Microsoft To Provide IE Patches for Windows XP Only

Fortunato_NC writes "Microsoft has decided that future IE updates, including those related to security, will only be available to customers using Windows XP. This news.com article has the complete scoop. A choice quote: 'Microsoft may be turning the lemons of its browser's security reputation into the lemonade of a powerful upgrade selling point.' This should provide a huge boost to Mozilla and other alternative browser backers."

Classic M$

[scifience]

Then they'll come back in a couple of days/weeks and say that "our business customers are unhappy with this decision" and decide to extend the patches through the end of 2006.

Re:Classic M$

[networkBoy]

We've been rollong our own patches for 3 years now. And while we're deploying XP Pro on all new notebooks we have a ton of older test equipment where the vendor has us locked into older revs of the WinOS (everything but ME, XP home, and PreNT4). It's a huge PITA when M$ tries a stunt like this and we are left holding the bag after our vendors (all smaller than us) give up and say they can't do anything about it. We employ roughly 60K people worldwide and have double that many PCs (at least). I'm sure other mega corps like us will be able to pressure M$ into supporting at least 2K for quite some time to come. With that said, half our data center and most all of our engineering data services are running on some form of *nix. -nB

Re:Classic M$

No, their view, believe it or not, is that people don't want the security patches for older systems! At least, that's what Bruce Morgan, of the Internet Explorer team, posted on the IEBlog.

Re:Classic M$

[deantallica]

What are you all complaining about? The 640 previous patches ought to be enough for anyone.

Re:Classic M$

[Zorilla]

I bet you're right too. I'm sure there are many large corps who won't move from W2K to XP.

Microsoft will definitely give it a second though when they realize organizations like this one are using Windows 2000 on user machines. It took them until 2002 to get fully upgraded from NT 4.0 where I was.

Re:Classic M$

[14erCleaner]

Nobody will ever need more than 640 patches.

Re:Classic M$

[pbranes]

http://support.microsoft.com/default.aspx?scid=fh; [ln];LifeWin

Read it straight from Microsoft. Windows 2000 is supported until 2010. This article from cnet only states that Windows 2000 will not receive a pop-up blocker or an add-on manager. Hotfixes will still be released as needed.

XP only ?

[mirko]

What do they mean ?
No update for Win2000 which is still used by my 50000-employees company ?
Or do they mean they will not update IE/Solaris and IE/OS[9X] ???

Re:XP only ?

[DogDude]

Well, my 6 employee company has standardized on W2K. We've been testing Firefox for the past month, and with the exception of a few IE specific apps, we'll be staying with Firefox now.

Re:XP only ?

[narsiman]

What they mean is Windows 2000 is completely secure. It does not need anymore fixes. You should be happy that you selected W2K for all your 5000 employees.

Re:XP only ?

[overshoot]

What do they mean ?
No update for Win2000 which is still used by my 50000-employees company ?

Yup -- but you were supposed to upgrade to XP already, so what's the big deal? You have been paying for Software Protection, haven't you?

Re:XP only ?

[kfg]

You have been paying for Software Protection. . .

Yeah, youse wouldn't want anything to 'happen' to yer software, now would you?

KFG

Re:XP only ?

[Martin+Blank]

Man, you people are gullible.

Microsoft has said that they will not make IE6 SP2 available for older versions of Windows, not that they won't provide security patches.

Generally speaking, I don't criticize the Slashdot crew because they have enough story submissions to read through that things will slip past, but this is ridiculous. Microsoft has committed to several more years of Windows 2000 support, and there are still a couple of years left on Millenium. Because they view the browser as part of the OS, it would be asinine to think that they would patch XP's IE and leave the older ones to sit where they are now.

Re:XP only ?

[jekewa]

If you check the Product Lifecycle Dates they've already passed the end-of-life dates for many of the older versions of Windows.

Win3x, Win9x, and WinME are all long passed. WinNT Server remains until 31 Dec 2004, but other WinNTs are passed. Win2K is scheduled for demise on 30 June 2005 (start saving). Even WinXP is scheduled for desupport 31 Dec 2006. Win Server 2003 is scheduled for 30 Jun 2008, so you've got a while there, but it's on the plan.

It should not come as a surprise that they stop providing feature enhancements to the older versions. Profit and other greed aside, technically it's unrealistic to expect them continue to support systems indefinately.

Tick, tick, tick...

Good

[linsys]

I don't see this as anything but GOOD news for the alt browser market.

I have already moved all my customers off IE and onto firefox and have received NO complaints as of yet, actually they are like wow I don't seem to get any more of those pop up ads, you're a great admin... ;)

Microsoft continues to shoot them selves in the foot in the area of security. I thought they wanted to keep their market share, I guess the greed is getting to them.

Not security updates but security enhancements

[FuzzzyLogik]

They aren't saying they won't provide security patches for holes, they're stating they won't provide the features that are in SP2 in anything other than XP. That's what I got out of it. Which isn't such a big deal, did you expect anything less really?

"We do not have plans to deliver Windows XP SP2 enhancements for Windows 2000 or other older versions of Windows," the company said in a statement.

Metaphorically speaking...

[kahei]

This article tries to turn the sow's ear of an overstretched metaphor into the silk purse of a pithy comment, but winds up counting it's chickens in a castle built on sand as the skeletons in the closet come home to roost.

How many reasons?

[DigitalRaptor]

Really, how many reasons do people need to switch to another browser before they do it?

I know a LOT of really intelligent, well educated people, many of whom are programmers or use linux in a server environment, who still use IE / Outlook [Express] on their desktops.

That is just begging for it.

I tell them over and over again the risks, and they still stay where they are. Ironically, complete neophites switch over as soon as I tell them about Firefox / Thunderbird.

I guess the meek really will inherit the earth.

No, that's not what they said.

[stratjakt]

First fucking line of the article.

Microsoft this week reiterated that it would keep the new version of Microsoft's IE Web browser available only as part of the recently released Windows XP operating system, Service Pack 2.

Only the new version of the browser is available under XP Service Pack 2, for architectural reasons the other OS's lack (NoExecute and whatever else).

It says nowhere they won't provide patches for the most current IE's available under 2000.

The new IE only runs under XP SP 2. You also need to upgrade if you want true HT support, BTW.

Re:Microsoft responsibility?

[danheskett]

IANAL
Not many people are.

but couldn't a corporation hold microsoft liable for damages incurred to an unpatched system
They could try, but they would probably fail. Others have tried, and failed.

1. First off, with a security flaw, you need to be exploited to suffer damages. In a court case it will be easy to argue that MS shouldn't be responsible because even though they made a flawed product there was an overt criminal act involved that trumps their involvement. For example, if a car manufacturer makes cars with easily defeated locks, or locks that sometimes don't work, can the owner of the car sue the car company for damages if the car is stolen? They could try, butit probably won't get far just on that argument.

2. Second off, in liability cases you have to do your honest best to mitigate your exposure to loss. If I buy a product, and later am notified that is defective, it is my obligation to act appropriately. That may include stopping to use the product. In this case, it may mean active content filters, firewalling, security zone changes, etc.

3. Finally, many industries are exempt from liability in certain cases. For example, auto-manafacturers do not have to recall cars after a certain age. It doesn't make sense for the government to require Chevy to recall the remaining 1976 S-10's because of a latch that might go dangerously bad at 200,000 miles. Microsoft would have a good claim that Win2k and earlier is the equivalent of that outdated pickup truck. You drive that old pickup at your own risk. Windows XP is running on well over half of all Windows machines now. That percentage is getting bigger and bigger. Soon it will be 66%. At what point is it okay to stop supporting a product?

One last point. It may be tempting to say that MS should be liable for exploited systems. That is a bad road to go down. If all of the sudden liability is assignable to software makers because of exploits like this, the whole software world has a major problem.

Software liability could be exactly the tool that MS wants to destroy Linux in the business world. If an individual writing OSS software new that any possible flaw they introduced coul cost them everything they own you can bet that the number of checkins to Sourceforge will drop drastically. Companies like MS will be able to whither the storm. They'll force everyone to use only signed binaries. Machines will become locked down to the Nth degree, and proprietary will be back in. Every software vendor will force their users to run approved-only configurations. It'll be like the mainframe days of the 70s and 80s only worse. Companies like MS can afford to buy the liability insurance and the lawyers to hold on. Meanwhile, the Mozilla foundation will flounder and die.

Software liability is a bad, bad, bad, bad idea for the entire industry, but absolutely deadly for Linux and FOSS in general.

You waived that right.

[Andy+Dodd]

When you agreed to the EULA, you agreed not to sue M$.

Odd that this is one of their biggest FUD weapons against OSS, "There's no one to sue.". Well, there's no one to sue with M$ software either.

TROLL ALERT!

The story, if you read it, states the XP SP2 improvements to IE will only be available to XP SP2 customers. THESE imporovements will only be able to XP SP2.

The article DOES NOT state no more IE patches for 2000/NT 4.0

Very very misleading title to this story on ./

Re:TROLL ALERT!

[Muerte2]

I'm not sure I totally agree with what you say. You see I'm one of the rare Slashdotters that actually READ the article.

By refusing to offer IE's security upgrades to users of older operating systems except through paid upgrades to XP, Microsoft may be turning the lemons of its browser's security reputation into the lemonade of a powerful upgrade selling point.

While I'm not sure it's 100% as cut and dried as what the /. title suggests, it does say that some security releases may not make it back down to the old OSes.

Re:Servers?

[jtharpla]

Actually, in a software company, it's not atypical at all to have Server installations used as desktops. We have a number of developers who develop/test software on top of databases, IIS, etc. Yes, some of this stuff is available for 2KPro and/or XP, but the only way to be sure it works 100% is to have access to the full server version. So it's not atypical for a developer to run Server as desktop. I myself use 2003 Server as my desktop because I wanted to be able to evaluate different server products (I'm a sys admin). I also wanted to get familiar with 2003 Server before it rolled out to our production systems--when you use it every day, you find all the nooks and crannies you'd overlook in terms of settings and whatnot. Finally, I prefer the remote access configuration of Server over XP. It's not unusual for me to use both remote sessions as well as the console, running different apps as different users, etc. Sometimes RunAs just isn't powerful enough for this.

M$ Partners

[JambisJubilee]

This should provide a huge boost to Mozilla and other alternative browser backers.

Unfortunately, I don't think it will. I work for a small business (a Microsoft partner) which provides IT services for other small to medium sized businesses. We provide both solutions and support. If we chose to use a non-microsoft product, we loose tens of thousands of dollars in support. No viruses, worms, spyware, hijacked browsers == no money.

It seriously bothers me, but I would argue that the strength Microsoft has is not in providing well written software, but providing poorly written software prone to exploits.

Microsoft's Consistency is GUI

[abb3w]

What part of THIS don't you get?

How Microsoft is reconciling that with THIS:

"Microsoft remains committed to providing security updates to our customers for all supported Windows versions."

I suspect it means that the popup blocker, new download protector, IE plug in controls, window relocation blocker, e-mail screening, and e-mail bug blocker will not be made available for anything but XP-SP2. Which kinda sucks, but is mostly OK. If only it were possible to view the "Downloaded Program Files" folder without Windows Explorer filtering the contents; possibly the plug-in manager would improve that, but I doubt it. I've found the best blocker for these stupid add-ins and adware pieces is creating an empty NTFS folder where it wants to go... and then setting all permissions to "Everyone -- Deny".

As I've always said, IE was never 'free'

[Rob+Y.]

Back in the days when Mozilla wasn't a great performer, lots of /.'ers would say stuff like, "if IE's a free download, why should I use this crappy Mozilla stuff". Well, now you know why.

It was only a matter of time before MS decided to tie browser upgrades to OS upgrades. After all, for a large portion of users, the browser's the only app they use. With their ill-gotten browser semi-monopoly, why wouldn't MS force you to buy an OS upgrade to get a new browser. DOJ? Not this DOJ.

Sounds like as good a reason as any to separate the browser from the OS. After all, this side-effect of bundling can't possibly be regarded as beneficial to consumers, and consumer benefit was the only defense they could come up with for exempting their bundling from antitrust regulations.