Microsoft Corp.'s decision to release a major upgrade for its flagship operating system in the same month that hundreds of thousands of students are reporting to college campuses across the nation is causing a major headache for some universities.
The upgrade, known as Service Pack 2, is designed to patch numerous gaps in Windows XP, the operating system of choice for an estimated 200 million computer users worldwide. The free update includes safeguards against spyware and viruses, a hardened Internet firewall to keep out hackers, and changes to help better alert users to security risks on their personal computers.
The upgrade has received positive reviews for home use, but organizations running large networks have been more cautious, worried the update could conflict with certain applications already in use. Technology administrators at some universities have taken steps to block computers from automatically downloading the software. Not only do they want to conduct more tests on the patch, they fret their networks could slow to a crawl if too many students try to download the large file at once.
"The timing is extremely unfortunate," said Anne Agee, deputy chief information officer at George Mason University. "It wouldn't be so bad if we had gotten this more than a month ago, because at least then we would have had plenty of time to test it and make a decision about how we want to correct for this."
Instead, the Fairfax school is blocking automatic installation of SP2 on all faculty and staff computers because the update interferes with software that the university uses to run faculty PCs. Classes at George Mason start next week, and university officials are still debating whether to block students from installing the upgrade as well.
George Mason is not alone. Catholic University in Washington also has decided to temporarily block automatic downloads of SP2, according to Chief Information Officer Zia Mafaher. Officials at the University of Richmond made the same decision.
"Microsoft's timing really couldn't have been worse for us," said Chris Faigle, a security administrator at the school, where classes started yesterday. "For the faculty and students, we simply won't be able to handle all of the additional issues that would almost certainly come up in addition to just getting the students registered on the network."
Other schools across the country are taking similar action, from the University of Michigan's medical school to the University of Notre Dame in South Bend, Ind.
Notre Dame "didn't want SP2 to land on machines here at the same time the students descend on the campus," said Gary L. Dobbins, the school's director of information security.
College officials concede they cannot stop students from downloading the fixes before they arrive on campus, or attempt to do so manually once they plug into the network. However, some technology officials warn that such attempts may make it difficult for those machines to function properly on university networks.