By delaying automatic distribution of its Service Pack 2 upgrade for Windows XP, Microsoft Corp. has highlighted the fact that its Automatic Update service is a double-edged sword for corporate IT departments.
Automatic Update allows Windows PCs to download and install Windows updates and
patches on their own from a Microsoft server or an intermediary in an organization’s own IT shop. IT managers call it a valuable tool in keeping up with software updates and guarding against known security vulnerabilities – but they tend not to take full advantage of its ability to install updates automatically because of the risk that a patch will cause problems with custom software, old applications or even Windows itself.
Michael Cherry, lead analyst at Directions on Microsoft in Kirkland, Wash., said IT managers should handle patches with care. “”Microsoft is working to improve the quality of their patches,”” he warned, “”but there have been patches in the past that they have had to recall or reissue because they found that when they patched one thing they broke something else.””
Even Microsoft says IT managers are right to be cautious, especially with a major upgrade like Service Pack 2.
“”For sure, what an organization should be doing is testing their applications in this new environment,”” said Elliot Katz, senior product manager, Windows client, at Microsoft Canada Co. in Mississauga, Ont. Katz said an organization with an IT department or other technical expertise would be wise to install patches or updates on one or a few systems and test key applications before distributing the changes to other machines.
But if an organization is not going to do such testing first, Katz said, Microsoft advises turning on Automatic Update so that critical updates reach its PCs as soon as possible.
Microsoft notified customers by e-mail early this week that Windows XP Service Pack 2 would not be downloaded to PCs through the Automatic Update service until August 25. It had originally been scheduled for this week.
Katz said Service Pack 2 is a critical update and customers should install it as soon as possible, but Microsoft delayed offering it as an automatic update because of feedback from customers. Some customers want more time to test the changes in their environment, he said. For those who want to delay further without turning off Automatic Update, Microsoft is offering a utility on its Web site at http://www.microsoft.ca/technet/winxpsp2 that will stop the service pack from downloading. The same site contains further information about SP2, he added.
IT managers contacted by ITBusiness.ca said they are usually cautious about patches and updates.
Francis Kopke, IT manager at Blastech in Brantford, Ont., said his company has had problems in the past with automatic updates to a server disabling a database application. After that the protective coatings company turned off Automatic Update on servers, though it still lets client PCs update themselves, Kopke said. That’s better than relying on users to install patches, he explained, because “”most of them weren’t doing it.””
When patching servers, Kopke said, “”I always contact the (application) vendor first to make sure everything’s okay. Only the paranoid survive.””
Bryan Rawson, chief information officer at Golder Associates, a Toronto-based group of engineering and environmental science companies, said Automatic Update “”is probably one of the most significant benefits that we have realized from our installation of Windows Server 2003…. It really has allowed us to take what used to be days if not weeks of effort down to hours.”” But software updates don’t go directly from Microsoft’s servers to Golder’s PCs. Instead Golder downloads updates, tests them, and then posts them to an in-house server from which its own PCs draw their updates.
“”It’s a fabulous service but it does require a maintained approach,”” said Rawson. “”You have to be aware of what you’re putting into the update servers that your workstations are drawing from.””
The Town of Banff, Alta., also stages updates to a single server first. “”Every couple of weeks I’ll go through and I’ll approve the patches,”” said Dallas Firlotte, the town’s assistant IT co-ordinator. Banff has had few problems with updates, Firlotte said, but he thinks Service Pack 2 might be different. “”I’m expecting a lot of problems actually. A lot of our applications unfortunately are old.””
Cherry has already installed Service Pack 2 on his own PCs. He said the update caused minor problems – a Universal Serial Bus mouse sometimes doesn’t work properly when Cherry’s laptop comes out of hibernation, and “”it has difficulty reporting the correct status of my Norton Antivirus.”” These are mere annoyances and the benefits of Service Pack 2 outweigh them, Cherry said.
He said he uses Automatic Update but has set it to download update files and then notify him, leaving him to choose whether to install them.
Cherry added that Microsoft’s designation of patches as “”critical”” is sometimes questionable. For instance, he said, there were complaints earlier this year because a font supplied with Windows contained a swastika symbol. “”Microsoft called the patch to remove the swastika a critical patch,”” Cherry said. With many patches, he suggested, IT managers might wish simply to wait a couple of weeks to see if problems are reported.