Windows XP SP2 Support Ends Tomorrow

Vectormatic writes "As can be seen on the product page for Windows XP, support for SP2 ends tomorrow, while the majority of Windows XP users still haven't upgraded to SP3. This could open up millions of users/businesses to exploitation, since security updates for SP2 will stop coming in while security fixes to SP3 may clue hackers in to vulnerabilities."

Note

[segin]

It should be noted that XP SP2 x64 has support until whenever XP SP3 x86 runs out. There is no XP SP3 x64

Re:Note

[fuzzyfuzzyfungus]

Luckily, XP x64 was always basically immune anyway. It's pretty hard to get 0wn3d when you can't find a NIC driver...

Re:Note

It should be noted that XP SP2 x64 has support until whenever XP SP3 x86 runs out. There is no XP SP3 x64

Despite the name, XP x64 is actually the same codebase as win2003 server x64.

Re:Note

[BigDish]

XP x64 is really Server 2003 "Workstation Edition" - it's compiled from the Server 2003 code, thus uses the same patches (and has the same lifecycle) as Server 2003, not XP.

Re:Note

[TheThiefMaster]

I used it for years (from pretty much as soon as it was released) without driver trouble, so your assertion that device makers largely skipped XP x64 is incorrect. There were drivers for my Logitek USB microphone, creative "extreme" soundcard (just as stable as under x86, unfortunately), nVidia graphics, AMD cpu, all onboard motherboard devices (sound, raid, ethernet), Samsung printer, even my no-name Chinese webcam came with XP x64 drivers. Only one device I owned wouldn't work, and that was a Belkin bluetooth module whose drivers were never updated to support XP SP2, let alone XP x64.

I did have a game or two that needed cracking because its DRM wouldn't work, but as I cracked games anyway to remove the "find the cd" requirement I didn't consider that a massive problem. Those games probably don't work without cracking on Vista/7 x64 either.

Oh Noes!!!

[B5_geek]

The sky is falling!!!

If these people/companies don't care enough to have upgraded to SP3, they won't care that support for the OS has ended either.

Re:Oh Noes!!!

[localman57]

What a BS! I tried SP3, but it messed up my website. For some strange reason all the text I entered got posted twice :(

Crap! Is that what causes that?
Crap! Is that what causes that?

Re:Oh Noes!!!

[Sycraft-fu]

Ya, sympathy meter reads 0 for these folks. You cannot expect to never update an OS and have it stay safe, particularly a consumer OS where things are opened up and easy to use. I suppose if you really lock down and harden an OS (or use one that is hardened by default) and do not install new applications you can be somewhat secure with no updates, but for a desktop OS, updates are necessary.

Also I get tired of the idea that companies should have to support software forever. SP2 is OLD. STFU and upgrade to SP3. It isn't hard.

Re:Oh Noes!!!

[Hatta]

This is especially stupid since software has no moving parts to wear out, and is one reason I hate Windows and love Linux. When support stops for a Windows distro you're out of luck, but Linux support is always there.

Bitrot happens even on linux. Just try and use an old version of Linux from 2001 or so on period hardware. You won't be able to take advantage of linux's biggest advantage, the software repositories. Try and use them and you'll pull in an updated distro. You really do have to constantly update a Linux box, but the updates are free and automatic so it's not so onerous.

What's really bad is when you have an old piece of software that was written for an old version of GCC. Newer GCCs are more strict, so you may not be able to compile it with modern GCC without some serious hacking. And the libraries a binary needs are probably no longer in the repositories, so you may have to hunt them down, manually install them and do trickery with ld_library_path to get it to run.

As much as I prefer Linux to Windows, it has its share of backwards compatibility problems too.

Re:Oh Noes!!!

[drsmithy]

Odd that I can get support for my 2002 automobile, and if there's a flaw found they'll issue a recall, but an OS from the same year gets no support.

Yes it does. The support is called SP3.

I could get parts for a classic car easily, but try getting a PC game from 1995 to run well.

It's trivial - all you need to do is get an OS and hardware from that period, or replicas thereof - just like classic car parts.

This is especially stupid since software has no moving parts to wear out, and is one reason I hate Windows and love Linux. When support stops for a Windows distro you're out of luck, but Linux support is always there.

"Linux support" for a ca. 2002 - or 1995, for that matter - distro is no better than Windows, and in most cases significantly worse.

Re:Oh Noes!!!

[myrmidon666]

Some people are unable to upgrade for some reason or another. For example, in my case, every time I have tried to upgrade to SP3, I get a BSOD. I have tried 4 times with no luck. So, I have continued to skip the upgrade to SP3 and will continue to do so.

xp and _win2k_!

[aradnik]

what's more important is that win2k support is withdrawn as well... and quite a few major organization still rely on it...

Re:xp and _win2k_!

[Theoboley]

I know the company i currently work at freaked out about 2 months back as the deadline approached for the Win2k Cutoff. Spent a crapload of money to ugrade to server 2008.

Re:xp and _win2k_!

[PPalmgren]

Liability. Its kind of hard to say "we tried to be as secure as possible but got owned anyway" when you're using an outdated OS out of its support cycle. Now they can shift the blame back on Microsoft's swiss-cheese.

Could you imagine the damage done if said company makes headlines for losing tons of sensitive customer data, and then has a follow-up headline showing their security practices?

Re:xp and _win2k_!

[antdude]

Also, there seems to be no updates for W2K SP4 for tomorrow as well that I read. :( So last month's updates were the last ones!

Re:xp and _win2k_!

[shutdown+-p+now]

Why'd they freak out?

It's not going to be receiving any updates from now on, including security updates.

Re:xp and _win2k_!

[compro01]

Financial responsibility, yes, but not PR responsibility. You can blame them even if you can't sue them over it.

Astonishing

[jsnipy]

It is amazing that an service pack would even be supported up to 2 years after the next service pack.

Re:Astonishing

Well, if it was loose, you should definitely corral it. Having loose data running around is dangerous. You could lose an eye or something.

Re:Astonishing

[Mad+Merlin]

Decently designed XP applications store data in user's profile.

So... none of them?

Re:Astonishing

[LinuxIsGarbage]

Windows XP SP3 requires 1GB of memory in the system, SP2 required about 512MB. This is not mentioned anywhere in the SP3 notes that I could find.

That's because it's a figure you made up by yourself. Without any third party tools, the system requirements of Windows XP remain the same as when RTM rolled out in 2001. 64 MB bare minimum (which means it will basically boot), 128MB recommended (which means it will boot in under a day). I have several PIII machines with 256MB RAM that hum along with XP-SP3 quite well. The problem with requirements isn't so much Windows as third party software. Websites have richer and richer content (flash, Javascript) that can take an old machine to it's knees, on-access AV solutions considered "light" on new machines can have a huge performance hit on an older machine. Yet Office 2007, and even Office 2010 still perform better on these machines than Open Office.

Re:Astonishing

[TheRaven64]

Another option is to boot to the recovery console from the install CD and then simply rename the WINNT and Program Files directories. Then, the new install will go alongside them and you can copy files that you actually wanted back.

Huh?

[The+MAZZTer]

"while the majority of windows XP users still haven't upgraded to SP3"? Citation needed. SP3 is delivered via Windows Update. I had it before I switched to 7, my company it using it. It's been out for quite a while. I don't see why the majority of XP users would not be using it...

Re:Huh?

[$RANDOMLUSER]

Because lots and lots (and lots and lots) of people don't see the Genuine Advantage? That's how you get SP3 via Windows Update.

Re:Huh?

[malignant_minded]

While I can't vouch for the majority of windows xp users I know a bunch of companies that are still at SP2. Also I would guess that many home XP users have found their computer infected enough times to find that it was cheaper to buy a new one than it was to pay a shop three hours to clean it up, thus they ended up with Vista or 7 eliminating them from the statistic. This leaves companies that are making a decision to stay at XP and IE6 since it breaks their hack code Intranet, many of those may be for similar reasons at SP2.

Re:Huh?

[soupforare]

Over half of the machines I see at the shop that are running XP, are still running SP2. The problem is that even if the machine is genuine, people don't interact with the WUA. Of those that do, many are running software that prevents it from being installed, Norton, Trend, HPcrapware, etc. There's a lot of things out there that screw up an sp3 install.

Re:Huh?

[fyngyrz]

"you can't firewall stupidity"

Is SP3 the one with the bigger GBs?

[GigsVT]

Is it 3G and does it have the wifis?

Re:Is SP3 the one with the bigger GBs?

[nschubach]

I think the OP is referring to: http://www.youtube.com/watch?v=FL7yD-0pqZg

Re:Is SP3 the one with the bigger GBs?

[phoenixwade]

Is it 3G and does it have the wifis?

yes, yes, you can still get your inter-webs. on a more serious note: SP2 can still be exploited? after 6 whole years in the wild? Who would have ever thought that could have happened?

so what?

[l2718]

Business and private people have had years to evaluate SP3 and plan for its deployment, or in the alternative to switch to other operating systems. The summary seems to assume an implied responsibility of Microsoft to support SP2 simply because the public likes it.

It is true that had XP+SP2 been free software, there would be an option of obtaining patches and support from other vendors, but this is not a complaint against Microsoft but rather against those that chose to use Microsoft's software.

Re:so what?

[Vectormatic]

submitter here,

I didnt mean to imply MS has any kind of responsability to keep support going for SP2 longer, i much more agree with cmdrTaco's stance "from the better-get-patching dept". My goal wasnt to start a whole new thread of MS bashing, more to just notify people about the end of SP2 support, which i think is significant for most nerds/geeks, even if they moved themselves to *nix ages ago, their parents/siblings/friends might still run SP2 somewhere.

Not to mention that SP2 made XP actually good, sp1 was OK as well, but SP2 was a pretty big thing.

ten years

[FuckingNickName]

I wish Apple or Linux supported a base system for ten years.

$1.20 says they'll continue releasing critical updates as they've done for a while for "retired" service packs in the past.

while the majority of windows XP users still haven't upgraded to SP3

Evidence?

Re:Cool

[VGPowerlord]

Blue, Silver, AND Green!

You get the best from Fisher-Price! Er... Microsoft.

Citation on the 50% number

[Vectormatic]

http://laws.qualys.com/2010/05/end-of-life-for-windows-xp-sp.html

That article states SP2 is still used on 50% of XP machines

Re:Citation on the 50% number

be nice if we could get a citation on the citation, since they just show a graph with no explanation of where they got the numbers they used for it.

Re:Heh...

See, the difference is, with Windows, you're the one getting his ass raped, with Ubuntu, you're the one getting the blowjob.

No biggie, it still keeps running

[petes_PoV]

Just like my virtualised version of W2K. Just 'cos the supplier won't provide any more updates doesn't mean anything bad will happen. Since I have automatic updates switched off and the machine is secure and doesn't get bugs, virues, trojans it makes very little difference whether the vendor supports it any more or not.

BTW, on a related note. Since the machine runs in a secure environment, it neither has nor needs AV. It's surprising how fast a 256MB P3 is without all that overhead.

Re:No biggie, it still keeps running

[Spad]

By "secure environment" I presume you mean "without network connectivity"? Because otherwise, it just isn't.

Microsoft support lifecycle practices

[DragonHawk]

I wish ... Linux supported a base system for ten years.

Linux isn't a person or organization and thus can't support anything.

The best organization I know of (in terms of length of support for a given Linux configuration) is Red Hat, which supports RHEL for seven years. Still not as good as Microsoft's ten year policy.

Microsoft will support you even longer, if you pay for a custom support agreement. I'm told prices start around $40K.

I suppose, for that price, you could pay someone to maintain your Linux configuration for you. You do have the source code. But you'd have to start doing it sooner.

$1.20 says they'll continue releasing critical updates as they've done for a while for "retired" service packs in the past.

Can you cite specific examples? In my experience, support for Microsoft products starts to be curtailed near end-of-life, not extended past it. NT4, 2000, XP have all had security vulnerabilities discovered which Microsoft did not fix, but which were fixed for later releases of Windows. MS09-048 for 2000/XP. Another I can't recall right now for NT4. Yah, they had their reasons, but the fact remains that once the successor products arrive, support starts to degrade for the old releases.

Re:Majority of users wont do it.

[Mongoose+Disciple]

with the enormous hidden 'call back home' shit sp3 and on brings, majority of users and sysadmins will not upgrade to it. they are not stupid.

Because the majority of users and sysadmins are aware of any of that? Get real.

I'm sure a lot of people won't upgrade, but seriously, a majority of users probably can't even change their screen resolution without help.

Microsoft base system release lifecycle

[DragonHawk]

I wish MS updated their base system more than once every 10 years.

Win95 (1995) -> Win98 (1998) [3 years] -> Win98SE (1999) [1 year] -> WinME (2000) [1 year]

NT 3.1 (1993) -> NT 3.5 (1994) [1 year] -> NT 4.0 (1996) [2 years] -> Win 2000 (2000) [4 years] -> XP (2001) [1 year] -> Vista (2006) [5 years] -> Win 7 (2009) [3 years]

Even the longest release drought, XP->Vista, was 6 years, not 10. The mean is 2 years; the median 2.5 years.

(I detest FUD, even FUD directed at a target I happen to dislike.)

Re:the 5billion inthe bank is not enough

[Joe+U]

I have to say, M$ decides to not support and leave all the sp2 users open to vulnerability because they choose to, not because they have to

I can see why a company would not want to do regression testing on multiple service packs when the fix is to update to SP3 and it's been out since April 2008. There comes a time when you have to stop support, testing is expensive and there's still support for SP3 until 2014.

You can buy a support contract if you want SP2 support.

Re:the 5billion inthe bank is not enough

[Spad]

Erm, you don't have to pay anything for SP3. It's a free download and the min spec hasn't increased from SP2 so you don't need to upgrade any hardware.

If your apps still require XP SP2 to function then you've got bigger issues than Microsoft dropping support for it.

I feel no sympathy there either

[Sycraft-fu]

People need to stop with this bullshit of wanting to stay on an OS for ever. No company supports a product for all eternity. 2000 was supported when its replacement came out (XP) and when that's replacement came out (Vista) and even for a while when that's replacement came out (7). It was supported for over 10 years (despite the nae it came out in 1999). It isn't like an upgrade has been something you've had to do quick.

It is just laziness on the part of companies that do this. Also, I'd bet these very same companies would tell me to go away if I brought i one of their products from 10 years ago and wanted support on it. They'd say "That is out of warranty, buy a new one." Yet somehow they think MS should have to support their OSes forever.

Also I'll add you CAN get systems that are supported pretty much perpetually. Mainframes are like that. You can run those for decades and even after new version come out, the support continues. However you pay a ton to buy it, pay even more in maintenance (support isn't free, software or hardware, you have to pay yearly upkeep) and they are going to certify it for certain apps and you'll run those and no other, or lose support.

If that's not your cup of tea, if you want cheap OSes that let you do as you please, well then deal with the fact that you "only" get a decade of support (though sometimes more like with XP).

Re:I feel no sympathy there either

[dbIII]

Several features were removed between 2000 and XP, the most annoying of which is the reduced number of people that can connect to a network drive. Server 2008 is of course the expensive and time consuming answer which can be hard to justify against something that already works as well as it needs to.