Slashdot Mirror


Microsoft To Provide IE Patches for Windows XP Only

Fortunato_NC writes "Microsoft has decided that future IE updates, including those related to security, will only be available to customers using Windows XP. This news.com article has the complete scoop. A choice quote: 'Microsoft may be turning the lemons of its browser's security reputation into the lemonade of a powerful upgrade selling point.' This should provide a huge boost to Mozilla and other alternative browser backers."

17 of 610 comments (clear)

  1. XP only ? by mirko · · Score: 5, Interesting

    What do they mean ?
    No update for Win2000 which is still used by my 50000-employees company ?
    Or do they mean they will not update IE/Solaris and IE/OS[9X] ???

    --
    Trolling using another account since 2005.
    1. Re:XP only ? by overshoot · · Score: 5, Interesting
      What do they mean ?
      No update for Win2000 which is still used by my 50000-employees company ?

      Yup -- but you were supposed to upgrade to XP already, so what's the big deal? You have been paying for Software Protection, haven't you?

      --
      Lacking <sarcasm> tags, /. substitutes moderation as "Troll."
    2. Re:XP only ? by homer_ca · · Score: 4, Interesting

      "The option for securing MSIE on Win2k is the same as on any other platform, including XP - Don't use it"

      It's not as simple as don't use IE as a web browser. Outlook and Outlook Express use it. Quicken uses it. Any executable or VBscript could open an IE control and send an exploit to it.

      As other threads have pointed out, they won't be porting the XP SP2 enhancements like the popup blocker and the new, safe ActiveX handling (whatever that means). I'm guessing they'll still be releasing patches for exploitable bugs like the recent JPG decoder bug.

  2. Servers? by brucmack · · Score: 3, Interesting

    The article mentions nothing about servers... Does this mean that Windows 2000 Server users will have to upgrade to Windows Server 2003? That'd be especially low, considering how many businesses won't have had time to upgrade that far yet. Heck, most of the places I've worked in still have NT servers running...

    1. Re:Servers? by jtharpla · · Score: 5, Interesting

      Actually, in a software company, it's not atypical at all to have Server installations used as desktops. We have a number of developers who develop/test software on top of databases, IIS, etc. Yes, some of this stuff is available for 2KPro and/or XP, but the only way to be sure it works 100% is to have access to the full server version. So it's not atypical for a developer to run Server as desktop. I myself use 2003 Server as my desktop because I wanted to be able to evaluate different server products (I'm a sys admin). I also wanted to get familiar with 2003 Server before it rolled out to our production systems--when you use it every day, you find all the nooks and crannies you'd overlook in terms of settings and whatnot. Finally, I prefer the remote access configuration of Server over XP. It's not unusual for me to use both remote sessions as well as the console, running different apps as different users, etc. Sometimes RunAs just isn't powerful enough for this.

  3. Firefox shines, but free hard to believe for some by Leomania · · Score: 4, Interesting

    What I mean is this: no one believes that you can get something for nothing any longer. Case in point, I just installed Firefox (and Spybot/AdAware/SpywareBlaster) for my next-door neighbor who had a slew of popup-generating malware on his PC. As I installed Firefox, he kept asking "And it's free? Why? What's their business model?" As a salesman, he just couldn't swallow that it could be a full-featured application AND available for free.

    The good news is that he's happily using it now and he's starting to understand that IE was how the malware was getting onto his system. But I tell you, if I have to spend as long convincing/educating others as I did with him, it's going to become a full-time job pretty damned fast.

    - Leo

    --
    You don't use science to show that you're right, you use science to become right.
  4. Re:Classic M$ by networkBoy · · Score: 5, Interesting

    We've been rollong our own patches for 3 years now. And while we're deploying XP Pro on all new notebooks we have a ton of older test equipment where the vendor has us locked into older revs of the WinOS (everything but ME, XP home, and PreNT4). It's a huge PITA when M$ tries a stunt like this and we are left holding the bag after our vendors (all smaller than us) give up and say they can't do anything about it. We employ roughly 60K people worldwide and have double that many PCs (at least). I'm sure other mega corps like us will be able to pressure M$ into supporting at least 2K for quite some time to come. With that said, half our data center and most all of our engineering data services are running on some form of *nix. -nB

    --
    whois gawk date unzip strip find touch finger mount join nice man top fsck grep eject more yes exit umount sleep dump
  5. You waived that right. by Andy+Dodd · · Score: 5, Interesting

    When you agreed to the EULA, you agreed not to sue M$.

    Odd that this is one of their biggest FUD weapons against OSS, "There's no one to sue.". Well, there's no one to sue with M$ software either.

    --
    retrorocket.o not found, launch anyway?
  6. Re:Good by Quinn_Inuit · · Score: 4, Interesting

    It's not so much shooting themselves in the foot as shareholder pressure. One of the ironies of M$'s near-monopoly position is that their old products are their biggest competition (in most markets). Shareholders, of course, are not content to rest on the companies laurels, but want new profits.

    It may sound strange, but this is just an attempt to choke out the competition.

    --

    Stop learning! Only you can prevent esoterrorism.
  7. Re:Good by Second_Infinity · · Score: 3, Interesting

    I agree. This is some of the best news the 3rd party browsers could have hoped for.

    However it is terrible news for businesses. Consider a company with upwards of 10,000 people using Windows 2000... well let's just say that the "migration" to Windows XP would be a rough ride.

    How long now until Microsoft decides to stop supporting Windows 2000 altogether, as it's "not as secure as XP with SP2"? I see this a setting the stage. Since IE is integrated into the system, would this not also hinder other security updates?

  8. Does this surprise anyone? by Xentax · · Score: 4, Interesting

    I'm a little annoyed (But not exactly surprised) that there's so much fuss about this.

    I can understand companies needing time to upgrade to a new version of the OS in particular, and software in general.

    But XP is the newest major version of the desktop OS. There is, AND SHOULD BE, and end-of-life for the older versions. Who's still running a 1.x kernel of Linux? What percentage are even running 2.2x? Does Apple still patch Mac OS 8 or 9 (I'm asking, I don't actually know the answer)?

    I see all this "MS forcing you to upgrade" talk - well they're HARDLY the only company out there that does this, how else will a company that makes software for profit stay alive? This includes every gaming company out there, Oracle, Peoplesoft, etc. etc., in addition to the other OS vendors (Apple, Sun, RED HAT...you get the drift).

    I guess maybe the sentiment is that 2000 isn't old enough "yet" to be back-burnered like this? That's at least debatable. But the notion that MS is wrong to wean people off of the older versions over time is folly.

    Xentax

    --
    You shouldn't verb words.
  9. Re:Soup nazi ref? by Leomania · · Score: 4, Interesting

    Heh... I *just* saw that episode again last night. Classic.

    Really, how can ppl buy MS if they know that in the future they may not recieve any support for their insecure software?

    Let's compare Microsoft vs. OSS. The browser is one component (integrated into the core OS in Windows, yes, and that should NEVER have happened) but there's countless other bits of software that make up an operating system and its applications. I am still running a copy of Windows 2000 on one box, and I still get updates for various flaws from time to time, about four years after purchasing it. I'm pretty pleased about that.

    By contrast, I can't keep a Linux distro on a box for longer than about two years. I can modify a spec file and rebuild a RPM with (the second cousin of) the best of them, but at some point things just stop building properly. The solution? Upgrade to a new distro. Just went through this on my mail/web server a couple of months ago; damn but it's hard to make the new versions of all the software play nicely together. But I digress...

    Overall, I'd say MS is up there with the best of them in terms of shipping updates that are compatible with a fairly old version of their software, their broken security model notwithstanding. I'm a lot less concerned about broken components like IE that I can (happily) replace than core OS components needing an update that I am stuck with... thankfully those are rare enough in my case.

    Anyway, I'm a flip-flopper on the subject of the OS I use; both Windows and Linux (oh yeah, Solaris too) on a daily basis and have both a use for, and issues with, all of them. C'est la vie.

    - Leo

    --
    You don't use science to show that you're right, you use science to become right.
  10. Interesting... by bcmm · · Score: 3, Interesting

    Microsoft has announced that security updates will be available to users of pirate copies of XP, but not to users of old versions of Windows...

    It looks like they are keen to keep even pirates in the update cycle. Maybe they would rather those who won't pay pirate Windows than use an alternative?

    --
    # cat /dev/mem | strings | grep -i llama
    Damn, my RAM is full of llamas.
  11. Re:How many reasons? by Mr_Silver · · Score: 4, Interesting
    I know a LOT of really intelligent, well educated people, many of whom are programmers or use linux in a server environment, who still use IE / Outlook [Express] on their desktops.

    This could be because those people have never been affected by all the exploits that are out there.

    Think of it like a house with a dodgy lock, you don't bother getting around to changing it because it's the last thing on your mind. As soon as you get broken into, you'll fix it.

    These people just haven't been given an incentive to change yet. They're happy with what they have and aren't interested in changing. Banks rely on this sort of apathy all the time - otherwise you'd get some decent competition when you're shopping around for a new current account.

    --
    Avantslash - View Slashdot cleanly on your mobile phone.
  12. Microsoft's Consistency is GUI by abb3w · · Score: 5, Interesting
    What part of THIS don't you get?


    How Microsoft is reconciling that with THIS:


    "Microsoft remains committed to providing security updates to our customers for all supported Windows versions."


    I suspect it means that the popup blocker, new download protector, IE plug in controls, window relocation blocker, e-mail screening, and e-mail bug blocker will not be made available for anything but XP-SP2. Which kinda sucks, but is mostly OK. If only it were possible to view the "Downloaded Program Files" folder without Windows Explorer filtering the contents; possibly the plug-in manager would improve that, but I doubt it. I've found the best blocker for these stupid add-ins and adware pieces is creating an empty NTFS folder where it wants to go... and then setting all permissions to "Everyone -- Deny".

    --
    //Information does not want to be free; it wants to breed.
  13. This is probably one of the biggest obstacles... by WebCowboy · · Score: 3, Interesting

    ...that Firefox and Thunderbird must overcome:

    As I installed Firefox, he kept asking "And it's free? Why? What's their business model?" As a salesman, he just couldn't swallow that it could be a full-featured application AND available for free.

    Almost *all* PC users who have never known anything but Microsoft Windows are suspicious of free software (and always confuse free/libre with free/gratis). People in sales/marketing are just extra slow learners in this respect ;-). Additionally, past experience with these folks is that you must either spend money on or pirate/"steal" software, because free==adware and spyware. They have been taught this by experiences with Kazza and other "free" P2P sharing software, comet cursors, custom smiley addons, Weatherbug, etc etc.

    I have converted my parents, my girlfriend, some of her family and a few of our friends (all running some MS Windows variant) to Firefox (and Thunderbird in a couple cases) and all have been happy with the change. However, there is one person (whom I know only through chatting on Yahoo Messenger) that is totally convinced that Mozilla is a company with a business model built around distribution of adware. This stems from the fact that he claims to have tried Thunderbird late last winter/early spring and it coincided with an increase of pop-ups and system crashes while he used it to browse. He cleaned his system up (removing Firefox and a few other things) and it worked better again.

    I told him that the crashes MAY have been due to the fact that he was using an earlier beta version (but not even guaranteed). I also told him it was ABSOLUTELY IMPOSSIBLE for an install of genuine Firefox to be the source of the pop-up ads and that it has always been my experience that Firefox gets RID of them. There was no convincing him that it was another one of his "free" programs (he has all manner of Yahoo Messenger toys like YTunnel, replacement smileys, booters to get rid of the dirty old men hitting on his 15 year old daughters, boot stoppers, etc). I even edvanced the theory that he may have gotten a tainted/hacked version of Firefox and that you should get it right from Mozilla. He contends that that is where it came from.

    He had the same kind of questions as your sales friend, and kept responding to my answers with more questions:

    Him: "If they give all their programs away and there was no ad-ware, how does Mozilla make any money?"

    Me: "They don't. Mozilla is a non-profit foundation. The programmers are volunteers or paid through donations"

    Him: "Well that just means they don't make a profit. The companies that donate money to Mozilla are getting ads in return for their sponsorship"

    Me: "Not all of the project sponsors are corporations and none of them want advertising. Some are individuals who give their time and/or money as well. Also, the idea is that the project is Open Source, so even though a company or person might only have/be one developer on the project they can reap the rewards of an entire team of people and see the code like everyone else"...etc etc

    Him: "I dunno...sounds fishy to me. I'd really check out that Mozilla outfit to make sure they are legitimate. Right now, I don't trust their programs on my computer. It's not like they are just little toys...the web browser and email are important parts of the OS"

    The lesson here: don't just tell doubters to download it and try it out. Actually be there to oversee the installation, and explain what is going on in ther PCs. If Firefox or any other software that is free is anywhere near their PC when bad things happen, it'll be the first think a sceptical convert that runs Windows will blame.

  14. Huge boost? Not likely. by Trillan · · Score: 3, Interesting

    Think about it for a moment. The only boost to Mozilla and others will be users who:

    1. Are still using Windows 2000 or earlier.
    2. Are willing to try new things -- but not including Windows XP
    3. Have not already switched to an alternative

    Now, I'm not saying it's zero because clearly it won't be. But it's equally clear to me that those first three are at least somewhat contradictory, so it certainly won't be a huge boost.