Eight workers at Great Lakes Gas Transmission Co. in Troy, Mich., have XP Service Pack 2 on their desktops and seven more will have it in two weeks, said Kathleen Held, the company's senior network support specialist.
"So far, so good," Held said.
Gordon Corzine, principal
But if a recent study from Santa Cruz, Calif.-based research firm Evans Data is any indication, many of the bigger companies are still holding off, nervous SP2 won't get along with the patchwork of applications in their networks.
"In a larger enterprise, there are often many custom applications running on numerous machines, making integration more risky and uninstalling SP2, should it become necessary, a far more difficult and expensive task," said Dauren Tatubaev, an Evans Data analyst. "When in doubt, a wait-and-see attitude is the most prudent course of action."
Tatubaev interviewed 650 IT managers and software engineers from a variety of industries last month for the firm's Fall 2004 North American Development Survey, available to Evans Data clients for a fee. Seventy of them declined to discuss SP2, mainly because they use Linux-based systems, Tatubaev said. Of the rest:
- Eighty-six respondents -- 14.4% -- installed SP2 in the first week;
- Roughly 258 respondents -- more than 40% -- have delayed installation until more information can be gathered; and
- Thirty-eight people -- about 6% -- said they won't install it at all.
Smaller companies are the most likely to have installed SP2 within the first week, mid-sized companies are most likely to install it by year's end and larger companies aren't yet committed to the upgrade, Tatubaev concluded.
Microsoft rolled out SP2 in August after months of hype over its added security muscle, which includes a firewall that is turned on by default, recompiled Windows components that make the operating system more resilient to malware-induced buffer overruns, and improved Internet Explorer controls and user interfaces to block malicious ActiveX controls and spyware. At the time, most IT managers who were interviewed said they planned to deploy it very slowly.
Whatever misgivings larger companies have over SP2, Held and Corzine said their experiences have been largely positive.
"We've had some challenges. We're still struggling over whether or not to allow the firewall, and it has interfered with some of our Java applications. But overall we're having good luck," said Held, whose company has up to 200 employees, including four IT staffers. "SP2 even fixed a hang-up we were having with our Active directory. I don't know exactly what it did, but it was a pleasant surprise."
"Usually there is some confusion, learning and adjustment, but they have found it manageable," Corzine said of his clients, mostly three- to seven-person shops. "I regard it as like the Y2K experience… less disruptive than expected. As always, this presumes one had checked with ISVs (information security vendors) for any critical applications. I think we all have learned that you have to keep up with vendor changes."
This article originally appeared on SearchSecurity.com.