Microsoft yesterday officially retired Windows XP Service Pack 2 (SP2), the company's most significant service pack, several security experts said.
"Windows XP SP2 was a game changer," said Wolfgang Kandek, chief technology officer of Qualys, a security risk and compliance management provider.
"SP2 was a major, major course correction by Microsoft," added John Pescatore, an analyst who covers security for Gartner Research. "It was the first time that Microsoft could tout Windows as being secure."
Microsoft set Tuesday as the end of support for Windows XP SP2, and used the day to deliver its final security patch. To receive any further fixes, security or otherwise, users must run XP SP3 or upgrade to a newer operating system, such as Vista or Windows 7.
"Customers who have not migrated from [SP2] are encouraged to upgrade immediately, either to Service Pack 3 or to Windows 7," said Jerry Bryant, a general manager with the Microsoft Security Response Center (MSRC).
The end of support for XP SP2 also marks the end of an era, security experts said today as they gave, if not eulogies, then best wishes and a retirement gold watch to the service pack.
"Compared to SP2, every other service pack has been just housekeeping," said Kandek. "Windows 7 SP1, which just went into beta, is just another SP."
When it launched in August 2004, XP SP2 was characterised by almost everyone as a departure from the norm because it wasn't only a collection of previous-released patches and hotfixes - the precedent - but also included new features, most notably in the security arena.
"It was the first service pack where Microsoft flat out said, 'There's a whole bunch of improvements here, and we're mixing them in with fixes," said Pescatore. "It's taken a lot of attention away from the [succeeding] service packs. Compared to XP SP2, recent service packs are not that big of deal."
XP SP2 received kudos for deploying Windows' first on-by-default firewall, a security-status dashboard, and the first-ever attempt at blocking attacks using DEP, or Data Execution Prevention.
It was also the first operating system released after Microsoft declared it would beef up Windows security, a reaction to just-as-public massive attacks by network worms, especially 2003's SQL Slammer.
"It is huge in my mind," said Richie Lai, Qualys' director of vulnerability research. "Turning on the firewall by default was huge at the time. SP2 essentially forced attackers to move up the stack to target client applications, not operating systems."
Jason Miller, the data and security team manager for Shavlik Technologies, agreed. "SP2 was the first time you got a true firewall embedded in Windows," he said. "Before that, firewalls were always considered strictly a perimeter defense. You were geeky if had a firewall on your machine."