SQL Server 2005 Compact Edition End-of-Life; What to do?

Topic

New Reply

I run Secundia’s PSI 3.0 to help me keep my programs up-to-date. Today, I noticed that it flagged for manual update Microsoft SQL Server 2005 Compact Edition (CE). From what I understand, this edition has been sunset, as of 2016 April 12. It is also my understanding that this version of SQL was often installed by other programs that depended on its services. What can I, or should I do, as End-of-Life (EoL) means that no more security fixes for this edition will be offered by Microsoft? I noticed that I have several newer installation instances of SQL Server…Server 2012 Native Client and Command Line Utilities; Server 2014 Management Objects, Transact-SQL Scriptdom, and T-SQL Language Service; Server 2016 LocalDB RC0, Management Objects RC0, T-SQL Language Service RC0, and T-SQL ScpriptDom RC0; Server Compact 4.0 SP1, and Server Data Tools (presuming that this pertains to Compact 4.0 also)

Is there a way to figure out which program I installed that depends on Server 2005 CE? I am a believer in uninstalling programs that are no longer supported when possible, just to keep malware vectors to a minimum. But I am a bit leery in doing this in SQL Server’s case, because if I end up breaking a program I use often…I’m a bit of a creek without a paddle. I would prefer first having a chance to look for a replacement program before I collaterally nuked the currently unknown program dependency by uninstalling Server 2005 CE.

Reply | Quote

Replies

See if you can identify the SQL Server 2005 service and disable it. Then go about your normal activities. If a program fails because of a database problem re-enable the sql service. If the program then runs OK you’ve identified it.

--Joe

Reply | Quote

See if you can identify the SQL Server 2005 service and disable it. Then go about your normal activities. If a program fails because of a database problem re-enable the sql service. If the program then runs OK you’ve identified it.

I tried using the Services control panel app to watch “SQL Server VSS Writer” after using Sysinternals’ ProcMon to suss out that it is the same as SQL Server 9.0. I noticed that it is set to “automatic”, but does not seem to run on its own. I opened several programs, watching to see if it ever started running, but I never saw a change in its status.

Reply | Quote

End of life doesn’t stop a program working.

cheers, Paul

Reply | Quote

True, but with bad actors constantly trying to find ways to use bad math (a program is basically a bunch of numbers that trigger a bunch of operations to produce some desired output), seems to me that it is just foolish to keep too many unpatched programs around, just because a person is lazy about upkeep. Old versions of Java come to mind, for instance.

Reply | Quote

End of life doesn’t stop a program working.

cheers, Paul

True, but with bad actors constantly trying to find ways to use bad math (a program is basically a bunch of numbers that trigger a bunch of operations to produce some desired output), seems to me that it is just foolish to keep too many unpatched programs around, just because a person is lazy about upkeep. Old versions of Java come to mind, for instance.

Reply | Quote

I’ve seen this installed on brand new computers, perhaps as a part of Office. There is also a chance that this is being used by Windows itself. BTW, what version of Windows are you running?

If you go to Control Panel you can sort the list of installed programs by date and see what else has the same install date. That might let you know what installed it. You can also look in the programs list to see if there is any trace of it there – probably not.

It came on my Win7 laptop and I’ve never figured why. I can find no client tools, no service, no exe. It may even be a phantom entry in the programs list that’s no longer there. Beats me.

Reply | Quote

I clean installed Windows 10, not once, not twice, but three times! It was a rough patch from having to learn how to use backed-up data from Windows 8.1 in Windows 10…I finally figured out that I had to use the takeown function to change the file ownership on the restored files to prevent really strange behavior on the Windows 10 system, in addition to fixing group and user permissions.

Reply | Quote

If you go to Control Panel you can sort the list of installed programs by date and see what else has the same install date. That might let you know what installed it. You can also look in the programs list to see if there is any trace of it there – probably not.

I had not thought of trying to look at the date angle to try to figure out what program may have installed this version of SQL Server. But, on Windows 10, this method is defeated by the fact Microsoft has started making all updates culmulative…it only shows the most recent patch dates to various programs and components now. And the last date a patch was applied to this particular version of SQL Server was 2016 May 10! Hmmm, now that I think of it, I HAD installed an old version of Visual Studio Express, 2012 I think, before installing Visual Studio 2015 Community. I never actually used SQL, just being interested in keeping up my familiarity in C, and extending that into C++, but that could be where the installation came from.

I’ve opened Access, Word, and Outlook 2016, looking at the Services app to see if that version of SQL Server started running. It has not. I need to check Excel, and if it still seems to be dormant, I’ll make a restore point, and then uninstall Server 3.0 CE. With a current backup AND a recent restore point, I should be able to back out if I run into trouble later. Truth be told, though, I despise guessing! LOL

Reply | Quote

I had not thought of trying to look at the date angle to try to figure out what program may have installed this version of SQL Server. But, on Windows 10, this method is defeated by the fact Microsoft has started making all updates culmulative…it only shows the most recent patch dates to various programs and components now.

I think you are looking in the wrong place. Go to the old Control Panel / Programs and Features and you will be able to find and entry for Microsoft SQL Server 2005 Compact Edition. If you sort by date, you can see what else was installed at the same time.

Reply | Quote

A “VSS writer” service is used to back up databases. Some services that are set to automatic start when the system is booted, determine if they are needed right away and then terminate when they are not needed.

Upon some reflection, I believe SQL Company edition is installed with certain Visual Studio editions. It is for testing your development apps against a database. It is not really required for VS.

--Joe

Reply | Quote

You are the second person to raise this topic in the last few days on various forums I frequent. From what I’ve been able to deduce, it got installed if you installed any version of SQL Server prior to 2012, and it got installed with several versions of Visual Studio, some older versions of MS Office, and with ASP and DotNet development tools. If you aren’t currently using any of those products on Win10, then you should be safe in uninstalling it. BUT, if you do, the first thing I would do is make an image of your system to make sure you can get it back if you discover something not working.

On the other hand, I view that software as being a minimal risk as far as malware is concerned – it’s really just a pretty dumb database engine. Older versions of Visual Studio probably have much greater risk. I have it on my current Win7 desktop and don’t plan to remove it anytime soon, but it isn’t on my Win10 laptop. That’s my 2 cents…

Reply | Quote

You are the second person to raise this topic in the last few days on various forums I frequent. From what I’ve been able to deduce, it got installed if you installed any version of SQL Server prior to 2012, and it got installed with several versions of Visual Studio, some older versions of MS Office, and with ASP and DotNet development tools. If you aren’t currently using any of those products on Win10, then you should be safe in uninstalling it. BUT, if you do, the first thing I would do is make an image of your system to make sure you can get it back if you discover something not working.

On the other hand, I view that software as being a minimal risk as far as malware is concerned – it’s really just a pretty dumb database engine. Older versions of Visual Studio probably have much greater risk. I have it on my current Win7 desktop and don’t plan to remove it anytime soon, but it isn’t on my Win10 laptop. That’s my 2 cents…

I will second Wendell’s opinion here. The risk associated with running SQL Server 2005 (for which there are no current known unpatched security issues) is minimum. It could be a risk if you were running a server facing the internet and then only when a compromising security would be found. End of Life apps are not necessarily a huge security risk.

Reply | Quote