Slashdot Mirror
Microsoft To Provide IE Patches for Windows XP Only
Fortunato_NC writes "Microsoft has decided that future IE updates, including those related to security, will only be available to customers using Windows XP. This news.com article has the complete scoop. A choice quote: 'Microsoft may be turning the lemons of its browser's security reputation into the lemonade of a powerful upgrade selling point.' This should provide a huge boost to Mozilla and other alternative browser backers."
What do they mean ?
No update for Win2000 which is still used by my 50000-employees company ?
Or do they mean they will not update IE/Solaris and IE/OS[9X] ???
Trolling using another account since 2005.
Just my $.02
The article mentions nothing about servers... Does this mean that Windows 2000 Server users will have to upgrade to Windows Server 2003? That'd be especially low, considering how many businesses won't have had time to upgrade that far yet. Heck, most of the places I've worked in still have NT servers running...
But I thought IE was heavily "integrated" into the OS, so they are basically saying they will not upgrade/patch the OS anymore?
What I mean is this: no one believes that you can get something for nothing any longer. Case in point, I just installed Firefox (and Spybot/AdAware/SpywareBlaster) for my next-door neighbor who had a slew of popup-generating malware on his PC. As I installed Firefox, he kept asking "And it's free? Why? What's their business model?" As a salesman, he just couldn't swallow that it could be a full-featured application AND available for free.
The good news is that he's happily using it now and he's starting to understand that IE was how the malware was getting onto his system. But I tell you, if I have to spend as long convincing/educating others as I did with him, it's going to become a full-time job pretty damned fast.
- Leo
You don't use science to show that you're right, you use science to become right.
We've been rollong our own patches for 3 years now. And while we're deploying XP Pro on all new notebooks we have a ton of older test equipment where the vendor has us locked into older revs of the WinOS (everything but ME, XP home, and PreNT4). It's a huge PITA when M$ tries a stunt like this and we are left holding the bag after our vendors (all smaller than us) give up and say they can't do anything about it. We employ roughly 60K people worldwide and have double that many PCs (at least). I'm sure other mega corps like us will be able to pressure M$ into supporting at least 2K for quite some time to come. With that said, half our data center and most all of our engineering data services are running on some form of *nix. -nB
whois gawk date unzip strip find touch finger mount join nice man top fsck grep eject more yes exit umount sleep dump
The quotes from Microsoft seem to indicate that they won't be releasing the XP2 enhancements. It doesn't necessarily mean that IE won't be patched anymore.
Even Firefox (which I am using) doesn't offer an integrated firewall. Anyway, it would probably make little sense to integrate this kind of applications into browsers... It would be as strange as integrating the browser into the OS!
There has already been articles about the fact that XP2 wouldn't be released for W2K, W98, W95, etc. This is just a new spin on it...
My guess is that the vast majority of home computers never get patched. My kid is an example. Load the computer up with spyware and viruses until it actually doesn't work at all then re-install Win98 and start over. (I gave him a Linux box which he doesn't use.) Microsoft will still be a gaping security hole as long as it is on most home computers.
When you agreed to the EULA, you agreed not to sue M$.
Odd that this is one of their biggest FUD weapons against OSS, "There's no one to sue.". Well, there's no one to sue with M$ software either.
retrorocket.o not found, launch anyway?
I disagree. The more users that use Firefox, the more it will be targeted with viruses/exploits/etc. And Firefox can't be updated automatically. At least with IE, you can rely on MS' eventual patch to be pulled down with WindowsUpdate. For shops large enough to be using SUS, [I assume] you can update Firefox with that. And you can easily update any .msi-based software with Novell's ZENworks.
Linux: The world's best text-adventure game.
Why doesn't someone make a plugin for FF that allows windows to be opened up in ie if not displayed properly...
like a button next to the "go" button that opens the link externally.
I often see people complaining.. I for one would love this feature.
Mod me down im a newf (wiki)
It's not so much shooting themselves in the foot as shareholder pressure. One of the ironies of M$'s near-monopoly position is that their old products are their biggest competition (in most markets). Shareholders, of course, are not content to rest on the companies laurels, but want new profits.
It may sound strange, but this is just an attempt to choke out the competition.
Stop learning! Only you can prevent esoterrorism.
It's not that Microsoft *doesn't* upgrade IE, it's that they *can't*.
They really screwed the pooch when they integrated IE so heavily into the OS. There is simply no other explanation for going so long without any new innovation in the browser market, when other browsers are growing in features, stability, and security by leaps and bounds.
There were quite a few articles on this point a few years ago. The problem is even more pronounced now.
And I highly doubt Microsoft has learned their lesson with Longhorn. This, above all else, will be Microsoft's undoing, IMHO.
Lose Weight and Feel Great with Isagenix
I agree. This is some of the best news the 3rd party browsers could have hoped for.
However it is terrible news for businesses. Consider a company with upwards of 10,000 people using Windows 2000... well let's just say that the "migration" to Windows XP would be a rough ride.
How long now until Microsoft decides to stop supporting Windows 2000 altogether, as it's "not as secure as XP with SP2"? I see this a setting the stage. Since IE is integrated into the system, would this not also hinder other security updates?
I'm a little annoyed (But not exactly surprised) that there's so much fuss about this.
I can understand companies needing time to upgrade to a new version of the OS in particular, and software in general.
But XP is the newest major version of the desktop OS. There is, AND SHOULD BE, and end-of-life for the older versions. Who's still running a 1.x kernel of Linux? What percentage are even running 2.2x? Does Apple still patch Mac OS 8 or 9 (I'm asking, I don't actually know the answer)?
I see all this "MS forcing you to upgrade" talk - well they're HARDLY the only company out there that does this, how else will a company that makes software for profit stay alive? This includes every gaming company out there, Oracle, Peoplesoft, etc. etc., in addition to the other OS vendors (Apple, Sun, RED HAT...you get the drift).
I guess maybe the sentiment is that 2000 isn't old enough "yet" to be back-burnered like this? That's at least debatable. But the notion that MS is wrong to wean people off of the older versions over time is folly.
Xentax
You shouldn't verb words.
Heh... I *just* saw that episode again last night. Classic.
Really, how can ppl buy MS if they know that in the future they may not recieve any support for their insecure software?
Let's compare Microsoft vs. OSS. The browser is one component (integrated into the core OS in Windows, yes, and that should NEVER have happened) but there's countless other bits of software that make up an operating system and its applications. I am still running a copy of Windows 2000 on one box, and I still get updates for various flaws from time to time, about four years after purchasing it. I'm pretty pleased about that.
By contrast, I can't keep a Linux distro on a box for longer than about two years. I can modify a spec file and rebuild a RPM with (the second cousin of) the best of them, but at some point things just stop building properly. The solution? Upgrade to a new distro. Just went through this on my mail/web server a couple of months ago; damn but it's hard to make the new versions of all the software play nicely together. But I digress...
Overall, I'd say MS is up there with the best of them in terms of shipping updates that are compatible with a fairly old version of their software, their broken security model notwithstanding. I'm a lot less concerned about broken components like IE that I can (happily) replace than core OS components needing an update that I am stuck with... thankfully those are rare enough in my case.
Anyway, I'm a flip-flopper on the subject of the OS I use; both Windows and Linux (oh yeah, Solaris too) on a daily basis and have both a use for, and issues with, all of them. C'est la vie.
- Leo
You don't use science to show that you're right, you use science to become right.
The pop-up blocker is an enhancement.
To a non-naive user, pop-ups are an annoyance, even a temporarily crippling one, but nothing that can't be stopped by rebooting. They do no lasting damage to the computer itself, assuming the user ctrl-alt-deletes rather than hitting the Big Red Switch. I can't say I blame MS for not making that available on pre-XP-compatible versions of IE.
Changing ActiveX is another matter. That's a design flaw or an outright bug, take your pick. Not changing it is irresponsible. Microsoft needs to take a lesson from the Kryptonite lock people, who are offering trade-ins on bicycle locks that were recently discovered to have a poor design.
As for the other changes to IE for XP SP2, some are bugs, some are design flaws, and others are enhancements. Microsoft is morally obligated to give the 1st two to anyone using a supported version of IE.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Microsoft has announced that security updates will be available to users of pirate copies of XP, but not to users of old versions of Windows...
It looks like they are keen to keep even pirates in the update cycle. Maybe they would rather those who won't pay pirate Windows than use an alternative?
# cat
Damn, my RAM is full of llamas.
In a completely unrelated, yet somehow similar manner, I have an issue with Flash (under Linux). Specifically, because of the lack of Windows' fonts, I oft lack text from Flash content (effectively breaking many sites). Case and point? Macromedia's very own site. The top navigation menu, as well as the drop-downs from that, are lacking all text.
I hear that you can install the MSFT web fonts pack and have better luck. Perhaps I've done it improperly, but I'm still having such issues.
The moral of the story? We need some Free^2, good, cross-platform fonts specifically designed for the web. Especially useful is bundled with our OS, or browser, or something.
Yes, even proprietary web technologies needs to be accessable by anyone and everyone, regardless of browser/OS/available fonts.
And no, I'm not implying we should have ActiveX ported to Linux. Honestly, ActiveX is fine, but it needs to stay off the web entirely for the general good.
"An infinite number of monkeys typing into GNU emacs would never make a good program."
This could be because those people have never been affected by all the exploits that are out there.
Think of it like a house with a dodgy lock, you don't bother getting around to changing it because it's the last thing on your mind. As soon as you get broken into, you'll fix it.
These people just haven't been given an incentive to change yet. They're happy with what they have and aren't interested in changing. Banks rely on this sort of apathy all the time - otherwise you'd get some decent competition when you're shopping around for a new current account.
Avantslash - View Slashdot cleanly on your mobile phone.
"The most secure version of Windows today is Windows XP with SP2."
The most secure version of Windows tomorrow will still be my unpatched NT4 Workstation with a few gizmo handlers neutered.
How Microsoft is reconciling that with THIS:
"Microsoft remains committed to providing security updates to our customers for all supported Windows versions."
I suspect it means that the popup blocker, new download protector, IE plug in controls, window relocation blocker, e-mail screening, and e-mail bug blocker will not be made available for anything but XP-SP2. Which kinda sucks, but is mostly OK. If only it were possible to view the "Downloaded Program Files" folder without Windows Explorer filtering the contents; possibly the plug-in manager would improve that, but I doubt it. I've found the best blocker for these stupid add-ins and adware pieces is creating an empty NTFS folder where it wants to go... and then setting all permissions to "Everyone -- Deny".
//Information does not want to be free; it wants to breed.
...that Firefox and Thunderbird must overcome:
;-). Additionally, past experience with these folks is that you must either spend money on or pirate/"steal" software, because free==adware and spyware. They have been taught this by experiences with Kazza and other "free" P2P sharing software, comet cursors, custom smiley addons, Weatherbug, etc etc.
As I installed Firefox, he kept asking "And it's free? Why? What's their business model?" As a salesman, he just couldn't swallow that it could be a full-featured application AND available for free.
Almost *all* PC users who have never known anything but Microsoft Windows are suspicious of free software (and always confuse free/libre with free/gratis). People in sales/marketing are just extra slow learners in this respect
I have converted my parents, my girlfriend, some of her family and a few of our friends (all running some MS Windows variant) to Firefox (and Thunderbird in a couple cases) and all have been happy with the change. However, there is one person (whom I know only through chatting on Yahoo Messenger) that is totally convinced that Mozilla is a company with a business model built around distribution of adware. This stems from the fact that he claims to have tried Thunderbird late last winter/early spring and it coincided with an increase of pop-ups and system crashes while he used it to browse. He cleaned his system up (removing Firefox and a few other things) and it worked better again.
I told him that the crashes MAY have been due to the fact that he was using an earlier beta version (but not even guaranteed). I also told him it was ABSOLUTELY IMPOSSIBLE for an install of genuine Firefox to be the source of the pop-up ads and that it has always been my experience that Firefox gets RID of them. There was no convincing him that it was another one of his "free" programs (he has all manner of Yahoo Messenger toys like YTunnel, replacement smileys, booters to get rid of the dirty old men hitting on his 15 year old daughters, boot stoppers, etc). I even edvanced the theory that he may have gotten a tainted/hacked version of Firefox and that you should get it right from Mozilla. He contends that that is where it came from.
He had the same kind of questions as your sales friend, and kept responding to my answers with more questions:
Him: "If they give all their programs away and there was no ad-ware, how does Mozilla make any money?"
Me: "They don't. Mozilla is a non-profit foundation. The programmers are volunteers or paid through donations"
Him: "Well that just means they don't make a profit. The companies that donate money to Mozilla are getting ads in return for their sponsorship"
Me: "Not all of the project sponsors are corporations and none of them want advertising. Some are individuals who give their time and/or money as well. Also, the idea is that the project is Open Source, so even though a company or person might only have/be one developer on the project they can reap the rewards of an entire team of people and see the code like everyone else"...etc etc
Him: "I dunno...sounds fishy to me. I'd really check out that Mozilla outfit to make sure they are legitimate. Right now, I don't trust their programs on my computer. It's not like they are just little toys...the web browser and email are important parts of the OS"
The lesson here: don't just tell doubters to download it and try it out. Actually be there to oversee the installation, and explain what is going on in ther PCs. If Firefox or any other software that is free is anywhere near their PC when bad things happen, it'll be the first think a sceptical convert that runs Windows will blame.
Think about it for a moment. The only boost to Mozilla and others will be users who:
Now, I'm not saying it's zero because clearly it won't be. But it's equally clear to me that those first three are at least somewhat contradictory, so it certainly won't be a huge boost.
Only for XP systems that are upgraded to SP2. They know that there is _no_ way to secure (applications on) older operating systems.
Here is the link5 0009562&f=174096756&x_id=1095956039&x_subject=SP2+ Internet+Explorer+enhancements+for+Windows+XP+only &x_link=http://arstechnica.com&x_ddp=Y
http://episteme.arstechnica.com/eve/ubb.x?a=dl&s=
Umm, you can turn off services to make a system more secure on any OS - XP, 2000, NT 4, NT 3.5, ME, 98, 95, 3.1. So, it is misleading to say that NT 4 with services disabled is more secure. You are basically turning it into a stand alone box with very little networking functionality - of course it will be more secure.
Plausible assumptions maybe, but dead wrong. It's the Domain Controller's main workstation that's up and logged in as root 24/7. The only services disabled are messenger (Kill the Messenger) and Computer Browser (Gateway Computer - Kill the moo cow). It has Outlook running, with peview active. No anti-virus software, but a few folders named VIRUS. It's got a copy of Melissa on the Desktop from when Melissa was fresh. It's even got a VNC server running that I haven't accessed remotely in over a year. The only thigs done to ehance security are sticking a _ in front of the name of the executables for Windows Scripting Host and friends and of course unhiding filename extensions and such. Piss-poopr security really, but when the big one hits it will be standing and Microsoft's latest and greatest will be dead.
from Windows is the 'biggest beta test in history' - Gartner
"Victor Wheatman, Gartner security veep, told delegates at the IT Security Summit in London that the most secure organisations spend less than the average and that the lowest spending organisations are the most secure."
There's a message in that. I wonder if it's getting through. If you want gizmos instead of security you don't get security. This includes security gizmos.
I don't see why people are up in arms over this.
Windows 2000 is a four year old operating system, and there are times when you have to move foward. If someone was still on RedHat6 and they were complaining about having to download and upgrade to Redhat9, we would give them a firm slap across the face. But when it's Windows and Microsoft, "NO ! no! unFAIR!"?
Sure, XP costs $125 on ebay. And? After four years I'm sure you could have saved that money up, and if you didn't prepare for future computer upgrades rather than playing it cheap to think that one particular version of anything is going to outlast and outpreform (even on gaming) a newer OS release... then it was your fault.
"We're breaking out the ramen noodles. . . "
"Really? Is it someone's birthday?"