An initial Windows Service Pack provides patches and drivers missing from an initial release, traditionally signaling to businesses that the OS is safe to adopt. But Windows XP SP1 plugs a hole serious enough to make the update essential, even for users who have conscientiously downloaded XP bug fixes.

Microsoft Corp. confirms that SP1 fixes the little-known flaw, which proved trivially easy to exploit when tested. It allows files on an XP system to be deleted simply by the user's clicking on a link--which could be distributed by e-mail or on a Web page. XP users having trouble installing SP1 are plugging the hole using a utility from Gibson Research.

Future Support

Microsoft is looking to the future with SP1. The September release adds support for upcoming services--such as those offered by the still-emerging .Net framework--and devices like Windows XP Tablet PC Edition, Windows Powered Smart Displays, and XP Media Center Edition.

Microsoft also makes a small but welcome change to its controversial Windows Product Activation antipiracy technology, which monitors key hardware specifications for changes and locks you out if it sees enough differences to suspect you of having illegally installed your copy of the OS on a second PC. WPA now grants a three-day grace period before you must call a Microsoft rep to assure them you merely have a new motherboard, not a new PC.

To satisfy the terms of the November 2001 proposed antitrust suit settlement, Windows XP now lets you hide program icons--including those for some bundled apps dubbed middleware--though you can't remove them entirely. (For example, Microsoft has repeatedly said Internet Explorer can't be removed from Windows.) PC vendors using SP1 could begin selling systems that default to competing Web browsers, media players, and other middleware. Microsoft also restored support for the Java Virtual Machine (which Microsoft said it had removed from Windows XP because of a Sun Microsystems lawsuit).

I found the SP1 installation painless and error-free. To distinguish between the original and updated versions of the OS, check the Control Panel's Add/Remove Programs. In SP1 the applet sports a new 'Set Program Access and Defaults' section where you can specify programs to handle Web browsing, instant messaging, e-mail, media playback, and Java interpretation. You hide apps by deselecting 'Enable access to this program'.

In my tests with a shipping copy of SP1, I managed to banish all traces of IE, Outlook Express, Windows Messenger, and Windows Media Player from the Start menu, the desktop, and the taskbar. The new feature didn't do a great job of finding installed third-party programs, including Netscape and Mozilla browsers and QuickTime and Winamp players, but it didn't prevent them from functioning as default apps when I configured them as such.

You can get the 137MB update in its entirety from Microsoft's Windows XP SP1 Web page, or order it on CD-ROM for $9.95. All Windows XP users should get it, but if you've been downloading XP fixes all along, the Windows Update function will determine which elements you already have, and send only those you need.