Slashdot Mirror
Microsoft To Provide IE Patches for Windows XP Only
Fortunato_NC writes "Microsoft has decided that future IE updates, including those related to security, will only be available to customers using Windows XP. This news.com article has the complete scoop. A choice quote: 'Microsoft may be turning the lemons of its browser's security reputation into the lemonade of a powerful upgrade selling point.' This should provide a huge boost to Mozilla and other alternative browser backers."
Then they'll come back in a couple of days/weeks and say that "our business customers are unhappy with this decision" and decide to extend the patches through the end of 2006.
What do they mean ?
No update for Win2000 which is still used by my 50000-employees company ?
Or do they mean they will not update IE/Solaris and IE/OS[9X] ???
Trolling using another account since 2005.
I don't see this as anything but GOOD news for the alt browser market.
;)
I have already moved all my customers off IE and onto firefox and have received NO complaints as of yet, actually they are like wow I don't seem to get any more of those pop up ads, you're a great admin...
Microsoft continues to shoot them selves in the foot in the area of security. I thought they wanted to keep their market share, I guess the greed is getting to them.
-=Linsys=-
http://www.intrusionsec.com
The article mentions nothing about servers... Does this mean that Windows 2000 Server users will have to upgrade to Windows Server 2003? That'd be especially low, considering how many businesses won't have had time to upgrade that far yet. Heck, most of the places I've worked in still have NT servers running...
Kyle
http://www.unlogikal.net/
This sounds like microsoft. But you know they'll just say they are going to do give them out anyway until 2007 or something like they always do.
/. rendering left side.
The summary says that it will boost browsers like Firefox, but I highly doubt it. I don't know that many people who aren't already on Windows xp, but the plain fact is, plenty of people browse websites that can ONLY be viewed properly in IE. I hate it. You hate it. But the fact is, people need to put more pressure on webmasters to create standards-compliant websites.(AHEM SLASHDOT) COUGH COUGH
Chris
Though I must admit, there is some trepidation at the alternative browser approach. Just because the browser isn't used to, say, view webpages, doesn't mean a downloaded jpg (for example) won't be automatically opened in IE (for various reasons). Unless IE can actually be physically uninstalled easily and quickly, the threat still remains.
Not that I'm saying you shouldn't use an alternative browser, it's just that the potential for harm is still there as long as the security hole remains present. And it worries me.
This article tries to turn the sow's ear of an overstretched metaphor into the silk purse of a pithy comment, but winds up counting it's chickens in a castle built on sand as the skeletons in the closet come home to roost.
Whence? Hence. Whither? Thither.
Really, how many reasons do people need to switch to another browser before they do it?
I know a LOT of really intelligent, well educated people, many of whom are programmers or use linux in a server environment, who still use IE / Outlook [Express] on their desktops.
That is just begging for it.
I tell them over and over again the risks, and they still stay where they are. Ironically, complete neophites switch over as soon as I tell them about Firefox / Thunderbird.
I guess the meek really will inherit the earth.
Lose Weight and Feel Great with Isagenix
First fucking line of the article.
Microsoft this week reiterated that it would keep the new version of Microsoft's IE Web browser available only as part of the recently released Windows XP operating system, Service Pack 2.
Only the new version of the browser is available under XP Service Pack 2, for architectural reasons the other OS's lack (NoExecute and whatever else).
It says nowhere they won't provide patches for the most current IE's available under 2000.
The new IE only runs under XP SP 2. You also need to upgrade if you want true HT support, BTW.
I don't need no instructions to know how to rock!!!!
"couldn't a corporation hold microsoft liable for damages incurred to an unpatched system"
If that where the case people would be sueing microsoft for worms, holes, vulnerabilites etc... Most worms that have been written where created due to security problems Microsoft knew about MONTHS if not Years before the problem ever surfaced.
Don't get me wrong I would love someone to try it, but I don't see that happening.
-=Linsys=-
http://www.intrusionsec.com
We do not have plans to deliver Windows XP SP2 enhancements for Windows 2000 or other older versions of Windows
Seeing as IE isn't apart of windows (wasn't that part of the anti-trust agreement?), shouldn't I be able to D/L the latest and greatest version of IE (with patches already included) from MS??
When asked about IE's origin as a free, standalone product, the representative said, "You're talking in software terms that might be considered ancient history."
Oh, I see... the settlement is ancient history....
I can see them only including it in windows update for XP only, but not giving out the latest and greatest as a standalone product? Bad move.
Good quote, too many chars. Seriously, the slashdot 120 char limit sucks!
So, if there's a safety problem with my 1998 Ford Contour, do I have to upgrade to a 2004 Ford in order to have it corrected?
This sounds more like a marketing move combined with laziness.
According to the article, there will still be security updates for all supported versions of IE and Windows. What they're saying is that Win2k and older will not get the pop-up blocker or any other such enhancements.
Still sucks for the Win2k users though... Its clearly nothing more than a ploy to make them upgrade.
The article says that Windows XP SP2 enhancements will not be delivered to Windows 2000. This says nothing about security patches. This slashdot posting is FUD.
What I mean is this: no one believes that you can get something for nothing any longer. Case in point, I just installed Firefox (and Spybot/AdAware/SpywareBlaster) for my next-door neighbor who had a slew of popup-generating malware on his PC. As I installed Firefox, he kept asking "And it's free? Why? What's their business model?" As a salesman, he just couldn't swallow that it could be a full-featured application AND available for free.
The good news is that he's happily using it now and he's starting to understand that IE was how the malware was getting onto his system. But I tell you, if I have to spend as long convincing/educating others as I did with him, it's going to become a full-time job pretty damned fast.
- Leo
You don't use science to show that you're right, you use science to become right.
-
"Microsoft is not using security issues or any security situation to try to drive upgrades," said a company representative. "But it only makes sense that the latest products are the most secure."
Well yes that's true but it's also true that a large portion of the zombie PCs out there spewing spam, viruses, worms and DDoS attacks are NOT running the latest product from Microsoft. Effectivly Microsoft's saying "well we'll concentrate on security only in a future sense." Bet that once Longhorn finally arrives XP will stop getting security patches shortly thereafter.Frankly we can only hope that there's enough big business clients that have "legacy" Windows OSs that will raise holy hell with Microsoft on this. Otherwise we can expect the situation with compromised machines to not get any better. It seems most of the people with badly compromised PCs don't even try to get them fixed until they finally grind to a halt, they're not likely to be upgrading to XP anytime soon.
When you license (not "buy") an MS product, you waive any claim on them for anything. Put another way: whatever problems you have are none of their worry.
Lacking <sarcasm> tags,
Ok, so let's say that all the biggest car manufacturers in the world (that would be Microsoft) welded their hoods shut (closed source).
I have my very nice 1969 Mustang soupped up and taking me every place _I_ need to go. Then we find out that the fuel pump has a problem with it that could cause a tremendous fire or explosion.
Now I have to go to the dealer as they're the only one that can do work on the car, purchase a 2004 Mustang to prevent my car from potentially exploding and causing serious damage to myself and others _and_ I have to pay them for the new car?
I don't think so.
IANAL
Not many people are.
but couldn't a corporation hold microsoft liable for damages incurred to an unpatched system
They could try, but they would probably fail. Others have tried, and failed.
1. First off, with a security flaw, you need to be exploited to suffer damages. In a court case it will be easy to argue that MS shouldn't be responsible because even though they made a flawed product there was an overt criminal act involved that trumps their involvement. For example, if a car manufacturer makes cars with easily defeated locks, or locks that sometimes don't work, can the owner of the car sue the car company for damages if the car is stolen? They could try, butit probably won't get far just on that argument.
2. Second off, in liability cases you have to do your honest best to mitigate your exposure to loss. If I buy a product, and later am notified that is defective, it is my obligation to act appropriately. That may include stopping to use the product. In this case, it may mean active content filters, firewalling, security zone changes, etc.
3. Finally, many industries are exempt from liability in certain cases. For example, auto-manafacturers do not have to recall cars after a certain age. It doesn't make sense for the government to require Chevy to recall the remaining 1976 S-10's because of a latch that might go dangerously bad at 200,000 miles. Microsoft would have a good claim that Win2k and earlier is the equivalent of that outdated pickup truck. You drive that old pickup at your own risk. Windows XP is running on well over half of all Windows machines now. That percentage is getting bigger and bigger. Soon it will be 66%. At what point is it okay to stop supporting a product?
One last point. It may be tempting to say that MS should be liable for exploited systems. That is a bad road to go down. If all of the sudden liability is assignable to software makers because of exploits like this, the whole software world has a major problem.
Software liability could be exactly the tool that MS wants to destroy Linux in the business world. If an individual writing OSS software new that any possible flaw they introduced coul cost them everything they own you can bet that the number of checkins to Sourceforge will drop drastically. Companies like MS will be able to whither the storm. They'll force everyone to use only signed binaries. Machines will become locked down to the Nth degree, and proprietary will be back in. Every software vendor will force their users to run approved-only configurations. It'll be like the mainframe days of the 70s and 80s only worse. Companies like MS can afford to buy the liability insurance and the lawyers to hold on. Meanwhile, the Mozilla foundation will flounder and die.
Software liability is a bad, bad, bad, bad idea for the entire industry, but absolutely deadly for Linux and FOSS in general.
I work in the medical field, and plenty of sites for reading X-rays, checking patient labs seem to be only usuable by IE(active-X issues, etc). It's the only reason I keep Windows on my Linux boxes.
..........FULL STOP.
When you agreed to the EULA, you agreed not to sue M$.
Odd that this is one of their biggest FUD weapons against OSS, "There's no one to sue.". Well, there's no one to sue with M$ software either.
retrorocket.o not found, launch anyway?
The story, if you read it, states the XP SP2 improvements to IE will only be available to XP SP2 customers. THESE imporovements will only be able to XP SP2.
./
The article DOES NOT state no more IE patches for 2000/NT 4.0
Very very misleading title to this story on
Dear Microsoft,
Damn you! You shot me!
Sincerely,
Your Foot
Small potatoes make the steak look bigger.
I'm a little annoyed (But not exactly surprised) that there's so much fuss about this.
I can understand companies needing time to upgrade to a new version of the OS in particular, and software in general.
But XP is the newest major version of the desktop OS. There is, AND SHOULD BE, and end-of-life for the older versions. Who's still running a 1.x kernel of Linux? What percentage are even running 2.2x? Does Apple still patch Mac OS 8 or 9 (I'm asking, I don't actually know the answer)?
I see all this "MS forcing you to upgrade" talk - well they're HARDLY the only company out there that does this, how else will a company that makes software for profit stay alive? This includes every gaming company out there, Oracle, Peoplesoft, etc. etc., in addition to the other OS vendors (Apple, Sun, RED HAT...you get the drift).
I guess maybe the sentiment is that 2000 isn't old enough "yet" to be back-burnered like this? That's at least debatable. But the notion that MS is wrong to wean people off of the older versions over time is folly.
Xentax
You shouldn't verb words.
Timing couldn't be better. Until the end of the year, we'll have Firefox 1.0 ready. A Brazilian Portuguese version should be ready not long after. I'm happy with this, because I work as a network admin in a public school in Brazil, and this situation will enable me to mandate a no-IE policy in our LAN. We only have licenses for Windows 2000, therefore we aren't eligible for IE updates. IE6, by itself, is already dangerous, despite the fact SP2 is a step in the right direction. But an unmaintained IE6 is nothing but trouble, and I think it will be easy to convince the school's principal of this. I foresee this happening in many other places, now.
Thunderbird is my next target, I'm eagerly waiting for a full-feature, almost-no-bugs release. I had some trouble this week with some recalcitrant Outlook Express users and viruses, and I already managed to convince them to change the e-mail client. You can use good arguments to convince them, but downtime can usually be even stronger than your arguments. ^^
My neighbor's
If you read the actual article, you'll see that what it says is that the new features provided in SP2 for IE (the popup blocker and the notification bar at the top) are not going to be back-ported to older operating systems. That's not the same as saying that "Microsoft To Provide IE Patches for Windows XP Only". In the article, Microsoft commits to continue patching IE for older versions, particularly for security bugs.
(And don't tell me that the submittor picks the title. The editors pick the title -- in this case, the title doesn't even match the submission, much less the article.)
Heh... I *just* saw that episode again last night. Classic.
Really, how can ppl buy MS if they know that in the future they may not recieve any support for their insecure software?
Let's compare Microsoft vs. OSS. The browser is one component (integrated into the core OS in Windows, yes, and that should NEVER have happened) but there's countless other bits of software that make up an operating system and its applications. I am still running a copy of Windows 2000 on one box, and I still get updates for various flaws from time to time, about four years after purchasing it. I'm pretty pleased about that.
By contrast, I can't keep a Linux distro on a box for longer than about two years. I can modify a spec file and rebuild a RPM with (the second cousin of) the best of them, but at some point things just stop building properly. The solution? Upgrade to a new distro. Just went through this on my mail/web server a couple of months ago; damn but it's hard to make the new versions of all the software play nicely together. But I digress...
Overall, I'd say MS is up there with the best of them in terms of shipping updates that are compatible with a fairly old version of their software, their broken security model notwithstanding. I'm a lot less concerned about broken components like IE that I can (happily) replace than core OS components needing an update that I am stuck with... thankfully those are rare enough in my case.
Anyway, I'm a flip-flopper on the subject of the OS I use; both Windows and Linux (oh yeah, Solaris too) on a daily basis and have both a use for, and issues with, all of them. C'est la vie.
- Leo
You don't use science to show that you're right, you use science to become right.
Unfortunately, I don't think it will. I work for a small business (a Microsoft partner) which provides IT services for other small to medium sized businesses. We provide both solutions and support. If we chose to use a non-microsoft product, we loose tens of thousands of dollars in support. No viruses, worms, spyware, hijacked browsers == no money.
It seriously bothers me, but I would argue that the strength Microsoft has is not in providing well written software, but providing poorly written software prone to exploits.
Microsoft has announced that security updates will be available to users of pirate copies of XP, but not to users of old versions of Windows...
It looks like they are keen to keep even pirates in the update cycle. Maybe they would rather those who won't pay pirate Windows than use an alternative?
# cat
Damn, my RAM is full of llamas.
Microsoft states:
"We do not have plans to deliver Windows XP SP2 enhancements for Windows 2000 or other older versions of Windows," the company said in a statement.
SlashDuh gurgles:
Microsoft has decided that future IE updates, including those related to security, will only be available to customers using Windows XP.
Slashdot generating it's own FUD now?
How Microsoft is reconciling that with THIS:
"Microsoft remains committed to providing security updates to our customers for all supported Windows versions."
I suspect it means that the popup blocker, new download protector, IE plug in controls, window relocation blocker, e-mail screening, and e-mail bug blocker will not be made available for anything but XP-SP2. Which kinda sucks, but is mostly OK. If only it were possible to view the "Downloaded Program Files" folder without Windows Explorer filtering the contents; possibly the plug-in manager would improve that, but I doubt it. I've found the best blocker for these stupid add-ins and adware pieces is creating an empty NTFS folder where it wants to go... and then setting all permissions to "Everyone -- Deny".
//Information does not want to be free; it wants to breed.
...that Firefox and Thunderbird must overcome:
;-). Additionally, past experience with these folks is that you must either spend money on or pirate/"steal" software, because free==adware and spyware. They have been taught this by experiences with Kazza and other "free" P2P sharing software, comet cursors, custom smiley addons, Weatherbug, etc etc.
As I installed Firefox, he kept asking "And it's free? Why? What's their business model?" As a salesman, he just couldn't swallow that it could be a full-featured application AND available for free.
Almost *all* PC users who have never known anything but Microsoft Windows are suspicious of free software (and always confuse free/libre with free/gratis). People in sales/marketing are just extra slow learners in this respect
I have converted my parents, my girlfriend, some of her family and a few of our friends (all running some MS Windows variant) to Firefox (and Thunderbird in a couple cases) and all have been happy with the change. However, there is one person (whom I know only through chatting on Yahoo Messenger) that is totally convinced that Mozilla is a company with a business model built around distribution of adware. This stems from the fact that he claims to have tried Thunderbird late last winter/early spring and it coincided with an increase of pop-ups and system crashes while he used it to browse. He cleaned his system up (removing Firefox and a few other things) and it worked better again.
I told him that the crashes MAY have been due to the fact that he was using an earlier beta version (but not even guaranteed). I also told him it was ABSOLUTELY IMPOSSIBLE for an install of genuine Firefox to be the source of the pop-up ads and that it has always been my experience that Firefox gets RID of them. There was no convincing him that it was another one of his "free" programs (he has all manner of Yahoo Messenger toys like YTunnel, replacement smileys, booters to get rid of the dirty old men hitting on his 15 year old daughters, boot stoppers, etc). I even edvanced the theory that he may have gotten a tainted/hacked version of Firefox and that you should get it right from Mozilla. He contends that that is where it came from.
He had the same kind of questions as your sales friend, and kept responding to my answers with more questions:
Him: "If they give all their programs away and there was no ad-ware, how does Mozilla make any money?"
Me: "They don't. Mozilla is a non-profit foundation. The programmers are volunteers or paid through donations"
Him: "Well that just means they don't make a profit. The companies that donate money to Mozilla are getting ads in return for their sponsorship"
Me: "Not all of the project sponsors are corporations and none of them want advertising. Some are individuals who give their time and/or money as well. Also, the idea is that the project is Open Source, so even though a company or person might only have/be one developer on the project they can reap the rewards of an entire team of people and see the code like everyone else"...etc etc
Him: "I dunno...sounds fishy to me. I'd really check out that Mozilla outfit to make sure they are legitimate. Right now, I don't trust their programs on my computer. It's not like they are just little toys...the web browser and email are important parts of the OS"
The lesson here: don't just tell doubters to download it and try it out. Actually be there to oversee the installation, and explain what is going on in ther PCs. If Firefox or any other software that is free is anywhere near their PC when bad things happen, it'll be the first think a sceptical convert that runs Windows will blame.
Back in the days when Mozilla wasn't a great performer, lots of /.'ers would say stuff like, "if IE's a free download, why should I use this crappy Mozilla stuff". Well, now you know why.
It was only a matter of time before MS decided to tie browser upgrades to OS upgrades. After all, for a large portion of users, the browser's the only app they use. With their ill-gotten browser semi-monopoly, why wouldn't MS force you to buy an OS upgrade to get a new browser. DOJ? Not this DOJ.
Sounds like as good a reason as any to separate the browser from the OS. After all, this side-effect of bundling can't possibly be regarded as beneficial to consumers, and consumer benefit was the only defense they could come up with for exempting their bundling from antitrust regulations.
Posted from my Android phone. Oh, I can change this? There, that's better...
Here's what you can tell them:
"Firefox is what you get when people get together for the purpose to write the best possible software, rather than to make money."
This usually conveys the message pretty well, I found.
-- B.
This sig does in fact not have the property it claims not to have.
Think about it for a moment. The only boost to Mozilla and others will be users who:
Now, I'm not saying it's zero because clearly it won't be. But it's equally clear to me that those first three are at least somewhat contradictory, so it certainly won't be a huge boost.