The Register

XP SP2 Delayed

If The Register is to be believed, XP SP2 has been pushed back till a year from now. And looking around the web, it seems other sites have picked up on this story too.

What are they thinking?

To look at how bad things really are, take a look at this Windows XP Post-SP1 Hotfixes list produced by MS. And if you do a wider KB search, you will see even more bugs (limited by the 150 max records that the asp page will actually return!). The Post SP1 patch page currently shows one hundred patches. But who knows if this list is up to date? And just how will home or small business users ever be able to work this out? And what large enterprise wants to devote this much tiem and energy?? If you buy Windows XP (RTM) today, or if you download it from the MSDN site, you get a CD with an almost lethal set of bugs. This version would simply not be safe to deploy on any network without patching it heavily. At an absolute minimum, you have to download SP1 plus a bunch of patches. Most of the OEM's seem to ship an integrated SP1 (which is helpful), but all my CDs are just plain RTM.

After getting SP1, you then need to go to Windows Update (or SUS) and add all the extra patches and validate that your system is both safe and functional. This is non-trivial. It's not only the sheer amount of patches you have to find and install, but you also have to test that you've not broken anything in the patching. Given MS's reputation and track record, testing is vital.

There's got to be a simpler way! Microsoft should offer to provide updated CD images for a relatively patched version of Windows XP (home, pro, and both rtm/msdn/vlk) - as well as every other key product (2003 Server, SQL, E2k3, etc). I don't want a bunch of CDs that are, in effect, dangerous!

No, the viruses are not Microsoft's fault. But I believe Microsoft has an obligation to make it simpler for customers. And as a matter of some urgecy.