Microsoft's Ticking Time Bomb Is Windows XP

Hugh Pickens DOT Com writes "Shona Ghosh writes at PC Pro that the final deadline for Windows XP support in April 2014 will act as the starting pistol for developing new exploits as hackers reverse-engineer patches issued for Windows 7 or Windows 8 to scout for XP vulnerabilities. "The very first month that Microsoft releases security updates for supported versions of Windows, attackers will reverse-engineer those updates, find the vulnerabilities and test Windows XP to see if it shares [them]," says Tim Rains, the director of Microsoft's Trustworthy Computing group. Microsoft says that XP shared 30 security holes with Windows 7 and Windows 8 between July 2012 and July 2013. Gregg Keizer says that if a major chunk of the world's PCs remains tied to XP, as seems certain, Microsoft will face an unenviable choice: Stick to plan and put millions of customers at risk from malware infection, or backtrack from long-standing policies and proclamations." (Read on for more.) "In either case, it will face a public relations backlash, whether from customers who complain they've been forsaken or those angry at Microsoft for pushing them to upgrade when, in the end, they didn't need to." Microsoft makes little or no revenue from customers with old PCs, and desperately wants them to buy a new Windows system of some sort. "It's very easy to say 'just upgrade,' but not all business can do so," says Lawrence Pingree, citing money, resources and mission-critical software. "One of the main reasons why people cannot leave XP is compatibility with other software." Nor is Microsoft blameless. XP has hung around because of the mistakes Microsoft made with Windows Vista, the OS flop that outgoing CEO Steve Ballmer copped to as his biggest regret. If Vista had been more like Windows 7, or had shipped at its original "Longhorn" timetable of 2004, then been followed three years later by Windows 7, XP would not have had the opportunity to lock up the ecosystem for a decade. Pingree has a suggestion for Microsoft. ""If it's such a big problem, maybe they should offer an 'Extended Life' [support] subscription and charge for it.""

Red Hat 10 year Extended Support

[iYk6]

Red Hat offers 10 years of support. And new versions of Red Hat are generally better than previous versions, so there isn't as much need to hold on to old versions.

Source: http://www.serverwatch.com/server-news/red-hat-extends-linux-support.html

Re:So upgrade already

[linebackn]

You can run XP in a virtual machine if you have software you must absolutely run that cannot run under Windows 7 or 8.

Not if the software you need to run is a device driver for special hardware.

And you still have the issue that the VM may need to talk to the outside world and therefore be as "vulnerable" as real hardware.

What 8-bit software on XP?

[tepples]

XP supports legacy 16 and 8 bit stuff

What 8-bit stuff are you talking about? The only 8-bit software that runs on Windows XP runs in an emulator such as FCEUX. The 16-bit software runs in a virtual machine anyway, called NTVDM (for MS-DOS software) or WOWExec (for Windows 3.x software).

Re:The Solution is Obvious

[smpoole7]

>> "I own two machines which cannot be upgraded for very good reasons."

> What are those?

Plenty of reasons. Khyber's comment below about hardware drivers is one. If you have a sweet server that's still chugging along, you feel no need to replace or upgrade it. If you did, though, you'd have a time finding drivers for it.

Another reason is if you're using a very expensive software package that simply won't work with anything newer than Windows XP. Then it's not just a simple matter of upgrading Windows, but having to shell out tons of money for other software upgrades at the same time. Until the economy turns around, that ain't gonna happen.

We've run across cases where a software vendor will say, "don't install anything newer than service pack 2." We handle it by completely isolating these machines from the Internet and disallowing the use of external, user-supplied storage (which most smart admins do anyway, on general principle).

Here's a piece of trivia for you: one of the key audio streaming companies* for broadcast radio stations, as late as last year, made it clear in their contract that they would ONLY support Windows XP. We dropped them for that reason, but folks, this was in 2012. That kind of stuff still happens, too, and again, blame the economy.

This admittedly won't affect most users, but it does affect some of us.

(*actually, to be technically correct, they're an ad-insertion company -- they insert commercial inventory in your online stream -- but I figured everyone's eyes would glaze over if I tried to get that detailed.) :)

Re:The 8086 is 16-bit

[Bing+Tsher+E]

The 8088 in the IBM PC-XT was 16 bit, but it was limited to an 8-bit external IO path. That made it easier for it to use the existing 8 bit expansion chips (8255, 8253, 8251, etc.)

It's the same as the 80386sx, which was a full 32 bit processor interally but had limited 16-bit external IO to reduce cost.

If IBM had used an 8086 processor, they would have either had to use an expensive 16-bit EPROM or twice as many 8-bit EPROMs for the BIOS, as one example of why the choice was made. Back at product introduction (the plain PC, not the PC-XT) the PC sold with as little as 16K of DRAM on the motherboard, with sockets to upgrade to the full 64K.