Latest News: Windows XP Service Pack 2

TO: ALL ITS CLIENTS

FROM: Steve, John, Amy, Simon

Last fall we sent our clients a letter and e-mail suggesting that – in spite of the hype Microsoft generated at the time – you wait to install Service Pack 2 for Windows XP (both Home and Pro). Our recommendation was based in part on past history with these updates and was intended to give us and the industry time to learn of any problems with SP2.

At ITS we now think that SP2 is tested enough and worthwhile enough to be installed on all of your Windows XP PCs. The good points of SP2 (improved security, pop-up protection, etc.) outweigh any remaining problem areas, which do appear to be minor. There are some factors that have to be taken into account before and when SP2 is installed, however. Most center around third party firewall software or application incompatibilities with the changes to Windows' network communication. See our recommendations below.

Please give us a call if you would like ITS to assist with installing Service Pack 2 on your Windows XP computers.

Below is a list of specific programs that are known to have issues with SP2.

Windows XP can be configured to automatically download and install all "critical updates" from Microsoft, which will include SP2. Below are instructions for disabling this download. Note this entire issue only applies to PCs running Windows XP. However, beginning April 12, Microsoft will no longer block the delivery of SP2 via Automatic Update and Windows Update. That means that you will have to deal with SP2 whether you are ready or not.

Benefits and challenges of SP2

Service Pack 2 introduces several features:

  • Security Center - at startup, checks to make sure a firewall is enabled, antivirus software is running and current, and Automatic Updates is enabled. It also provides a central screen to configure these options. The warnings on startup may be disabled; they are automatically disabled for PCs connected to a Windows Server-based network.
  • Windows Firewall - an improved version of the firewall from the original Windows XP, this renamed version automatically turns itself on in SP2. While a firewall is a necessity for anyone connected directly to the Internet (such as a home PC with dialup, or a broadband connection without a router), it is usually redundant in an office setting where the office shares an Internet connection and PCs have private IP addresses. Studies have claimed unprotected PCs connected to the Internet are normally probed or attacked within 20 minutes.
  • Improved Internet Explorer - adds popup blockers; improves security vs. pests and other self-installing objects.
  • Improved Internal Code - improved internal code for inter-application network communications, such as DCOM; added features for new CPU technologies to prevent the common "buffer overrun" security breach at the CPU level.

Service Pack 2 also introduces several challenges:

  • Windows Firewall - programs that are not properly written to accomodate the changes in SP2 will not run or function properly, or may be blocked by the firewall, which by default blocks communications coming in to a PC.
  • Disk space requirements - 1100 - 1600 MB of free disk space is required to install SP2, depending on the installation method.

Recommendations

ITS recommends companies research compatibility for any critical software, especially vertical-market software or software that communicates over a network. Generally system-level utilities such as software firewalls and antivirus software must be updated to work with SP2. Given the correct preparation, ITS recommends installing SP2 in most cases. However, we recommend avoiding the Windows Update version of the SP2 install after some nasty experiences clients had installing SP1. Instead, install SP2 from a CD-ROM or downloaded setup file, or have one of ITS's trained Technical Staff install and configure SP2 for you.

With a Windows Server 2003-based network, the server can be configured to automatically disable the Windows Firewall on all connected workstations, preventing possible conflicts later if curious or well-meaning users enable it on their PCs.

Known Issues With Existing Software

Software/Issue

Resolution

Microsoft File and Printer Sharing - If the Windows Firewall on a server is not configured to allow file and printer sharing, users may be unable to connect to that server.

The Windows Firewall must be configured to always allow connections to any valid "server" program running on one's PC. Normally connections should be allowed only from the local network, and not from the Internet.

Norton AntiVirus - The new Windows Security Center is unable to accurately determine if NAV is updated, and flags this as a problem. However, NAV will run and protect your system under SP2.

Symantec has released a patch to Symantec AntiVirus that is downloadable via LiveUpdate. To install this patch, run LiveUpdate repeatedly until you see a message saying you have all of the available updates. See this link for details.

Symantec AntiVirus Corporate Edition - The new Windows Security Center is unable to accurately determine if SAV is updated, and flags this as a problem. However, SAV will run and protect your system under SP2.

Symantec has released a patch to Symantec AntiVirus 9.0, with patches for earlier versions to follow later. See this link for details.

Artisoft TeleVantage - ViewPoint and other applications run on a workstation will not be able to communicate with the server.

Artisoft has released an update for TeleVantage 6.0, and plans to release an update for TeleVantage 5.0 soon.

Microsoft Business Solutions CRM - The server software and Outlook client require an update and several settings adjustments to function properly with SP2.

Microsoft has detailed information in their Download Center, along with the update.

Paint Shop Pro - Version 8 will not install on a computer with SP2.

The problem only appears on newer AMD Opteron and Athlon64, and Intel Itanium processors which have certain "Data Execution Prevention" features enabled. To resolve, run the installer directly rather than via the CD's AutoRun feature (see Microsoft KB #873176).

NetZero - The NetZero software closes unexpectedly when run.

NetZero plans to release updated software that is compatible with SP2.

SBC Yahoo! DSL - SBC has determined that some users "will experience changes" after loading Service Pack 2 when using the customized SBC Yahoo! Browser, Parental Controls, SBC Yahoo! Web mail, and Instant Messenger.

SBC and Yahoo! have an update available to address these issues.

More programs will be added to this list as specific issues become known...check back often!

Microsoft has also released two lists of programs known to have issues of one type or another with SP2:

However, Microsoft has apparently been editing these lists as fixes became available, so if you have problems check with your program vendor for an update.

How to Disable Automatic Installation of SP2

After our initial posting, Microsoft has developed a new method of temporarily disabling the automatic installation of SP2, while allowing one's PC to download other critical updates. However, beginning April 12, Microsoft will no longer block the delivery of SP2 via Automatic Update and Windows Update. One must completely disable the Automatic Update feature of Windows to block SP2 after this date.

  • Temporarily block Service Pack 2 installation (the block will cease to function April 12)
    This link will open a Microsoft web page. Click on the Download button on that page and select ‘Open’ in the pop up dialog. You will then be asked if you want to accept the End-User License Agreement. After you select ‘Yes,’ you should see a new window briefly open and close on your computer. This program will set a registry setting to delay the SP2 installation by 120 days from its release date.
  • Re-enable Service Pack 2 installation
    This link will open a Microsoft web page. Click on the Download button on that page and select ‘Open’ in the pop up dialog. You will then be asked if you want to accept the End-User License Agreement. After you select ‘Yes,’ you should see a new window briefly open and close on your computer. This program will re-enable the SP2 download if it was blocked via the above link.

To permanently disable or re-enable Automatic Updates on your PC:

  1. Open the System Properties dialog
    - if My Computer is on your desktop or Start Menu, right click My Computer and select Properties
    - OR, press "Windows Logo Key" + Pause/Break simultaneously
  2. Click the Automatic Updates tab
  3. To disable Automatic Updates, ensure "Keep my computer up to date" is not checked, or select the option, "Notify me before downloading any updates..." and instruct users to NOT install the Service Pack 2 update.
  4. To enable Automatic Updates, check "Keep my computer up to date" and select an option.

Network Administrators: When you are prepared to install Windows XP SP2, note the full download of Windows XP SP2 is approximately 270 megabytes so you may wish to download the network install, or install it from a CD-ROM, rather than have each PC download it separately via Windows Update. Note several ITS clients had severe problems after installing Windows XP SP1 via Windows Update.