After 12 April, SP2 was added to automatic updates, meaning anyone who didn't want it was forced to either upgrade and hope it didn't break systems, or block automatic updates.

Why is this such a problem? SP2 is a critical tool against the latest batch of spyware and malware installers. Home PCs are becoming bogged down with virus and malware installs, password-stealing trojans and bandwidth- hogging, multi-megabyte advert downloaders. There are teenage hackers pushing lethal bundles of adware in IM land, and many of the automatic-install techniques rely on the end-user running XP SP1 or (worse still), a version of XP with no patches at all.

The latest CoolWebSearch variants are incredibly difficult to remove. One of the few known antidotes to the IFRAME launchpad for these attacks is SP2. Can you say that the XP SP1 system on your desktop is running the SP1-specific patch to prevent these exploits?

Or do you want the potential nightmare scenario of your corporate environment accidentally stumbling into an "illegal content found in the office" situation?

Even if you're running XP SP2, there are now "fake" SP2 information bars that pretend they contain "essential" updates. And because the bar is effectively a slice of webpage code, no anti-virus or anti-spyware scanner will detect it.

You need to be able to trust the knowledge of your end-users, always the weakest link in the security chain. And that's a whole other headache.