Microsoft Windows XP’s service pack 2 (SP2) may go along way to improving the security of the operating system, but the ease with which it grants users administrator access is still a concern for network managers.
Engineers Australia CIO, David Pruss, said SP2 “still can't save users from their own stupidity”.
“[SP2] continues to grant people ‘administrator’ access to a computer, [and] one mistake can take down the entire machine,” Pruss said. “This leaves Windows XP at a continued disadvantage compared with such competitors as Linux or Mac OS X.”
Having standardized on Windows XP Corporate Edition as its primary desktop over the past three months, Engineers Australia has downloaded SP2 and will quarantine it before it's installed in production.
“We have downloaded the file; however, it will now enter acceptance testing prior to deployment,” Pruss said. “The fact that it has all these wonderful patches [and] enhancements, we must ensure that all aspects of the service pack are tested to minimize the risk of corruption to in-house systems.”
Engineers Australia uses imaging during deployment to ensure consistency for all like systems, and Pruss recommends using the large file as “it is the most effective method of updating as the SP is applied to an image”.
Pruss said the security enhancements in SP2 are likely to be most beneficial, including Windows firewall, virus protection, file security, and those relating to Internet Explorer.
“Microsoft has taken the big step of providing native pop-up blocking in Internet Explorer 6,” he said. “This means possibly no longer having certain 'windows' appearing when surfing the Web. Like most, it seems that IE will block windows that try to open by themselves but will ignore those clicked to allow.”
Pruss also welcomed changes to IE that stop scripts from running in the browser by default on the local machine.
“This means that potential scripts in HTML files shouldn't cause issues for users,” he said. Pruss said he sees no value in updates to Outlook and Outlook Express as “we have a policy that these applications are not used in our environment”.
“Overall, the additions, removals, updates and enhancements made in SP2, show that Microsoft is keen to fix problems instead of getting their developers to work on new projects - such as Longhorn,” he said.
Brisbane Boys College IT director Afzal Shariff, who has also standardised on XP for the school’s desktops and notebooks, said the firewall and security enhancements with SP2 are welcome and it is an essential update.
“Microsoft should standardize it so we deal with one version, whether it is home, office or network,” Shariff said.
Shariff recommends Microsoft use people with “hacker” backgrounds to test the software before releasing it, because it is “painful to keep up with the patches and upgrades”.
“I would like to use open source and StarOffice but integrating everything with Microsoft is going to be a painstaking task,” he said.
Microsoft’s senior product marketing manager for Windows, Danny Beck, said the company examined many different issues and determined the priorities for SP2 based on customer feedback.
“We take customer feedback very seriously and that Administration issue will be addressed in the Longhorn timeframe,” Beck said. “We have to balance locking the machine down and giving users choice.”
Beck said SP2’s many security enhancements, including a granular firewall that is more configurable, will benefit corporate and home users alike.