A Microsoft employee is warning Windows XP users not to download an unofficial version of Service Pack 3 (SP3) posted on TheHotfix.net. Mike Brannigan, a senior enterprise strategy consultant at Microsoft, posted the admonition on a Microsoft user newsgroup.
Brannigan cautioned users that downloading the service pack prior to the official release could harm their computers and "will also put you out of support from Microsoft or an [original equipment manufacturer]." Brannigan said the unofficial SP3 consists of a compilation of hotfixes -- small patches designed to correct specific problems -- and other updates Microsoft has released.
Of concern to Brannigan was the inclusion of private hotfixes, which usually are not tested as rigorously as updates provided to the general public.
"Just installing all the 'privates' on your PC may make your machine less stable," Brannigan wrote. "Frankly, this 'package' should be avoided and you should continue to use Windows Update and the download site."
In his defense, Ethan Allen, TheHotfix.net's creator and administrator, said he stands by the XP SP3 download provided on his site. He admitted that it is not an official service pack but said the hotfixes included in his version were an accurate preview of the upcoming official service pack.
Brannigan disagreed. "Anyone who installs this thinking they are getting SP3 (even as a preview) is being grossly misled and is posing a significant potentially nonrecoverable risk to their PC and data," he wrote.
For its part, Microsoft said that its priority is Windows Vista, the next major release of its operating system. While the company does have plans to release XP SP3, it has not provided details on what the service pack will contain. Microsoft issued a statement saying that the "content on TheHotfix.net does not represent Microsoft's plans for Windows XP SP3."
Some analysts said that people who download anything from an unofficial site are playing Russian roulette on their PCs. Robert Ayoub, an analyst at Frost & Sullivan, said consumers always should be wary of content posted online. Although the unofficial SP3 download could be interesting to "certain administrators in certain test environments," it should be avoided by the public at large, he said.
"It's not a bad thing that [Allen] did this and it is probably interesting for a certain group of people," Ayoub said. "But for the general public, it is not a good idea."
Graham Cluley of Sophos concurred. "We have seen several instances in the past when malware has been distributed in files claiming to be fixes or patches from Microsoft."
Microsoft has been criticized over the years for releasing products and patches with flaws. While Microsoft issues monthly updates, service packs are more comprehensive. Traditionally, they include a major upgrade or changes in functionality; for instance, XP SP2 included firewalls and the security center.
Ayoub pointed out that if the software giant is not ready to release XP SP3, there is probably a valid reason. However, he said, the company would do well to keep its customers better informed about the process.