Windows XP SP2: Is It OK Yet?

Windows XP Service Pack 2 (SP2) arrived with much fanfare this past August. Immediately ITS and other IT organizations the world over recommended most people hold off on installing SP2. Why, given all the security upgrades trumpeted by Microsoft? Can SP2 be a good thing and a bad thing? How does one avoid installing an automatic update? And, more than two months later, is it finally safe to install Service Pack 2?

Why SP2 is Good

A Windows service pack includes all previously released updates for Windows, plus often provides additional updates or functionality. Normally these new features are minor, however given the recent public outcry over the persistent Windows worms and security issues, Microsoft has refocused on security. With that in mind they made major changes to Windows, in five areas: network protection, memory protection, e-mail, web browsing security, and computer maintenance.

SP2 includes the renamed Windows Firewall, and the biggest change is that it defaults to being on for all network connections. This is a fantastic improvement for home users without a broadband router between their PC and the Internet, since unprotected PCs on the Internet are probed within a few minutes, on average! Microsoft has also improved security on intra-network communication, making it harder for worms and viruses to infect a PC.

For memory protection, Microsoft has implemented checks to prevent buffer overruns (when attackers send too much data to a program thus opening a door for themselves). Microsoft has leveraged data-execution prevention (DEP) on newer CPUs such as the AMD Athlon 64. This lets the CPU prevent buffer overruns at a hardware level.

One of the most welcome changes is the improved Internet security in SP2. A new version of Internet Explorer (only available in SP2) greatly lowers the likelihood of spyware and adware infection. Users with Windows 98 or 2000 should consider using other, more secure, web browsers. Microsoft has also improved the handling of attachments in Outlook, Outlook Express, and Messenger, to better isolate and protect a PC from infected file attachments.

Finally, the new Security Center in SP2 alerts users to out of date virus protection, as well as the status of firewall protection and Windows' Automatic Updates feature.

Why SP2 is Bad

Windows Firewall and the improved network security can cause problems for programs that depend on intra-network communication. For example, client/server software (workstation software that has another part of itself running on the server, such as an SQL database) may have problems communicating. If configured improperly, the firewall may interfere with file and printer sharing. Also, tools to manage a computer from across the network may be prevented from working due to the firewall.

The new Security Center may cause unnecessary concern, since at the time of SP2's release no antivirus vendor supported it. SP2 flags the status of all antivirus programs as "unknown" and alerts the user. Also by default it warns users if either Windows Firewall or Automatic Updates are disabled, two items corporate networks may want turned off. While Automatic Updates may sound like a good thing, if an update causes a problem it can be hard to diagnose if a user is unaware an update was installed. A better option is to check for updates regularly.

At a hefty 200 MB+ in size SP2 is a daunting installation, and can take up to an hour to install on older PCs. Following several very serious problems with users who installed SP1 via Windows Update, ITS recommends either downloading the 270 MB "full" update file, requesting a free CD from Microsoft, or having ITS install it for you. SP2 does require up to 1.6 GB of free disk space during installation.

Is SP2 Safe To Install?

ITS feels SP2 is safe for home users to install, though corporate users should be a bit more cautious. Certainly the Windows Firewall can be disabled on a properly protected network. By now software vendors have had time to release updates for programs that have serious problems with SP2. However many are updating their most recent versions first, and updating older versions over time, if at all. Check with vendors of any critical software before installing SP2. Microsoft also recommends checking your PC for spyware, updating any programs to support SP2, and backing up important files.always a good idea when updating one's operating system.

ITS has posted our latest information on SP2 online at ITS StartCenter (, where you can also find anti-spyware utilities and alternative web browsers. Our SP2 page also has instructions on how to disable the automatic updating feature in Windows entirely, and also a method to postpone just the SP2 installation.

October 2004

Send this article to a friend!
Subscribe to The ITS Connection

Related articles