That Windows XP's latest update, SP2, will break some applications, is unquestioned even by Microsoft. It even held back the service pack's release when it realised that one of its own applications would be affected.

But it's early days for SP2, which adds features, mostly concerning security, as well as fixes to the now-ageing OS. At this stage, finding sysadmins who have installed the released version of the service pack is not easy. That applies in spades if you're looking for anyone who has deployed it for real in a production environment of any size. And it's hardly surprising given the size and complexity of the update.

Because of the extensive changes that Service Pack 2 includes, the software giant has urged developers and IT professionals to test the update thoroughly. However, "it just seems that Microsoft doesn't quite understand how difficult this is to do," said Bill Lewkowski, CIO at Metropolitan Health, a company with 1,300 users recently migrated to Windows XP with SP1. "We can't do unplanned, unbudgeted service pack releases that are very similar to putting in a whole new version of an operating system," said Lewkowski. "I'm frustrated with Microsoft."

Randy Truax, a technical services manager at Metropolitan Health said: "I almost prefer just fixes, because if they start putting in new functionality that developers have to test their code against, it adds a lot of complexity for us." IBM has also instructed its users not to install it.

What can be gleaned though from those who have reported on their experiences to date is that the biggest concern centres around the new security features - hardly surprising since this is the main impetus behind the service pack.

Among the most obvious changes is the built-in firewall. Now on by default, it's likely to break applications if they use unusual IP ports to access applications, whether personal or corporate. In addition, the firewall is designed to activate much earlier in the boot cycle than before and remains on until after the IP stack is disabled, which may cause problems for users whose machines need to access network resources.

Tests suggest that there are some unusual and as yet unexplained features in SP2. For example, one test centre reportedly installed SP2 and found it caused BSDs (blue screens of death). Using Microsoft's own suggested procedure to roll back to a pre-installation environment, they found that it also uninstalled SP1, and "uninstalled every device that existed in the PC. Network cards, video cards and all system resources were uninstalled."

The test centre further suggested that SP2 is likely to break many security utilities such as anti-virus programs, firewalls and pop-up blockers. Utility vendor Symantec, supplier of the Norton brand of security products, implicitly confirmed this by issuing a statement in which it said it supported SP2 but added that it would also be releasing "a product update to provide native support for the Windows Security Center status utility found in SP2. This update will be available worldwide over the coming weeks and will enable Symantec products to communicate their status to the Windows Security Center utility."

In confirmation of an apparent incompatibility between SP2 and Norton products, one user reported that "the Security Center reports the Virus Protection entry as 'Checking Status - Norton AntiVirus report that it is installed, but its status is unknown.' However, if I check Norton directly, it's running fine."

Another forum user commented that "SP2 is installed and everything looks like it's working". However, people tend not to report on non-events and this provides no indication of how well SP2 will work in corporate environment.