Microsoft's Ticking Time Bomb Is Windows XP

Hugh Pickens DOT Com writes "Shona Ghosh writes at PC Pro that the final deadline for Windows XP support in April 2014 will act as the starting pistol for developing new exploits as hackers reverse-engineer patches issued for Windows 7 or Windows 8 to scout for XP vulnerabilities. "The very first month that Microsoft releases security updates for supported versions of Windows, attackers will reverse-engineer those updates, find the vulnerabilities and test Windows XP to see if it shares [them]," says Tim Rains, the director of Microsoft's Trustworthy Computing group. Microsoft says that XP shared 30 security holes with Windows 7 and Windows 8 between July 2012 and July 2013. Gregg Keizer says that if a major chunk of the world's PCs remains tied to XP, as seems certain, Microsoft will face an unenviable choice: Stick to plan and put millions of customers at risk from malware infection, or backtrack from long-standing policies and proclamations." (Read on for more.) "In either case, it will face a public relations backlash, whether from customers who complain they've been forsaken or those angry at Microsoft for pushing them to upgrade when, in the end, they didn't need to." Microsoft makes little or no revenue from customers with old PCs, and desperately wants them to buy a new Windows system of some sort. "It's very easy to say 'just upgrade,' but not all business can do so," says Lawrence Pingree, citing money, resources and mission-critical software. "One of the main reasons why people cannot leave XP is compatibility with other software." Nor is Microsoft blameless. XP has hung around because of the mistakes Microsoft made with Windows Vista, the OS flop that outgoing CEO Steve Ballmer copped to as his biggest regret. If Vista had been more like Windows 7, or had shipped at its original "Longhorn" timetable of 2004, then been followed three years later by Windows 7, XP would not have had the opportunity to lock up the ecosystem for a decade. Pingree has a suggestion for Microsoft. ""If it's such a big problem, maybe they should offer an 'Extended Life' [support] subscription and charge for it.""

The Solution is Obvious

[Nova+Express]

Microsoft should extend support for XP...but only on a cash-for-patch basis. Sell patches at $5 a pop for XP user's, or a one Year Security Update Subscription for $20.

It's a win-win situation....

Re:The Solution is Obvious

[rmdingler]

There will be no second act here if the protagonist solves the dilemma in the opening minutes sir.

Re:The Solution is Obvious

[Joce640k]

The question is: How much does it actually cost them (in dollars) to support XP?

I get the feeling this is just to try and push people to upgrade, not because XP can't be supported.

I own two machines which cannot be upgraded for very good reasons.

(And right now they have auto-update disabled because of the "Windows update uses 100% CPU and leaves the machine unusable" problem which appeared a couple of months ago - a coincidence that this happened just before XP is retired...?)

Re:The Solution is Obvious

[Khyber]

Of those reasons, I'm betting #1 is 'No driver support for half the hardware in the system.'

I have tons of equipment that's better than crap being produced today, but drivers for it don't exist past XP.

Can't complain

[DogDude]

Although Windows XP still works wonderfully for me, and although I'd like to continue using it (with security updates of course), I really can't complain. It's one of the longest supported OS's in PC history. Nothing else has come even close, and no vendor is talking about having anywhere near a decade+ of support in the near future, either.

Microsoft isn't Putting Customers at Risk

Microsoft isn't putting customers at risk by not patching what will then be a 13-year old operating system. They had a full life cycle plan in place and customers have had many years advance notice to plan their transition. The lack of resources placed on transitioning legacy software to something other than an end-of-life OS is squarely the fault of the customers. The people in charge obviously don't place a great deal of importance on security or support. They have made their decision, let them suffer the consequences.

Re:Microsoft isn't Putting Customers at Risk

[linebackn]

Microsoft isn't putting customers at risk by not patching what will then be a 13-year old operating system. They had a full life cycle plan in place and customers have had many years advance notice to plan their transition. The lack of resources placed on transitioning legacy software to something other than an end-of-life OS is squarely the fault of the customers. The people in charge obviously don't place a great deal of importance on security or support. They have made their decision, let them suffer the consequences.

What do you mean you've never been to Alpha Centauri? Oh, for heaven's sake, mankind, it's only four light years away, you know. I'm sorry, but if you can't be bothered to take an interest in local affairs, that's your own lookout. Energize the demolition beam. I don't know, apathetic bloody planet, I've no sympathy at all.

Re:If your statement is correct...

They can't afford the capitol to upgrade their systems, but they can afford to stockpile machines in closets.

An easy choice...

[tambo]

The key to this dilemma comes down to one word:

"Microsoft will face an unenviable choice: Stick to plan and put millions of customers at risk from malware infection,"

I don't think that Microsoft actually considers these people "customers." I think MS very distinctly considers them non-customers of their flagship product, since they have not purchased any of the four latest versions (Vista, 7, 8, 8.1). All of Microsoft's customers should have followed its exhortations over the last five years to spend a few bucks and upgrade dump their now-13-year-old OS.

It's indisputable that across the computing industry, the perceived mandate of legacy support for next-gen OSes is increasingly feeble. In non-desktop markets - e.g., consoles and phones - the presumption was never there to begin with (starting with the Super Nintendo!) Web programming exhibits similar tendencies - how many Java applications from back in the day won't run on modern browsers? And won't that include the entire Silverlight platform in a few years? The tendency is that the river of upgrades will carry all projects of significance along in its current, and the projects that gather on the banks (i.e., don't receive newest-OS upgrades) are... detritus. For right or wrong, that's the view.

What I would do if MS

[jmccue]

Sometime in Jan or Feb 2014, MS should send a patch to XP with a nag popup. The popup will state "XP End of Life April 8, 2014. Please upgrade or you will loose internet connectivity". The number of times this popup appears increases the closer you get to Apr 8. Come April 8, all ports on XP are closed permanently. This illustrates why Open Source OSs are preferable to closed OSs. With Linux/*BSD... one can, if desired and have the knowledge, patch it themselves if they need to run a very old release of a system.

Re:Really

You're right. Better to save that $6.5 million and invest it for the inevitable $50 million malware cleanup.

Re:Really

[DrLang21]

$6.5 million? Even if you had to pay the retail price for all of those (which you don't) that would mean that you have nearly 22,000 workstations that are connected to the internet. What the hell does your company do that it has that many computers operating but doesn't have the easy ability to invest $6.5 million???

Re:The 8086 is 16-bit

[Bing+Tsher+E]

The 8088 in the IBM PC-XT was 16 bit, but it was limited to an 8-bit external IO path. That made it easier for it to use the existing 8 bit expansion chips (8255, 8253, 8251, etc.)

It's the same as the 80386sx, which was a full 32 bit processor interally but had limited 16-bit external IO to reduce cost.

If IBM had used an 8086 processor, they would have either had to use an expensive 16-bit EPROM or twice as many 8-bit EPROMs for the BIOS, as one example of why the choice was made. Back at product introduction (the plain PC, not the PC-XT) the PC sold with as little as 16K of DRAM on the motherboard, with sockets to upgrade to the full 64K.