Many corporate users dragged their feet in testing beta versions of the security-focused Service Pack 2 update for Windows XP and still had plenty of application compatibility testing to do when Microsoft Corp. released SP2 last August. But a random poll of IT managers conducted by Computerworld this week, plus anecdotal evidence from industry analysts, indicates that far more companies are making significant headway in deploying SP2 or are preparing to do so.
Twenty-three of the 30 users who responded to the e-mail poll said they have started to deploy or have installed SP2 on existing machines, are rolling it out on replacement and new PCs, or are finishing testing and planning work that will enable them to install SP2 in the coming months.
Gartner Inc. predicts that half of enterprise XP desktop systems will be running SP2 by year's end. But Gartner analyst Michael Silver said sporadic reports of applications being broken by the software proves the need for careful testing, "since there's no easy way to tell which applications may break and which will be OK."
And the testing clearly takes time. Jean Delaney Nelson, CIO at Securian Financial Group Inc. in St. Paul, Minn., said her company's SP2 project started in August, when the IT staff began researching which parts of the service pack it wanted to install. Securian then created and started testing operating system "builds" with applications, a process it expects to complete in May.
So far, Securian has identified a half-dozen applications that have issues with SP2, including some software that vendors haven't certified for the update, Delaney Nelson said. She added that none of the problems are major, but Securian won't be ready to start deploying SP2 to its 575 XP machines until July. Most of the company's 2,500 desktop machines run Windows 2000.
"SP2 is not just like a patch. It's almost like a whole new version of the software," said John-Mark Tucker, IT manager at Red Dot Corp. in Seattle. "It really should be considered an upgrade, and that should trigger more precaution."
But beyond isolated problems, Red Dot's SP2 installation has gone smoothly and is helping to protect the company from malicious attacks, Tucker said. A virus infected Red Dot's network during the SP2 testing period, but it had no effect on the machines running SP2, he noted.
Red Dot, which makes heating and air-conditioning systems for large vehicles, participated in Microsoft's Technical Adoption Program and tested some 25 applications -- including ERP and computer-aided design software -- against new builds of SP2 during the beta period. Tucker estimated that the testing process took three to four days for each new build.
But some companies have hundreds of applications to test and still aren't ready to begin deploying SP2.
For example, Edmonton, Alberta-based Atco I-Tek Inc., the IT arm of Canadian energy and logistics company Atco Ltd., supports more than 600 operational applications on its XP systems, according to Bruce Schmidt, leader of Atco I-Tek's workstation architecture team.
"Smaller software vendors don't seem to be ready to commit to SP2 compatibility," Schmidt said. "Others will only commit with the latest product release, which is not always what is currently being used."
Only about a dozen of the company's 4,000 XP desktops have been updated to SP2. Schmidt said that thus far, most problems have been related to the new Windows Firewall technology. A looming concern moving forward is distributing the "jumbo-sized" SP2, he added.
At the Kentucky Department of Education, the only difficulty associated with its SP2 deployment was insufficient disk space on some systems, noted Tim Cornett, a network engineer at the agency.
SP2 checks in at 265MB, although Microsoft says the amount of code installed on systems could be smaller because the update is a "smart download" that will install only what the user actually needs. The average download for Windows XP Professional users is expected to be about 100MB, according to a Microsoft spokesman.
Microsoft claimed that a November survey of 800 enterprise customers who attended its educational workshops on SP2 showed that 77 percent planned to deploy the update during the next six months.
"We understand that many of our enterprise customers have very complex environments," said Jon Murchinson, a Windows group product manager at Microsoft. "We advised in August that they proceed with testing before they rolled it out to the general populace."
Microsoft's new browser plan miffs Win2k users
This month's announcement by Microsoft Chairman Bill Gates that Internet Explorer 7.0 will be made available only to users of Windows XP SP2 and the upcoming Longhorn release of Windows isn't sitting well with some IT managers.
Although corporate users contacted last week said they're happy about the security-focused improvements that Microsoft plans to make to its Web browser, several added that they think IE7 should also be supported on Windows 2000.
"Windows 2000 was built for the Internet and bought with good-faith expectations on security," said Charlie Ward, manager of IT architecture at Duke Power Co. in Charlotte, N.C. "If IE7 works only on Windows XP SP2 and above, Microsoft is forcing customers with no other compelling reason to upgrade to spend additional money to protect themselves from flaws in Microsoft's products."
Microsoft this week declined to comment about IE7. A company spokesman said more details will be made available when the first beta is released.
Gates said during a keynote address at the RSA Conference 2005 in San Francisco last week that Microsoft expects to deliver a beta version by "early in the summer." He vowed that IE7 will add "a new level of security," including stronger defenses against phishing attacks, malicious software and spyware. But the earliest edition of Windows that will be supported is XP SP2, Gates said.
Martin Colburn, chief technology officer at the National Association of Securities Dealers Inc., said the industry standard is typically to make improvements backward-compatible for the previous one or two releases. He added that it would make sense for Microsoft to do the same, since the company has had "notoriously weak security" in its products.
"If (users) want a level of security that probably should have been there with the product all along, they've got to upgrade," Colburn said. "That's a little bit challenging for customers that have already set out their upgrade schedules."
Kindred Healthcare Inc. has about 11,000 desktops running Windows 2000. Because the Louisville, Ky.-based company plans to skip XP with the exception of tactical situations, it will have to wait for Longhorn to get IE7, said Rob Rhodes, a technical consultant at Kindred.
The desktop version of Longhorn is expected to be released next year. Microsoft originally planned to deliver IE7 and Longhorn at the same time.
But Craig Roth, an analyst at Meta Group Inc., said Microsoft wants to show that it's "not standing still" as the open-source Firefox browser continues to gain users. The new IE7 plan "has a bit of a freezing effect on companies that might have been thinking about changing browsers," Roth said.
Roger Wilding, a senior technical engineer at a global shipping and supply chain services company, said Microsoft is up to "its old tricks" with IE7. "They weren't going to do a new IE until Longhorn came out," he said. "Now there is a threat out there, Firefox, so they are reacting -- but only a little bit."
Yet Wilding said his company, which he asked not be identified, has no plans to switch browsers. "Firefox doesn't work on some intranet sites we have, and there is no central way to patch it," he said.
Some users were sympathetic to Microsoft's plight. "As a software guy myself, I'm well aware of the time and cost to do backward compatibility," said Jeremy Lehman, CIO at New York-based Thomson Financial. He added that it's "better to have something now than wait another year for a perfect solution." -- Computerworld (US)