Windows XP key to Microsoft's secure computing

Microsoft has delayed the launch of its improved software update services and advised all non-Windows XP users, including those using Windows 2000 desktop, to upgrade if they want secure computing.

Windows Update Services, the successor to Software Update Services 2.0, which automatically patches Windows code, is delayed to the first half of 2005 after a first public beta later this year. The beta had been due to appear this summer preceding an autumn release.

But Windows Service Pack Two (SP2), itself delayed from May but now due out next month, only covers Windows XP, leaving Windows 2000 and 9x desktop users without the latest security improvements.

No date has been given for an equivalent service pack for older operating systems.

"If we have to make a decision over time to market or quality we always choose quality, especially on security," said Mike Nash, head of Microsoft's security business and technology unit.

Some of the key enhancements to Windows Update Services include more intelligent patch management and the ability to restart patch downloads if a system crashes. Users currently have to begin the whole download process again.

Microsoft is aware of the security hole left by the delays. "[Microsoft is] working with third-party vendors to help improve security for Windows 9x and 2000 customers. In the meantime, we recommend those customers employ a third-party firewall and antivirus software," said a spokesman.

But Nash said: "Our best advice to customers is to upgrade to XP if they want security." And he had worse news for those still using Windows 98 and earlier.

"Some of the advances seen in SP2 can't be got on Windows 9x because of architecture and systems involved. For example, Windows 98 is based on Windows 95 code, which was built in the early 90s before security became an issue."

Nash said that customers were getting the message about software updates. Last year 90 million users got updates from Microsoft, a 400 per cent increase on the year before. And in the same period 150,000 corporate servers were also set up to patch automatically.

Microsoft has pledged only to provide critical security updates for Windows 98, Windows 98 SE, and Windows Me until 30 June 2006. Users have to specifically request non-critical security fixes through the company's On-Demand Security Hotfix support unit.