THE TECHWEB SPIN: Necessary EvilMicrosoft's WinXP Service Pack 2

Welcome Guest. | Log In| Register | Membership Benefits

July 19, 2004 (7:35 AM EDT)

THE TECHWEB SPIN: Necessary Evil—Microsoft's WinXP Service Pack 2
THE TECHWEB SPIN: Necessary Evil—Microsoft's WinXP Service Pack 2

By Scot Finnie ,

I'm on record as saying that everyone should install Microsoft's forthcoming Windows XP Service Pack 2. The ambitious security-centric upgrade to Windows XP offers a necessary change in the way Windows XP operates, bringing it up to date with the security realities of 2004. Service Pack 2 is, overall, a good thing.

But it might also be described as a necessary evil. Why? Windows XP Service Pack 2 represents the first real evidence that security threats will not only profoundly change the way IT departments operate, but the way 95 percent or so of the world's computer users work with that most fundamental of applications: the Web browser. And the biggest consequences fall on the shoulders of businesses and organizations, whose Web sites, intranets, and Web-based enterprise apps have relied on the freedom and functionality extended by the more lax security of previous versions of Internet Explorer.

In getting a little bit tougher on security, Microsoft is requiring literally thousands and thousands of Web sites and millions of browser users to alter the way they work with Internet Explorer.

The result of the changes may catch us by surprise. They have not been clearly stated by the computer press, mostly because it's difficult to both understand and predict their effect in the real world. But also, it's because the security need is so pressing that reviewers may be cutting Microsoft some slack. After months of using Service Pack 2 in various pre-release variations, it's clear to me that, while Microsoft has done a lot to minimize its far more security-aware new browser, there will be problems.

The version of Internet Explorer 6 that will ship probably in late August as part of Service Pack 2 is really the first mainstream end-user product to come after a profound shift in thinking at Microsoft. The MS Blaster worm forever changed the software giant. There's a new-found siege mentality about security in Redmond. Concern over the user experience is taking a backseat now to concerns about security. (Indeed, UI's priority might as well be way back in the rumble seat in Service Pack 2.)

One of the shifts in thinking boils down to this: Any unknown Web address is presumed guilty instead of innocent. It is fairly easy, however, for IE users to mark any Web site (or intranet address or Web application) as innocent, or acceptable. But those decisions are made on a case-by-case basis, and they are saved by the machine, not by a person. Over time, this will create headaches and will eat up employee time with a whole new list of management needs, all for the humble Web browser. And you can be sure that overworked IT help desks will be taxed with new calls about things users don't understand. The Web browser has become a universal business tool, one that heretofore had been a no-brainer. A problem, to be sure.

Browser-War Pyrrhic Victory?
While giving some IT departments fits, this new wrinkle might cause more advanced users, in particular, or even enterprises as a whole to move away from IE toward the waiting arms of Mozilla and Opera. The new IE could create problems for Web sites that provide excellent services we've come to rely upon or make regular use of. No matter how you look at it, the forthcoming IE 6.0 is a very different beast under the hood from the one most people are using now.

Make no mistake: Mozilla's Firefox, due out in its first finished release as version 1.0 this September (serendipitous timing or planned?), is one hell of a fine browser that, on paper, could give IE a run for its money, though the market-share realities make that virtually impossible. Even so, it's a solution that enterprises should evaluate as an alternative. Firefox is apt to be less of a security risk than pre-XP SP2 Internet Explorer and won't foist a lot of security-management overhead on users.

Microsoft has also not taken this opportunity to upgrade the features of Internet Explorer 6 in any real way, other than to add a pop-up blocker. The two things IE lacks most are full compliance with Internet standards, like CSS, and tabbed browsing. Mozilla and Opera are both in far better Internet-standards compliance than is Internet Explorer. Microsoft should fall in line on standards. To many Web developers, it is criminal that they have not done so. And tabbed browsing, the ability to open multiple Web-page windows inside a single instance of the browser program—that is, letting you tab among them much the way you tab among Excel worksheets—is a feature offered by almost every other major and minor Windows browser. Microsoft's complacence about updating IE is irksome at best, given the history of the battle for browser market share.

Takeaways
The security changes for Internet Explorer are just one aspect of added overhead caused by the shift to higher security levels in Windows XP Service Pack 2. Networking and remote-access functionality, downloads, attachments, and many other areas of the OS have new security changes. The code that makes up Windows has also been created in a way that makes it a tougher nut. Collectively, these are all good things; Windows XP Service Pack 2 is not a bad release.

But just as it was late in coming to the Internet party a decade or so ago, Microsoft was late coming to the security soiree. Service Pack 2 is by no means the last word on desktop-Windows security. As the software giant feels its way through the security minefield, it's clear there's an essential tension between two conflicting priorities: end-user ease of use and accepted Windows conventions, and solid security measures.

Many ways of working in Windows that people have grown accustomed to—like logging in and working perpetually as "Administrator"—will likely change in coming versions of Windows in the name of security. Changes for security sake are no longer optional; they must be done. And that means Microsoft will have to alter the user experience in ways that will at times perplex and frustrate an absolutely huge installed user base.

It's not going to be easy. The changes for WinXP SP2 will probably work better for consumer users than for enterprise users. That seems to have been the underlying rationale for this update to Windows XP. You can think of the service pack as Windows Security 1.0 from Microsoft. Hopefully they'll get it right by the third time—and that 3.0 version will be known by another name: Windows Longhorn.

Scot Finnie is editor of the TechWeb Network's Pipeline collection of Web sites.

TechWeb's editors are busy assigning and editing and linking and otherwise creating the content you see on TechWeb.com and the Pipeline sites, but we wanted the chance to tell you what we see and what we think about it directly. So, each week, The TechWeb Spin will bring you the informed insight and unique perspective of a different TechWeb editor: Fredric Paul, Scot Finnie, Tim Moran, Stuart Glascock, and Mitch Wagner. We hope you like it, and even if you don't we hope you take the time to tell us what you think about it.

Check out The TechWeb Spin Archive.

Email This Story

Print This Story

Reprint This Story

Tag in Del.icio.us

Digg This

Technology News

More TechWeb News

Bookmark this site!

Try TechWeb's RSS Feed!
(Note: The feed delivers stories from TechWeb.com only, not the entire TechWeb Network.)

Exclusive Resources

Forrester Research: Unified Communications Delivers Global Benefits

Yankee Group Research: Unleash The Hidden Power Of Your SMB

Yankee Group Research: Wireless Broadband Networking for SMBs

FREE Download: Spiceworks IT Desktop Network Management Software

Mobility In Small and Midsize Companies

CAREER CENTER

Ready to take that job and shove it?
Open | Close

SEARCH

Function:

Keyword(s):

State:

Post Your Resume
Employers Area
News & Features
Blogs & Forums
Career Resources

Browse By:
State | City

SPONSOR

RECENT JOB POSTINGS

University of San Diego seeking System Administrator 2 in San Diego, CA
Hebrew Senior Life seeking Network Analyst in Boston, MA
Cirrus Design seeking Web Architect in Duluth, MN
Comcast seeking Tier 4 CRAN Network Engineer in Chelmsford, MA
Lowe's seeking Network Engineer II in Mooresville, NC
For more great jobs, career-related news, features and services, please visit our Career Center.

CAREER NEWS

10 Search Engines You Don't Know About

Go beyond Google and get vertical. These specialized search sites will help you find the business information you need -- fast.

Yahoo Profits Fall 23%, Cuts 1,000 Jobs

Ari Balogh was named to the post of chief technology officer as the companys for a "realignment" of employees.

More Articles From Our Career Center

Advertisement

Specialty Resources

VIEW ALL BRIEFING CENTERS

Featured Microsite

Related Links

Microsoft To Reissue Scratched Mac Office Update
Microsoft Offers Free Trial Of Office 2007 Enterprise
Salesforce Taps ISVs To Feed The Growth Beast
Google's Holiday Wish May Come True: An Online Clone Of Microsoft Office
Google Customizes IE 7, Posts Firefox Toolbar Beta
New IBM Software Will Help The Blind Use Computers

Microsites

Featured Topic

Additional Topics

Crush The Competition

TechWeb's FREE e-mail newsletters deliver the news you need to come out on top.

Techencyclopedia

Get definitions for more than 20,000 IT terms.

Techwebcasts

Editorial and vendor perspectives

Vendor Resources

Focal Points

Free Newsletters

TechEncyclopedia

TechCalendar

Opinion

Research

Careers & Workplace

Webcasts

About Us

Contact Us

Mobile Tech News

Software Tech News

Security Tech News

E-Business Tech News

Management Tech News

Networking Tech News

Hardware Tech News

Terms of Service

Copyright ©2008 United Business Media LLC

Privacy Statement

Your California Privacy Rights

Technology Marketing Solutions

Feedback