Procrastination may be hazardous to your Windows XP health, Microsoft appears to believe. The software emperors say they will switch on an Automatic Update service April 12 that will deploy the XP Service Pack 2 to all personal computers online—whether or not individual users or corporate information technology departments are ready for the upgrade.
Whether the automatic upgrade will affect online privacy is unknown at this point. The Electronic Privacy Information Center did not return a call for comment before this story went to press. But Service Pack 2 has also been bedeviled by a number of problems since its September 2004 release, particularly a pair of security mechanisms that one Russian researcher said in January could be compromised by hackers.
Alexander Anisimov of the Positive Technologies firm said hackers could bypass those mechanisms by executing arbitrary code on systems running XP SP2, with a successful attack allowing “arbitrary memory region write access” (equal to or smaller than 1,016 bytes, Anisimov said). Microsoft has rejected Anisimov’s claim, saying he isn’t describing a security vulnerability.
"An attacker cannot use this method by itself to attempt to run malicious code on a user's system. There is no attack that utilizes this, and customers are not at risk from the situation," an unidentified Microsoft spokesman said at the time.
Aimed at fixing crucial security flaws as well as introducing performance enhancements, SP2’s automatic deployment was suspended for eight months, when customers complained about needing more time to prepare for the upgrade, according to eWeek.com.
AssetMatrix Research Labs, a Canadian company, said that only 24 percent of Windows XP computers have been upgraded to the service pack. "This whole thing reminds of those days back in college when you asked for a two-week extension on the due date for a midterm paper," AssetMatrix managing director Steve O’Halloran told eWeek.com. “But the weekend before the paper is finally due, you still haven't done any work."
AssetMatrix studied a reported 136,000 computers at 251 North American companies that showed only 7 percent of those had upgraded and deployed SP2 since its release, while 52 percent of the rest had no set policy or plans for the upgrade, and 40 percent were avoiding the upgrade.
Microsoft updated its Application Compatibility Toolkit in March in a bid to help larger business customers with upgrading to SP2, including three security-focused evaluation tools helping identify “common issued caused by SP2’s increased security settings,” eWeek.com said.
Other problems are believed to involve the actual deployment, but Northwest Head and Neck Surgery IT administrator Frans Keylard told eWeek.com that SP2, which they deployed almost at once, “didn’t break any applications, but then again, we are behind a very hard firewall that is outside our control," since it’s maintained outside the hospital IT apparatus.
"We checked the list of problem applications Microsoft provided and found no issues, so we did a test install on a few boxes . . . Everything has been running smoothly," Keylard continued, saying the hospital’s lack of older “legacy” applications and their key applications being Web-based Microsoft Net applications factored into that.
The real key, Keylard said, was being “more proactive and [knowing] how to protect” yourself.
