End of Windows XP Support Era Signals Beginning of Security Nightmare
colinneagle writes "Microsoft's recent announcement that it will end support for the Windows XP operating system in two years signals the end of an era for the company, and potentially the beginning of a nightmare for everyone else. When Microsoft cuts the cord on XP in two years it will effectively leave millions of existing Windows-based computers vulnerable to continued and undeterred cyberattacks, many of which hold the potential to find their way into consumer, enterprise and even industrial systems running the latest software. Although most of the subsequent security issues appear to be at the consumer level, it may not be long until they find a way into corporate networks or industrial systems, says VMWare's Jason Miller. Even scarier, Qualsys's Amol Sarwate says many SCADA systems for industrial networks still run a modified version of XP, and are not in a position to upgrade. Because much of the software running on SCADA systems is not compatible with traditional Microsoft OS capabilities, an OS upgrade would entail much more work than it would for a home or corporate system."
Nothing to worry about, yet...
Companies have two years to upgrade from software that is more than ten years old or install a firewall on systems in industrial networks.
Almost nobody ever runs Windows Update on those old SCADA machines anyway, I don't really think this is such a big deal.
...that's two years to do something about it. What does everyone expect; Microsoft to support it forever?
14 years of support seems pretty generous - I mean how many versions of OS do Apple currently support? Certainly not all the way back to OS X 10.0. I'm also sure that a lot of those embedded and industrial systems will be updated before then. That's more the job of the manufacturers than Microsoft.
This deadline has been known about for the past five years - if you can't resolve upgrade issues in seven years, then you are the problem, not the maker of the software being EOLed.
This isn't happening overnight, you had your chance to do something about it. You might not agree with the EOL, but that's beside the point.
Why not liberate the source and let other companies continue bugfixing?
Oh... doesn't fit the business model?
open source ftw and for long term maintenance.
An, operating system contains something on the order of tens of millions of lines of code. No company is going to handle a maintenance project like that for free and there is no incentive for Microsoft to pay them for it. As for releasing it in the wild, those tens of millions of lines are not the exclusive product of Microsoft, they almost certainty incorporated code that still belongs to other companies into the final package and this code can not be released even if Microsoft wanted to.
This is no different from when Windows 2000 reached its end of life, or 98, or NT4. The life cycles of Microsoft products tend to be consistent and well known.
Anyone using Windows on a SCADA system should not just rely on Microsoft's updates for security. Lock them down, limit Internet access to a minimum, don't use Administrator accounts, don't install any Adobe products, don't use the systems for general purpose web browsing and don't feed them after midnight. Most security holes require some active interaction to work.
I still have a bunch of Win2000 systems in use and they chug along fine.
Try reporting a bug with the Linux 2.0 kernel or glibc 2.0, you will be told to upgrade to the latest version. And while the upgrade may be free, the time and effort associated with moving an entire codebase to a modern version isn't.
Which is why you need to heed warnings about deadlines well in advance - these SCADA issues wouldn't have been a problem if planning had started two years ago rather than now.
Sooooo let me get this straight, There are industrial networks that still rely on XP for SCADA AND they are not protecting them with other security mechanisms AND they are connected to the internet. And the security nightmare here is somehow Microsoft's fault and not the incompetent morons running these unprotected systems?
That's a bit of a generalization.
Is it so hard to believe there are people with up-to-date XP systems who simply don't feel like forking out a couple hundred dollars to fix something that isn't broken?
-=This sig has nothing to do with my comment. Move along now=-
Besides the entire line is moot because if the community thinks they can do better then bring ReactOS up to snuff and there you go! Someone has already done a lot of the early work FOR you, all you have to do is bring it the rest of the way! Then you will truly have a FOSS XP for one and all.
But of course that work is gonna be hard as hell and nobody wants to do it, hence it don't get done. Does ANYONE here think being handed the entire XP codebase would magically make fixing bugs in that huge damned maze of code any easier than just starting over with ReactOS? After all ReactOS doesn't have backwards compatibility going back damned near to DOS built in, isn't gonna have to deal with all this old depreciated crap like .NET 1.0, frankly what this guy is saying might as well be "Just give us XP for free and we'll throw magic pixie dust and make it all better!" which of course is nuts. hell it would probably take the community the better part of a decade just to come to grip with all that damned code and the interactions.
for a perfect example of why the community would be better off using its limited resources on ReactOS just look at LO. I'm sure those guys would tell you they still have a loong way to go to modernize it and bring it up to a more modular design and we are talking about a single program with legacy cruft! In just the system32 folder on my XP nettop you are looking at 256 subfolders containing 6694 files...and that is just one folder...does anyone have any idea how long it would take just to get up to speed on that one folder? Checking the windows folder you are looking at 19, 537 files and 2524 folders. By the time the community, even if they got even say 10% the funding of a Red hat would probably take a good decade just to figure out what interacted with what and how! Now try to fix bugs before they were completely pwned AND trying to learn all those interactions...If you want XP FOSS users you have ReactOS, spend your time there.
ACs don't waste your time replying, your posts are never seen by me.
I don't disagree with you, but the economic pressures are relentless. As late as the mid-1990s a manufacturer could count on there being an ecosystem and trained programmers available for the various high-security, high-reliability architectures on the market (or at least people willing to take jobs being trained as programmers, designers, etc for such systems). By 2000 those ecosystems and finally the architectures themselves had vanished under the avalanche of Wintel systems (bought a new PDP-11 lately? Or even a Tandem Nonstop?). And the cost differential in favor of Wintel went from 1/3x to 1/1000x. It is extremely hard to convince a product development board that your product needs 1000x more funding than the team building what is fundamentally very similar consumer- or commercial-grade system.
And the demand from customers drives things too. Right now every operating manager I work with wants to be able to monitor his plant from home on his iPhone. Customers are putting enormous pressure on their vendors to replace expensive proprietary (but secure) wireless interfaces with much cheaper iPhones. Security gets paid lip service in the spec but doesn't control the decision.
sPh
We have a small family business in a city where much of our good manufacturing jobs have gone overseas. Everybody who walks in the front door is looking for a deal because they have no money, or perhaps because their new job at Wal-Mart doesn't pay like the old one.
I don't have the customer base or cashflow to just upgrade at a whim. My major issue is we have several commercial duty printers that cost several thousand dollars each. We do some pretty customized printing, odd sized paper, etc. Under Win 7, NONE of these printers will do anything more than single sided sheet of paper, cannot even duplex. I've contacted HP directly, had the Xerox people in here, and in both cases, they refuse to provide new drivers that will make these printers work under Win 7 the same way they do under XP. Even simple things like duplexing cannot be done in some cases. The official response form these companies? But a new printer. That's it.
I do run linux, but you know something, even though I can make these printers work under linux no problem, there is no good substitute for Pagemaker and/or Indesign in Linux. As long as Scribus does not or cannot import my Pagemaker and./or InDesign files, it is useless to me. I have a library of almost 20 years of Pagemaker and InDesign files that we created from the ground up, and untill I can import them, Scribus and therefore by extention I cannot use Linux.
So I do not mind upgrading to Win 7 in itself, it's the fact that some of my high end printers and scanners do not work well with Win 7 because "They are too old".
One more thing - some - well heck, many of these new printers are junk. My old, Made in Japan printers had heavy duty metal bearings and gears. Many of the new, brand name printers made in China use plastic gear and bears, or cheaper metal they physically breaks down more often than the old printers. A ten year duty cycle of heavy day to day use was not uncommon for a good HP, today I am told expect three years then toss it.
Yeah, in an economy when money is tight everywhere, the upgrade to Win 7 is not doing me much good. For all you guys who say you have no sympathy for guys like me who don't want to upgrade, well sorry, money is tight, we have to keep a tight ship, and when I see perfectly good hardware unable to run under Win 7 simply because somebody will not make a driver for it, well, as Judge Judy would say "Don't pee on my leg and tell me it's raining."
It's certainly better support than Apple. XP was released in 2001 so that would be equivalent to OS 9.2 in the Apple world. Do they still support it?
Ha! A big fat no. They don't even support my OS, which is as recent as 10.5 (last powerpc variant). If anything Microsoft is acting better than Apple does and should receive some praise for supporting XP as long as they have. I've been using the same computer for 10+ years (and thus saving a lot of cash).
My AC stalker: " I personally agree with your posts most of the time, but that won't keep me from modding you troll"