Enterprises Hold Off On Microsoft Windows XP SP2

Sources say large corporations are postponing adoption of the second Windows service pack because of application compatibility problems and the extensive amount of testing required. Large companies also can do without XP SP2 for some time since they already have enterprise-level firewalls and other security applications, partners said.

"A lot of customers are holding off," said Todd Swank, director of marketing for Northern Computer Technologies, Burnsville, Minn. "This is bigger than a service pack."

ISVs in the desktop management space concur. "We've made greater inroads into small and midsize organizations, but no one with 500 seats and above is going to deploy now," said Brian Styles, CTO of ScriptLogic, Boca Raton, Fla. "The resellers that handle smaller accounts, like 100 and 200 users, are more aggressive with the rollout of SP2 because there's less risk."

Still, one survey released last week by research firm InsightExpress shows most larger organizations expect to deploy XP SP2 by mid-2005, even though more than 50 percent of respondents expect the process to disrupt business continuity.

Following the release of the security-oriented Windows XP SP2 to OEMs on Aug. 6—and to the general community a few weeks later—users encountered significant application incompatibilities due in part to the Windows firewall turned on by default.

In September, Microsoft gave businesses permission to block the service pack from automatic download until April 2005, allowing time for more testing. The original cutoff date was in mid-December.

Some unique drivers in the SMB market are spurring deployment. First, customers can implement XP SP2 more quickly because they have fewer applications to test. Plus, many SMB customers are more vulnerable to the problems XP SP2 aims to protect because they tend to have fewer security applications.

"An enterprise-class account will typically have adequate security procedures from a firewall perspective and also have appropriate intrusion-detection systems," said Phil Ernst, president of Convergence Technology Consulting, Bowie, Md. "Best practices cost money, and in some cases, too much for many SMB organizations."

Partners may drag their feet, but they may have no choice after 2005. OEMs are preloading Windows XP SP2 on most new PCs, and some claim Microsoft is making it increasingly difficult to access older versions of the Windows XP code. A Microsoft spokesperson said most recent shipments have been XP SP, but the earlier service pack is still available.

While enterprise customers take their time on SP2, SMB partners are feeling the push. "We've been slow to adopt XP SP2 across our client base, but most of our deployments will be taking place over the next 30 to 60 days," said Jason Harrison, owner of Harrison Technology Consulting, Nashville, N.C.

Redmond, Wash.-based Microsoft is taking heed of the problems that occurred with XP SP2 and will try to make the process easier for the security service pack planned for Windows Server 2003. Most significantly, the vendor will turn the firewall off by default in the server update, now due in the second quarter of 2005.