Windows SP2 - to install or not to install?
The second major update for XP is available some days now, and it has been estimated as the largest software upgrade having consumed more than $1 billion from Microsoft's budget. But despite these facts, is it worth installing or not?
As well as fixing particular bugs, SP2 includes upgrades for components that have been a target for hackers.
These include a component known as RPC/DCOM, which allows computers to be managed remotely over a network but has been plagued by bugs and used to circulate worms.
Other enhancements are aimed at preventing "buffer overflow" attacks, which involve breaking into supposedly protected regions of a computer's memory by inputting excess data. SP2 will upgrade the core of the operating system to make buffer overflows less common and add compatibility so the system can work with new microprocessors designed to provide extra memory protection.
SP2 will also deactivate as default several features that have proven problematic. These include the Windows Messenger, a component designed to let administrators send messages across a network, which has been hijacked and used to send advertising messages.
HTML content in received emails will also be switched off. This is because spammers can use HTML to detect when a recipient has viewed an email to identify the most responsive targets.
Once the pack has been installed, a computer will also automatically check the content of email attachments, to ensure they are not executable files in disguise - a common trick employed by virus writers to get users to run untrustworthy code.
Although the software will be free to authorised users, Microsoft plans to stop those running unauthorised copies of its software from receiving the new upgrade. Those using serial codes associated with pirated versions of the operating system will be unable to download the new software.
The decision to block these versions of Windows from receiving the update has alarmed some experts who worry that they will remain vulnerable to computer viruses, worms and other forms of attack and will therefore be a threat to other computers.
Compatibility with other software could also prove a problem. Testing has shown that some programs will be incompatible and this could make companies reluctant to roll the update out to hundreds of desktop computers without rigorous testing.
But Wysopal suggests even individual users might do well to be cautious. "I think it is always good to install service packs soon after release but not on day one," he says. "I usually wait a week or so to make sure that there aren't serious compatibility issues."
These include a component known as RPC/DCOM, which allows computers to be managed remotely over a network but has been plagued by bugs and used to circulate worms.
Other enhancements are aimed at preventing "buffer overflow" attacks, which involve breaking into supposedly protected regions of a computer's memory by inputting excess data. SP2 will upgrade the core of the operating system to make buffer overflows less common and add compatibility so the system can work with new microprocessors designed to provide extra memory protection.
SP2 will also deactivate as default several features that have proven problematic. These include the Windows Messenger, a component designed to let administrators send messages across a network, which has been hijacked and used to send advertising messages.
HTML content in received emails will also be switched off. This is because spammers can use HTML to detect when a recipient has viewed an email to identify the most responsive targets.
Once the pack has been installed, a computer will also automatically check the content of email attachments, to ensure they are not executable files in disguise - a common trick employed by virus writers to get users to run untrustworthy code.
Although the software will be free to authorised users, Microsoft plans to stop those running unauthorised copies of its software from receiving the new upgrade. Those using serial codes associated with pirated versions of the operating system will be unable to download the new software.
The decision to block these versions of Windows from receiving the update has alarmed some experts who worry that they will remain vulnerable to computer viruses, worms and other forms of attack and will therefore be a threat to other computers.
Compatibility with other software could also prove a problem. Testing has shown that some programs will be incompatible and this could make companies reluctant to roll the update out to hundreds of desktop computers without rigorous testing.
But Wysopal suggests even individual users might do well to be cautious. "I think it is always good to install service packs soon after release but not on day one," he says. "I usually wait a week or so to make sure that there aren't serious compatibility issues."