Just read another security thread here. Really like this forum btw. Anyways the poster lists all their apps then says XP with SP1. I understand if one never connects to the net. Or a mission critical app in a work enviroment has issues. But 1 of the first things I was taught was to keep an OS updated. My belief is that most of the people who don't run SP2 or even SP1, don't meet either of the exception criteria I mentioned.