Tangled Legacies: XP Service Pack 3 and Vista Service Pack 1

Microsoft announced earlier this year that there would indeed be a Windows XP Service Pack 3, but that it would be released in the first quarter of 2008 — almost three and a half years after XP Service Pack 2! “Why is it taking so long?” people shouted? My reply: Windows Vista — but not for the reasons you might think.

There’s no question that Microsoft has tried hard to make Windows Vista into its flagship desktop product, only to meet a great deal of resistance from end-users and system integrators alike. XP works fine, the critics say; why ditch it? To that end, Microsoft decided to extend XP’s lifetime as a desktop OS — mainstream support for XP will last until April of 2009, and all forms of support for XP will last until 2014. Thirteen years.

This brings up two questions: 1) Why the massive delay with SP3? And 2) has Microsoft shot Vista in the foot by extending XP’s lifetime? These questions are tightly interrelated, which is why I want to answer them together — and the answers I’ve come up with surprised even me.

The simplest explanation for why XP SP3 has been such a long time coming: Vista. That OS required a massive amount of effort on Microsoft’s part. So much so that the scope of what they were initially attempting had to be trimmed back (something commonly used as a point of detraction). The conventional wisdom was that so many of Microsoft’s development resources were redirected from fixing XP into building Vista that XP was getting short shrift. This is partly true, yet there’s another factor that isn’t being taken into consideration.

Related Columns

Hang On...Why Am I Still Using Windows? Behind The Curtain of Microsoft's 'Great Oz' Dell Challenges Virtualization 'Myths' Microsoft, Sun Green-Light Server Pact FREE Tech Newsletters Instant Messaging Planet HTML CIO Update CodeGuru Update Enterprise Networking Planet Practically Networked HTML Enterprise Storage Forum Text Enterprise Storage Forum HTML Optically Networked HTML Intranet Journal Update Datamation IT Management Careers Datamation IT Management Update Developer.com Update Gamelan Java Update Goodies to Go Javascript Weekly HTML JARS Java Update OpenSource Update SysOpt Tech Notes Grid Computing Planet HTML E-Security Planet Text E-Security Planet HTML Virtual Dr. Text

Vista was, and is, a public proving ground for their new security-centric software development process. After getting hammered on – and rightfully so – for allowing Windows and its attendant applications (mainly Internet Explorer) to become vectors for the delivery of an amazing array of malware, Microsoft dropped back a bit and retrenched. Windows, and Microsoft software in general, would have to become more secure, or it would simply not stand up in a world where security hazards are now being sold to the highest bidder. And so began the introduction of all the security features that current Windows users have taken for granted: the firewall, the locked-down-by-default behavior of IE, and so on.

Under that was another layer of security work conducted largely out of sight — but in many ways every bit as essential, if not more so. This involved an ongoing audit with new software tools to insure that Windows and Microsoft applications would be less vulnerable to common attack vectors such as buffer overflows. People giggled up their sleeves, but so far the results speak for themselves. Since their release, Office 2007 and Vista have not been vulnerable to many of the issues that affected earlier versions of Office and Windows in the same time frame.

Next page: Back-porting to XP