Slashdot Mirror
Microsoft Says No TCP/IP Patches For XP
CWmike writes "Microsoft says it won't patch Windows XP for a pair of bugs it quashed Sept. 8 in Vista, Windows Server 2003 and Windows Server 2008. The news adds Windows XP Service Pack 2 (SP2) and SP3 to the no-patch list that previously included only Windows 2000 Server SP4. 'We're talking about code that is 12 to 15 years old in its origin, so backporting that level of code is essentially not feasible,' said security program manager Adrian Stone during Microsoft's monthly post-patch Webcast, referring to Windows 2000 and XP. 'An update for Windows XP will not be made available,' Stone and fellow program manager Jerry Bryant said during the Q&A portion of the Webcast (transcript here). Last Tuesday, Microsoft said that it wouldn't be patching Windows 2000 because creating a fix was 'infeasible.'"
"not feasible"
yeah right, more like MS wants people to move onto Windows 7
While the code may very well be 15 years old, that does not really matter to the user. What matters is how long ago Microsoft sold the product. If they sell software today that uses some code written 15 years ago you should be able to expect security updates for some period of time. Now, had they decided not to patch software they haven't sold in 15 years that would be totally OK.
The same two bugs were ranked "moderate" for Vista and Server 2008, while a third -- which doesn't affect the older operating systems -- was rated "critical."
Yes, it's easy to take the "We won't be backporting this fix" stance when the old OS isn't vulnerable in the first place.
For some unfathomable reason, MS rates remote code execution as a LOW impact problem for XP.
And somehow, the TCP stack, perhaps the most modular and with the most well-defined interfaces, can't be replaced wholesale.
This makes no sense, unless they're trying to get people to spend $$$ on moving to "Windows 7",
or as the congnoscenti call it, "Vista SP2".
ooooohhh.....
In other news... 10 year old Linux 2.4 kernel patched yesterday...
The Navy will simply subcontract-out to Lockheed Martin, General Dynamics, and other defense companies to upgrade all their systems from XP to Windows 7 and fix any programs that "break" as a result. It will employ some 10,000 workers at a cost of 1.4 trillion dollars. Then it will fail to come-in on time, so they'll spend an extra 6 months and 0.3 trillion on schedule overrun.
That's SOP for the government.
"I disapprove of what you say, but I will defend to the death your right to say it." - historian Evelyn Beatrice Hall
The XP virtual machine is not accessible from outside as it talks via a NAT router. Any attack would need to come from the Windows 7 host machine, but if that was pwned, there are many other ways to attack the XP virtual machine.
The true cost of releasing a patch is not in compiling and distributing the fix. The money is spent on verification. By not releasing the patch to XP and w2k my estimates are that Microsoft is saving man-years in verification.
Break the sound barrier - bring the noise.
I guess these guys did not read: http://support.microsoft.com/gp/lifepolicy XP extended support goes thru 2014 and supposedly covers security fixes. I would think this counts as a security fix.
Conservative, mod down for violating
Translation: "Sales of Vista didn't go well due to Vista being crap, and Win7 isn't actually all that much better, so rather than offer a product people actually want we're going to exploit our monopoly and withhold necessary security fixes from others in order to force people to 'upgrade.'"
Today GM announced that the GMC trucks have some fundamental flaw and they are prone to explode randomly. GM said it wont fix the issue because the design is very old, and fixing it is unfeasible. When asked if they will when they stopped shipping trucks with the fatal flaw, GM spokesman said, "we have not stopped building or shipping them yet. We need to compete with the low cost competitors in the net-truck market and so we continue to make and ship the trucks, but we wont fix the safety issue. The drivers may wrap themselves in bags filled with thermocol peanuts to get some measure of protection.
If not, why do we let Microsoft get away with it?
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
Except I bought a brand NEW license of XP on my Acer netbook less than 1 year ago. That means Microsoft received NEW payment for that license in the last year (and a bunch of others) so obviously they're making money on it. Unlike patching cars you don't have to make additional parts, once you fix the problem in one copy of XP it is near-zero to fix the problem for ALL XPs as they're exactly the same.
My local stores still sell NEW netbooks with NEW licenses of XP on them... where's bug support for the new buyers?
The point is, it's Microsoft's fault that the problem has been allowed to escalate. It's Microsoft that released a hideous "upgrade" to XP and allowed it continue well past the point where it should have been consigned to history. It's Microsoft that continues selling a defunct OS out of a scrambling fear to stop a competitor from making inroads into a netbook market that they had disregarded. How many millions of netbooks with XP on them have been sold over the past 2 years? MS apologists like yourselves harp on about how ridiculous it is to support a 15 year old codebase. But guess what, if you continued selling the product of that codebase until recently, then yes, the consumer has a right to expect it to be maintained.
Best Buy's recent "training" slide #9, where they say that "Linux is safer than Windows" is a myth, the "Real Facts" states (referring to Linux) 'There's no guarantee that when security vulnerabilities are discovered, an update will be created. Users are on their own.'
Here's proof that that statement is really talking about Windows...
Interesting article. I work with the Navy, as well as other services, DoD, etc and have never heard this. I've also seen the DoN purchase proprietary systems this year alone, so at least some people haven't gotten that memo. Perhaps for areas where viable open source alternatives exist, I could see that, like for servers. But many of the workstation applications have no alternative. And with changes in command every few years, his successor is just as likely to continue with MS as not.
Tic-Tac-Toe, Global Thermonuclear War, and relationships all have the same winning move.
Please..all underlying architecture has not changed from xp to vista, even though they want you to believe this...and for them to correct the wrapper on xp, would be trivial, however, they are testing the waters about phasing out xp, and want to see what the backlash will be like, seeing as no one wants vista garbage, and maybe even no windows7!
I prefer, being given the opportunity of just paying a yearly fee to keep getting updates on a system that runs properly compared to their new bloated versions of vista etc... too bad no one can pick it up like a linux distro and start their own version of windows...
in other words:
it's the same feigned argument as when they refused to port DX10 to XP to boost Vista sales - uh - I mean it was because it's technically impossible... it's just that hackers ported it to XP later....
The MAFIAA is a bunch of mindless jerks who will be the first up against the wall when the revolution comes
Don't run an OS that you can't patch yourself. Seriously, if we put our trust in these guys after they've proven time and again that they really don't represent our best interests we are the only ones to blame. It's about time to let MS go gently into the night alone and without a sleeping bag into a rabid pack of wolves.
I don't believe in karma, I just call it like I see it.
Red-Hat is commercial product. They're moving to the best of the two worlds: a cheap commercial product which they *can* adapt to their needs.
Dilbert RSS feed
Because Apple stopped selling versions older than 10.5 nearly two years ago and the upgrade to 10.6 is thirty dollars retail. Microsoft is still selling XP licenses.
Can you be Even More Awesome?!
The fix is to NEVER buy Microsoft products, again. Microsoft is a defective corporation that has made a mint off of selling knowingly defective products and reselling the HOPE that these defects will be fixed in the next update but reneging again, and again, and again, and again. MSFT's example of no/low quality has become the new American metric of quality, its business plan, corroding our society's business and work ethic, a complete mockery of the consumer laws on mechantability, deservedly debasing our reputation for quality goods.
Since the government has been ineffective in enforcing these laws, falling for MS legal theories, only insistent market rejection will [partially] protect a consumer from the borg. No doubt we will be seeing more FUD IP attacks, like SCO, traceable to MSFT. Good luck to all. Fsck MSFT.
Ah, a car analogy. It's more like this: You go to the Honda dealership and take a look at their 2010 models and purchase a vehicle. You discover that the engine has a serious flaw in it and ask Honda for a fix. Honda refuses because that engine is based on an 8 year old engine design. Except in this case, instead of a Honda you bought a brand new netbook and instead of an engine it came with a new copy of Windows XP.
Want to improve your Karma? Instead of "Post Anonymously", try the "Post Humously" option.
This is not Microsoft's fault. Talk to whoever created a web site that only works in specific versions of a specific browser.
How does this rate insightful, when the fellow knows nothing about his topic?
Weird assertion: "Sales of Win7 are down so low MS isn't even promoting it in most places"
Newsflash: There is no retail release of Win7 yet.
Good point? "underpromise and overdeliver. They have been doing the opposite and wonder why people hate them.
Excellent diagnosis. MS should also learn how to sell to the business, preferably the CFO - not keep hyping 'features' to IT - often the most dysfunctional outfit in any org.
Wild claim: "There are lots of groundbreaking problems that people will not touch with a 20 foot pole"
C'mon! Cite a bloody reference, or just yell "FIRE!" in a crowded theatre!
In reality you make claims about Windows 7 sales that cannot be backed up - and use unspecific criticism to support the claim, without evidence. Allow me to explain some basics.
The bulk of Corporation and Government purchases? They already owned Windows 7, before it was released, through the Software Assurance benefit in their contract through their reseller. Microsoft measures "deployment", not "sales" with these folks... You know Home Depot, Wal*Mart, Hewlett Packard, General Motors, even Google.
Despite not even being offered as a public, retail item, Windows 7 will do very well on the day it goes to market. Retail sales are a tricky number. Most are through OEM installation on new computers - not shiny disc SKUs. So, for 2 months, these have been ramped through the manufacturing channels.
Let's talk in February - when the after-Christmas inventory purge is complete. Then we can compare notes.
"Speaking the Truth in times of universal deceit is a revolutionary act." -- George Orwell
Your argument doesn't work either though IMO. For one thing software changes a lot quicker than car technology so I was being pretty kind saying 10 years for the car stuff. You might expect a dealer to service a 30 year old car, but you're probably going to have to pay through the nose for it (and I've read of at least one case where a dealer didn't have the parts to service a car because it was so old).
XP is not the latest software, it is simply the most popular. Even if the majority of people in the world preferred the original VW Beetle from the 30s (or whenever it started production, I think it was in production for something crazy like 50 years), it doesn't mean that VW are still obliged to find and fix design flaws in it. You'd expect a product recall if a large problem was found in the latest incarnation of the Beetle sure - but we're not talking about the latest version, we're simply talking about the most popular version, and it's getting out of its support lifetime. I don't think any other version of Windows has lasted so long.
In this case the WINE team or some group like that could probably produce a replacement version of the TCP/IP stack to stick into Windows, it would be the equivalent of having to buy 3rd party copies of OEM parts for an ancient car. Yes you can "keep it running", but the original manufacturer has stopped supporting it. MS are not shutting down all old copies of XP, they're simply stopping support.
IMO it would be nice of them to keep supporting it, and some companies would do so, but they have no obligation to. And it's definitely not MS's style to be 'nice'.
which is totally what she said
That's not really a fair comparison. The branch that is currently developed of the Windows NT codebase is Windows 7. The branch that is currently developed of the FreeBSD codebase is 8-CURRENT. Fixes are backported to 7-STABLE and 6-STABLE from there. FreeBSD 4 was the stable release series back when Windows XP was released, and it no longer receives updates. The last release from the 4.x branch was in 2005 and, although the RELENG_4 branch is still open for commits, it is not officially supported by the FreeBSD team. Of course, upgrading to FreeBSD 6 was free and easy for FreeBSD 4 users...
I am TheRaven on Soylent News
Apparently the marketing trick worked. People are talking about windows 7 as if it were something other than vista when in reality its vista with a service pack and a rename.
> They would also be perfectly within their rights to stop making
> Windows altogether and start manufacturing refrigerators...
Knowing Microsoft, it'll probably be their first product that never freezes.
I'm not repeating myself
I'm an X window user; I'm an ex-Windows user
The XP firewall is practically fucking useless to begin with. That still doesn't give them the right to jump out of a contractual support obligation 5 years in advance.
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.