Microsoft To Provide IE Patches for Windows XP Only

Fortunato_NC writes "Microsoft has decided that future IE updates, including those related to security, will only be available to customers using Windows XP. This news.com article has the complete scoop. A choice quote: 'Microsoft may be turning the lemons of its browser's security reputation into the lemonade of a powerful upgrade selling point.' This should provide a huge boost to Mozilla and other alternative browser backers."

Classic M$

[scifience]

Then they'll come back in a couple of days/weeks and say that "our business customers are unhappy with this decision" and decide to extend the patches through the end of 2006.

Good

[linsys]

I don't see this as anything but GOOD news for the alt browser market.

I have already moved all my customers off IE and onto firefox and have received NO complaints as of yet, actually they are like wow I don't seem to get any more of those pop up ads, you're a great admin... ;)

Microsoft continues to shoot them selves in the foot in the area of security. I thought they wanted to keep their market share, I guess the greed is getting to them.

Re:XP only ?

[DogDude]

Well, my 6 employee company has standardized on W2K. We've been testing Firefox for the past month, and with the exception of a few IE specific apps, we'll be staying with Firefox now.

How many reasons?

[DigitalRaptor]

Really, how many reasons do people need to switch to another browser before they do it?

I know a LOT of really intelligent, well educated people, many of whom are programmers or use linux in a server environment, who still use IE / Outlook [Express] on their desktops.

That is just begging for it.

I tell them over and over again the risks, and they still stay where they are. Ironically, complete neophites switch over as soon as I tell them about Firefox / Thunderbird.

I guess the meek really will inherit the earth.

Re:Microsoft responsibility?

[danheskett]

IANAL
Not many people are.

but couldn't a corporation hold microsoft liable for damages incurred to an unpatched system
They could try, but they would probably fail. Others have tried, and failed.

1. First off, with a security flaw, you need to be exploited to suffer damages. In a court case it will be easy to argue that MS shouldn't be responsible because even though they made a flawed product there was an overt criminal act involved that trumps their involvement. For example, if a car manufacturer makes cars with easily defeated locks, or locks that sometimes don't work, can the owner of the car sue the car company for damages if the car is stolen? They could try, butit probably won't get far just on that argument.

2. Second off, in liability cases you have to do your honest best to mitigate your exposure to loss. If I buy a product, and later am notified that is defective, it is my obligation to act appropriately. That may include stopping to use the product. In this case, it may mean active content filters, firewalling, security zone changes, etc.

3. Finally, many industries are exempt from liability in certain cases. For example, auto-manafacturers do not have to recall cars after a certain age. It doesn't make sense for the government to require Chevy to recall the remaining 1976 S-10's because of a latch that might go dangerously bad at 200,000 miles. Microsoft would have a good claim that Win2k and earlier is the equivalent of that outdated pickup truck. You drive that old pickup at your own risk. Windows XP is running on well over half of all Windows machines now. That percentage is getting bigger and bigger. Soon it will be 66%. At what point is it okay to stop supporting a product?

One last point. It may be tempting to say that MS should be liable for exploited systems. That is a bad road to go down. If all of the sudden liability is assignable to software makers because of exploits like this, the whole software world has a major problem.

Software liability could be exactly the tool that MS wants to destroy Linux in the business world. If an individual writing OSS software new that any possible flaw they introduced coul cost them everything they own you can bet that the number of checkins to Sourceforge will drop drastically. Companies like MS will be able to whither the storm. They'll force everyone to use only signed binaries. Machines will become locked down to the Nth degree, and proprietary will be back in. Every software vendor will force their users to run approved-only configurations. It'll be like the mainframe days of the 70s and 80s only worse. Companies like MS can afford to buy the liability insurance and the lawyers to hold on. Meanwhile, the Mozilla foundation will flounder and die.

Software liability is a bad, bad, bad, bad idea for the entire industry, but absolutely deadly for Linux and FOSS in general.

Re:XP only ?

[Martin+Blank]

Man, you people are gullible.

Microsoft has said that they will not make IE6 SP2 available for older versions of Windows, not that they won't provide security patches.

Generally speaking, I don't criticize the Slashdot crew because they have enough story submissions to read through that things will slip past, but this is ridiculous. Microsoft has committed to several more years of Windows 2000 support, and there are still a couple of years left on Millenium. Because they view the browser as part of the OS, it would be asinine to think that they would patch XP's IE and leave the older ones to sit where they are now.

M$ Partners

[JambisJubilee]

This should provide a huge boost to Mozilla and other alternative browser backers.

Unfortunately, I don't think it will. I work for a small business (a Microsoft partner) which provides IT services for other small to medium sized businesses. We provide both solutions and support. If we chose to use a non-microsoft product, we loose tens of thousands of dollars in support. No viruses, worms, spyware, hijacked browsers == no money.

It seriously bothers me, but I would argue that the strength Microsoft has is not in providing well written software, but providing poorly written software prone to exploits.

As I've always said, IE was never 'free'

[Rob+Y.]

Back in the days when Mozilla wasn't a great performer, lots of /.'ers would say stuff like, "if IE's a free download, why should I use this crappy Mozilla stuff". Well, now you know why.

It was only a matter of time before MS decided to tie browser upgrades to OS upgrades. After all, for a large portion of users, the browser's the only app they use. With their ill-gotten browser semi-monopoly, why wouldn't MS force you to buy an OS upgrade to get a new browser. DOJ? Not this DOJ.

Sounds like as good a reason as any to separate the browser from the OS. After all, this side-effect of bundling can't possibly be regarded as beneficial to consumers, and consumer benefit was the only defense they could come up with for exempting their bundling from antitrust regulations.