Slashdot Mirror
Survey Shows Admins Avoiding SP2
bonch writes "Tom's Hardware Guide is running an article about Windows XP Service Pack 2 and its limited acceptance by IT administrators. AssetMetrix is cited in the article as reporting that fewer than 24% of over 136,000 Windows XP PCs in 251 North American corporations even had SP2 installed. THG goes on to describe the reasons given by admins and discusses the advantages and disadvantages of installing SP2."
I heard most of the admins weren't available for comment...because their email program was busy sending a lot of messages to people they don't know..
No way It cannot be..I feel special now. I use SP2 and have no problems. When I first installed it the thing went wonky...and I just ignored all the problems. Then they magically went away.
A heck of a lot of apps are NOT certified for sp2
that I've seen this story before...
I never said I was smart, I just said I was smarter than you
1) People have enough problems with Windows without worrying about an upgrade that they've heard countless times will BREAK existing applications. 2) Some percentage of the population is simply pirating Windows and is afraid they'll get "caught" if they try to upgrade. 3) SP2 is seen as the first step in Microsoft's "Trusted Computing" initiative. 4) It breaks Halo. C'mon.
Going back to school for entry-level jobs?
I spent just over 3 months testing SP2 with all of our internal and external applications as well as stress tests for performance differences between SP1a and SP2. SP2 got the green flag the second time round (it failed because some internal applications failed, these were updated as was decided by IM).
I finished doing the last update about 3 weeks ago and have not had any problems relating to SP2 yet which is great.
IMO the only negative thing about SP2 is its size/time to install. It has slowed down deployment because of the bandwidth it uses and the the time it takes to install which is a major impact to production, which means it needs to be down out of office hours which means IT support need to work over time, etc.
While deployment of SP2 was tiring and long I would rather got on with it than wait it out like some companies are doing.
This is a 200Mb file that you need to send to every computer on the corp. network, so even if you were ready to start deploying SP2 you couldn't do so over night.
Further more SP2 adds LOTS of functionality and changes the behaviour of Windows and thus is extremely likely to break things on a corp. setup.
So I am not at all shocked that network admins haven't all installed it yet.. But I bet you if you changed the survey to - "How many network admins are installing (Via Slipstream) SP2 on new installations?" you would get a very positive and different result.
While there might be good reasons for not installing here and there, I suspect most of the so called "admins" are just to lazy or simply clueless when it comes to large scale software distribution.
Installing SP2 in a large corporate environment is nothing to sneeze at, I agree, but that's no excuse for not patching.
It breaks a whole bunch of apps. It is a large enough list that something will probably not work on a high percentage of machines in any sizable deployment of Windows XP.
Windows admins have a good reason to be a bit careful here. Windows Service Packs have a long tradition of making systems or applications no longer function. After getting burned a few times, you learn to be careful.
"Trademarks are the heraldry of the new feudalism."
Some administrators take every opportunity to whinge and moan when Microsoft products have a security vulnerability. When Microsoft do the "right thing" (such as XP SP2), there is more whinging and moaning . Security is not easy - the spin on security being a "business enabler" should have died with the dot com bust. Security restricts and breaks functionality, sometimes deliberately, with the tradeoff that you are now accepting less overall risk in your environment.
Give them some time, then the malware authors will start writing SP2 dependant stuff and we'll all be much better off.
Really, am I the only one thinking that something is very broken in Windows when Microsoft has to convince us to apply a (free) upgrade to the system?
I'm not surprised at the reluctance. :-)
Given that many of the SP2 changes relate to networks and firewalls, the bigger the corporate network the bigger the chance the upgrade will take some time to get working for everyone in a company.
If you are used to fixing problems remotely and the upgrade prevents the problem PC connecting to the network... you see the issue
As long as your internet connection is secure, ie, you have a good firewall or router (as you would have in a large corporate environment), then the negative effects of SP2 outweigh the positive ones.
SP2 breaks network connectivity by limiting the number of connections you can make in a given amount of time.
SP2 creates a bunch of annoying and useless popups and warning messages, with no real extra security (compare vulnerabilities found before and after SP2 on sites like Secunia).
The only thing SP2 does that's any good is fix up a bit of XP's so-called "firewall".
I don't blame these admins and I wouldn't be installing SP2 either.
... and then use a time machine and sue the cornflakes company for stealing that sentence.
The Tao of math: The numbers you can count are not the real numbers.
I recently obtained a copy of Visual Studio 2005 which I wanted to play around with. Install went fine (on XP) UNTIL I tried to install the DOCUMENTATION...which insisted that XP SP2 had to be installed!!
So I installed it. It broke SQL Server 2000 because I hadnt patched it (but wrote information to the event log about how to fix it) but apart from that things went well...
Until I tried to run the spidering app Ive been working on at which point I discovered that XP Pro + SP2 = Castrated System! SP2 limits the number of connections pending opening to 10 (down from 50) and provides no way to change this limit!!!! Unimpressed....
Anyways, given that many pieces of software will only run on systems patched to a certain SP level Id expect that it wont take long before its a required upgrade...having to install it for documentation to work though....that rubbed me the wrong way I must say..
To be honest this was the first I heard about it. I just naturally assumed that shareza didn't peform as well as other dedicated P2P software applications. That registery entry seems to be missing and according to what i've read is hard coded in tcpip.sys. I found software to change the number of connections permited in tcpip.sys here and it might be covered in XP-antispy though I've not tested it yet.
In all fairness I have had few problems with XP SP2. Unfortunatly any problem I've had has been hardware related.
There is no sanctuary. There is no sanctuary. SHUT UP! There is no shut up. There is no shut up.
Got it when it became available through Windows Update. No issues, but then, I don't have a lot of weird apps, and Virtual PC doesn't emulate weird hardware, so oh well.
I hardly ever use it, though... except to run Windows Update when a new batch of patches come out.
Village idiot in some extremely smart villages.
Admins threaten corporate IT security by avoiding to fix vunerable machines
:)
It's not avoiding to fix them, it's just trying not to have to install the machine again.
And I heard of people having BIG problems with SP2 installations.
It's better to get a firewall, an antivirus, change email client and browser.
Less things to worry about
-- Personal Blog: http://www.delymyth.net/ (italian)
If you have a Windows XP laptop with WI-FI and if you go to conferences where there are wireless networks, then you HAVE to get SP2: it's a crime not to.
The bug mentioned in the article, where Windows sets up an ad hoc network on a preferred SSID it can't find, is lethal in a conference network. One fuckwitted XP box stealing the SSID for its ad hoc network can disconnect hundreds of delegates. Any time that you're nearer the XP box than the access point (s.t. the XP box has more signal), your net access is toast, whether or not you're running windows.
I've been at conferences where there were hourly PA-broadcasts begging XP users to turn off their ad-hoc networks. If you have XP SP1 on-line at a conference, then you should expect to have your laptop pounded into fragments by angry geeks. They will be justified.
So, if Microsoft force you to upgrade to SP2 to reduce the number and chances of a compromised PC it's bad because they're forcing you.
If Microsoft don't force you to upgrade then it's bad because they're not being proactive enough in reducing the number and chances of a compromised PC.
Must be great to be a decision maker at Microsoft where whatever choices you take it won't be liked.
Avantslash - View Slashdot cleanly on your mobile phone.
It's not just patches. If you want to install extra Linux software these days you had better have a broadband connection t'interweb. Without yum or apt-get resolving all the dependancies will take you a long time and some effort (broken dependancy xyz.lib, now where do I get that.)
Now windows installers are huge. But at least it's usually just a case of downloading and running setup.exe and all is done done for you.
Philip
Signatures are broken
Windows XP SP2 is, um, the current version of Windows. Avoiding it means your systems are running on a legacy OS.
When new programs come out that require SP2 (like the upcoming IE7), it will be too late to start thinking about an upgrade... If it breaks your 5-year-old applications, replace them.
If your internally-generated code isn't ready, fix it.
If you can't cope with the lame Window Firewall, RTFM to customize or disable it.
How long before the legal or finance departments need to use a business-critical Web site that requires IE7 for access?
Did the Microsoft grammar checker help you with that sentence?
It has far too few real applications. It will NOT attract proper developers, because the design prevents you from releasing a binary that will work for years. This is intentional, in keeping with the FSF's mantra.
/tmp or the installer will dump core. After the installer is done, edit /etc/X11/XF86Config and add a section called "GL" and put "driver nv" in it. Make sure you have the latest version of X and Linux kernel 2.6 or else X will segfault when you start. OK, run the Quake 3 installer and make sure you set the proper group and setuid permissions on quake3.bin. If you want sound, look here [link to another obscure web site], which is a short HOWTO on how to get sound in Quake 3. That's all there is to it!"
Linux zealots are now saying "oh installing is so easy, just do apt-get install package or emerge package": Yes, because typing in "apt-get" or "emerge" makes so much more sense to new users than double-clicking an icon that says "setup".
Linux zealots are far too forgiving when judging the difficultly of Linux configuration issues and far too harsh when judging the difficulty of Windows configuration issues. Example comments:
User: "How do I get Quake 3 to run in Linux?"
Zealot: "Oh that's easy! If you have Redhat, you have to download quake_3_rh_8_i686_010203_glibc.bin, then do chmod +x on the file. Then you have to su to root, make sure you type export LD_ASSUME_KERNEL=2.2.5 but ONLY if you have that latest libc6 installed. If you don't, don't set that environment variable or the installer will dump core. Before you run the installer, make sure you have the GL drivers for X installed. Get them at [some obscure web address], chmod +x the binary, then run it, but make sure you have at least 10MB free in
User: "How do I get Quake 3 to run in Windows?"
Zealot: "Oh God, I had to install Quake 3 in Windoze for some lamer friend of mine! God, what a fucking mess! I put in the CD and it took about 3 minutes to copy everything, and then I had to reboot the fucking computer! Jesus Christ! What a retarded operating system!"
So, I guess the point I'm trying to make is that what seems easy and natural to Linux geeks is definitely not what regular people consider easy and natural. Hence, the preference towards Windows.
PS you are a turd moneky.
thanks for the pity but my fat paycheck will suffice for now
Windows creates jobs, if it all "just worked" with no need for updates ever etc. then most Admin's would be part-timers, you would install the machine and never see the customer again, not exactly good for any buisness that according to the "free market" is supposed to expand
viruses and malware on their own have created entire multi billion dollar industries engaged into defeating their effects, but conviently they just cant seem to eliminate the problem$
I work for a large oil company, and our worldwide (probably hundreds of thousands of PCs) rollout of SP2 killed Exceed, Samba, and a couple of inhouse apps. Turns out the NT guys hadn't even considered it. As a UNIX admin, I had to work quite a few long nights to repair the damage.
What they are saying is that if you like your computing experience to be all-Microsoft this is the way to go. Otherwise you'd be much better off with a different browser, email client and personal firewall!!
The latest gadget news and reviews. www.absolutegadget.com
The same goes for basic corporate users, but since system skills can be acquired (by training, replacing, or hiring) there is also the option of linux or BSD.
Beta is broken and the link to classic doesn't work. Stop wasting our time or there won't be anybody left here.
When Microsoft do the "right thing" (such as XP SP2),
Microsoft has yet to do the right thing. The security community has been beggng them to back out of the tight browser/desktop integration and "security zones" since 1997, and split the rendering and access functionality of the HTML control into separate components so you CAN run a locked-down sandboxed version of Internet Explorer if you want to... but instead Microsoft refuses to admit they made a mistake and patches symptom after symptom instead of attacking the disease.
That's why I, wearing my "security hat", banned all internet-capable applications that used the MS HTML control for rendering... back in 1997. As long as that ban was in effect we had zero virus and security panics, and we were the only division of our company for which that was the case.
The fundamental design of the HTML control is broken and unfixable. THe only solution is to back out of that design at a very low level, and rewrite all the applications that use it to handle access themselves. In 1997 I expected that Microsoft would do that... by now, it's obvious that they won't. They're afraid of losing face.
The right thing, from a security point of view, is to stop using Internet Explorer, Outlook, Outlook Express, Windows Media Player, Realplayer, and all other applications that use the MS HTML control to display potentially untrusted data whether they're shipped by Microsoft or some third party. Microsoft has proven over and over again for the last seven years that there is no other rational course of action.
SP2 and every other "security" patch that Microsoft provides are just smoke and mirrors.
XP Sp2 limiting the number of connection/sec
It does not. It limits the number of pending connections. The biggest problem with this in relation to p2p is that clients often report IP/ports that are unreachable due to firewall/NAT. Hit 10 of those and you can't open any more connections for a while. Also very annoying if you hit a web page where the image server is down. 10 images you can't load? Tarpitted. Personally, I've changed this long ago.
Kjella
Live today, because you never know what tomorrow brings
It's got a lot of strikes against it:
Beta is broken and the link to classic doesn't work. Stop wasting our time or there won't be anybody left here.
1. Open up the Security Center applet in the Control Panel.
2. On the left side of the Security Center window, locate and click the "Change the way Security Center alerts me" link.
3. In the "Alert Settings" window that appears, uncheck any/all the warnings you no longer want to have pop-up when you log in.
4. Click the OK button to save your changes.
Up, Up, Down, Down, Left, Right, Left, Right, B, A, START
The parent post is moderated as "Funny", but that's what happened to us. We installed SP2 on numerous machines. There were a variety of problems. Re-installing SP2 and rebooting several times often cured the problems. Sometimes it was necessary to reload the entire Windows SP2 operating system.
We troubleshot one of the problems and discovered that SP2 expects that a particular file exists on the target computer, before it has copied that file. So, if the version that was already on the target computer is not recent enough, SP2 will crash. We reported this to Microsoft, but there was only a spacey response, as though confusion reigned. Microsoft did not seem to have the capacity to respond sensibly.
SP2 has numerous fixes for problems with USB 2.0. USB operated much better for us after SP2 was installed.
Microsoft gives us the impression that the company has a sloppy management style supervising coders who are not given enough time to do a good job. If you don't install SP2, you are not giving Microsoft the opportunity to fix some of its bugs. Someone once said that the Microsoft motto was "The whole world is our beta test site." According to that, Windows XP SP2 is just the first release version of Windows XP. We had many, many time-consuming problems with the pre-SP1 version; in our opinion, it was not ready for release; it could be made to work, but it was a time-waster. Maybe it's foolish to believe that two billionaires could care what happens to the less rich.
All of our Microsoft OS computers are now using SP2 with all the most recent critical updates, with no unexplained problems for months.
Be careful with Windows XP updates other than critical updates. Someone made a mistake and updated a computer here recently with a recommended hardware driver. The name of the driver on the Windows Update web site is different from the name of the driver once installed. That computer has never had an "HP wireless keyboard" attached to it.
The typical home user installs XP with themselves as the "local-ADMIN"...
;-)
therefore, "Survey shows EVERYBODY Avoiding SP2"
----- Concentrate on promoting more than demoting.
...Not everybody. I still have two users that have legacy (ie. OLD AND CRAPPY) applications that were a hack to work on XP SP 0-1. I'm just not feeling like pressing my luck right now.
Of course, the people who do run SP 2 have reported exactly ZERO problems. True, I did have to reinstall Office on one lady's machine, but she also had the worst spyware/adware collection I've ever seen, so that probably had something to do with it.
Bottom line? In my experience, SP 2 is not better or worse than any other MS Service Pack. Yes, there are programs that are problematic, but mostly it works just fine. I mean, the worst issue was the pop-up blocker in IE preventing Peoplesoft from making an Excel spreadsheet, which was easily remedied by making the Peoplesoft web-server a trusted site for everybody via Active Directory Group Policy. Piece of cake.
Tough day? How about a free Mac mini?
The programs on the list are not the programs that are stopping admins updating to SP2.
The programs on the list are WORRYING the admins who are running custom software, legacy compatibility programs, specialised software.
I work for some schools in a London borough who have to make all financial arrangements over a program called SIMS which, last time I looked, was actually some sort of DOS-based program. It's had upgrades since but it still relies on communicating with the borough's financial systems which do not run on Windows but communicate over some sort of terminal interface. There were known incompatiblities with SP2 and this software because of the way it uses the network to communicate.
You upgrade and break that, the school can't pay their staff, buy products, organise mid-day catering or pay any suppliers. Because there is a policy of keeping all machines at the same patch level to prevent incompatibilities, the curriculum network (i.e. where the kids play) also cannot be upgraded until the incompatibilities are solved.
Therefore, 30-odd computers are forced to stay at SP1 because of the most important app in the school, which EVERY school in the borough runs (17 of them, I believe). That's getting into nearly a thousand computers all told that are hung up by an incompatibility with one program that's been running fine for YEARS.
You think MS know or care about a package that a London school uses on one machine in each school? No, so it's not on their incompatibility list. The point is that SP2 causes problems, especially with programs that use networking, that can only be found by testing. If the test fails, you have to wait for a fix from the vendor or make one yourself. In the meantime, you have to hold off on SP2.
We participated in the private betas for months and months. Found several bugs and app compat issues - got them either resolved or worked around. Shipped it to our users, and are currently at 90% of our 60,000 machines. I can't claim that there have been no problems. There have been some web sites that need work (due to some of the new restrictions in IE) and some apps that are used by only a few users that have some problems - but in the main, this has gone extremely well. I honestly can't figure out why people are waiting on this.
It seems incredibly disingenous of people to on the one hand say, "Windows is full of holes, help us here Microsoft, we are bleeding." and on the other hand say, "well, that's nice but I'd rather keep bleeding than spend the time and effort to apply the fix."
Get with the program IT Admins! Work with the vendors of the apps if you have to, get the firewall exceptions in and SHIP this already!
The application we use to allow our technicians work trouble tickets through a web interface got completely hosed by SP2. They were fairly apathetic about the whole thing sending a link to a MS KB article that didn't solve the problem. There attitude was pretty much it was our fault for using SP2. I finally found a solution that involved basically hacking the registry to tun off one the SP2 security features which was breaking the products javascript.
Power Corrupts,Absolute Power Corrupts Absolutely, leaving one person(group)in charge is absolutely corrupt.
Microsoft gives us the impression that the company has a sloppy management style supervising coders who are not given enough time to do a good job. If you don't install SP2, you are not giving Microsoft the opportunity to fix some of its bugs. Someone once said that the Microsoft motto was "The whole world is our beta test site." According to that, Windows XP SP2 is just the first release version of Windows XP. We had many, many time-consuming problems with the pre-SP1 version; in our opinion, it was not ready for release; it could be made to work, but it was a time-waster. Maybe it's foolish to believe that two billionaires could care what happens to the less rich.
I got the same expression from earlier versions of Windows (have not touched XP yet because I dislike the idea of "activation").
Considering the motivation of Microsoft management, I think it is simple profit maximizing, coupled with a bit of shortsightedness. So far, they could get away with releasing software that has only beta quality, so why spend more money and time on debugging?
Of course, this can backfire when serious competition appears, and seems to do so in the server market by now. At least, I frequently read about studies that show rapid growth of server-side Linux.
C - the footgun of programming languages
If you've got a system plugged in to the public internet and you aren't using something similar to the subject line to update
I'm a bit more forgiving for desktop use - I can type 'yast' on this machine and begin changing things. One day soon, when I take the time to make vmware run on FreeBSD 5.3 I will again experience holy homogenous happiness and life will be perfect.
I have heard of this SP2 of which they speak, but I have no fear, because I am far away from the blasted lands and their filthy start button virus infested machines
Climb, brothers, climb! Go higher and higher, until no flabby, graphical interface only OS with an incontinent TCP/IP stack can follow. Dwell in the land of headless awareness and be at peace.
Namaste.
I am very easy to get along with, but I don't have time to waste being nice to people who are being stupid. -Theo
Recently I was in a remote location with a computer that came with the building. I reformatted and reinstalled windows. I needed to register it, get a new video driver from nvidia, and then go to windows update to get patches and then SP2. I was on a wireless dialup connection.
Sometime into downloading the first patches from windows update, the machine started to act oddly. Down to a crawl. Somehow during that time a worm had taken over and installed 30 or so different malware programs.
Screwed!
There seems to be no way to get that computer secure on the internet without either buying 3rd party firewall or SP2 cd which was not an option at the remote location.
We have this methodology at work. I call it, 'Patch when it hits the fan'. Last time we did a major patch is when Nimda kicked our butts. Of course the patch was out weeks before.
The issue is that admins and systems support are lazy. We haven't moved to SP2 because no one wants to get off their butts and test.
Of course, all my systems are tested out on XP SP 2. :-p
In God we trust, all others require data.
Please, please, please... Let's try to make ourselves a cut (however slight) above the rest of the wailing masses. I am so tired of the anti-MS cattle on /. Are they a big evil corporation? YES. Do they do mean, nasty things, often... YOU BET. Do they occasionally get something right.. (here's the tough one).. YES!
On to SP2. Although I don't work in the IT dept any longer, I know most of the people quite well and hear about when stuff is bad(tm). There are over 300 machines in the dept. that I work in. # of problems with SP2? ZERO. Is it perfect right after install - no way, lots of stuff doesn't work. HOWEVER, once the TCP Limit is fixed (yes, 3rd party fix, and MS should include it, but they, it exists), NX disabled (not ready yet) and assorted registry keys tweaked, it works fine.
Now, for the apostles of Linux - How many of you install the standard base sytem and change nothing? That's right, ZERO! You can't take stuff 'out of the box' and expect perfection. Same with SP2.
Is SP2 perfect, HELL NO. Is a PROPERLY setup install of it, tweaked by IT people with a clue better than SP1, YES.
Considerable improvements exists in SP2 (USB, wireless, etc). Granted, some things are garbage (windows firewall.. hahahaha!) but they are easily dealt with, removed, or ignored. It is foolish to ignore the good parts of SP2 just to complain about a cheesy built in firewall.
Broken apps. I have yet to hear of a broken app that doesn't have a patch, hasn't been replaced by a newer version, or can't be fixed with a couple of tweaks. We author and utilize a lot of in-house software, and the only thing an MS patch or upgrade, including SP2, has broken involved new security permission in .NET (and can be fixed either in the software, or by the blocked requests)
At least be thankful that MS fixes some of it's mistakes.
Run the most stable software that Microsoft has ever put out... Windows 2000. Sadly I have lockups 2-4 times a week on my 2 year old laptop when I run XP on it. When I run Windows 2000 or Linux, no lockups whatsoever. XP looks nice with clear type and boots up much faster than Win2k which helps when the system freezes but Win2k beats it hands down for stability.
Don't scream at Microsoft, they're merely listening to customer demands and trying to make Windows more secure.
If you want someone to scream at, scream at the vendors who make shoddy, ill-written software that won't work under SP2, who still haven't released product updates that are compatible with SP2.
for a couple reasons.
First, SP2 hasn't caused any problems in the broad range of machines I've seen or dealt with. While I don't doubt the 24% estimate, I sincerely doubt that 76% of machines lack the upgrade as a result of security concerns, which leads me to the second reason...
If approached by someone questioning why the machines aren't up-to-date, the lazy IT manager, feeling backed into a corner, will make an excuse about how he is still evaluating the potential dangers of the controversial upgrade.
We use Great Plains too. If you had actually done some research and realized you needed to use one of the last 2 revisions you would've been fine. :)
The MS knowledge base has nothing, correct. The Source knowledge base(Great Plains support) has lots of documentation.