Slashdot Mirror
End of Windows XP Support Era Signals Beginning of Security Nightmare
colinneagle writes "Microsoft's recent announcement that it will end support for the Windows XP operating system in two years signals the end of an era for the company, and potentially the beginning of a nightmare for everyone else. When Microsoft cuts the cord on XP in two years it will effectively leave millions of existing Windows-based computers vulnerable to continued and undeterred cyberattacks, many of which hold the potential to find their way into consumer, enterprise and even industrial systems running the latest software. Although most of the subsequent security issues appear to be at the consumer level, it may not be long until they find a way into corporate networks or industrial systems, says VMWare's Jason Miller. Even scarier, Qualsys's Amol Sarwate says many SCADA systems for industrial networks still run a modified version of XP, and are not in a position to upgrade. Because much of the software running on SCADA systems is not compatible with traditional Microsoft OS capabilities, an OS upgrade would entail much more work than it would for a home or corporate system."
"When Microsoft cuts the chord on XP in two years it will effectively leave millions of existing Windows-based computers vulnerable to continued and undeterred cyberattacks" So what's the difference between now and when this will happen?
Why not liberate the source and let other companies continue bugfixing?
Oh... doesn't fit the business model?
open source ftw and for long term maintenance.
When Microsoft cuts the chord on XP in two years it will effectively leave millions of existing Windows-based computers vulnerable to continued and undeterred cyberattacks
I can't say I'm going to miss Microsoft XP support.
I can't say I 've ever had Microsoft XP support, either-
The three laws of thermodynamics:(1) You can't win. (2) You can't break even. (3) You can't even quit.
in 2014, anyone will have had a decade for the switch to Vista, and 5 years for win7. If I was concerned about security support form MS, I wouldn't complain about being able to use a decade+ old OS (let alone 13 years old when support ends) in the modern wild.
TL;DR: Need better stories /.
About time. XP default sounds suck.
Nothing to worry about, yet...
Companies have two years to upgrade from software that is more than ten years old or install a firewall on systems in industrial networks.
Almost nobody ever runs Windows Update on those old SCADA machines anyway, I don't really think this is such a big deal.
You just have to wonder if its more than coincidence that this gets announced on the 100th anniversary of the sinking of the Titanic. Coincidence??? Hmmm...
...that's two years to do something about it. What does everyone expect; Microsoft to support it forever?
14 years of support seems pretty generous - I mean how many versions of OS do Apple currently support? Certainly not all the way back to OS X 10.0. I'm also sure that a lot of those embedded and industrial systems will be updated before then. That's more the job of the manufacturers than Microsoft.
This deadline has been known about for the past five years - if you can't resolve upgrade issues in seven years, then you are the problem, not the maker of the software being EOLed.
This isn't happening overnight, you had your chance to do something about it. You might not agree with the EOL, but that's beside the point.
So we'll only have two notes of support, instead of at least three?
When Microsoft cuts the chord on XP
Cuts the cord?
Or is this some sort of operation that will prevent XP from playing guitar?
It's Y2K all over again!! We're doomed!
This 'nightmare' assumes the human race will still exist in two years. Or that we will still have a level of technology that needs computers.
Given some of the insane things we are doing to our earth, water, air, food, people, countries and societies...
I have serious doubts if that assumption is correct.
Anyone still running XP at this point probably hasn't been patching the OS anyway. Not to mention using an admin account as their primary login ID. Not to mention the parts of the XP architecture that make it more vulnerable even if it IS fully patched.
The XP security nightmare began in 2002. A few remaining machines left in 2 years won't make the problem any worse.
We are the 198 proof..
Every time I read about the ending support, I wonder what happens to the so called XP mode in Windows 7. It's an installation of Virtual PC with a XP image ( http://www.microsoft.com/windows/virtual-pc/download.aspx ). Since Windows 7 is supported by MS, how can they leave those users alone?
When they cut the "chord" does that mean they'll get air on their g string?
Typos aside, a lot of places are going to get caught with their pants down due to some software, even current software, not running properly in Vista or Windows 7 yet. The worst I've seen is a 2011 release of geophysics software that will not run due to the licencing software that comes with it using one of those evil USB dongles and doing a licence check in 16bit MSDOS mode. That sort of bullshit is deliberate insanity since everything in the MS evironment was 32 bit before USB even came out.
I am still running Windows XP myself, I personally don't see much benefit in upgrading with my current hardware. My plan is to go from Windows XP to Windows 8..
I'm all for bashing Microsoft but how can you say
"When Microsoft cuts the chord on XP in two years it will effectively leave millions of existing Windows-based computers vulnerable to continued and undeterred cyberattacks, many of which hold the potential to find their way into consumer, enterprise and even industrial systems running the latest software"
while talking about XP? Its over 10 years old. Microsoft have been trying to push people away for two versions of windows. While their upgrade cycle might be very clunky, I don't think the blame can fall fully on them for people who run software which is 10 years out of date, and now out of support.
- http://www.milkme.co.uk
Is like watching the exorcist and in the last minute realizing that you were watching an horror movie. If in the 1st 5 minutes you didnt realized that you were having a really bad nightmare and kept sleeping even being aware that you could wake up at will, you probably enjoy it.
This is no different from when Windows 2000 reached its end of life, or 98, or NT4. The life cycles of Microsoft products tend to be consistent and well known.
Anyone using Windows on a SCADA system should not just rely on Microsoft's updates for security. Lock them down, limit Internet access to a minimum, don't use Administrator accounts, don't install any Adobe products, don't use the systems for general purpose web browsing and don't feed them after midnight. Most security holes require some active interaction to work.
I still have a bunch of Win2000 systems in use and they chug along fine.
I'm still waiting for them to reach 0.5 beta. If they do by April 2014, I'll definitely switch to ReactOS.
Sooooo let me get this straight, There are industrial networks that still rely on XP for SCADA AND they are not protecting them with other security mechanisms AND they are connected to the internet. And the security nightmare here is somehow Microsoft's fault and not the incompetent morons running these unprotected systems?
How many Linux and OSX releases are supported for 12 years?
It's not like old drivers will easily work on the new OSes, kernel upgrades are a sure thing, or your old hardware will be supported by the new OS (such as the move from 32-bit to 64-bit Macs).
Personally, I'm far more interested in how MS is going to handle product activation... or more likely, they just won't. Call me lazy, but I haven't bothered to get myself a corporate edition of XP Pro to replace my regular retail version. What will happen if I swap motherboards?
BTW, I have Win7 on my laptop, but my workstation is still XP, because I just can't stand the new taskbar, among other things. I have reasons for not upgrading that go beyond, "I don't need to."
"Microsoft's RECENT announcement..."
Fuck this outright lie and loaded statement. The support cycle for XP is as old as the OS itself. The end of extended support date was set over a freaking decade ago. It's not like they suddenly just said that everyone has 2 years to upgrade.
If Slashdot is still around in 8 years I fully expect a "MS ENDS WINDOWS 7 SUPPORT - FORCES UNNEEDED UPGRADE!!!1" posting.
I don't get articles like these; it looks to me as if people are now somewhat blaming MS for stopping support (after 13 years for crying out loud!) due to possible unsecured boxes?
First; this is not the responsibility of Microsoft but the owners of said PC's. If they're smart they'll upgrade to Windows 7 while they still can (so before Win8 comes out).
Second; If this is such a big issue then I'd put more blame on anti virus companies. You know; the ones which provide a virus scanner "free of charge" with a new PC. Of course; its only free for 3 months or so and I'm more worried about the thousands (if not more people) who think they're protected ("I got a free scanner, I have nothing to worry about") while in fact their subscription has ran out a long time ago.
best post in this story :)
It's not just SCADA equipment where the OS can't be replaced due to the manufacturer failing to support anything newer than XP.
I work in a University science department and there are many pieces of scientific equipment which is run by machines running XP, such as mass spectrometers and electron microprobes. In addition to this there are expensive pieces if equipment for which drivers are not available for Windows 7, either 32 or 64 bit and very many where the software won't work correctly if it doesn't run as administrator.
This doesn't even include things such as display screens which have embedded computers running Windows XP Embedded, such as those made by Samsung, which are still being sold with XP installed.
That is all.
Seems foolish in hindsight for PLC makers to adopt any General Purpose OS for dedicated, safety-critical, hard-realtime applications. Write or license an embedded controller OS with only the software support needed for the hardware used, and stop there, says the Armchair Engineer (who hasn't picked up a scope probe in decades).
Set aside for a moment that XP is pretty old. I bought a legal copy of it. It does not have an expiration date on it, I am entitled to run it as long as I wish. My license appears to allow me to replace my hardware if it fails. But at some point XP may find that the changes are 'suspect' and require me to re-activate my legally bought copy. Will Microsoft continue to run their activation servers?
If not, will Microsoft provide a 'Golden Key' to activate without their Genuine Advantage Farm??
To Terminate, or not to Terminate, that's the question - SCSIROB
Someone, please, just think of the poor children running SCADA systems!
Oh wait, its only Windows XP
Oh wait, its actually in 2 years
Oh wait, its just support
Seriously, do we need a "Windows XP is gone and the world is already burning" scare-article posted every month on Slashdot? For the entire period of 7 years of pre-announced end of support for an ancient OS? This shouldn't even be on idle. Is this a tech site or little Suzie's shopping ground for pink dresses?
I can't say I 've ever had Microsoft XP support, either-
I did, back in the days when XP SP1 was promulgated, but it was not one of Microsoft's prouder moments. The SP1 package downloaded, but would not install. Several attempts yielded the same result, and various help articles on the MS web site were consulted fruitlessly. So I duly filed a report on the MS web site, not expecting much to happen. Somewhat to my surprise, I got a phone call a couple of days later (must have been international, I'm in Finland, and the support person spoke English with an Indian accent). She talked me through what I had already tried, and it failed yet again. So then she told me to disable all firewalls, both in the PC and in the router, and try again. I suggested that would be unwise, since my router logs indicated several nasty packets (fake routing, port probes, etc.) per second were being blocked, and none appeared to be from Microsoft. Her response was that the only way for me to install SP1 was to disable all firewalls. In other words, connect with pants down and legs open to a stream of questionable health. Yeah, right.
I paid attention to her advice, but did not follow it. Instead, I installed Warty Warthog, which seemed to work quite nicely (but had issues with wireless which meant wired connections only). A beta version of Breezy Badger followed, and it autodetected and supported almost everything on the laptop, including the wireless. XP was thrown away shortly thereafter, and the 8-year-old laptop today runs Xubuntu (10.04 LTS, soon upgrading to 12.04 LTS).
Those who can make you believe absurdities can make you commit atrocities. - Voltaire
That would only work if the same laws applied to everyone. That would be an unmitigated disaster for the open source community which for most part shelves older versions far sooner.
It wont make any difference, the 2 main ways viruses etc get into a machine is: 1). Browser 2). Email. The router acts as a natural firewall so it's all down to the browser, anti-virus and the user being a bit savv and looking out for anything that's not right. Security nightmare my arse! We already have a security nightmare and it's the users fault mainly for not watching out.
This 'nightmare' assumes [...] we will still have a level of technology that needs computers. [...] I have serious doubts if that assumption is correct.
I suggest you try placing a wager on it then. I'm sure there'll be plenty of people willing to bet, say, $100 on "we will still need computers in two years". If your doubts are THAT serious, why not capitalize on them?
Every end has half a stick.
All Windows versions come with 10 years of guaranteed support. 5 years of primary support, where they get new features and service packs, 5 years of extended support, where they get bug and security fixes. MS is known to increase that, but never decrease. In the case of XP, they did extend support. XP is getting 14 years total of support.
I have zero sympathy. You have to cut support for old versions at some point. Even if you are doing everything for free, it just gets infeasible to maintain old code all the time. Ubutnu only does 5 years on LTS releases. In MS's case, it is also because bills need to be paid. They don't charge yearly for maintenance or patches or anything, the cost of that is included in the purchase price. Well, that means that price has to be paid every once and awhile, and once per 10+ years isn't unreasonable.
As you say this isn't happening overnight, nor is it a situation of MS suddenly reducing support life. This has been known for a long, long time. Any company that is sticking their head in the sand about it is bringing about their own problems and on their own heads be it, they can't blame MS at all.
Look people, XP goes out of support in 2014. STFU and deal with it. You've 3 choices:
1) Upgrade. Really, this is not hard. 7 Is an extremely good OS, I've been very pleased with it. It will be supported until January 14, 2020 at a minimum, unless MS chooses to extend it so you've at least 8 years before you need to upgrade again. Once a decade-ish isn't too often to upgrade.
2) Isolate. You can just take the damn thing off the Internet if it is really a problem. We've done that at work with a few old Windows 98 systems. We are a university and so don't always have money for new toys. We get some old piece of equipment that is controlled by software that only runs in 98 or earlier. Fine, it just doesn't get on the net. Yes it is a bit inconvenient. Deal with it. The air gap works.
3) Protect. If it really is an issue, you can lock down and protect the systems. Put them all on a private network that can only be accessed via a controller system that is bitchy about what is and is not allowed in and out. Then internally have each system run a locked down firewall and set of services. Disallow any web access, only access to internal systems. Lock everything down tight, with multiple levels of security, and even lacking patches you can likely keep it secure.
This is nothing more than companies whining because they want to be lazy. They don't want to take the effort to upgrade to a new version of Windows, don't want to take the effort to increase security, and just think that MS should patch shit forever to support their laziness.
No sympathy here.
Does anyone know what *actually* happened when everybody was saying the same thing about the end of support for Windows 95 a few years back?
Big problem, little problem, no problem?
Sheesh, evil *and* a jerk. -- Jade
Slashdot needs a button that says "Submit, if this is going to be the FP; otherwise cancel".
Sheesh, evil *and* a jerk. -- Jade
You just have to wonder if its more than coincidence that this gets announced on the 100th anniversary of the sinking of the Titanic. Coincidence??? Hmmm...
And 2012, no less!
Oh, wait... two more years. We'll have to find something else to blame for the end of the world.
Sheesh, evil *and* a jerk. -- Jade
Microsoft has a very well known, documented, life cycle for their software. Go look it up on their site. When you buy Windows part of that price is service and support. You get patches at no additional charge for the life of the software. However at the end of the life, that stops, you have to buy it again. The life of the software is 10 years from release minimum. That's longer than I see elsewhere, even Ubutnu is only 5 for their LTS. Redhat may be willing to go longer, I don't know, but of course you pay yearly, quite a lot in fact, for a service contract.
It isn't unreasonable for them to want some money once a decade to have patches developed. It also is plenty of time to plan for upgrades. It isn't as though they jump out of the closet and announce an EOL at random times, it is known years (actually a decade) in advance. Like Windows 7, it ends support January 14, 2020. They may extend that date, if there's a reason, but they won't shorten it. So upgrade, and you don't have to worry for 8 years.
Am I the only one who has to ask why these critical SCADA systems are set up in such a way that they would be vulnerable to networked viruses? Shouldn't they be isolated and theoretically only updated by USB or something where you could insure the source media was clean before use? (And yes I know even that is a rather naive belief)
I'll bet vast sums of money that the world won't end within the next two years.
If it doesn't, I win big; if it does, I won't have to pay.
Sheesh, evil *and* a jerk. -- Jade
When did /. become nonsensical fear mongering? So over this website. But... I loved you. :(
But then with a lot of supposed "realtime" and "safety critical" systems, those goals only apply so long as it doesn't affect potential profits. "Whats this? Writing our own kernel would cost $$$?? To hell with that , just grab a copy of Windows and we'll work from there!"
These days however with the linux kernel being easily modifiable they have no excuse unless they're simply afraid of the GPL.
When you build a highly customized system that: A) will be in use for many decades B) is nearly impossible to change or replace C) is maintained by a third party who has no incentive to continue maintaining it for the duration of your use
It's an amazing thought that people run Windows XP on SCADA machines.
I'm used to seeing massively outdated Windows NT4 machines.
One plant I was at last year ran a SCADA system on a version of DOS.
On the upside those aging NT4 and DOS machines were not physically network connected because they couldn't be. At best they often sported a MODBUS connection or proprietary MODBUS+ connection. That's one of our excuses for not upgrading one of out NT machines. XP doesn't support the 8bit ISA card we need to talk to the proprietary vendor crap, and the vendor won't provide an upgrade without upgrading the entire PLC, which we will have a window of opportunity to do in 3 years and god knows how much that is going to cost.
So what's going to happen after the cutoff, will it still be possible to activate installations? Will they release a final patch that removes the crap?
So what? Computers running Win98, Win95 etc. are already in this situation. Nobody complains about them...
student = stuxnet, bloody autocorrect!
Upgrade your OS (and maybe your hardware)...
The question isn't whether you have sympathy for the companies and individuals who will be directly affected. The question is: how much will YOU be affected by all the companies and individuals who are too lazy or ignorant to take steps 1,2 or 3? Might you have given your credit card details to one of those companies? Might you depend on another in some business sense? Might a few tens of thousands of those individuals have their computers turned into parts of botnets that will be used to attack your systems, or systems you rely on?
"English, motherfucker! Do you speak it?"
"This post is an artistic work of fiction and falsehood. Only a fool would take anything posted here as fact."
I remember back when Word 95 had major issues with file corruption. My publisher wanted all of their Word 5.1 for Mac upgraded to the more recent Word, and so I had to jump. I immediately purchased the support pack. Well, we got through the upgrade. ... using Quark for anything critical... but for three years M$ did nothing but deny that any corruption was happening, and refuse to accept copies of the before/after files. It cost my company about a quarter of its income, because getting through those corruption issues was a killer on labor.
Later, I learned that Microsoft had been fully aware of it, and had set an official policy of Deny Deny Deny. Company internal documents, and all that.
[Trial lawyers? You listening? Oh yes... Dept of Justice? You only need to deport an Australian, and then put him on trial for exposing corporate corruption. You have a precedent too, with Julian Assange and all those people who exposed torture and murder.]
After that, I also learned that these were the same corruption issues that WordPerfect had been having, and that Microsoft had hired a top bigwig from Wordperfect to make Word more like WordPerfect. Read between the lines, if you will.
Point being, that your experience with Microsoft was rather typical.
Oh... BTW... I do believe I'm giving a free pass to Google, Facebook, Yahoo, and Apple in this post. Taco, could we have more articles about how certain companies are overly bashed in the media? I'm loosing the slashdot feel.
Maybe by the time this happens ReactOS will be ready for prime time. This sure sounds like a sales pitch to me. Still running XP systems, no more MS support no problem we at React... have you covered. Mind you I have no connection to said project and only a little knowledge of it, But it sure comes to mind after reading this. Maybe its their big chance?
Microsoft aren't losing any money by other people making "Joe Bloggs Windows XP Rebadge" and with the source code out there, the holes can be fixed.
And, since the copyrighted work has to be put in the public domain anyway, this is merely what is required to be done in about 80 years time anyway. If you're given an easement on land to place, for example, a toll road, that land cannot be held on to if you decide, after making enough money off the toll, that nobody is allowed to use that road any more. So why should the less restricted *intellectual* property be allowed to do this when *real* property isn't?
Eminent Domain. And, since Microsoft do not think it is worth anything (else they would be selling it, and not pursuing copyright infringement of it), the "fair value" for this "property", even for Microsoft, is zilch.
Since they are the only ones "allowed", and the only ones who *can*, then yes, they SHOULD be required to continually support a platform they hold sole control over.
If they don't want to do that, they CAN release the source code to the public domain (heck, use BSD, they love the BSD, right?)
Nope, they get full support. If you're willing to pay someone to put fixes in, it's supported.
Now, try and find someone to pay to fix that Windows XP bug when Microsoft won't...
Microsoft have double-triple-heptuple dipped for that code.
How much is that code "worth"?
I.e. code that does the IP stack.
Bugger all.
Just because you used the word "and" in your previous books doesn't mean you extend the copyrights by writing another book with "and" in there.
And, like with the service packs for XP et al, they're free. Some software may require rebuying because it's not compatible with this "Service Pack" (just like in Windows) and other software won't work unless you have this "Service Pack" included (just like Windows).
this is your real Microsoft Windows Genuine Advantage: an ultimatum to upgrade or be abandoned with no way to fix future issues.
long live linux.
Anons need not reply. Questions end with a question mark.
Another reason to get rid of microsoft OSes if you needed one. As if anyone with any sanity would be using win XP or ANY windows OS for anything security critical.
Did you know that there are statistically only a few days per year average when windows is NOT vulnerable to an unpatched zero day administrator level remote exploit (which includes equivalently unpatched user exploit + privilege escalation)... seriously you have to be very stupid to use windows of any version in industrial control of anything, or serving anything; well to use it period for anything more critical than playing computer games or well backed up kids homework!
Switch to linux, cut off the evil monopoly. And dont go to apple either they are just as bad as microsoft as evil monopolies go they just dont have quite enough users yet.
"cuts the chord"? Are they dissecting sheet music now? Cripes.
So why didn't you say 4 years was enough the first time? The FIRST time, you were all "they're keeping it going for 14 years! That's good!" whereas what you SHOULD have said was "They kept it for more than 4 years, which is plenty long enough".
Because what you're doing is whipping away the goalposts when your earlier contention is proven wrong.
And that kernel developer may spend 100 hours working the fix in, but that gets to ALL licenses. If you buy the new windows for $100, all you get is the one copy. If you have or want another computer fixed too, you'll have to pay again.
Now, if you're all alone in your basement, this $100 may be a bargain.
But most people know several hundred people and businesses, each of which may be willing to part with, say, $3, to get the bug fix in.
If you're going to say that not all of them want the bugfix, then why would the next version of windows have the bug fix if so few people wanted it fixed? You'd spend $100 to get the same problem, as opposed to spending $600 and getting a working product. Spending less on something that doesn't work isn't "penny wise" at all.
There's this thing people can buy called 'Extended Support' from Microsoft and you will continue to get security patches for their legacy OS's. If your company can't shell out a few bucks for this I don't see how it is Microsoft's fault. I'm sure there is other software in your environment that has similar support contracts why is Microsoft singled out? 10 years is a long time to support a product.
-EB
Do you ever walk alone like a drifter in the dark?
MS can continue to support XP but that only encourages usage of an ever growing outdated OS or MS can stop (which they most likely will) and the corps/business/whatever will have to figure out a way to upgrade and they most likely won't upgrade since people's mentality is if it works, keep using it!
Keeping those pesky xp machines safe is pretty darn easy. Just isolate 'em behind firewall completely and control using tcp/ip-capable kvm switches. End of story.
Dear geebus, this forum has been over run by a bunch of whining children. Useless now.
We have a small family business in a city where much of our good manufacturing jobs have gone overseas. Everybody who walks in the front door is looking for a deal because they have no money, or perhaps because their new job at Wal-Mart doesn't pay like the old one.
I don't have the customer base or cashflow to just upgrade at a whim. My major issue is we have several commercial duty printers that cost several thousand dollars each. We do some pretty customized printing, odd sized paper, etc. Under Win 7, NONE of these printers will do anything more than single sided sheet of paper, cannot even duplex. I've contacted HP directly, had the Xerox people in here, and in both cases, they refuse to provide new drivers that will make these printers work under Win 7 the same way they do under XP. Even simple things like duplexing cannot be done in some cases. The official response form these companies? But a new printer. That's it.
I do run linux, but you know something, even though I can make these printers work under linux no problem, there is no good substitute for Pagemaker and/or Indesign in Linux. As long as Scribus does not or cannot import my Pagemaker and./or InDesign files, it is useless to me. I have a library of almost 20 years of Pagemaker and InDesign files that we created from the ground up, and untill I can import them, Scribus and therefore by extention I cannot use Linux.
So I do not mind upgrading to Win 7 in itself, it's the fact that some of my high end printers and scanners do not work well with Win 7 because "They are too old".
One more thing - some - well heck, many of these new printers are junk. My old, Made in Japan printers had heavy duty metal bearings and gears. Many of the new, brand name printers made in China use plastic gear and bears, or cheaper metal they physically breaks down more often than the old printers. A ten year duty cycle of heavy day to day use was not uncommon for a good HP, today I am told expect three years then toss it.
Yeah, in an economy when money is tight everywhere, the upgrade to Win 7 is not doing me much good. For all you guys who say you have no sympathy for guys like me who don't want to upgrade, well sorry, money is tight, we have to keep a tight ship, and when I see perfectly good hardware unable to run under Win 7 simply because somebody will not make a driver for it, well, as Judge Judy would say "Don't pee on my leg and tell me it's raining."
The manufacturer has no power to stop you from updating or getting someone else to update his Opel Astra.
Unlike Microsoft (or any CSS company) who DO have the right to demand you don't do this.
Oh, and if a safety issue were found out, even after 15 years, with a production vehicle, a recall and repair/replacement would be required from the manufacturer. If they were selling cars.
Not, apparently, if they're selling software, though...
Aren't you now glad that there's an embeddedXP load running critical systems in your helicopters. What's the TCO/ROI on Microsoft now, genius?
For a lot of people it'll be cheaper for them to just buy an Android tablet than it will be to buy a new windows machine.
...he should refrain from speaking about.
You do NOT put your SCADA system on the Internet. Period. End of story.
You do NOT enable updates, because any one of them may break your system (this is not really Microsoft's fault. Some SCADA software gets a little too deep into the OS).
Just more fear-mongering. Remember Y2K!! The people who yelled the loudest about dire predicted problems were usually the same ones who could "fix" them for you...for a fee, of course. Same deal here.
All those XP owners will surely move to Linux now...
To the guy in yesterday's thread who couldn't be convinced that security firms are self-aggrandizing bastards who create their own realities and subsequently (over) charge people for their services...terms used in the summary alone: "nightmare, vulnerable, undeterred attacks, potential, appear, even scarier".
But hey, without all the scary hyperbole, the self-employed security "consultants" out there are deprived of income.
Sorry to not have anything positive to contribute this morning.
It isn't, however, their product. "Their product" is the compiled Windows XP OS. Which they don't have to make any more. But they don't get to bin our public domain work. They don't get that right and that code IS NOT their product.
XP Mode came out with Windows 7 and is a full copy of Windows XP, and therefore depends on Windows XP support to stay secure. My suggestion would be to continue updates for free only to XP mode users and everyone else can receive additional updates on a fee basis (up to the cost of what a Windows 7 license would be) to cover the additional costs of maintenance.
Yes I know my suggestion doesn't count for anything as it is just a Slashdot post.
And from the looks of windows 8 it will be passed over. also based on how long it took for windows 7 to roll out on places loaded with windows XP systems they don't want to move to windows 8 right now The best thing that MS can do is to back port the new under the hood stuff to windows 7 or give windows 8 a full desktop with the windows 7 start menu and metro run in a window not full screen only.
For me it runs fine on my main system. Windows is nothing more to me than a way to start the applications I need. So Microsoft now forces me to pay E 90,- just so I can safely click my apps again ?
I also run it on a PIII 700 at home, which I use to program microcontrollers and play music for my Saxophone lessons. It is doing that job just fine and has a few ISA cards to support the programming. Wouldn't be surprised if Windows 7 refuses to install on that poor old machine. So now what ? Buy a new machine ? With ISA, Serial port and parallel port support ?
Security will always be abysmal no matter what.
Redbox runs on a modified version of XP...I wonder how they're handling the news currently...
This really brings up a broader issue - what should the status of software products be that are "abandoned" by their rights holders. I would suggest that copyright law should be changed such that companies that refuse to support their product should give up rights to the product and release it to the public domain. This would give the rights holders incentive to continue to support these products for those customers that don't want to be forced to unwanted changes.
And if they do abandon their product, then it would be available to an open-source community to maintain it for security and other issues.
Let me add my voice to those saying that the idea of SCADA systems running XP and connected to the internet is what's really scary
This brief makes it sound like the second the timer hits zero and XP support ends, the lights will go out and planes will crash. That's not the way software support works. This will not suddenly render all XP machines inoperative. They will slowly become outdated, less functional, more vulnarable: exactly as you'd expect from not installing updates, no more. I agree that XP has had a good run, much more than most operating systems get, and it's time for it to die, but to say that Microsoft's discontinuing of OS updates will "leave millions of existing Windows-based computers vulnerable to continued and undeterred cyberattacks" is just misleading. I think the far more significant implication of this is the unspoken permission it gives web developers to stop supporting IE6. Which is probably cause for celebration.
Or are you assuming there is so there's a reason not to release the code?
And if there IS third-party code in there, how do you know the license forbids release of the code?
Or are you presuming that so you can maintain the code can't be released?
In either case, the code is STILL OUR public domain. If the third parties want to maintain the code against the released windows code, then they can keep their souce secret. But if they don't want to do so, then they have NO REASON to demand that the source be kept hidden and controlled.
Just because a book contains many quoted passages from other books doesn't mean that I'm only allowed to read the book and see "the souce code" of English words they used because it contains quotes of other people's work.
Fourteen years sounds like a long time to support a software product. Yet I find it interesting to point out that, in the U.S., any "inventions" that debuted with the release of Windows XP will still have 6 years of patent protection, and the code itself will have another 75 years of copyright protection. This is for a product that's already been unavailable commercially for a while and will be completely dead in two more years.
Overly long IP lifetimes hurt security, technological progress, innovation, and culture.
Is this the equivalent of the baby boomer era and its apparent catastrophic impact?
Correct me if I'm wrong, please, but haven't we heard many previous times about "MS stopping XP support"...at least 2 or 3 times?
I still get patches nonetheless?
What's different about "this" end-of-support deadline?
-Styopa
A client ran an NT4 server (one out of about a dozen servers) until 2009, well past the end of support. They also had a couple W2k servers in that mix, also past the end of support. You know what happened? Nothing! The machines continued to perform just as well as they had for the previous 8-10 years. The reason those weren't upgraded is because they worked very well, and an upgrade simply wasn't necessary, and would have been very costly.
We did take precautions, including; making sure those machines weren't connected to the internet, were locked down as well as we could lock them down, and had anti-virus (for which we downloaded updates daily) software, etc. While the clients had internet access, they too were locked down (users were "users", restricted access to all directories except their own profile, couldn't install anything, etc), and had AV and anti-malware that were updated daily. Windows updates were pushed nightly from MS SUS.
This isn't a looming crisis. You've got 2 more years to prepare or upgrade. As long as you take actions to isolate and protect those systems as much as possible, they can run XP for another 10 or 20 years (as long as you can keep compatible hardware running)
make imaginary.friends COUNT=100 VISIBLE=false
Oh, APK. You are the craziest. Come here and give your grandma a hug.
Also: "rampant shredding on the security-front." I think that's the name of my new punk band. It's AT LEAST an album title.
...with not so good results.
"When Microsoft cuts the chord on XP in two years it will effectively leave millions of existing Windows-based computers vulnerable to continued and undeterred cyberattacks, many of which hold the potential to find their way into consumer, enterprise and even industrial systems running the latest software"
When you get to the root of the problem, I fail to see how this is different from any other flavor of windows. The general security features of windows 7/8 is a little bit better by comparison (they make you click a few more dialog boxes), but it's still vulnerable to malware, just like any other OS. While the EOL support for windows XP might seem like an issue, until I come across hardware that refuses to work on XP, thus forcing my hand in either hacking the system to support the hardware, or buying a new OS to run said hardware, I don't plan on upgrading.
However, in all fairness, XP has been around for quite some time. Eventually, just like Windows 98SE, MS is *going* to stop making patches and/or supporting the product itself. It's not really that big of an issue, tbh.
All via your reg'd 'luser' acct., & troll by AC, + call me 'crazy' too... how "original' (not) & 'effective' (again - not).
Yes, the "logical mind" (lol, NOT) of /. trolls NEVER ceases to amaze, off-topic ad hominema attacks & more (how boring & unoriginal).
All that, AND, minus your PhD & a valid license in the psychiatric sciences, as well as a formal examination of my "alleged mental state" from you, Dr. Quack, the "SiDeWaLk-ShRiNk of /."?
(LMAO - that's also libel you know minus those things to your name/credit (hence the ac trolling no doubt)).
* I mean, do you HONESTLY *THINK* that type of crap actually works? Guess again... in fact, I'll even cite others thoughts on it, & respected others + sources of like repute:
It's not even ORIGINAL thinking for Pete's sake, lol!
---
E.G.-> There's HBGary who got caught in the act doing it:
http://www.dailykos.com/story/2011/02/16/945768/-UPDATED:-The-HB-Gary-Email-That-Should-Concern-Us-All
PERTINENT QUOTES/EXCERPTS:
"According to an embedded MS Word document found in one of the HBGary emails, it involves creating an army of sockpuppets, with sophisticated "persona management" software that allows a small team of only a few people to appear to be many, while keeping the personas from accidentally cross-contaminating each other. Then, to top it off, the team can actually automate some functions so one persona can appear to be an entire Brooks Brothers riot online... And all of this is for the purposes of infiltration, data mining, and (here's the one that really worries me) ganging up on bloggers, commenters and otherwise "real" people to smear enemies and distort the truth... "
---
"The Chinese Water Army"
http://news.softpedia.com/news/Chinese-Water-Army-Posts-Comments-For-Anyone-Who-Pays-236294.shtml
* Each doing the same bogus sockpuppet crap, & they're ALL/EACH scum too - just like trolls like you that do the same here...
---
However - the BEST source of evidence of that going on, especially on /., is probably the words of Mr. Bruce Perens on it:
"It just takes one Ubuntu sympathizer or PR flack to minus-moderate any comment. Unfortunately, once PR agencies and so on started paying people to moderate online communities, and to have hundreds of accounts each, things changed." - by Bruce Perens (3872) on Friday July 30, @03:55PM (#33089192) Homepage Journal
SOURCE -> http://linux.slashdot.org/comments.pl?sid=1738364&cid=33089192
---
Above ALL else perhaps though? Think that doesn't go on here?? Ok - ASK tomhudson = Barbara, not Barbie, or clone53421=clone52431, & MichaelKristopeit (with his 500++ registered 'luser' accounts)
* So, ac troll: That "all said & aside"? "I rest my case"... since that says it all!
APK
P.S.=> LASTLY? Hey - Keep on wasting your time trolling me to no good results on your part cowardly ac troll - lol, "it's noble work you're doing" (you know - instead of say, learning to code to BETTER your OS of choice from the *NIX world which you ought to be doing instead)...
... apkb
as advertised in the installer, xp is the best windows version of all times.
this means, any later version can only be worse. No wonder, that nobody wants to upgrade.
Therefore if you want to install them, you can.
XP When EOL'd won't.
Most of the comments here are missing the larger issue(s):
Windows 7 and Windows Vista and (so far, certainly) Windows 8 are vastly inferior products.
Yes, I know on modern hardware that Windows 7 has some narrow performance advantages. Yes I know that XP x64 lacks drivers. Yes I know all the usual stupid arguments I hear about how Windows XP is not superior.
But I work in IT, EVERY DAY. Windows XP JUST WORKS, OUT OF THE BOX, with LITTLE OR NO TWEAKING, on ALMOST ALL HARDWARE.
Yes, I've been migrating my clients to Windows 7 for the last 5 years (reluctantly). But I don't have one that didn't prefer Windows XP for at least one critical reason or another.
I'm all for the latest and greatest. I'm a tech nerd for christ's sake! But Windows Vista was a total mess, and Windows 7 (Vista 2.0) isn't great either. Sure, once you disable Aero and tons of other cruft it's usable, but it's still not as usable or simple or intuitive as XP.
I hold very few opinions. I hold information based on observation and fact. If you wish to disagree, please use facts.
Ahem: I've made Win7 (& XP/Server 2003/2000) run on 512mb RAM in the past + PRETTY WELL too - how?
System tweaking/tuning!
Easily too!
* Heck - reduction of services alone can get a GOOD CHUNK of that!
Am I alone in it? No:
How well does Windows 7 handle 512MB?
FROM -> http://www.zdnet.com/blog/bott/how-well-does-windows-7-handle-512mb/672
PERTINENT QUOTES/EXCERPTS:
"Summary: Iâ(TM)ve been spending most of my time lately conducting in-depth research into how Windows 7 works, in preparation for my next book. In the process, Iâ(TM)m discovering stuff that simply doesnâ(TM)t become apparent during casual testing. My biggest surprise so far? I inadvertently installed the 64-bit beta version of Windows 7 in a virtual machine with only 512MB of RAM. How well did it work? I was amazed, and you will be too."
and, even more impressively?
"The x64 edition of Windows 7 Ultimate running on just over 200MB of RAM? That was a pleasant surprise."
APK
P.S.=> For example/in addition to the above? Also note that Windows 8 is only NOW starting to do what guys like myself have been doing manually for ages (myself since 1992 on Windows NT 3.51 & for a long time before that on Win9x/Win3.x + DOS)!
How? Ok - because Windows 8 now is being setup to "automagically" turn off unneeded/unnecessary services in its base configuration... &, why?
Well... because IT JUST WORKS!
... apk
APK
P.S.=> Man, you "penguins" will TRY ANYTHING in terms of "FUD" spreading, won't you? Unbelievable.. lol!
... apk
Just to be fair, you have to stop support on legacy systems at some point. They have supported XP for a lot longer than i would have ever thought.
Sure, the 'upgrades' suck, but you cant expect them to shell money for a non-product forever...
---- Booth was a patriot ----
I'll never forget sliding up to a Chase Bank ATM in the car and being greeted by an XP Desktop.
Wonder what the financial sector has done, or will do, between now and the EOL.
Some days it's just not worth
chewing through my restraints.
How about displaying a warning for 2 months after support ends that world wide web access will be disabled.
Afterwards port 80 is closed.
This will anger many users with torches but it is a threat to the internet itself and hurts innovation to keep supporting old technology and standards while botnets can cause servre financial damage. Its not like before with Windows 98.
Its time to move on and these corporations can manually renable port 80 or keep them running equipment. But home users should not be on a public infrastructure. We have safety rules for cars do we not?
http://saveie6.com/
Seriously. I know that such software exists, I've encountered it occasionally, but it is vanishingly rare. So name the critical software you have that only runs in XP, not 7. Also perhaps you should be asking your software vendor why they have not been able to update to a new OS in over 5 years? Vista launched a bit over 5 years ago. Anyone who can't get their stuff to support it in that amount of time has just been being lazy and again gets no sympathy.
So let's hear it then, what are the apps that you have that don't work?
Won't make any difference. My gripe is that when they end support, they'll stop allowing OEMs to write XP drivers - THAT is what will force people to Win7 and is why I jumped off this train.
I don't want to have to replace a perfectly working machine just because of driver support.
While I agree that Microsoft is reasonable in supporting a product for only 14 years, and people don't like their support cut, I don't think that is really the base problem. The real problem is that most XP users don't see any reason to upgrade. They have a computer that does what they need it to do. They don't need any of the new features that the newer versions of Windows have. My guess would be that most people would even be okay with replacing XP with Windows 7 if it would run on their hardware and Microsoft made a reasonable update utility (albeit at a price). People don't want to have to buy new hardware to do what their current hardware does perfectly well. To use Linux distributions as a comparison, as is customary, the reason that people don't mind upgrading their distribution is because they don't have to go purchase a new system. The new software just works on the computer they have. If software is a service/product, then it deserves to be paid for--like RHEL--but it should not require newer hardware. If Windows 7 would run at a decent speed where XP--even limited to the functionality of an updated XP--then there would be nowhere near this much commotion about the EOL of XP.
Ha! Linux doesn't look so bad now eh?
My wife keeps her Macbook Pro upgraded to the latest OS, and any in our house (if we had more) for a mere $30.
There is no way we are paying to upgrade all the old XP boxes in our house doing various tasks for $120 each machine.
If they want people to upgrade, they need a realistic path for consumers. Currently the upgrade pricing is set to push new sales.
You seem to have failed epically in terms of having anything to say about XP and its imminent(?) abandonment by Microsoft.
Other than that, you seem to have avoided the vast scale of malware present across all varieties of Microsoft wares, including stuff that boinks a range of versions up to 7. So, please, do go spasm a little less loudly and get a grip on something like reality.
They marketed the crap out of XP with regard to netbooks, and not once in any of the documentation that went with them did it say anything like, "btw, you're screwed if you want support past approx 2 years." Neither did any of their pocket bloggers who raved about them. The only people who complained/whined were promptly labelled as Linux whiners who couldn't compete with the quality products of Redmond.
I'm not making it up, I wish I was. Next time I'm in the office I'll take a look and see who now owns that 16 bit USB "security" abandonware. It changed hands several times but I think originated with Aladdin in 1996 from a quick web search and remembering things from the MSDOS mode licence key entry program I had to run in June 2011. The vendor will need to change their third party "security" software before their application will work on MS Windows 7. It's astonishing that somebody had to go to the trouble to write a 16 bit USB driver to get it to work but nobody has bothered to update it to a 32bit environment.
Please note that I'm not blaming Microsoft for this, simply idiots that think a paticular environoment is going to last forever and do not retain enough developers to update and support their software while charging their clients for support and updates. It could happen on any platform (and does to an extent), but since MS had the marketshare there's a lot of it there. Think of all the dodgy VB stuff out there which is too fragile to survive outside of the exact environment it was written for (ie. newer libraries kill it). The stuff that relies on hardware dongles still has technical (ie. usually won't run) and legal problems if you try to shift it to a virtual machine, but most other stuff I've run into will run with XP in a virtual machine.
How'd I fail? I merely used verifiable facts.
Imminent? It's 2 yrs. away! Some "imminent" (do you know what that word means??)
You also missed my point of fact on Android.
I.E.-> It is making it more obvious than ever that even Linux based Operating Systems can be assaulted, just like MacOS X has been, once more folks started using it, especially folks lacking "computer technical backgrounds"...
Lack of usage allowed for the concept of "security-by-obscurity" by *NIX on PC's, especially desktops.
(Not as many users, & today's malware maker targets the most used operating systems, for the "best 'ROI' possible" on time invested in their malware creation!)
They avoided systems often used by "technogeeks" which is mostly the linux crowd as far as general usership - it is NOT a big item on the desktop for most "non-geek" end users... period.
HOWEVER?
Not on Android though.
That's out there for the masses and is "king of the smartphone" and also the "king of exploits" on that computing/communications platform because of mass usage and especially by non-technical users.
The malware maker of today is a criminal, and behaves just like one - I like to use pickpockets in fact: He goes where crowds are, like malls/bus &/or train stations/city streets etc./et al... why? Because MOST folks there are not THAT 'security conscious' & are "easy marks/targets"...
* Don't even TRY to say that *NIX on PC's &/or Servers in general isn't being "hit" nowadays... that was my MAIN point - especially vs. the YEARS OF "FUD" around this website most of all, of "Linux = Secure" & "Windows != Secure" b.s. (& yes, people here are WELL AWARE of the "Pro-*NIX" bias around here...).
Too bad that UTTER LINE OF B.S. is "falling apart around your ears" here Penguins... it was coming eventually!
APK
P.S.=> You can stop trolling/harassing me via ac replies too, it gets old fast... & you never get the best of me, so basically do your usual: "Mod down" my initial post via your reg'd 'luser' account, troll me by ac replies etc. but, it does you no good (others can still see it you know)... apk
Isn't Gentoo designed to always be bleeding edge and not built for any sort of long term support?
And your account can be killed for that and the BSA or whatever copyright cartel enforcement arm is applicable can turn up and confiscate all your stuff.
Why am I not surprised?
Truly, the driver is not what the hardware manufacturer is selling.
Truly, that code too is OUR PUBLIC DOMAIN.
And there's absolutely no reason to allow them to destroy property because they can't be arsed.
You too are also begging the question.
Here's one for you: what if there ISN'T any third-party licensing that stops microsoft from freeing their code?
XP (like many operating systems) is (a) an installer (b) a boot loader (c) a device detection and driver loading system (d) a gui file management systems (c) a socket based network system, and a collection of well know precompiled libraries
It fits nicely in a virtual machine and can boot off a cdrom iso image direct into memory
Its evolved over the years into a tool or a widget, its odd that over years there has been more and better documentation written and indexed about it on the web than by its parent vendor.
If you trim off the legacy subsystems or let them plug into a virtual machine, like KVM it becomes less dependent on hardware and more stable.
Consider Windows 7 and Windows 8 merely the latest "Hypervisor" from Microsoft and be done with it.
If you need XP for the GUI to support legacy staff, then use the Windows 8 metro tiles to launch an XP desktop (ditto for Win 7).
XP is becoming more like Unix "X" in that its becoming a "window manager" with a complement of features, its more the job of the hypervisor to secure its communciations. That's the best explaination I can come up with for Snofsky's Microsoft abandoning selling "eXPerience" for function.
When I showed a large corporate account our industrial software products, they were very eager until they saw we "only" supported XP, Vista and 7. Apparently they are standardized still on Windows 2000 with no plans to upgrade. A $500M a year company. I reluctantly had to tell them we were going to drop XP and Vista sales soon so they needed to buy soon if they needed "legacy" OS support. We've since decided to deemphasize even Win 7 and push primarily the Linux versions instead.
I think you meant like comparing apples and lemons.
What is the XP percent used in corp? Still over 50%? The Vista was a mess and changed GUI. Windows 7 went back to more under the hood XP SP3 but yet another GUI. And now Windows 8 is going to have yet another GUI! Corps have to train many employees so this is not good. Corps have been looking for a solid OS to go to. Is Windows 7 it??? Windows XP SP3 is MS's best current OS. Apple did a very good job of not being too disruptive as it evolved it's GUI, but corps are "buy IBM" still.
Don't fill the landfill with those old box that are still working perfectly fine get some slick up to date and secure Linux distro. Since it old hardware maybe a slim Xfce flavour.
XP was a security disaster even *before* it was released. No elevated privilege security model An unstable registry No Firewall Weak permissions handling A malware magnet Need I go on ? Some of these issues have been addressed but others like no privilege esacalation are design flaws.
Sorry, that won't hide my posts w/ facts in them -> http://apple.slashdot.org/comments.pl?sid=2800343&cid=39750263
APK
P.S.=> I know "the Penguins" around here can't handle truths/facts, but to mod my posts down that have facts/truths in them only makes me bring them back into view, like so... apk
We're not here 2 win popularity contests & quit projecting ur fantasies + issues also.