WinXP SP2 raises compatibility fears

When software giant Microsoft Corp. releases a major security overhaul of its oft-targeted Windows XP operating system (OS) next month, the company is likely to find a number of school customers resistant to change. Though the upgrade promises to make the embattled OS safer, school leaders worry the transition will create significant headaches for their busy IT staff, many of whom say the timing couldn’t be worse.

“The timing is horrific for schools,” said Sandra Becker, director of technology for the 4,000-student Governor Mifflin School District in Shillington, Pa. “We usually use the summer to refresh and update all computers.”

Going into a new school year, Becker isn’t exactly jumping at the chance to outfit the 800-plus computers in her district that are currently running XP with Microsoft’s beefed-up Service Pack 2 (SP2), reportedly the biggest security upgrade ever for Windows.

“Changing an operating system involves [investing a great deal of] time in testing,” Becker said, “especially with Microsoft products.”

Safer XP or not, there’s no telling how the upgrade might affect the myriad of learning resources and special-education applications configured to run on the older system, said Becker, adding that she wouldn’t have sufficient time to address these and other compatibility issues until at least the winter break.

As Microsoft toes the line between compatibility and safety, the impending overhaul has elicited grumbling from school and business customers alike, whose applications could require major changes–and glee from security experts who say any software product that doesn’t work wasn’t secure enough in the first place and needs to be fixed.

“The applications that will break with SP2 were essentially doing things wrong from a security perspective,” said John Pescatore, vice president of internet security at Gartner Research.

SP2 comes in response to a series of attacks that have plagued Microsoft’s products, taking advantage of vulnerabilities to spread viruses, steal personal information, and otherwise wreak havoc.

Some companies rushing to make their applications compatible–or trying to negotiate last-minute Microsoft changes–complain that SP2 is creating headaches.

“The changes Microsoft is proposing for SP2 will have serious negative consequences on the consumer experience of many applications and web sites,” RealNetworks spokeswoman Erika Shaffer said. The Microsoft rival makes a digital music and video player and sells subscription download services.

The new system bolsters security on Windows, its built-in Internet Explorer browser, and Outlook Express eMail. Among the changes: A Windows Firewall will be turned on automatically, helping to guard against attack. The browser has been fortified, and a new attachment manager will offer tougher policing against eMail-borne attacks.

The changes in the way Windows polices itself–particularly the newly strengthened firewall–could cause troubles for applications that are used to working with Windows’ old ways. Some say that’s particularly true of applications that regularly interact online, such as gaming programs or music services.

Security experts say it’s tough to know how many companies might have to change their products to be compatible.

Microsoft has delayed SP2’s release, originally scheduled for June, amid efforts to improve compatibility. Microsoft group product manager Barry Goffe says the “vast majority of applications” should function properly when SP2 comes out.

In the end, analysts believe most consumers will avoid major problems because most companies that have problems will fix them by the time SP2 is released. Gartner Research estimates that a mere 3 percent of applications that run on Windows won’t work once SP2 is out.

Perhaps the biggest change with SP2 will be a host of new alerts the user suddenly will get, offering more detailed information about what programs are trying to contact the computer and giving the user more chances to accept or decline.

Macromedia Inc.’s Flash technology required only minor technical changes to make it compatible with SP2. But the company was more concerned about early language in these warnings that could make even legitimate interactions seem scary and unwise.

David Mendels, Macromedia’s senior vice president in charge of developer products, said Microsoft was very responsive to its concerns. Now, he said, the prompts are less dire and more specific.

Microsoft’s own products are not immune. Joe Wilcox, a senior Jupiter Research analyst who is testing an early version of SP2, recently was blocked from using Microsoft’s Office Live Meeting conferencing product. Although he could have overridden that, Wilcox instead skipped the online option and called on a regular phone.

To Gartner’s Pescatore, such inconveniences are worth it.

“From a security perspective, the problems we’ve been having–these worms and such–we can often blame on things that need to be fixed in Windows,” Pescatore said. “So when Microsoft finally gets around to fixing them, it’s going to take some pain to get past that point.”

But Marc Liebman, superintendent of the Marysville Joint Unified School District in California, doesn’t quite see it that way.

“My belief is that the real problem is not the fix, it is the fact that [Microsoft] designs software and brings it to market before these types of issues are identified and resolved,” he said. “While new problems will always come up, if [Microsoft] has the quality engineers it professes, then these problems should be anticipated–and many are not.”

Liebman said his district, which uses XP on 20 percent of its machines, does not plan to not install the upgrade, at least for this school year. “We currently have effective hardware, firewalls, virus protection software, and numerous filtering systems in place to protect our system,” he said.

With those protections in place, Liebman said, the district has little need to make a switch, especially one that could prove to be a problem for administrative and instructional software.

“We will let the field play out the problems and develop the necessary fixes before transferring over,” he said.

Microsoft says it will make SP2 available for download through its web-based Automatic Update applications. The company also plans to distribute the service pack on CD-ROM and is currently in talks with major retail outlets to increase distribution and visibility of the free product.


Microsoft Security

Want to share a great resource? Let us know at