Slashdot Mirror
Microsoft's Ticking Time Bomb Is Windows XP
Hugh Pickens DOT Com writes "Shona Ghosh writes at PC Pro that the final deadline for Windows XP support in April 2014 will act as the starting pistol for developing new exploits as hackers reverse-engineer patches issued for Windows 7 or Windows 8 to scout for XP vulnerabilities. "The very first month that Microsoft releases security updates for supported versions of Windows, attackers will reverse-engineer those updates, find the vulnerabilities and test Windows XP to see if it shares [them]," says Tim Rains, the director of Microsoft's Trustworthy Computing group. Microsoft says that XP shared 30 security holes with Windows 7 and Windows 8 between July 2012 and July 2013. Gregg Keizer says that if a major chunk of the world's PCs remains tied to XP, as seems certain, Microsoft will face an unenviable choice: Stick to plan and put millions of customers at risk from malware infection, or backtrack from long-standing policies and proclamations." (Read on for more.)
"In either case, it will face a public relations backlash, whether from customers who complain they've been forsaken or those angry at Microsoft for pushing them to upgrade when, in the end, they didn't need to." Microsoft makes little or no revenue from customers with old PCs, and desperately wants them to buy a new Windows system of some sort. "It's very easy to say 'just upgrade,' but not all business can do so," says Lawrence Pingree, citing money, resources and mission-critical software. "One of the main reasons why people cannot leave XP is compatibility with other software." Nor is Microsoft blameless. XP has hung around because of the mistakes Microsoft made with Windows Vista, the OS flop that outgoing CEO Steve Ballmer copped to as his biggest regret. If Vista had been more like Windows 7, or had shipped at its original "Longhorn" timetable of 2004, then been followed three years later by Windows 7, XP would not have had the opportunity to lock up the ecosystem for a decade. Pingree has a suggestion for Microsoft. ""If it's such a big problem, maybe they should offer an 'Extended Life' [support] subscription and charge for it.""
You can run XP in a virtual machine if you have software you must absolutely run that cannot run under Windows 7 or 8.
If your business cannot support the cost of an upgrade, you really aren't doing it right and probably aren't making much money anyway.
Windows 7 has been out for over FOUR freaking years. Quite the whiny bitching already.
This. People are complaining about a version of the O/S that came out 11 years ago.
Red Hat offers 10 years of support. And new versions of Red Hat are generally better than previous versions, so there isn't as much need to hold on to old versions.
Source: http://www.serverwatch.com/server-news/red-hat-extends-linux-support.html
If your statement is correct...
This is absurd. Yes, Vista was a disaster, but Windows 7 was a huge upgrade from XP.
then why won't all XP software run on Windows 7, and why hasn't everyone seen the error of their ways, and upgraded their XP systems?
My dad owns a number of companies which all went out and bought extra XP systems and stuck them in a closet for future deployment because of the software compatibility issues between XP and Windows 7 and later. Specifically, they don't want to have to re-buy all their machines, and re-buy all their existing software, and rewrite from scratch all their Microsoft COM component based glue code the next time they hire a new person into the office.
Microsoft is out of its teeny little mind if it believes small cash flow based businesses have the available capital to enable them to do this; the incompatibility is killing adoption of anything later than Windows XP for almost every business I know that has 100 or less employees, which is 95% of all businesses in the U.S..
Not if the software you need to run is a device driver for special hardware.
And you still have the issue that the VM may need to talk to the outside world and therefore be as "vulnerable" as real hardware.
I have hardware in a cupboard that failed after a year or two or in some cases even earlier but I never bothered to jump through the hoops to get it fixed or replaced under warranty. I also have working computing gear that dates back to the 70s. That fact that some hardware has survived a decade doesn't mean that all (or even most) hardware will do so.
Businesses usually replace a desktop box every four or five years, laptops maybe every two or three. Any five-year-old desktop running XP or similar will have ageing components, hard drives wearing out mechanically, fans dying etc. which makes them ripe for replacement. They also probably don't support affordable amounts of RAM (typically 8 or 16GB) which can make a serious difference to performance in 64-bit operating systems -- nearly all XP installs were for the 32-bit version which limits out hard at 3.5GB. XP also has the 2TB drive volume limit and no TRIM for SSDs. Older boxes have no hardware support for SATA-3 and usually poor support for SATA generally. They may still be AGP rather than supporting any version of PCI-e, no USB 3.0 ports, the onboard video is crude and slow etc. etc.
XP supports legacy 16 and 8 bit stuff
What 8-bit stuff are you talking about? The only 8-bit software that runs on Windows XP runs in an emulator such as FCEUX. The 16-bit software runs in a virtual machine anyway, called NTVDM (for MS-DOS software) or WOWExec (for Windows 3.x software).
For home or personal use, ok. Though I would never deploy any 3rd party mods to the core GUI in a corporate setting. It's just one patch away from getting the ban hammer by Microsoft. That, or an unintentional compatibility rift is now formed. Either way, it's not something you want as an IT manager to be responsible for. Then again, I wouldn't be deploying Windows 8 in the first place.
Life is not for the lazy.
Well, at the very least you could make a WinXP virtual machine, then you can easily restore it when it screws up. You could also make WinXP into a BartPE CDROM and run it in an uncorruptable form.
Excuse me, but please get off my Pennisetum Clandestinum, eh!
>> "I own two machines which cannot be upgraded for very good reasons."
> What are those?
Plenty of reasons. Khyber's comment below about hardware drivers is one. If you have a sweet server that's still chugging along, you feel no need to replace or upgrade it. If you did, though, you'd have a time finding drivers for it.
Another reason is if you're using a very expensive software package that simply won't work with anything newer than Windows XP. Then it's not just a simple matter of upgrading Windows, but having to shell out tons of money for other software upgrades at the same time. Until the economy turns around, that ain't gonna happen.
We've run across cases where a software vendor will say, "don't install anything newer than service pack 2." We handle it by completely isolating these machines from the Internet and disallowing the use of external, user-supplied storage (which most smart admins do anyway, on general principle).
Here's a piece of trivia for you: one of the key audio streaming companies* for broadcast radio stations, as late as last year, made it clear in their contract that they would ONLY support Windows XP. We dropped them for that reason, but folks, this was in 2012. That kind of stuff still happens, too, and again, blame the economy.
This admittedly won't affect most users, but it does affect some of us.
(*actually, to be technically correct, they're an ad-insertion company -- they insert commercial inventory in your online stream -- but I figured everyone's eyes would glaze over if I tried to get that detailed.) :)
Cogito, igitur comedam pizza.
The 8088 in the IBM PC-XT was 16 bit, but it was limited to an 8-bit external IO path. That made it easier for it to use the existing 8 bit expansion chips (8255, 8253, 8251, etc.)
It's the same as the 80386sx, which was a full 32 bit processor interally but had limited 16-bit external IO to reduce cost.
If IBM had used an 8086 processor, they would have either had to use an expensive 16-bit EPROM or twice as many 8-bit EPROMs for the BIOS, as one example of why the choice was made. Back at product introduction (the plain PC, not the PC-XT) the PC sold with as little as 16K of DRAM on the motherboard, with sockets to upgrade to the full 64K.
People who are still using XP day-to-day are idiots and Microsoft shouldn't encourage them.
Really? People are idiots for not spending money on new equipment that adds precisely zero additional feature that they need? [...] My company uses XP on the majority of our computers and there is nothing whatsoever in Vista, Windows 7 or Windows 8 that is necessary for us.
No, people are idiots for believing that security isn't a feature that is needed. People are also idiots for believing that a for profit company (like Microsoft) is obligated to provide free updates to a product forever.
You appear to be saying that there is nothing in post-XP versions of Windows that is necessary for your company. Do you really believe that security of your systems is not necessary? Do you really believe that Microsoft should spend the money (in either direct or opportunity costs) to provide those updates to you for free forever?
No, people are idiots for believing that security isn't a feature that is needed.
No one is arguing that security isn't necessary. HOWEVER, security updates are a correction of a defect in the product. They are necessary in the same sense that insurance is necessary. Security updates could be provided for XP by Microsoft for a (reasonable) fee but that is not an option Microsoft has put on the table. There is no technological reason why I need to "upgrade" to Windows 8.
People are also idiots for believing that a for profit company (like Microsoft) is obligated to provide free updates to a product forever.
Microsoft can do whatever they want. However what they are accomplishing isn't to make me want to upgrade to their latest products. If anything it makes me want to use their systems less. I can get linux security updates for free so Microsoft needs to add more value if they want my continued business. They don't have to make security updates free but that isn't what they chose to do. They want me to buy an entirely new product with new and different defects, additional hardware, software migration and training costs. This instead of merely offering to continue security updates for a nominal fee for the system I already have which I already know works. I'm guessing you've never run a business because only an idiot spends money to change something that is working just fine when the change is not actually necessary.
You appear to be saying that there is nothing in post-XP versions of Windows that is necessary for your company.
That is correct. There is no new feature in any more recent version of Windows that will add to the bottom line of my company. Other companies situations may be different but I do know for a fact that thousands of companies and individuals are in the same situation as I am.
Do you really believe that security of your systems is not necessary?
Wrong question. Of course security is necessary but security updates are nothing more than corrections of a product defect. Security is nothing more than a cost to me. It is like insurance - necessary but it does not ever add a penny to the bottom line. I have zero interest in throwing out a working production system just because it does not add to Microsoft's bottom line.
Do you really believe that Microsoft should spend the money (in either direct or opportunity costs) to provide those updates to you for free forever?
I never said anything about how they should provide updates or whether they should charge for them. Frankly if Microsoft were to charge a modest fee (and I do mean modest) to continue security updates for XP, I'd consider paying it. I have very good reasons why our company still uses XP based machines, not the least of which is that we have some critical software that CANNOT be ported. (not my fault - some idiot before me bought it) While I will fix that in due time, it isn't going to happen in the next 6 months and the expense is considerably larger than a new PC with Windows 8 on it.