SP2: The good, the bad and the ugly
- By William Jackson
- Sep 10, 2004
Microsoft Corp.'s release of Service Pack 2 for Windows XP is creating both challenges and opportunities for users.
The challenges have come from compatibility issues with existing security products that must interact with XP's new Security Center console.
'It's not really a conflict, it's just the tie-in,' said Sam Curry, vice president of eTrust security management solutions for Computer Associates International Inc. 'It's not leveraging the full functionality' of the Security Center.
Microsoft has linked with Internet2 to let users download SP2 over the test bed network. This will give the network's administrators a chance to study the process.
'We worked with Microsoft to set up a very interesting test of large-scale distribution of software over a high-performance network,' Internet2 spokesman Greg Wood said.
SP2 is one of the first fruits of Microsoft's 2-year-old trusted-computing initiative. It updates the Windows XP operating system with stronger default desktop security settings and the new Security Center management console. The company also has reworked Windows' built-in firewall and fixed buffer overrun problems in Internet Explorer.
Distribution of the update began last month through automatic updates and downloads from Microsoft's Web site. Microsoft plans to make SP2 available on CD this month.
Enterprise users have begun the sometimes lengthy process of testing and evaluating the software before deployment. Most enterprises have warned their users against downloading and installing the service pack on their own.
Microsoft also is advising users to check systems for spyware that could cause computers to freeze up when SP2 is installed. Covert programs that track a user's online behavior and often deliver pop-up ads are called spyware. PCs should be scoured of the offending software before installation of the service pack.
Security consultant Mi2G Ltd. of London reported in the early days of SP2's distribution that its customers also were having problems with some legitimate software, such as firewalls, antivirus tools, intrusion detection systems and anti-spam filters.
'SP2 is playing havoc with tried and true security regimes and third-party applications,' Mi2G executive chairman D.K. Matai said.
'Havoc' may be a bit strong, some vendors say. Like Computer Associates, most vendors consider the problems to be with the tie-in to the Security Center rather than with functionality of the software. The console either does not see a product installed or cannot report its status.
Most current versions of CA software are ready to integrate with SP2, Curry said. The exception is eTrust EZ Armor, a consumer firewall. The next version of EZ Armor, due later this month, will fully support Security Center.
Donald Kleinschnitz, vice president for product delivery at Symantec Corp. of Cupertino, Calif., said he has not yet received any customer feedback.
'There are some products that require a live update' to fully integrate with SP2, he said.
Not all of those updates are available. Security Center cannot tell whether the non-updated products are operational.Speedy delivery
Microsoft has established a 2.5-Gbps link from its Windows Update site to the high-performance Abilene backbone. The link, part of the Internet2 Advanced Content Distribution project, will create an alternate download route for users at 225 Internet2 member institutions.
Researchers will study the performance of the nationwide network carrying the downloads.
'It turns out that one of the key questions that comes up is how to distribute large files to lots of people over a high- performance network,' Wood said. 'Once the information starts flowing, we'll be able to analyze that.'
Abilene is a backbone for Internet2, a collaboration be-tween government, academic research institutions and industry to develop high-performance networking. The backbone is operated by Indiana University, Qwest Communications Inc. of Denver and Juniper Networks Inc. of Sunnyvale, Calif. In February, the 13,000-mile network was upgraded from 2.5-Gbps OC-48c circuits to 10-Gbps OC-192c.
Because of its size and the number of potential users, SP2 offers a chance to study its impact on the network. The service pack is a major security upgrade that involved rewriting about 5 percent of the millions of lines of code in the Windows XP Home and Professional operating systems. The complete download is 226M that Microsolft has broken into files ranging from about 70M to 92M.
William Jackson is freelance writer and the author of the CyberEye blog.