UPDATED: Only 24 percent of the 136,000 Windows XP PCs in 251 North American
companies have upgraded to Service Pack 2 (SP2), according to a new survey
from AssetMetrix Research Labs.
SP2 is loaded with several new security features, including a revamped Windows firewall, to help shore up system defenses.
Aside from concerns about security, the research arm of the AssetMetrix
asset intelligence firm said companies who don’t use SP2 risk
incompatibilities with future Microsoft products, such as Internet Explorer
7. There is also the potential for a support gap when Microsoft nixes
support for Windows XP Service Pack 1 in September 2006.
Steve O’Halloran, managing director of AssetMetrix Research Labs, said end
users and small businesses view SP2 as a hassle in the wake of a daily dose
of hot fixes for security flaws. SP2 is essentially a new operating system
download totaling 266 megabits.
The potential that SP2’s size will break certain applications has users
wary of the upgrade, and they simply won’t download it, he said. But XP users
face a crucial deadline in the lifeline of the operating system. On April
12, Microsoft’s Automatic Update service will deliver SP2 to XP-based
The Redmond, Wash., software giant had offered to do it sooner, but acceded
to customer wishes to optionally suspend SP2 delivery via their Automatic
Update service for eight months. Customers were concerned that SP2 would break
certain applications, rendering them useless on their computers.
“It reminds you of high school days,” O’Halloran said, “where all of a sudden the mid-term
paper was due tomorrow and you ask the teacher for an extension and finally
the teacher gives you a two-week extension.
“Then it’s the weekend before the extension deadline and you haven’t done
anything about the paper. Companies are trying to put pressure on Microsoft
to forego the download.”
O’Halloran said Microsoft has allowed a significant period of time to
accommodate companies’ demands to test and validate Windows XP SP2 within
their IT infrastructures.
Despite the fear of broken applications, O’Halloran said he was surprised by
the results of the survey.
“I was anticipating some kind of polarization of either companies that were
wholly embracing it, or wholly embargoing it. For whatever reason, we saw a
mixture of people who accepted SP or didn’t. That led us to understand that
if there was a policy surrounding SP2, it was not being observed either
through end-user action, or through management tools.”
Of the respondents, eighty-four, or nearly 41 percent of companies using XP,
seem to be avoiding an SP2 upgrade, while just 17, or approximately 8 percent, seem
to be upgrading.
The other 52 percent of the companies surveyed showed no decision about SP2,
leaving themselves open to support issues by allowing multiple editions of
Windows XP to exist in their infrastructure.
The analyst said that Ottawa, Canada-based AssetMetrix Research Labs
recommends companies install, test and verify SP2 before the April 12
deadline to avoid service interruptions.
Users can choose to accept or deny SP2, but they should deploy a policy
mechanism, whether it’s a tool from Microsoft Active Directory or Windows
As another alternative, AssetMetrix is offering Update Policy Manager, a
free feature included within AssetMetrix’s PC inventory tool that can
enforce corporate policy on Windows updates by disabling the end-user’s
ability to modify the Microsoft Update Service. This will ensure that
important security patches are installed on the PCs.
A Microsoft spokesperson said Microsoft consistently recommends that
organizations take the necessary time needed to evaluate SP 2 and develop a
deployment plan that best meets their needs.
The company also said it is seeing an up-tick in enterprise customers that
are either deploying, or committing to deploy, SP2. For example, Merrill
Lynch has committed to deploy SP2 across 50,000 desktops by the middle of
the year, Microsoft said. Law firm Holland & Knight has completed its
deployment of SP2 across 3,500 desktops.