Forced to upgrade without complaint

A recent survey by AssetMetrix showed that less than 24 per cent of more than 136,000 PCs in 251 North American corporations had been “upgraded” to Windows XP Service Pack 2.

I find it interesting that pretty much everyone refers to SP2 as an “upgrade.” Microsoft’s preferred spin is SP2 provides a number of enhancements for Internet Explorer along with an Outlook Express privacy update, an attachment manager, the Windows Security Center, a Windows Firewall update, an enhancement to Automatic Updates, improved wireless support, a new version of Windows Media Player and a DirectX update.

None of these is critical. Some of the items are just fluff. Consider the Windows Media Player: There is nothing remotely critical about a new version of this utility. On the other hand bug fixes, particularly where security is involved, are truly critical.

SP2 isn’t so much an upgrade as a bulk bug fix. So how many bug fixes are involved? We have a total of 1,151 bug fixes since XP was released in October 2001.

The AssetMetrix study also found 41 per cent of companies using XP have actively avoided upgrading to SP2, while a measly 8 per cent actively accepted it. The remaining 51 per cent of companies apparently “showed no direction or policy toward SP2…”

These statistics are interesting because Microsoft last August, in response to customer demands (another way of saying “howls of protest”), allowed customers to optionally suspend the delivery of SP2 by Microsoft’s Automatic Update service. That suspension expired on April 12.

AssetMetrix pointed out that “Companies choosing not to deploy SP2 will be faced with a host of potential issues…when Microsoft support for Windows XP Service Pack 1 is withdrawn in September 2006.”

Four out of 10 organizations are avoiding the installation of XP2 despite the risks involved. The only reason I can think of is because of the testing required. This obviously is a big issue for large IT shops because it takes a huge amount of effort to find where the upgrade is going to break your systems.

Given the size of SP2, it’s hard to figure out how much time organizations would need to test it. Is the eight months Microsoft allowed adequate in real-world IT, given other pressing matters of equal or greater importance?

The big question is why doesn’t Microsoft slim down the Service Packs? Why doesn’t it identify the bug fixes that apply to the security and reliability of the core operating system and services of XP, and make those required if we’re to receive further fixes? It should be a matter of choice. Organizations that don’t want to update their systems could choose to stall out at some patch level and become unsupportable by Microsoft.

The answer is marketing. By requiring these massive service packs of critical bug fixes, combined with self-serving product enhancements, Microsoft reinforces its stranglehold on the market. Why don’t I hear more complaining?

QuickLink 050545

Sound off to

Related Download
A Guide to Print Security for Canadian Organizations Sponsor: HP
A Guide to Print Security for Canadian Organizations
IT security vulnerabilities are a growing cause for concern for organizations trying to protect their data from printer breaches.
Register Now