Windows XP SP3 Postponed Until 2008

Rockgod quotes an article saying "With Microsoft now saying that its next major service pack for Windows XP will not ship until 2008, some Windows users are wondering whether the software upgrade will ever be released." and then later "Michael Cherry, an analyst with Directions on Microsoft, agrees that Microsoft may very well decide to drop XP Service Pack 3. "It absolutely could happen. Microsoft is under no obligation to produce any service packs, ever," he explains. "They feel that because these fixes are available through the auto-update that there's less need to create a service pack."

Available from autoupdate?

[Thansal]

I thought that the SPs were large(ish) changes that were not just a bundle of all the old patches. Forinstance, when ever I do a reinstall of 2K I need to first patch up to SP4, and then start the auto update stuff....

Oh well, I still don't use XP, and I am still confuzzled by MS.

Re:Could they at least...

[The MAZZTer]

Slipstream SP2 into your installation CD.

I don't understand how, but installing SP2 over a fresh SP0 install of XP causes the boot process to slow down to nothing compared to SP0's boot time, but if you slipstream SP2 onto an install CD and install from there, the boot process is now just as fast as SP0's. WTF? I still don't get how such an improvement is possible, but I'm swearing by slipstreaming now...

Plus it's convenient, since you have most of the updates already (By most I mean you'll only find 70 some items on Windows Update instead of 200).

Re:Available from autoupdate?

[viking099]

Service packs are largely comprised of all the service updates and software patches that MS releases between major service packs. They're basically a "catchup" package that allows people to ensure that their software is completely up to date up to a certain time. They occasionally bundle in extra stuff, but IIRC they didn't do that all too often before XP SP2.

Since people's machines are nominally downloading and applying these updates automatically, there's less of a need to release a "catchup" package, since most people are supposedly already caught up.

I did a reinstall last night

[Alphager]

It were 2 updates in the first run (new windows installer and new update-system), then 67 critical patches in the second run, then 6 critical patches in the third run.

Re:Sounds sensible

[HappySqurriel]

Honestly, a service pack is a pretty good opportunity to perform a more significant refactoring of a system then you'd want to on a weekly/monthy patch. Basically, if you have a security flaw (for example) a patch would plug the hole trying to limit the risk associated with this flaw whereas a service pack would actually try to fix the problem. The reason you'd want to do it in two stages is to increase the ammount of testing that is done on the larger fix.

Re:Sounds sensible

[Lonewolf666]

The whole SP thing is a throwback to the bad old days of 28.8k modems and CDs by post. Now we can add the fixes as they come along so why bother with a monolithic chunk of code that must be a testing nightmare for MS as well as corporate end users?

Because you can read the SP from a CD and have the fixes installed before you connect the computer to the internet at all.
In the past, there have been some security holes that could be exploited as soon as your PC is on the net, making it a race between the malware and the patches which gets to your PC first. Loading the SP from a CD removes this problem.

Why bother? I'll tell you why.

[Viol8]

Because downloading a single service pack is somewhat quicker for a new machine than it checking for every single update required and the longer an unpatched new machine is on the net the quicker it can get rooted. Plus with lots of little patches what you really end up with is myriad versions of the OS since not everyone will have every patch , leading to god knows how many minor (or not) glitches and issues with other software. A single service pack can be considered a fairly major OS upgrade which you either have or you don't have , your PC is either compliant or it isn't.

Obligation?? How about pleasing your customers!

[FridayBob]

But then again, without any real competition, why should they care? Once again, it's clear that Microsoft's primary obligation is to its stockholders -- you can be sure that they're doing the very best they can to maximize their profits.

Re:Service Pack vs. Hotfixes

[quantum bit]

The main reason is because service packs can do what they call "slipstreaming". You apply the service pack against the original install CD, create an image from that, and burn yourself a new CD. When you install from your new CD you already have everything that was part of the service pack, so you have a lot less that needs to be downloaded after the install is complete. Since the files on the CD were updated, it doesn't take any longer to install the OS than normal (versus waiting 15 minutes for an SP to apply even when it's local). Great for admins who frequently build machines.

Don't tell me to just use ghost or dd or some other disk imaging solution. I've found that a fresh install is a lot cleaner (no filesystem resizing / conversion, no SID issues, no cruft in your image from when you logged in to set stuff up). Combined with a script to tweak some default settings and group policy to automatically install the appropriate software, it's just as automated as an image and doesn't take much longer. Waiting for 70 security updates to install (even from a local WSUS mirror) is probably the longest part of the whole process.

Re:Available from autoupdate?

[theRiallatar]

I wasn't going to reply, but I kept seeing more and more of the same posts as I was reading through. Try a test. Connect a simple out-of-the-box router to a DSL/Cable connection with default settings. Connect an unpatched Windows XP SP0 machine to the router and make sure it has web access. Don't use that computer. See how long it takes to get rooted/malware. Answer? It NEVER will. Because the router blocks all unsolicited incoming traffic, unless you've monkeyed with the config to change this. The only way a computer can get rooted/malwared through a default-settings router is by stupid user tricks, or by another already infected machine on the NATed network.... which would have got infected by stupid user tricks.

Re:Personally I think they will kill it

[Anonymous Coward]

Why bother - autopatcher.com has everything you need a lot quicker than MS ever will, and doesn't use/install WGA unless you ask it to.

Re:Companies requiring high security

[MrLogic17]

Dude, ever hear of integrating hotfixes? Just like slipstreaming Service Packs, only smaller. When I deploy an XP machine, it doesn't need ANY updates. It's hours faster, and takes a large burden off your internet pipe.

It's written for 2k, but works for XP too...
http://www.microsoft.com/windows2000/downloads/ser vicepacks/sp3/hfdeploy.htm [microsoft.com]

Re:Could they at least...

[Shawn is an Asshole]

I did that when SP2 was released. What I'm talking about is the large amount of patches needed to apply against SP2 after doing a fresh install. There is a large amount of updates needed, here's a list:

Windows XP SP2 - Critical Updates
KB873339: Security Update for Windows XP (...extra text for lameness filter...)
KB885835: Security Update for Windows XP (...extra text for lameness filter...)
KB885836: Security Update for Windows XP (...extra text for lameness filter...)
KB886185: Critical Update for Windows XP (...extra text for lameness filter...)
KB887742: Critical Update for Windows XP (...extra text for lameness filter...)
KB888302: Security Update for Windows XP (...extra text for lameness filter...)
KB890046: Security Update for Windows XP (...extra text for lameness filter...)
KB890859: Security Update for Windows XP (...extra text for lameness filter...)
KB891781: Security Update for Windows XP (...extra text for lameness filter...)
KB893756: Security Update for Windows XP (...extra text for lameness filter...)
KB896358: Security Update for Windows XP (...extra text for lameness filter...)
KB896422: Security Update for Windows XP (...extra text for lameness filter...)
KB896423: Security Update for Windows XP (...extra text for lameness filter...)
KB896424: Security Update for Windows XP (...extra text for lameness filter...)
KB896428: Security Update for Windows XP (...extra text for lameness filter...)
KB899587: Security Update for Windows XP (...extra text for lameness filter...)
KB899589: Security Update for Windows XP (...extra text for lameness filter...)
KB899591: Security Update for Windows XP (...extra text for lameness filter...)
KB900725: Security Update for Windows XP (...extra text for lameness filter...)
KB901017: Security Update for Windows XP (...extra text for lameness filter...)
KB901190: Security Update for Windows XP (...extra text for lameness filter...)
KB901214: Security Update for Windows XP (...extra text for lameness filter...)
KB905414: Security Update for Windows XP (...extra text for lameness filter...)
KB905749: Security Update for Windows XP (...extra text for lameness filter...)
KB908519: Security Update for Windows XP (...extra text for lameness filter...)
KB908531: Security Update for Windows XP (v2) (...extra text for lameness filter...)
KB911280: Security Update for Windows XP (v2) (...extra text for lameness filter...)
KB911562: Security Update for Windows XP (...extra text for lameness filter...)
KB911564: Security Update for Plug-in do Windows Media Player (...extra text for lameness filter...)
KB911567: Cumulative Security Update for Outlook Express for Windows XP (...extra text for lameness filter...)
KB911927: Security Update for Windows XP (...extra text for lameness filter...)
KB912919: Security Update for Windows XP (...extra text for lameness filter...)
KB913580: Security Update for Windows XP (...extra text for lameness filter...)
KB914388: Security Update for Windows XP (...extra text for lameness filter...)
KB914389: Security Update for Windows XP (...extra text for lameness filter...)
KB917422: Security Update for Windows XP (...extra text for lameness filter...)
KB917537: Security Update for Windows XP (...extra text for lameness filter...)
KB917953: Security Update for Windows XP (...extra text for lameness filter...)
KB918439: Security Update for Internet Explorer for Windows XP SP2 (...extra text for lameness filter...)
KB918899: Cumulative Update for Internet Explorer for Windows XP SP2 (...extra text for lameness filter...)
KB919007: Security Update for Windows XP (...extra text for lameness filter...)
KB920214: Security Update for Outlook Express for Windows XP (...extra text for lameness filter...)
KB920670: Security Update for Windows XP (...extra text for lameness filter...)
KB920683: Security Update for Windows XP (...extra text for lameness filter...)
KB920685: Security Update for Windows XP (...extra t

For those who are worried about their darknets ...

[mmell]

Granted, installing WinXP followed by the latest SP's from CD-ROM is a secure way to install a machine with some measure of confidence that it won't be hacked immediately upon exposure to the internet, but . . .

Most people who are responsible for such systems are presumably intelligent enough to slipstream [vorck.com] the latest Service Pack AND all current security patches onto a WinXP installation CD which can then be used to install a machine - in fact, this would be the recommended procedure, as it results not only in the machine having the latest SP from the start but also all the miscellaneous security updates which have been published since the last SP.

Remember, a fresh install of Windows XP + Service Pack 2 is still vulnerable to known exploits. Being able to incorporate all the security updates which are available at the time the machine is brought online results in a signifigantly more secure situation (although Microsoft's well-documented history of ignoring certain inconvenient security holes until they get their collective nose rubbed in them would still make me nervous, personally).

Of course, this only works for i386 versions of Windows - from what I can gather, it's not possible to slipstream the x86_64 version. If I've got that wrong, somebody please correct me (and provide a link to instructions).

Re:Could they at least...

[Lumpy]

you CAN slipstream all updates into windows. I suggest you get up to speed where the rest of us have been for over a years now...

nlite [nliteos.com] integrates ALL patches, fixes, hotfixes, etc... into a windwos install CD. hell I can even automate the de-xpify process so I dont have to do it on every machine.

Service packs and traditional slipstreaming is very old hat as microsoft does not care anymore.

Microsoft keeps screwing up

[kerashi]

I live in a rural area where most of the people are on dialup. I like to provide my friends and family with the security patches so they need so they don't have to spend weeks downloading them through dialup. A service pack would make this job a LOT easier, but as it is I have to rely on AutoPatcher [neowin.net] to handle this.

Microsoft doesn't seem to want to make it easy. If you want to get your patches from Microsoft, you have to either use Windows Update on every single machine, or sift through hundreds of pages to individually download the updates you need. It shouldn't be that hard.

I have four computers running Windows. I want to download updates ONCE for all of them, without wasting bandwidth and without all the hassle that Microsoft wants to put you through to do that. AutoPatcher does this (and hats off to those guys for doing so) so why can't Microsoft get their act together and start putting out something similar?

Re:They're right, you know

[rincebrain]

AutoPatcher [autopatcher.com] to the rescue!

Go one step further

[Mitchell Mebane]

And slipstream this, too: RyanVM's Windows XP Post-SP2 Update Pack [ryanvm.net]. It'll take care of most of those updates left. Makes life a hell fo a lot easier.