Windows XP SP2 could break existing applications

When Microsoft releases Service Pack 2 for Windows XP later this year, some software developers may find their applications no longer work on updated Windows machines.

Microsoft has made something of a trade-off with the update, focusing on security improvements at the expense of backward compatibility. The Redmond, Washington-based vendor is calling on all software developers to test their code against the beta version of Service Pack 2, or face the possibility that the update will break their handiwork.

Windows XP Service Pack 2 (SP2) is more than the usual roll-up of bug fixes and updates. It is also being used to make significant changes to the software that are designed to improve security. These changes can render applications inoperable, Microsoft warns.

"It may surprise some of the developers that we are changing some defaults, and that may affect the way some of the older applications run," said Tony Goodhew, a product manager in Microsoft's developer group. "Developers should absolutely be checking their applications against Windows XP SP2."

To help developers, Microsoft has created an online training course that details the implications of installing SP2 on Windows XP machines. The course covers the impact on existing applications and includes code samples. Microsoft has never before offered such a course with a service pack release, according to Goodhew. (http://msdn.microsoft.com/security/productinfo/XPSP2/default.aspx)

Large vendors of software are getting help from Microsoft to make sure their applications are compatible with SP2, Goodhew said. Smaller vendors and others, such as enterprise software developers, need to do their own testing. "It is really up to developers to do the due diligence," he said.

If developers do find that SP2 breaks their applications, it most likely means that they were not following best practices in terms of security when writing their applications, according to Goodhew.

"SP2 will break some applications because they are insecure," he said. "Security is important, and it is not just a Microsoft problem but a developer community problem. We all need to work together to create a more secure computing environment."

"It doesn't really matter how long it is going to take you to do the work; security is an important issue and developers need to start doing that work now," Goodhew said.

Although Microsoft said it has been informing developers about the implications of SP2, not all were aware of what the changes will mean for them.

"I'm afraid now, I have somehow missed this message," said a Windows developer who asked not to be named. "Was it buried in too many marketing messages? Was it dependent on me searching it out?"

But Patrick Hynds, chief technology officer at CriticalSites Inc., a Burlington, Massachusetts-based software development and integration provider, said Microsoft is not leaving any developers flat-footed. "I think Microsoft is doing enough, we're still months in advance and they are actively informing people," he said.

One place Microsoft is informing developers are the Developer Days, or DevDays, events it is hosting around the world. The first such event was held last month and many more are on the agenda. Hynds spoke at one of the first DevDays events.