Microsoft Releases Service Pack 4

After almost a year-and-a-half of posturing, Microsoft Corp. finally unveiled its long-awaited Service Pack 4 (SP4) for Windows NT. In addition to patching a number of acknowledged bugs and other problems, SP4 is said to include scalability improvements and a slew of new features, including a new Security Configuration Manager (SCM) that Microsoft says will ratchet-up security on the Windows NT platform. Although the Redmond, Wash.-based software giant positions SP4 as an addition that strengthens the existing Windows NT 4.0 code base, many IT managers have expressed reservations, however.

SP4 was released at the fall Networld+Interop show in Atlanta. At the time, Jim Allchin, senior vice president of Microsoft’s personal and business systems groups, hyped SP 4 as @@Ithe@@SR reliability and scalability release for the Windows NT operating system. "The number one request from customers was to deliver a single source of all bug fixes and focus on improving the overall quality of the platform with Service Pack 4.0," Allchin indicated. "We are pleased to deliver these core updates and provide customers with the most reliable version of Windows NT to date."

SP 4 incorporates all of the bug updates and fixes issued by Microsoft during the ensuing year-and-a-half since the appearance of SP3, the last major service pack update to the Windows NT operating system. SP 4 also includes new support tools for the Windows NT operating system, such as Kernel Debugger Extensions, Pool Enhancements and a Kernel Memory Space Analyzer, a tool that Microsoft says enhances the supportability of Windows NT by providing advanced tools for crash dump analysis.

Still further, SP4 features new support for Microsoft’s Web-Based Enterprise Management initiative, as well as improved interoperability with the NetWare operating system from Novell Inc.

But many of SP4’s new features and technologies are causing some anxiety among end users and analysts, especially because Microsoft announced in October 1997 that forthcoming Windows NT service packs would introduce only integrated bug fixes and core operating system updates. At the time, the software giant indicated that new Windows NT features would be implemented through the medium of Windows NT Option Packs, the first of which was introduced in December 1997.

With the SP4 release, Microsoft has ostensibly backed away from such a promise, says Rob Enderle, a senior analyst with consultancy the Giga Information Group (Santa Clara, Calif., ). Enderle expresses concern that the introduction of new features in SP4 could additionally compromise the stability of the Windows NT operating system. "This is one of the practices that makes us very nervous about NT," Enderle maintains. "Microsoft has been slipstreaming features into NT 4 service packs for some time, a practice that we believe is counter to what a service pack is supposed to do and creates additional instabilities in what is supposed to be Microsoft's most stable platform."

Phil Cox, a staff member with the U.S. Government's Computer Incident Advisory Capability (CIAC, Livermore, Calif., ), is one IT administrator who worries that some of SP4’s additional features will likely introduce new security problems. "There is a major functionality issue with the new ability of DCOM to tunnel over TCP/IP port 80," Cox observes. "This has the potential to circumvent most firewalls in place today, as far as COM/DCOM is concerned. I am personally worried about the ramifications of this."

One of SP4’s most highly touted new features is the SCM, a tool that allows administrators to more easily lock down client workstations and servers. Many Windows NT systems administrators such as David LeBlanc, a senior Windows NT systems engineer with security software vendor Internet Security Systems Inc. (Atlanta, ), feel that the SCE could be SP4’s most significant value-add. "The new Security Configuration Editor provides significant new functionality, and will be helpful in maintaining a consistent security posture across the enterprise," LeBlanc maintains.

But even when Microsoft has delivered a new tool that the most IT managers believe that they can use, problems have arisen. The SCE isn’t available in the downloadable version of the service pack, for example, and wasn’t initially available for download from Microsoft’s FTP site (

For Phil Cox, a staff member with the U.S. Government's Computer Incident Advisory Capability (CIAC, Livermore, Calif., ), such an oversight on Microsoft’s part was a big disappointment. "The SCM -- security configuration editor/manager -- does @@Inot@@SR come in the download-only version of the service pack but is only available on the CD, which has a 3-4 week lead time," Cox acknowledges. "I was most displeased with this, as this was one of the @@Imajor@@SR functionality points for the SP release."