minute changes Microsoft made to the XP SP2 code.

"If I am upset about anything it is the fact that Microsoft did make what I consider to be significant last-minute [code] changes in the final days and weeks without providing even those with extraordinary access [to source code] the ability to test their applications," says Jeff Altman, president of Secure Endpoints.

Barry Goffe, group product manager for Windows product marketing, says "a fair number of changes were made between the release candidate and final code," but adds that this is normal procedure for all software development.

Others found severe incompatibility problems with homegrown applications and some say the XP SP2 code is not ready for enterprise deployments.

"It's sloppy code," says Ian Hayes, a security manager for a major government contractor he asked not be named. "This service pack may be more suitable for XP Home users but not for people who use power apps or security tools that run XP Pro."

Hayes says he found that SP2 erased restore points used to roll back to a stable operating system configuration, forcing the rebuilding of some desktops. "It's going to be a long slow evaluation," he says.

A German research firm reported it found two bugs, but Microsoft officials refused to comment on what it labeled "unsubstantiated issues".

But with nearly 300 applications already affected by XP SP2, some large corporate customers aren't exiting the test phase.

"We have decided not to do SP2 at this point," says Richard Mickool, executive director of information services at Northeastern University in Boston. "We're just not sure of what applications and how many it will break. Until we know what and how, we want to work carefully around that."

Others also say they are allowing for prudent evaluation periods, but say problems they are finding with broken applications is the price for converting to a more secure operating system.

Joe Doyle, network engineer for Promega, is at the start of his final three weeks of testing. "Knowing that changes to the [operating system] will help mitigate new worms and viruses and protect our users, sometimes from themselves, lets us as systems administrators sleep better at night."

"With the firewall turned on by default that means a whole class of attacks on Windows will no longer succeed. And hooray for that!" says Mark Rockman, programmer and systems administrator for Alphagenics, who already has rolled out XP SP2 on his small network without incident.

But others had enough incidents to know that XP SP2 won't make it out of their test labs for some time.

"We have a lot of homegrown applications that did not work well with SP2. It will be six months before we roll it out," says Chip Logan, IS manager for Alvey Systems, which manufactures material handling equipment.

In the end, users say XP SP2's greatest feature might be that Microsoft is starting to understand security.