Slashdot Mirror
Survey Shows Admins Avoiding SP2
bonch writes "Tom's Hardware Guide is running an article about Windows XP Service Pack 2 and its limited acceptance by IT administrators. AssetMetrix is cited in the article as reporting that fewer than 24% of over 136,000 Windows XP PCs in 251 North American corporations even had SP2 installed. THG goes on to describe the reasons given by admins and discusses the advantages and disadvantages of installing SP2."
that I've seen this story before...
I never said I was smart, I just said I was smarter than you
This is a 200Mb file that you need to send to every computer on the corp. network, so even if you were ready to start deploying SP2 you couldn't do so over night.
Further more SP2 adds LOTS of functionality and changes the behaviour of Windows and thus is extremely likely to break things on a corp. setup.
So I am not at all shocked that network admins haven't all installed it yet.. But I bet you if you changed the survey to - "How many network admins are installing (Via Slipstream) SP2 on new installations?" you would get a very positive and different result.
It breaks a whole bunch of apps. It is a large enough list that something will probably not work on a high percentage of machines in any sizable deployment of Windows XP.
Windows admins have a good reason to be a bit careful here. Windows Service Packs have a long tradition of making systems or applications no longer function. After getting burned a few times, you learn to be careful.
"Trademarks are the heraldry of the new feudalism."
Some administrators take every opportunity to whinge and moan when Microsoft products have a security vulnerability. When Microsoft do the "right thing" (such as XP SP2), there is more whinging and moaning . Security is not easy - the spin on security being a "business enabler" should have died with the dot com bust. Security restricts and breaks functionality, sometimes deliberately, with the tradeoff that you are now accepting less overall risk in your environment.
Surely you only need to download once?
So, if Microsoft force you to upgrade to SP2 to reduce the number and chances of a compromised PC it's bad because they're forcing you.
If Microsoft don't force you to upgrade then it's bad because they're not being proactive enough in reducing the number and chances of a compromised PC.
Must be great to be a decision maker at Microsoft where whatever choices you take it won't be liked.
Avantslash - View Slashdot cleanly on your mobile phone.
Windows XP SP2 is, um, the current version of Windows. Avoiding it means your systems are running on a legacy OS.
When new programs come out that require SP2 (like the upcoming IE7), it will be too late to start thinking about an upgrade... If it breaks your 5-year-old applications, replace them.
If your internally-generated code isn't ready, fix it.
If you can't cope with the lame Window Firewall, RTFM to customize or disable it.
How long before the legal or finance departments need to use a business-critical Web site that requires IE7 for access?
It has far too few real applications. It will NOT attract proper developers, because the design prevents you from releasing a binary that will work for years. This is intentional, in keeping with the FSF's mantra.
/tmp or the installer will dump core. After the installer is done, edit /etc/X11/XF86Config and add a section called "GL" and put "driver nv" in it. Make sure you have the latest version of X and Linux kernel 2.6 or else X will segfault when you start. OK, run the Quake 3 installer and make sure you set the proper group and setuid permissions on quake3.bin. If you want sound, look here [link to another obscure web site], which is a short HOWTO on how to get sound in Quake 3. That's all there is to it!"
Linux zealots are now saying "oh installing is so easy, just do apt-get install package or emerge package": Yes, because typing in "apt-get" or "emerge" makes so much more sense to new users than double-clicking an icon that says "setup".
Linux zealots are far too forgiving when judging the difficultly of Linux configuration issues and far too harsh when judging the difficulty of Windows configuration issues. Example comments:
User: "How do I get Quake 3 to run in Linux?"
Zealot: "Oh that's easy! If you have Redhat, you have to download quake_3_rh_8_i686_010203_glibc.bin, then do chmod +x on the file. Then you have to su to root, make sure you type export LD_ASSUME_KERNEL=2.2.5 but ONLY if you have that latest libc6 installed. If you don't, don't set that environment variable or the installer will dump core. Before you run the installer, make sure you have the GL drivers for X installed. Get them at [some obscure web address], chmod +x the binary, then run it, but make sure you have at least 10MB free in
User: "How do I get Quake 3 to run in Windows?"
Zealot: "Oh God, I had to install Quake 3 in Windoze for some lamer friend of mine! God, what a fucking mess! I put in the CD and it took about 3 minutes to copy everything, and then I had to reboot the fucking computer! Jesus Christ! What a retarded operating system!"
So, I guess the point I'm trying to make is that what seems easy and natural to Linux geeks is definitely not what regular people consider easy and natural. Hence, the preference towards Windows.
PS you are a turd moneky.
thanks for the pity but my fat paycheck will suffice for now
Windows creates jobs, if it all "just worked" with no need for updates ever etc. then most Admin's would be part-timers, you would install the machine and never see the customer again, not exactly good for any buisness that according to the "free market" is supposed to expand
viruses and malware on their own have created entire multi billion dollar industries engaged into defeating their effects, but conviently they just cant seem to eliminate the problem$
That's great up until someone releases malware inside your network. On corporate networks, often 100k plus desktops, it will happen.
SP2 isn't useless, it is manditory, but a serious pig to apply in the corporate environment. You are short sighted to think otherwise.
I dunno. I used the registry hack to make windows not force the update when it first came out, since I was concerned that my sony laptop might have issues, and I didn't want to deal with anything.
But, after a while and I had heard good things about it, in terms of doing a good/significantly better job with security, I thought I would look into it more.
When I went to download it, it recommended that I look here, to see if my manufacturer had anything to say. They did, and had a couple downloads before I upgraded, and a couple after. Everything works great.
Manufacturer Guidelines
The same goes for basic corporate users, but since system skills can be acquired (by training, replacing, or hiring) there is also the option of linux or BSD.
Beta is broken and the link to classic doesn't work. Stop wasting our time or there won't be anybody left here.
And yet they've successfully set up those networks in the first place, probably installed numerous other WinXP patches across their networks afterwards, probably installed and configured office apps, corporate database stuff, corporate Intranet stuff, and more.
Really, if installing SP2 from a centralised control point isn't a matter of "Click here" and perhaps fixing some unusual incompatibility problems on a small proportion of machines, then I'm betting it's SP2 (or its installation tools) that is broken, not the IT staff.
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
The programs on the list are not the programs that are stopping admins updating to SP2.
The programs on the list are WORRYING the admins who are running custom software, legacy compatibility programs, specialised software.
I work for some schools in a London borough who have to make all financial arrangements over a program called SIMS which, last time I looked, was actually some sort of DOS-based program. It's had upgrades since but it still relies on communicating with the borough's financial systems which do not run on Windows but communicate over some sort of terminal interface. There were known incompatiblities with SP2 and this software because of the way it uses the network to communicate.
You upgrade and break that, the school can't pay their staff, buy products, organise mid-day catering or pay any suppliers. Because there is a policy of keeping all machines at the same patch level to prevent incompatibilities, the curriculum network (i.e. where the kids play) also cannot be upgraded until the incompatibilities are solved.
Therefore, 30-odd computers are forced to stay at SP1 because of the most important app in the school, which EVERY school in the borough runs (17 of them, I believe). That's getting into nearly a thousand computers all told that are hung up by an incompatibility with one program that's been running fine for YEARS.
You think MS know or care about a package that a London school uses on one machine in each school? No, so it's not on their incompatibility list. The point is that SP2 causes problems, especially with programs that use networking, that can only be found by testing. If the test fails, you have to wait for a fix from the vendor or make one yourself. In the meantime, you have to hold off on SP2.
I've read the article and all, but I also try to apply basic critical thinking skills. Do you really expect the admins they survey to admit the reason is they are lazy? This would be like surveying microsoft employees asking "Is Microsoft anti-competitive?". Of course they'll say no, but I don't think that should be be accepted as fact.
/. and all, but the whole issue of SP2 seems to have a TON of FUD surrounding it on /. Now I'm not suggesting there are no issues with SP2 and I'm sure some people have had issues, but I really wonder about some of the /. posters. I have friends who had "issues" with SP2, but nothing like I've read here. The worst case I personally know of is a company who had 3 apps "broken" by SP2 but were all relativly easily "fixed" with small tweaks to SP2's defaults. These were caught during testing and roll-out went smoothly.
/. (which isn't all that unusual I guess). ;-)
The survey the article discusses says nothing about why, but apparently THG contacted "some admins in the trenches" who apparently gave some reasons. Of course they don't bother giving numbers of "admins in the trenches" they contacted or any relavent info.
I admin about 500 PCs, and we had NO problems. Granted almost all of the PCs have "standardized" hardware. No, not all PCs and periphials are identical but ALMOST all are from a single vendor (DELL) and have VERY similar hardware. We also have about a dozen standard software builds (with of course a number of one-off builds). We use a decent mix of MS apps, 3-rd party apps, and in-house apps.
The biggest issue we had was help-desk calls about pop-ups or ActiveX controls being blocked by default in IE. Preping for the rollout wasn't a very big task. Took under a week to fully test on standard builds.
I like
Maybe I (and the admins I know) were just "lucky", but based on my experience I have a really hard time accepting the crap I've read about SP2 on
"reality has a well-known liberal bias" - Steven Colbert
I think so. Buying a popular prebuilt system instead of building one from obscure parts, even if they offer better performance, etc., probably also improves the chances of having a stable system.
NX is still in a different category, though, because it's a case of changing the rules in the middle of the game, by disallowing something that used to be allowed. These sorts of changes always lead to problems, especially with older software, but in the long run they lead to better software overall.
Huh? NT4 and NT4 server has cost us nothing to "support" over the past couple of years that it has been "supported" and let's also talk about the older NT 3.51 servers (we have 2 500 tape jukebox archive servers running that) that also has not given us any "support costs" cince it was EOL.
we hire competent people here for IT that know how to maintain a wide range of operating systems. in fact we have never in the past 6 years I have been here called on microsoft for any support, every patch they released usually went through 3 months of intense testing before we ever released one to production servers.....
so in that aspect microsofts "support" costs more than no support.
anyways, a completely insecure computer is very safe if you create your networks and use proceedures that protect the equipment and networks.
Please feel free to tell me how we are going to have HUGE support costs after it EOL's... as we have not seen it for any other OS that is EOL here.
I usually only hear about that support myth from the MS salesmen that show up from time to time.
Do not look at laser with remaining good eye.
anyways, a completely insecure computer is very safe if you create your networks and use proceedures that protect the equipment and networks.
I'm sure your company has strict procedures in place to protect against this sort of thing. However, I do feel the need to point out that, statstically, most security-related incidents are caused by insiders.
A couple of years back when I was still working as an admin I was hired by a company and on my first week there was a security incident. Upon investigation it turned out it was an ex-admin who had installed trojans on many of the servers that he had root access to while he was working there.
Microsoft gives us the impression that the company has a sloppy management style supervising coders who are not given enough time to do a good job. If you don't install SP2, you are not giving Microsoft the opportunity to fix some of its bugs. Someone once said that the Microsoft motto was "The whole world is our beta test site." According to that, Windows XP SP2 is just the first release version of Windows XP. We had many, many time-consuming problems with the pre-SP1 version; in our opinion, it was not ready for release; it could be made to work, but it was a time-waster. Maybe it's foolish to believe that two billionaires could care what happens to the less rich.
I got the same expression from earlier versions of Windows (have not touched XP yet because I dislike the idea of "activation").
Considering the motivation of Microsoft management, I think it is simple profit maximizing, coupled with a bit of shortsightedness. So far, they could get away with releasing software that has only beta quality, so why spend more money and time on debugging?
Of course, this can backfire when serious competition appears, and seems to do so in the server market by now. At least, I frequently read about studies that show rapid growth of server-side Linux.
C - the footgun of programming languages
Recently I was in a remote location with a computer that came with the building. I reformatted and reinstalled windows. I needed to register it, get a new video driver from nvidia, and then go to windows update to get patches and then SP2. I was on a wireless dialup connection.
Sometime into downloading the first patches from windows update, the machine started to act oddly. Down to a crawl. Somehow during that time a worm had taken over and installed 30 or so different malware programs.
Screwed!
There seems to be no way to get that computer secure on the internet without either buying 3rd party firewall or SP2 cd which was not an option at the remote location.
I don't agree with what you say. I think your arguments are flawed:
.. magically! :)
* It was late
- it's MS. are you surprised? is this a valid reason not to upgrade?
* Lots of apps don't work with XP SP2, including some of Microsoft's own
- not out-of-the-box no. but after disabling/modifying the build-in firewall they will
* It's been known to be unstable
- a MS product that's unstable? no way!! I can only say that my pc doesn't crash more now that i've installed SP2.
* Difficult to install
- maybe if you have parkinson disease. i could easily click on the setup file/link after which it installed
* Additions like the firewall have serious shortcomings
- so disable it and buy a real firewall (hw/sw). You didn't have a firewall before SP2, so not upgrading because the new firewall doesn't work perfectly is, again, a bogus reason.
* It messes with settings and permissions
- didn't encounter those, but could be, yes. But now you know which settings they are, you could easily change them (back), right?
* Is still vulnerable anyway in many ways, and it can take weeks or months to force a repair or even admission.
- true about vulnerability. Did you really expect that *all* vulnerabilities were fixed? My, but you're optimistic
* Doesn't fix or remove MSIE
- lol. a MS SP that removes IE? Oh, and the fix is a seperate patch/hotfix.
* Has DRM features that let spammers 0wn the machine
- don't know about that, but i'm sure a good configured firewall takes care of this.
This post might seem like i'm heavily defending MS. I'm not. I just can't stand it when people claim something isn't working without bothering to check for themselves, or giving bogus arguments.
Not upgrading to SP2 because it doesn't 'fix' or remove IE is a terrible argument IMO. But hey, that's just me. And i'm not forcing anyone to upgrade. I'm just saying that most of your arguments aren't valid reasons not to upgrade though.
SP2. Install it, goddamit.
perl -e 'print $i=pack(c5, (41*2), sqrt(7056), (unpack(c,H)-2), oct(115), 10)'
It's no prejudice when it's true
It's not true when it's just your opinion.
Run the most stable software that Microsoft has ever put out... Windows 2000. Sadly I have lockups 2-4 times a week on my 2 year old laptop when I run XP on it. When I run Windows 2000 or Linux, no lockups whatsoever. XP looks nice with clear type and boots up much faster than Win2k which helps when the system freezes but Win2k beats it hands down for stability.
Don't scream at Microsoft, they're merely listening to customer demands and trying to make Windows more secure.
If you want someone to scream at, scream at the vendors who make shoddy, ill-written software that won't work under SP2, who still haven't released product updates that are compatible with SP2.
for a couple reasons.
First, SP2 hasn't caused any problems in the broad range of machines I've seen or dealt with. While I don't doubt the 24% estimate, I sincerely doubt that 76% of machines lack the upgrade as a result of security concerns, which leads me to the second reason...
If approached by someone questioning why the machines aren't up-to-date, the lazy IT manager, feeling backed into a corner, will make an excuse about how he is still evaluating the potential dangers of the controversial upgrade.
It was late [vnunet.com]
This is fairly normal for a major overhaul of an OS. Delivery dates change. SP2 fundamentally changed many of the ways that XP operates, and, contrary to some opinions, really did raise the bar on Windows security. Besides, the article to which you link was complaining about the delay of a few days from the release to premium subscribers. That's getting a little pedantic.
Lots of apps don't work with XP SP2 [microsoft.com], including some of Microsoft's own
Many of the apps on the list work fine on 32-bit XP SP2, but have problems on 64-bit. Most of the others have patches available to allow them to work fine with SP2. VirtualPC, for example, works at expected speeds when updated.
It's been known to be [crn.com] unstable [crn.com]
I'd like to be able to comment on this, but the article is expired.
Difficult to install [thechannelinsider.com]
Might be interesting to comment on this one, but it, too, is unavailable.
Additions like the firewall have serious shortcomings [eweek.com]
Wow, this is getting to be a trend. However, the Windows firewall was never intended to be an end-all, be-all solution. It was intended to make attacks more difficult by blocking off certain common ports. A middle ground was struck between home and enterprise users (one that was too open, IMHO) that still left some things somewhat open, but it's better than nothing. Had they come out with a miniature version of ISA, we'd have heard shouts (possibly including some from you, I suspect) that Microsoft was trying to put the security companies out of business.
It messes with settings and permissions [theregister.co.uk]
Of course it changes settings, though I saw little about changes to permissions. But that article, while somewhat correct on a few things, misses wide on others. It calls for Automatic Updates to be disabled because "users should update Windows manually, though regularly, paying attention to the various update options and their relevance to one's system," which we know siginificant portions of the installed userbase do not do, and have no knowledge to do so. It is a mechanism that, while potentially abusable by Microsoft, is by far the lesser evil when compared to worms running rampant because some patch from eight months prior wasn't installed.
Is still vulnerable anyway [eweek.com] in many ways [zdnet.co.uk], and it can take weeks or months to force a repair or even admission.
Microsoft never claimed that SP2 would be vulnerability-free. It claimed that it would be more secure, and generally speaking has been correct in this. Even the patches that have covered both SP1 and SP2 have in many cases had lower severity ratings for SP2.
Doesn't fix or remove MSIE [eweek.com]
Well, they're not going to remove IE, so there's not much point in complaining about that. But whether it fixes it is another question. Are there still vulnerabilities? Sure there are. But while IE still has a good distance to go, IE6 SP2 is far superior to its predecessors in terms of default security and blocking random installations. I have personal clients who were at first annoyed by IE's new features, and in recent months have come to love that it blocks so much (I'm still working on converting some of them to Firefox).
Has DRM features that let spammers 0wn [zdnet.co.uk] the machine
Not sure if this particular issue was ever directly addressed by Microsoft, but since I haven't seen much evidence of this method being used to gather up armies of zombies (most do it by e-mail or open ports), I'm not sure how serious it was to begin with.
You can never go home again... but I guess you can shop there.