Microsoft Extends Updates For Windows XP Security Products Until July 2015

An anonymous reader writes "Microsoft today announced it will continue to provide updates to its security products for Windows XP users through July 14, 2015. Previously, the company said it would halt all updates on the end of support date for Windows XP: April 8, 2014. For consumers, this means Microsoft Security Essentials will continue to get updates after support ends for Windows XP. For enterprise customers, the same goes for System Center Endpoint Protection, Forefront Client Security, Forefront Endpoint Protection, and Windows Intune running on Windows XP."

*sigh*

If companies claim they haven't had enough time to upgrade their OS or update/rewrite their software, it is because they never will.

Re:*sigh*

[epyT-R]

..or maybe xp is good enough for them and the newer versions of windows don't offer enough incentive to upgrade. Considering how bad current microsoft contracts are, it might actually make more sense to wall those machines off from the net and keep using them instead of staying on that one-more-patch-tuesday-til-I'm-secure treadmill.

Re:*sigh*

[roc97007]

Or because they've lost the source code, or because the only person who knew the software has long since left the company, or they've tried three times since 2003 but each time was over budget and did not deliver usable code, or development has been at a standstill since they offshored the development team. Or because they don't have the budget to push out new hardware in a down economy. Or, yes, ok, because they never will.

Re:*sigh*

[mythosaz]

It's not so simple.

I'm sitting here now, virtualizing applications in App-V for an XP --> 7 migration project. Most people have no idea the scope of applications used by any sufficiently large company, the sort of resources it takes to locate, acquire, and upgrade existing products, or the skill necessary to shoe-horn old applications business can't move quickly away from into an operating system they were never intended for.

My previous employer had 40,000+ endpoints at 40+ facilities. Each of those facilities was part of a loose federation of medical providers and hospitals, each running their own software, each with dozens of departments with unique applications. Their migration to Windows 7 wasn't going to be free. It took money and manpower, and that doesn't happen overnight.

My current situation is similar, just reduced in size by an order of magnitude. Still nearly a thousand applications -- sure, you can throw a lot of them away, but that takes meeting endlessly with department heads and finding replacements - and testing them - and packaging them for distribution to your new OS in the new tool, since the old tool needs to be replaced along the way. Not everyone had a direct upgrade path to the next version of System Center.

Entire infrastructures needed replaced in a LOT of companies. You can spin up a HP Client Automation infrastructure in a day - if you're the only guy in an IT department, and don't need to wait for a change window to have DBAs configure your backend, and need to wait for networking to make sure machines outside the DMZ can still patch. People over-simplify what has to happen in the "simple" upgrades, and Windows 7 migrations were more than just going out to a PC with a copy of USMT and swapping their hardware.

Oh, and I hope you have an enterprise agreement with Microsoft, and you budgeted all of this years ago in your long-term financial plan, and you're not middle-way through any other initiatives that might cause you to have a moving target - like desktop or application virtualization. If you're going to pull off the bandaid, pull the damned thing off already. Lets get off physical boxes too! I'm sure we'll have all the USB printer issues worked out on the non-persistent desktops soon enough.

You can lose days in finding keys for "critical" one-off licensed software for a machine swap. God forbid you're moving to 64-bit and dealing with old .NET apps that nobody's going to ever re-write. It's not just walking around and swapping out some PCs.

Anyone who tells you otherwise is being willfully ignorant.

Re:*sigh*

[Chaos+Incarnate]

Windows XP Mode is just an XP VM. It will still have the same vulnerabilities as an unpatched Windows XP.

Re:*sigh*

[argStyopa]

The FACT is that most of them run just fine and don't NEED to upgrade.

Just because someone says "get on this treadmill" doesn't mean you need to.

Depending on what you want to do with a computer, you could be running flippin' DOS and be perfectly fine (not to mention have your pick of pretty-much-free machines in the dustbin that would run whatever ancient apps you need SCREAMINGLY fast).

Re:*sigh*

[peragrin]

the larger the organization the harder it is to change. it is why large government projects fail so hard. How many tries did it take the FBI to update it's systems?

I know one company(80 people) that tried for 5 years to find a fairly simple path to upgrade obsolete IBM server. they still haven't done so. and still connect to the server through special terminal programs.(IBM used an IBM only terminal emulator which they no longer have source code for).

The company i currently work for(20 people) did an ERP switch. the actual data transfer went mostly painlessly. training the users in the much simpler and effective UI took a month of dedicated training, and 6 months of answering "how do I" questions. every once in a while those questions still appear but that is normal.

Now image trying that with a couple of thousand employees, and you have a nightmare.

Re:*sigh*

[chipschap]

Because, uh, Linux upgrades are free, and generally automated?

Free for sure, but generally automated? Not on every distro. It's often easier to do a full save, a fresh install, and then restore whatever you need. My Linux Mint upgrades take about a day of work to get everything back to where I want it. That occurs maybe every 18 months, so I don't mind it so much, and I have complete control over the process and a very high probability of complete success (100% success so far, going back many years before Mint, to Ubuntu and Suse before that). It's an annoyance, but hardly fatal.

Re:*sigh*

[vux984]

Windows Vista introduced a proper security model. 7 was a substantial improvement, 8 was a bit cleaner and 2 steps backwards in usability, 8.1 is about on par with 7 really, with a start screen instead of a start menu.

Without getting into whether 8.1 is better than 7, anything from Vista onwards got the new security model, and THAT is a reason to upgrade.

But remember, security doesn't sell, and this thread just shows how deeply that goes. Because here on /. we spent over a DECADE mocking Windows XP and previous versions running as administrator (aka root), and the majority of users running as administor.

And then Microsoft finally fixed that, and today Windows security and reliability is a lot better as a result, but here we are on /. no less, listing to people tell us with a straight face that there is no reason for them to upgrade from XP.

Security just doesn't sell, not even here. That's sad.

Windows XP or security products?

[sqrt(2)]

In case some people don't RTFA,

In other words, while Windows XP will no longer be a supported operating system come April, companies will be at least partially protected (the actual OS still won’t get security updates) until next July.

Emphasis mine. XP updates ARE ending, but MSE/Forefront will still get updated. XP will still be susceptible to any zero day until it gets detected by MSE--if it's even installed at all. This is a marginal increase in safety for XP post-EOL, at best. The apocalypse is still nigh.

My advice for fellow ITAs. Don't mention this to your boss at all if you're still trying to migrate. It's not really relevant to the threat posed by XP's end of support. If they get wind of it on their own, emphasize that XP itself is still going to be wide open. At best all MSE does is let you know you've been owned after the fact once MS gets around to updating the definitions. MSE already has a pretty poor record for detecting even older threats. It's better than nothing but you shouldn't be relying on it.

No, this is smart. This is to keep the customers.

The idea that people won't ever move off is absurd. They will. Problem is, if they do so this year a good number are going to OS X, Ubuntu, Chromebooks, etc. Then those new Mac/Linux/Googlized people will begin experimenting with alternatives to Microsoft Office as well. Fuck.

If Microsoft can have those people wait for Windows 9 and Windows 9 is an improvement of any sort, they stand a better chance of keeping the customers. That's all this is.

Re:Dear Microsoft,

[LordLimecat]

Except that OSes dont have near that long of a lifespan.

2001 was Linux kernel 2.4 2000 was 2.2. Both have long since been EOL'd If you want to look at a full OS, I think Red Hat Linux 7.2 would be right about the same age as XP; it was EOL'd in December 31, 2003 (source).

Microsoft has gone way beyond what any other OS vendor has ever done, excepting perhaps IBM with some of their ancient AIX boxes.