I think PMCook had also commented on the issue justbill posted on, then I tried to reply and messed up my comment - haven't figured yet how to properly edit my posts. There goes the quality of my advice. My post disappeared anyway, so I guess no harm done, but I think PMCook's was mistakenly erased as well. Anyway, this issue has nothing to do with SP3 - it was around with SP2 as well. It has a lot to do with sloppy/lazy practices and cost cutting by PC manufacturers, HP prominently in this case. They built their machines using unsupported configurations, something that Microsoft had warned about in the past (I mean 3 years ago almost)
I'm typing this on an HP machine, one we've recently helped install for a major client, and we specifically advised against HP AMD-processor models for this reason. I don't have anything against AMD, just wanted to save the client's inhouse CGs unnecessary grief.
Something about SP3 and updates in general. First SP3, has very few new features, and the ones that it does have make XP more efficient and secure. Basically SP3 is a collection of all pertinent security, performance and stability updates since SP2, applied in a coherent manner.
Microsoft, just like Avaya, Siemens, Nortel, Toshiba, Apple, IBM etc etc has very specific reasons for making updates available. It also, like the other companies, provides very specific instructions on how to apply them, as it also provides very specific instructions on how in general its product is to be used, and the limits of its liability.
I'm always surprised when people who are knowledgeable about technology of any kind, treat a very complicated structure such as a modern general-purpose computer operating system as if it was a coffee maker (inside computer joke: a very widely used computer language called java was originally commissioned to provide the OS for advanced coffee makers and other such appliances
). Would any Avaya professional take Avaya's updates lightly? Would they not go over the bulletins and advisories with care, maybe talking to a rep etc etc before making a decision on whether to pass it down to their clients? Would they decline an update out-of-hand because some telephone users have (or think they have) some issues that may or may not be related to the update?
Years ago we were called into a medical practice whose computer system had almost collapsed after the application of many no-nos and bad user practices over the years. We fixed it up - it involved upgrading as well, and instituted proper usage policies. The senior partner was not happy to see our bill and insisted that Microsoft was to blame. That after years of abusing the product. I asked him if he knows what happens when a modern OS boots up - he didn't, obviously. So I asked him what happens when humans "boot up" daily when they wake up, and he rattled off a complicated series of procedures we go through in nanoseconds - diagnostics, corrective routines, comms functions etc etc before we even open our eyes.
Then I asked whether such a complicated system as the human body, on which he's an expert, should not be taken proper care of and be left at the whims and hearsay of all and sundry. He didn't misunderstand me. He paid us and they hired a fulltime CG.
Please look at this:
National Vulnerability Database This is the page with the recent items (scroll down). The most enthusiastic readers of this and similar sites are hackers and cybercriminals of all stripes. They don't have to waste time and energy into finding a vulnerability, they are published and decribed in detail already. The bad guys know that the average PC/network will be unprotected against some vulnerability for days, weeks, months after it becomes public - because, among other things, people won't apply the proper updates. It doesn't take long either - if you know a business is in real estate, they may be using "EMO Real Estate Manager" (that's vulnerability #CVE-2008-2265). It's so easy, it's like stealing from a church.
Sorry for the long post. There goes my lunchtime.
