From: Shilt, Christopher K (Christopher.ShiltRELIZON.COM)
Date: Fri Aug 06 2004 - 16:06:47 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Not much has been said about a fundamental shift in Microsoft's policy
regarding deploying Service Packs through Automatic Updates, but Microsoft
is planning on deploying Windows XP SP2 to computers configured to receive
updates using Automatic Updates. Previously, Microsoft's policy in regards
to Service Packs and Automatic Updates was that Service Packs were not
deployed with AU and had to be installed separately. The following is a
quote from Microsoft's Windows Service Pack Road Map
<http://www.microsoft.com/windows/lifecycle/servicepacks.mspx>:

"Automatic Updates in Windows XP Professional and Windows XP Home Edition
can keep your computer up to date with the latest hotfixes. However, service
packs are not automatically deployed at this time. You will need to visit
the Windows Update website manually to install the Service Pack."

It is now apparent that Microsoft will, in fact, begin deploying Service
Packs with Automatic Updates as referenced by Microsoft's Security website
<http://www.microsoft.com/athome/security/protect/default.aspx>:

"Coming Soon: Windows XP Service Pack 2
Microsoft is preparing to release a free update for Windows XP that provides
better protection against hackers, viruses, and worms. The best way to
ensure you get Windows XP Service Pack 2 when it is released is by turning
on Automatic Updates today. You can use our step-by-step instructions or, if
you prefer, let us do it for you."

Given that the nature of SP2 is not your run-of-mill hotfix rollup, this
policy shift is, in my opinion, a reckless policy that will cause a lot of
Microsoft's corporate customers harm. The reason being that a large
percentage of Microsoft's customers use Automatic Updates as a patch
management solution. Take the results of NTBugraq's poll regarding patch
management solutions <http://www.ntbugtraq.com/patchresults.asp> as an
example. This poll had 5,273 respondents, 1241 (23.5%) of which replied that
they use Windows Update (AU) to deploy their critical updates.

The scope of changes that Windows XP SP2 will have on customer's is detailed
at Microsoft's Windows XP Service Pack 2 website
<http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/winxpsp2.msp
x>. Simply put, it WILL affect the way that Windows XP workstations behave,
how they operate with SMS, SQL & MSDE, and more.

Regardless of the press that has been made of SP2's imminent arrival, for
Microsoft to "force" SP2 on customers has the potential of causing as many
(or more) problems as the security issues that they address. Undoubtedly,
these security enhancements are needed, but at what cost should they be
"forced" on customers? There is the very real possibility of customer's
losing money and productivity as SP2's "enhanced security infrastructure"
causes IT workers worldwide to address the "changes in functionality" that
SP2 will bring into effect.

It is my opinion that Microsoft should NOT change their Automatic Updates
policy in regards to automatically deploying service packs. If you agree
with this opinion, please contact your Microsoft representative and make
your feelings known.

Respectfully,

Chris Shilt
Systems Administrator
The Relizon Company

-----
NTBugtraq Editor's Note:

Want to reply to the person who sent this message? This list is configured such that just hitting reply is going to result in the message coming to the list, not to the individual who sent the message. This was done to help reduce the number of Out of Office messages posters received. So if you want to send a reply just to the poster, you'll have to copy their email address out of the message and place it in your TO: field.
-----

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]