News Stay informed about the latest enterprise technology news and product updates.

Enterprises should educate users before deploying Microsoft XP SP2

Despite significant advances in security software and configurations, experts say that Microsoft XP's Service Pack 2 (SP2) shouldn't be implemented without first educating the user base. Incompatibility issues are another concern.

Despite significant advances in security software and configurations, experts say that Microsoft XP's Service Pack 2 (SP2) shouldn't be implemented without first educating the user base about the potential ramifications of their decisions. Incompatibility issues are another concern.

"From the security manager's perspective, SP2 is certainly a step in the right direction," said Chuck Adams, CSO of NetSolve in Austin, Texas. "However, in practice, SP2 oversimplifies security management tasks and will likely cause significant disruptions to normal operating processes due to poor user choices -- especially in larger organizations with thousands of users."

Read all about XP SP2

XP SP2 finally arrives. Now what?
IT managers say they'll study Service Pack 2 very carefully before deploying it across their networks.

Keeping your cool during an XP SP2 installation
This desktop Windows refresh is no ordinary service pack, and its complexity will test the skills of administrators deploying it.

XP SP2 security features at a glance
A quick look at what you get once the security-oriented update is finally installed.

Expert: Test XP SP2 ASAP
Thanks to major changes to built-in firewall software, admins need to give the upcoming service pack a trial run now or face tribulation later.

Firewall is XP SP2's shining star
A network management expert and Windows MVP outlines highlights from the coming release of Microsoft's much-anticipated Windows XP Service Pack 2.

Adams said that with the release of SP2, Microsoft has empowered users to decide their own fate. A wealth of new endpoint security capabilities will be enabled by default, but users will immediately be prompted to make decisions. "Once SP2 is installed, users can locally configure their system security policies," Adams said. "While this seems like a good thing, there is little education or information available to associate any potential implications of making these changes. The risk is users' poor risk management choices because their system is prompting them with a decision to either allow or disallow certain types of activities."

This would lead to inconsistent application of policies on user systems because the new security capabilities are locally configured by users who may not understand what they should or shouldn't allow.

Additional concerns about SP2 are focused on interoperability issues.

"Set up a couple of test machines -- one representing a server, the other a desktop -- and install SP2 on them," recommended Eric Schultze, chief security architect for Shavlik Technologies LLC of Roseville, Minn. "Test it for a couple of weeks, then deploy SP2 and go about your business."

Schultze said the primary focus should be on the firewall function in SP2 and how it reacts with other applications. He said it's important to have it configured in a way that the administrator can have remote management.

"Some corporations may turn off the firewall. I don't believe that's a strong solution, though," he said. "Shavlik recommends installing SP2 and keeping the firewall running, but then configure it so you can still use the other ports and services you need. Leave the firewall running at all times. But at the office, have it configured so it'll only open ports and services needed for your business."

Adams agreed, "Test, test and test. Ensure defined system, operating system and software version standards exist, and quantify the exceptions identified through the testing process.

Small businesses may prefer other options and then a lengthy and expensive testing process.

Gordon Corzine, principal of Marblehead, Mass.-based Corzine IT Consulting, provides network security for businesses that typically have only three to seven employees. In an e-mail interview, he recommended contacting customer support for the software vendors that provide the most critical application(s) and asking them if they support SP2. If they say they support it, check whether the application needs to be upgraded or reconfigured to be compatible with the new release.

Dig Deeper on Microsoft Windows security

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.