In a study of 136,000 corporate PCs, Canadian asset tracking firm AssetMetrix found that more than one-third of the computers were running Windows XP, but only 24 percent had installed the security-orientedupgrade.
Companies wereto jump to SP2 when it debuted last year, but the AssetMetrix study found that most companies weren't blocking SP2 entirely; they just had not upgraded in large numbers. Of the 207 companies that were using XP on at least 10 machines, about 40 percent were blocking SP2 universally. At the other extreme, about 8 percent had forced the SP2 on all XP-based machines as a matter of policy.
"Very few companies have drawn the line in the sand," said Steve O'Halloran, managing director of AssetMetrix Research Labs. "A good deal of the companies have a mixed environment."
Smaller companies were somewhat more likely to fully move to SP2, but in general most businesses tended to have it only on some sub-segment of their XP-based computers.
A Microsoft representative said the figures from AssetMetrix are in line with what the software maker had expected, noting that it anticipated deployment would take 12 to 18 months for many large companies.
The company said a survey it did late last year of 800 enterprise customers found that three-quarters of the businesses planned to deploy SP2 by the middle of this year. Among the companies Microsoft highlighted were Merrill Lynch, which plans to deploy SP2 across 50,000 desktops over the next several months and law firm Holland & Knight, which recently completed deployment of SP2 across all 3,500 desktops.
The report comes just as many businesses will suddenly find themselves with a lot more users of SP2. Until now, companies have been able to block computers from automatically downloading SP2 from Microsoft's server even as the machines continue to get other updates to Windows. However, as of April 12, that optionand all XP computers that have Windows XP's automatic update feature enabled will receive SP2.
Microsoft firstlast August. A month later, Microsoft allowing customers to block SP2 through April 12.
AssetMetrix is recommending that companies test and deploy SP2 ahead of the April 12 deadline. In addition to the security benefits, O'Halloran noted that SP2 is likely to be the only version of XP that will be compatible with Microsoft's forthcoming Internet Explorer 7 and that support for Service Pack 1 is slated to end late next year.
But O'Halloran said that many companies either haven't established a formal policy toward SP2 or were not enforcing that position.
"We're noticing a lack of coherence between what people want to do and what people are doing."
Even after next week's deadline, companies can still choose to avoid SP2 by using either a Microsoft or third-party program to have updates gathered from a company's internal server, rather than directly downloaded from Microsoft.