Slashdot Mirror
Microsoft's Ticking Time Bomb Is Windows XP
Hugh Pickens DOT Com writes "Shona Ghosh writes at PC Pro that the final deadline for Windows XP support in April 2014 will act as the starting pistol for developing new exploits as hackers reverse-engineer patches issued for Windows 7 or Windows 8 to scout for XP vulnerabilities. "The very first month that Microsoft releases security updates for supported versions of Windows, attackers will reverse-engineer those updates, find the vulnerabilities and test Windows XP to see if it shares [them]," says Tim Rains, the director of Microsoft's Trustworthy Computing group. Microsoft says that XP shared 30 security holes with Windows 7 and Windows 8 between July 2012 and July 2013. Gregg Keizer says that if a major chunk of the world's PCs remains tied to XP, as seems certain, Microsoft will face an unenviable choice: Stick to plan and put millions of customers at risk from malware infection, or backtrack from long-standing policies and proclamations." (Read on for more.)
"In either case, it will face a public relations backlash, whether from customers who complain they've been forsaken or those angry at Microsoft for pushing them to upgrade when, in the end, they didn't need to." Microsoft makes little or no revenue from customers with old PCs, and desperately wants them to buy a new Windows system of some sort. "It's very easy to say 'just upgrade,' but not all business can do so," says Lawrence Pingree, citing money, resources and mission-critical software. "One of the main reasons why people cannot leave XP is compatibility with other software." Nor is Microsoft blameless. XP has hung around because of the mistakes Microsoft made with Windows Vista, the OS flop that outgoing CEO Steve Ballmer copped to as his biggest regret. If Vista had been more like Windows 7, or had shipped at its original "Longhorn" timetable of 2004, then been followed three years later by Windows 7, XP would not have had the opportunity to lock up the ecosystem for a decade. Pingree has a suggestion for Microsoft. ""If it's such a big problem, maybe they should offer an 'Extended Life' [support] subscription and charge for it.""
Microsoft should extend support for XP...but only on a cash-for-patch basis. Sell patches at $5 a pop for XP user's, or a one Year Security Update Subscription for $20.
It's a win-win situation....
Lawrence Person (lawrencepersonh@gmailh.com (remove all "h"s to mail)
http://www.lawrenceperson.com/
You can run XP in a virtual machine if you have software you must absolutely run that cannot run under Windows 7 or 8.
If your business cannot support the cost of an upgrade, you really aren't doing it right and probably aren't making much money anyway.
Windows 7 has been out for over FOUR freaking years. Quite the whiny bitching already.
Although Windows XP still works wonderfully for me, and although I'd like to continue using it (with security updates of course), I really can't complain. It's one of the longest supported OS's in PC history. Nothing else has come even close, and no vendor is talking about having anywhere near a decade+ of support in the near future, either.
I don't respond to AC's.
This is absurd. Yes, Vista was a disaster, but Windows 7 was a huge upgrade from XP.
Microsoft isn't putting customers at risk by not patching what will then be a 13-year old operating system. They had a full life cycle plan in place and customers have had many years advance notice to plan their transition. The lack of resources placed on transitioning legacy software to something other than an end-of-life OS is squarely the fault of the customers. The people in charge obviously don't place a great deal of importance on security or support. They have made their decision, let them suffer the consequences.
Red Hat offers 10 years of support. And new versions of Red Hat are generally better than previous versions, so there isn't as much need to hold on to old versions.
Source: http://www.serverwatch.com/server-news/red-hat-extends-linux-support.html
They can't afford the capitol to upgrade their systems, but they can afford to stockpile machines in closets.
You're under the false assumption that everybody buys new hardware every year or two. I have hardware that's been running for over a decade, and is still working just fine.
I don't respond to AC's.
You're conflating compatibility and technology upgrades. In general, considering the usability, user interface, and functionality of 7, it is an upgrade from XP. Compatibility with applications written for previous OSs is a totally different item. If you really want to support an application that works with only one end-of-lifed OS until the end of time, then you're going to have issues to deal with. It's either update the application or embalm the OS environment you're bent on sticking with. Run XP in a VM on new machines with a modern host OS.
There are plenty of reasons to criticize Microsoft, but I don't think OS application compatibility is one of them. You can run DOS apps from the 1990s on Windows 7. If your business can't afford to update that XP-dependant app, you probably shouldn't have written such a specialized app to begin with or used the development environment and libraries you chose.
Tired of being "punished" by the Slashdot $rtbl since 2002. I'm now over at http://soylentnews.org/ .
The key to this dilemma comes down to one word:
"Microsoft will face an unenviable choice: Stick to plan and put millions of customers at risk from malware infection,"
I don't think that Microsoft actually considers these people "customers." I think MS very distinctly considers them non-customers of their flagship product, since they have not purchased any of the four latest versions (Vista, 7, 8, 8.1). All of Microsoft's customers should have followed its exhortations over the last five years to spend a few bucks and upgrade dump their now-13-year-old OS.
It's indisputable that across the computing industry, the perceived mandate of legacy support for next-gen OSes is increasingly feeble. In non-desktop markets - e.g., consoles and phones - the presumption was never there to begin with (starting with the Super Nintendo!) Web programming exhibits similar tendencies - how many Java applications from back in the day won't run on modern browsers? And won't that include the entire Silverlight platform in a few years? The tendency is that the river of upgrades will carry all projects of significance along in its current, and the projects that gather on the banks (i.e., don't receive newest-OS upgrades) are... detritus. For right or wrong, that's the view.
Computer over. Virus = very yes.
Sometime in Jan or Feb 2014, MS should send a patch to XP with a nag popup. The popup will state "XP End of Life April 8, 2014. Please upgrade or you will loose internet connectivity". The number of times this popup appears increases the closer you get to Apr 8. Come April 8, all ports on XP are closed permanently. This illustrates why Open Source OSs are preferable to closed OSs. With Linux/*BSD... one can, if desired and have the knowledge, patch it themselves if they need to run a very old release of a system.
You're right. Better to save that $6.5 million and invest it for the inevitable $50 million malware cleanup.
And don't even get me started with the piece of shit that is windows 8, linux users are not forced to use a half-tablet OS
Gnome 3 and Unity would like a word with you.
$6.5 million? Even if you had to pay the retail price for all of those (which you don't) that would mean that you have nearly 22,000 workstations that are connected to the internet. What the hell does your company do that it has that many computers operating but doesn't have the easy ability to invest $6.5 million???
I see the glass as full with a FoS of 2.
to upgrade!
To Linux, I hope?
XP supports legacy 16 and 8 bit stuff
What 8-bit stuff are you talking about? The only 8-bit software that runs on Windows XP runs in an emulator such as FCEUX. The 16-bit software runs in a virtual machine anyway, called NTVDM (for MS-DOS software) or WOWExec (for Windows 3.x software).
When I became fed up with Un(usabil)ity in the Ubuntu 11.04 days, I did sudo apt-get install xubuntu-desktop and never looked back. So what AC wrote is true: the owner of a PC running GNU/Linux isn't forced into a particular GUI in the same way that iPad and PlayStation owners are forced into the selection that those platforms offer.
Yes, you can upgrade for free, or damn near free. Simply upgrade to Linux or a BSD. Seriously. I here all sorts of nonsense about how hard it is to switch to Linux, and to Gnu. Screw all of that. Have you noticed that our economy sucks? A common refrain heard by the working class, is that we are now competing with labor markets from around the world. We have to adapt, or go out of business. Do more with less, retrain to do new tasks, yada yada yada.
My answer goes right along with all that other nonsense. If you can't be retrained to run Linux, then you're out of the workforce. And, no, I don't really give a damn that you might lose your home as a result. No one gave a small damn when coal miners were foreclosed on. Or auto workers. Or construction workers.
The "ticking time bomb" isn't Windows XP. The time bomb is America's inability to adapt to a changing reality. Windows is so 1990's. This is the 2010's now.
"Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
Perhaps stockpiling machines compatible with existing paid-for peripherals and paid-for proprietary software is cheaper than re-buying multi-thousand-dollar peripherals and multi-thousand-dollar proprietary software.
It's not 12 years old. 12 years (or is it 13?) is when the first version of XP was released, but XP continued to be sold for nearly the entire decade. And unlike GNU/Linux, where you can just download a newer version of the effected component and expect virtually everything to work, upgrading to Vista/7/8/8.1 requires paying money and upgrading the entire system at the same time, pretty much expecting breakages, and new hardware requirements.
Which is not to suggest Microsoft should be supporting it. With proprietary operating systems, I kinda feel there needs to be a greater understanding of the consequences of handing your testicles to a company that has to make a profit to survive.
You are not alone. This is not normal. None of this is normal.
I know of NO businesses that are just hankering with bated breath to use Windows 8. They would rather upgrade to 7. Home users are having it shoved down their throats with every new PC they buy and they hate it too. You can argue about all the new wonderful things it has under the hood, but the interface is shit. Don't say "It's fine once you get used to it," because it's a step backward in usability. Even after installing something like Classic Shell or Start8 the 'Modern' apps still run fullscreen. "But you can learn your way around that!" you cry. That's some helluvan arrogant attitude to have. The only reason M$ dumped the old menu/window-based interface is because they it would benefit THEM in some imagined convergence of the desktop and tablet, **not** to benefit users or create something more efficient. They were wrong.
People who are still using XP day-to-day are idiots and Microsoft shouldn't encourage them.
Really? People are idiots for not spending money on new equipment that adds precisely zero additional feature that they need? We should be forced to upgrade to Microsoft's latest software because not upgrading doesn't add to Microsoft's profits? My company uses XP on the majority of our computers and there is nothing whatsoever in Vista, Windows 7 or Windows 8 that is necessary for us. So we're idiots for not spending money needlessly? Thank $diety we don't let you make our purchasing decisions.
There is almost no scenario where continuing to use XP as your main desktop makes sense
Except for the millions of people whose actual computing needs are perfectly adequately filled by XP.
So it's somehow Linux' fault that your IT department wasn't competent enough to at least do some research and testing with the users first?
You do realize that a complete OS and app suite change is not as easy as just downloading a distro and installing it everywhere, right?
Quo usque tandem abutere, Nimbus, patientia nostra?
The 8088 in the IBM PC-XT was 16 bit, but it was limited to an 8-bit external IO path. That made it easier for it to use the existing 8 bit expansion chips (8255, 8253, 8251, etc.)
It's the same as the 80386sx, which was a full 32 bit processor interally but had limited 16-bit external IO to reduce cost.
If IBM had used an 8086 processor, they would have either had to use an expensive 16-bit EPROM or twice as many 8-bit EPROMs for the BIOS, as one example of why the choice was made. Back at product introduction (the plain PC, not the PC-XT) the PC sold with as little as 16K of DRAM on the motherboard, with sockets to upgrade to the full 64K.
Really? I've been using Linux on my desktop for years with no complaints. So has my barely computer literate father (and incidentally I get far fewer tech support calls now). No, it's not "just like Windows", but if you really love everything about Windows then you should stick with that, obviously you're not Linux's target audience. Of course if what you really mean is that it's not supported by 100% of the software you need/want to use, and you can't find suitable alternatives... well that's not really anything to do with Linux's readiness is it? Ask the people making your software when they are going to release a Linux version, because that's the only way that *they* will know that anyone in their customer base cares.
--- Most topics have many sides worth arguing, allow me to take one opposite you.
I see what you did there. "I don't understand the hate" has risen to meme status. I don't waste time hating vista, anymore than I would waste time hating broccoli. Vista and win8 share the traits that they were unusable on first release, vista eventually became tolerable but wasn't truly fixed until win7, and win8 is following a similar path. We have some machines still running xp, but the driving force to upgrade is not some artificial Microsoft deadline, but when there will be something reasonable to upgrade to.
Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
Oh look guys, it's Target's CTO posting to Slashdot! Good to see you man, but I'm surprised you found time to hang out with us.