It could be months before businesses are ready to begin widespread implementation of Windows XP Service Pack Two (SP2), according to analysts.

SP2 is the first service pack from Microsoft to contain new code rather than just patches, and it is certainly the most complex update from the software giant to date.

Although Microsoft's largest licensees will get the code earlier than consumers, they may not be the first to implement the upgrade.

"It will take a certain amount of time for corporations to test and install SP2, I'd say about three months, but in the long term people will have to install it," said Andy Buss, senior analyst at Canalys.

"As for the effects, web applications and sites could be the worst affected due to enhanced settings on Internet Explorer.

"These are really useful but if people have developed websites they could have some work to do. For example, the pop-up blocker will hurt a lot of websites if they haven't reconfigured."

Some analysts are even questioning whether 'service pack' is the best description for the new code.

"Firms should treat SP2 as an operating system upgrade and not just a service pack update," warned Forrester analyst David Friedlander in a statement.

"During the rollout, firms need to use the same procedures and tools as a full-scale OS upgrade, including maintaining dual SP1 and SP2 images and using client management systems to deploy the new OS to the desktop."

But analysts were quick to stress the importance of SP2, as it contains a number of new technologies that will make overall computing much safer.

Chief among these is software support for a new feature that processor manufacturers will be building into future 32-bit and 64-bit chips.

This uses memory-flagging techniques to ensure that programs cannot run in memory unless authorised.

"There are some significant improvements in SP2, the most important of which is in stopping buffer overflow worms," said Brian Gammage, research vice president at analyst Gartner.

"To get full benefit from SP2 you need new hardware. But given that this is the most significant security step yet by Microsoft, organisations must deploy it."