Microsoft Extends Updates For Windows XP Security Products Until July 2015

An anonymous reader writes "Microsoft today announced it will continue to provide updates to its security products for Windows XP users through July 14, 2015. Previously, the company said it would halt all updates on the end of support date for Windows XP: April 8, 2014. For consumers, this means Microsoft Security Essentials will continue to get updates after support ends for Windows XP. For enterprise customers, the same goes for System Center Endpoint Protection, Forefront Client Security, Forefront Endpoint Protection, and Windows Intune running on Windows XP."

*sigh*

If companies claim they haven't had enough time to upgrade their OS or update/rewrite their software, it is because they never will.

Re:*sigh*

[epyT-R]

..or maybe xp is good enough for them and the newer versions of windows don't offer enough incentive to upgrade. Considering how bad current microsoft contracts are, it might actually make more sense to wall those machines off from the net and keep using them instead of staying on that one-more-patch-tuesday-til-I'm-secure treadmill.

Re:*sigh*

[roc97007]

Or because they've lost the source code, or because the only person who knew the software has long since left the company, or they've tried three times since 2003 but each time was over budget and did not deliver usable code, or development has been at a standstill since they offshored the development team. Or because they don't have the budget to push out new hardware in a down economy. Or, yes, ok, because they never will.

Re:*sigh*

[mythosaz]

It's not so simple.

I'm sitting here now, virtualizing applications in App-V for an XP --> 7 migration project. Most people have no idea the scope of applications used by any sufficiently large company, the sort of resources it takes to locate, acquire, and upgrade existing products, or the skill necessary to shoe-horn old applications business can't move quickly away from into an operating system they were never intended for.

My previous employer had 40,000+ endpoints at 40+ facilities. Each of those facilities was part of a loose federation of medical providers and hospitals, each running their own software, each with dozens of departments with unique applications. Their migration to Windows 7 wasn't going to be free. It took money and manpower, and that doesn't happen overnight.

My current situation is similar, just reduced in size by an order of magnitude. Still nearly a thousand applications -- sure, you can throw a lot of them away, but that takes meeting endlessly with department heads and finding replacements - and testing them - and packaging them for distribution to your new OS in the new tool, since the old tool needs to be replaced along the way. Not everyone had a direct upgrade path to the next version of System Center.

Entire infrastructures needed replaced in a LOT of companies. You can spin up a HP Client Automation infrastructure in a day - if you're the only guy in an IT department, and don't need to wait for a change window to have DBAs configure your backend, and need to wait for networking to make sure machines outside the DMZ can still patch. People over-simplify what has to happen in the "simple" upgrades, and Windows 7 migrations were more than just going out to a PC with a copy of USMT and swapping their hardware.

Oh, and I hope you have an enterprise agreement with Microsoft, and you budgeted all of this years ago in your long-term financial plan, and you're not middle-way through any other initiatives that might cause you to have a moving target - like desktop or application virtualization. If you're going to pull off the bandaid, pull the damned thing off already. Lets get off physical boxes too! I'm sure we'll have all the USB printer issues worked out on the non-persistent desktops soon enough.

You can lose days in finding keys for "critical" one-off licensed software for a machine swap. God forbid you're moving to 64-bit and dealing with old .NET apps that nobody's going to ever re-write. It's not just walking around and swapping out some PCs.

Anyone who tells you otherwise is being willfully ignorant.

Re:*sigh*

It just sucks that MS doesn't make a 32b, legacy, low footprint OS for those that need to run old software.

First, you can get Win 7 Pro in a 32 bit version. And let's not forget about this?

Re:*sigh*

[Salgat]

This is the case where I work. On our machines are HMIs (interfaces to control the machine); you don't ever actually see Windows. The reason to upgrade from XP to 7 is purely because of security. Until the updates end, there are no good reasons to stop using XP since it does exactly what it is needed for.

Re:*sigh*

[Chaos+Incarnate]

Windows XP Mode is just an XP VM. It will still have the same vulnerabilities as an unpatched Windows XP.

Re:*sigh*

God forbid you're moving to 64-bit and dealing with old .NET apps that nobody's going to ever re-write.

Oh, it's more insidious than that. One of the 64-bit issues we had to deal with was Microsoft's IPv6 extensions to proxy.pac files. Even though the apps were 32-bit and the machines were on an IPv4-only network, you had to have essentially-duplicate FindProxyForURLEx() functions in the proxy.pac file if the machines were Windows Vista/7/8 64-bit. Contrary to documentation, the 64-bit machines weren't even using the FindProxyForURL() functions. And forget about what happens when ClickOnce is involved.

Re:*sigh*

[argStyopa]

The FACT is that most of them run just fine and don't NEED to upgrade.

Just because someone says "get on this treadmill" doesn't mean you need to.

Depending on what you want to do with a computer, you could be running flippin' DOS and be perfectly fine (not to mention have your pick of pretty-much-free machines in the dustbin that would run whatever ancient apps you need SCREAMINGLY fast).

Re:*sigh*

[Immerman]

>Being 64b is an *actual* reason to upgrade

For office drones? Really? That 3.5GB RAM limit was a bit of a nuisance for some specific things, but realistically how many office computers ever run up against it? No argument that servers and "Big Iron" can benefit substantially *if* the dataset is large enough to be seriously RAM limited. Even serious gaming rigs can often benefit dramatically from all that extra RAM and vectorization potential. But how many office applications can actually benefit notably from vectorized instruction optimizations? They spend almost all their time waiting on the user anyway, it doesn't really matter how fast they do it.

Re:*sigh*

[master5o1]

Actually they knew they should be planning a new-os version at least since Vista was released. And probably pushed that planning into a release for Windows 7.

Re:*sigh*

[mlts]

Don't forget having a KMS infrastructure where every single machine in the company can contact an activation server every 180 days. Yes, one can use MAK type of keying, but if a box needs a reinstall, that means one has to burn another install key.

In a previous life, I've encountered cases with legacy apps as well, where the client was 32 bit... but just would not work on Windows 7 for love or money. I ended up having to use virtual machines running XP for the dedicated program.

Of course, there is the server infrastructure Windows 7 requires. New GPOs, more disk space for updates for WSUS, more PXE images, etc.

So, a move to Windows 7 (or a major OS update for the clients for that matter) isn't something to be taken lightly in a company, because one mistake can trash hundreds to tens of thousands of desktops. At minimum, it requires a test lab and running upgrades to see what ugly issues will rear their heads.

Re:*sigh*

[bobbied]

Bad planning is all too common especially when the eventual demise is a year or more away. You are talking a long term plan when management is in tactical mode trying to make the numbers for the quarter. If you are there talking about the sky falling in 4 years, you WILL be ignored. It's the nature of how publicly traded companies run. Remember that the last 5 years have been a *serious* problem world wide economically. Most companies are struggling to keep afloat without just throwing in the towel and everybody is dying waiting for any sign of recovery, which so far has not been really seen.

In a business down turn, where you are downsizing, EVERYTHING is tactical and strategic planning is out the door, like the last wave of RIFed off employees. The quickest way to get to follow all those people you used to work with out the door is to start making noise about spending money. Especially if you are in executive management hired and fired by the board. Best you can hope for is to pull the golden parachute rip cord before the chickens come home to roost and let the next poor soul who gets your job deal with it. Even in the best of times, many companies struggle with the "manage to quarter" mentality. It's always about stock price NOW not years down the road.

I for one am not surprised that a lot of companies have buried their heads in the sand and ignored this XP EOL date. So don't castigate the guy describing the problem he faces for not planning ahead. Seems to me, he's on top of the problem and fully knows what needs to be done, but he's not been given the necessary mandate and resources to actually get the problem fixed and work a viable plan. It's not HIS lack of planning, but a result of management choosing the expedient over what is best in the long term.

Re:*sigh*

[slimjim8094]

Yeah, sure, OK, but that's why the time to start all this lengthy work was like 4 years ago, right? That's a really long time to sort out even some pretty massive problems, and have endless meetings with department heads, and testing them, and waiting for the DBA, and waiting for the network configuration - and then have like a year and a half left to actually do the upgrade!. I mean, if a business have such a complicated setup that it's going to take X years to migrate off an OS, doesn't it make sense to start that migration at least X years before the published cut-off date? I guarantee you that there's a dozen 0-days just waiting around for the end of support - even if they didn't care about basing their entire organization on top of a vendor-unsupported product with no recourse for problems, it seems incredibly dangerous for a company to not be 100% sure they'd avoid that attacker free-for-all, right? Presumably the reason for all those computers is people have to use them for work.

Nobody's talking about "overnight" here. Windows XP is more than twelve years old. The viable replacement has been available for more than four years. What would more time ever gain anybody? Clearly the people right at the edge now punted until they couldn't punt any longer, so more time would just lead to longer punting followed by this same rush.

Re:*sigh*

[epyT-R]

Well, I realize I'm in a minority, but I ran xp x64 for many years before moving to 7. A lot of hardware did actually work just fine with it, though sometimes the setup programs for them had to be manually extracted and installed. The only hardware that didn't work required kernel drivers and only shipped with 32bit binaries.

It was probably the most trouble free experience I've ever had with windows.

Re:*sigh*

[Luckyo]

Actually most modern games still run on 4GB RAM just fine even on w7 64bit. There is a very small subset of games that do require more, most of them terribly optimized and usually still in alpha/early beta.

Extra RAM on windows mainly helps mitigate memory leaks and hide the fact that Vista/7 is a huge memory hog with massively greater RAM requirements for OS overhead than XP ever was. Which doesn't impact you if you stay on XP. Microsoft also claims it helps caching, and to a certain extent it does. But in most cases, this advantage is negligible.

So more RAM makes sense on 7. But XP? Not so much. Which is another reason NOT to move from XP.

Re:*sigh*

[epyT-R]

For highly customized configurations (like HMIs), it's better to just use the disk image provided by the manufacturer and isolate it accordingly than it is to try to update the base OS. Let the manufacturer worry about that.

Re:*sigh*

[epyT-R]

Of course it isn't. It's just not that much worse to justify changing it over, especially for old hardware. No version of windows is safe from the internet. I guess I'm saying that if the need for security is important enough, it's better to cut access to the net for the average workstation regardless of windows version.

Most of those infected xp machines are owned by careless/clueless users who will soon be just as infected on windows 8 as they were under xp.

Re:*sigh*

[peragrin]

the larger the organization the harder it is to change. it is why large government projects fail so hard. How many tries did it take the FBI to update it's systems?

I know one company(80 people) that tried for 5 years to find a fairly simple path to upgrade obsolete IBM server. they still haven't done so. and still connect to the server through special terminal programs.(IBM used an IBM only terminal emulator which they no longer have source code for).

The company i currently work for(20 people) did an ERP switch. the actual data transfer went mostly painlessly. training the users in the much simpler and effective UI took a month of dedicated training, and 6 months of answering "how do I" questions. every once in a while those questions still appear but that is normal.

Now image trying that with a couple of thousand employees, and you have a nightmare.

Re:*sigh*

[LordLimecat]

..or maybe xp is good enough for them and the newer versions of windows don't offer enough incentive to upgrade.

Except for the lack of maintenance, which is always a good reason in the Linux / Unix world but apparently doesnt fly with windows?

instead of staying on that one-more-patch-tuesday-til-I'm-secure treadmill.

Right. Because Linux / Firefox / Flash / Acrobat dont all need security updates.

Re:*sigh*

[LordLimecat]

For office drones? Really? That 3.5GB RAM limit was a bit of a nuisance for some specific things, but realistically how many office computers ever run up against it?

1) Anyone doing heavy duty spreadsheet, graphics, or database work is going to need a decent chunk of RAM
2) Modern webpages absolutely gobble up RAM. You can blame the browser, and that works, until you look at the competition and see that, wow, 5 tabs really does eat up ~500MB RAM no matter what browser you use
3) On my prior work computer, with 4GB RAM, I was booting to 3.2GB consumed off the bat. It was windows 7, granted, but the lions share of it was security and compliance crap. Start up my powershell environment, open a few browser tabs, and open a document or two and Im eating into the page file like disk thrashing was going out of style.

Re:*sigh*

[LordLimecat]

There is a decent amount of new stuff in Windows 7, but upgrades will rarely be sexy to the end user. Its a little amazing that Apple gets users to even care about updates, and even there I dont know many people outside of Apple geeks who really care about Lion vs Mountain Lion vs Mavericks (other than that they do tend to upgrade right away, much to the IT dept's chagrin).

The interface is IMO a huge improvement for productivity (hot-keyable pinned taskbar icons, window snapping, improved start menu + indexing). the graphics layer was much improved (particularly the ability to multi-monitor across different GPU vendors), the networking side had a bunch of cool new toys (setting up virtual adapters, acting as a WiFi AP), and the built in Powershell is quite nice for administrators (hooray, vbscript / batch is dead!).

Most of that stuff people dont care about, then you start using it, and it becomes kind of hard to live without. I find Windows 8 annoying as all get-out and have done my best to make it look like windows 7, but if I had to pick between XP and 8 Id take 8 in a heartbeat.

Re:*sigh*

[LordLimecat]

No version of windows is safe from the internet.

This is a stupid meme, and it needs to die. If you dont understand how and why infections occur, or better yet if you dont regularly deal with IT security, its probably best not to even comment on it.

Re:*sigh*

[LordLimecat]

Its two OS versions back. Having updated regularly at each release from Ubuntu 6.04 to 9.04, I had breakage at each step of the way. Heck, when I was testing Fedora (10?) on my laptop, the very first package upgrade broke several things.

Expecting everything written for a 2001 OS to work on a 2008 OS (plus a service pack) with no problems is hopelessly optimistic. Windows 7 works in a great many cases-- far better IMO than what ive seen with Linux-- but the reality is that OS upgrades do tend to break things.

Re:*sigh*

[LordLimecat]

Thats right! Everyone still rocking Red Hat 7.3 on their workstation, unite! 2002 OSes are so the rage!

Somehow you dont hear so much derision about the "upgrade treadmill" from Linux / Mac users. Wonder why that is, particularly if their choice OS is so perfect as to never need an upgrade.

Re:*sigh*

[klui]

I would have thought so, too. But my current machine in the office isn't running too many development/management tools and it's using 4.5GB. The largest RAM hog? Outlook at 400MB. There are a little over 100 processes. I can't imagine someone who uses Excel on a regular basis using less than 6GB.

Re:*sigh*

The "office drones" fallacy is just another version of the "typical home user" who doesn't need anything more than a PC that can do web surfing and basic word processing. It's where ignorant people make the assumption that just because there are a handful of tasks common to most users that this somehow means that all of those people only do those basic tasks and only the extreme minority actually do other things that need somewhat decent hardware. Obviously that isn't true at all otherwise the PC market would have died out 10 years ago.

Re:*sigh*

[exomondo]

Because Apple products don't go end of life, they go out of fashion.

Re:*sigh*

[chipschap]

Because, uh, Linux upgrades are free, and generally automated?

Free for sure, but generally automated? Not on every distro. It's often easier to do a full save, a fresh install, and then restore whatever you need. My Linux Mint upgrades take about a day of work to get everything back to where I want it. That occurs maybe every 18 months, so I don't mind it so much, and I have complete control over the process and a very high probability of complete success (100% success so far, going back many years before Mint, to Ubuntu and Suse before that). It's an annoyance, but hardly fatal.

Re:*sigh*

[Billly+Gates]

Its 2014. Time to move on. You can get 4 gigs of ram for $50. Bare in mind Windows 7 disk and ram usage is over reported as it buffers things if the kernel detects extra ram. Disk usage is inflated from SXS which means Windows keeps extra dll versions that dynamically linked. That is a feature and you can trim with disk cleanup.

XP is a security nightmare and most MBA managers do not know or calculate this. XP doesn't scale well past 2 cores and is not optimized with CPU instructions from more modern CPUs

Re:*sigh*

[Billly+Gates]

Still running HP-UX and Sco xenix and old redhat. Legacy apps, but we don't connect them to the internet.

Re:*sigh*

[LordLimecat]

XP with 4GB of RAM loses ~1.5GB of ram to addressing problems off the bat. There goes the arguable RAM advantage it has over 7.

Anyone who's used XP in an office recently knows it its unusable at less than 768MB, out of a general maximum of 2.5-3.2GB (depending on hardware). As I said, add in mandatory compliance and security stuff and youre up to 1.5-2GB, leaving maybe a gig for programs. Thats a few browser windows, a document, and not much else.

The average office worker, on the other hand, will have Outlook, with about seventeen message windows open, a browser window with 2-5 tabs, 3-4 documents, and a wildcard depending on their role (accounting, spreadsheet, graphics, etc). 1 GB will not cover that without some painful disk paging.

Re:*sigh*

[vux984]

Windows Vista introduced a proper security model. 7 was a substantial improvement, 8 was a bit cleaner and 2 steps backwards in usability, 8.1 is about on par with 7 really, with a start screen instead of a start menu.

Without getting into whether 8.1 is better than 7, anything from Vista onwards got the new security model, and THAT is a reason to upgrade.

But remember, security doesn't sell, and this thread just shows how deeply that goes. Because here on /. we spent over a DECADE mocking Windows XP and previous versions running as administrator (aka root), and the majority of users running as administor.

And then Microsoft finally fixed that, and today Windows security and reliability is a lot better as a result, but here we are on /. no less, listing to people tell us with a straight face that there is no reason for them to upgrade from XP.

Security just doesn't sell, not even here. That's sad.

Re:*sigh*

[epyT-R]

..and instead of making assumptions, you could just explain why you think the meme is stupid, or just not comment.

It's general practice to use a firewall at least. Ask yourself why that is. If your machines are bare or just depend on the built-in firewall, they are not secure.

Re:*sigh*

[similar_name]

I don't know, Windows XP was the first consumer/client version of Windows to use the NT kernel. That made it pretty good for it's day. For consumers, everything before it, was still based on DOS.

Re:*sigh*

[Osgeld]

so your offering to provide 50$ worth of ram and paid for windows licensees for every workstation entire companies, just so they can run the same fucking visual basic program and outlook they have been for over a decade

thats nice of you

see its a huge cost to companies with no rewards, you have to upgrade hardware, software liscences, rewrite your entire infrastructure and what do you get for it? a fucking live tile for facebook and netflix

why

cause microsoft didnt think that far ahead in their change everything jizzfest

Re:*sigh*

[Billly+Gates]

4,000 employees waiting 10 minutes for their workstations to boot as XP lacks a registry defragger and runs apps which cause winrot, not to mention lack ahci command queing for data so your disks can only handle one thing at a time, plus an added batshit paging and swap algorithm will do just that.

Now add no work for 4 hours during your mccrappy virus scan and that is more money lost. Cryptolocker locking a share randsom due to security not up to par as Windows 7 and more $$$$.

Should I go on?

You also can keep that IE 6 shitwareERP by insecure ltd by using Citrix or VMware and run it in a browser. Even your IPad has access.

The licensing savings will pay for this due to not upgrading.

That is what a good IT professional does. He is proactive and not reactive who lets harm come in by being lazy.

Re:*sigh*

[Immerman]

I think you mean 0.5GB of RAM lost. Lot's of funky memory mapping stuff using the address space above 3GB, but the first three had no major issues, and you were able to use much of the forth GB as well. And if you need enough compliance and security software running at all times to consume a GB or two of RAM I have to suggest that you're not a typical office user.

As for performance - I rarely have fewer than 20 Firefox tabs open, and often several times that, and it's not all that uncommon to also simultaneously be running an IDE with a mid-sized hobbyist application, a few multilayer images in GIMP, maybe a few vector graphic files in Inkscape, and a handful of Sketchup scenes spread across a half-dozen virtual desktops. Nothing really huge, but a lot more active data than most office workers are dealing with at one time. And this all runs reasonably smoothly on my horribly outdated 32-bit single-core XP gaming rig with only 2GB of RAM. (what can I say, I don't game like I used to and just can't justify spending $1000+ for prettier graphics in the same games). Admittedly I have done some non-standard optimizations to help things out a fair bit (the biggest one - setting the minimum swap file size to 6GB and making sure it's completely defragmented and at the front of the disk where access is fastest). Things are a bit snappier feeling on the more modern systems I use, but realistically I doubt the difference is enough to save me even a minute a day in actual productivity. If you're seeing drastically worse performance then I would suggest you may have other issues lurking within the system. Or you're just using some seriously resource-hogging applications.

Re:*sigh*

[necro81]

Please bear in mind that there are only a few things I that want to be bare in my mind.

Re:*sigh*

[brunnegd]

I use XP on my work computer, Win7 at home. Both are stable, only need to reboot when MS issues their patches. My work computer is 6 years old, has plenty of memory, works well. I run Office, lots of other programs, not just e-mail and browsing. I used the MS program that advises what is necessary to move to Win7. The recommendation to uninstall programs, save My Docs to a external drive, install Win 7, reinstall or find different versions of my programs, and then import my data, then reestablish all of the settings for the programs, is dumb. Plus I find the organization of folders under Win7 to be incomprehensible, and some of the installed programs for viewing photos, for example, can't find all of my photos. Why switch?

Re:*sigh*

[mcgrew]

XP was never that great even when it was recent.

I've used both XP and W7 and I really see few visible improvements in W7 aside from the eye candy, and several areas where features were downgraded. For instance, the XP file manager is heads and shoulders above W7's. Neither one is really "great"; KDE is far more useable and has more features and I'm sure that holds true with Apples, too, but XP and W7 were both almost OK. Good enough that I still have XP on one of my towers (I just got a reprieve,I was going to have to either install Linux or unplug the network jack) and W7 on my notebook, although the notebook's starting to get so slow I'm about to overcome my laziness and put KDE on that, too.

Now, you take Joe Six Pack who has a seven year old XP computer, what is he going to do when his eight year old OS is no longer supported? Do you really expect him to throw away a perfectly functional piece of gear? Do you expect him to Install W8, even though there's no way in hell W8 will run on his machine? You expect him to be able to install Linux on it?

Especially when he has no clue about botnets and so forth? And probably never heard of XP's EOL? I applaud Microsoft for extending support, I've been bashing them for the sociopathic irresponsibility of stopping support so soon for the last year. They should support it until the last machine sold with XP is at least 10 years old. Hardware should not be able to outlive its software.

Oh great...

Now I look like an asshole for telling my boss that he ABSOLUTELY HAD to upgrade everything because even Microsoft was killing security updates.

Re:Oh great...

[Jagungal]

This only refers to updates to their AV and Anti Malware products, the OS update will still stop on that date.

It is a good excuse to get Management that might have been dragging their tails up update to something more modern.

Re:Oh great...

[Culture20]

You're still good. This is for updates for security products for XP, not security updates for XP. XP will not get new patches, and existing holes might get exploited, but maybe the updated MS security essentials will warn you. /sarcasm

Re:Oh great...

[zerofoo]

Or they deployed Chromebooks for the reasons we did:

1. Low hardware cost - our Samsungs cost $249 each.
2. Enough web based software to do the job (google apps plus 3rd party apps are VERY good in an education environment).
3. Central data storage that doesn't require lots of backup hardware and software or server hardware.
4. Great management tools for deploying policies and apps.
5. The big one - FREE after the initial hardware purchase - WITH SUPPORT.

Show me another ecosystem that offers this much for so little cost.

If Google is beating us with a stick, I'll take it any day of the week over the Microsoft/Apple stuff we were running.

Re:Oh great...

[melstav]

Dude. Some shit ain't going to get upgraded no matter how many times you taze that dead horse.

Hell, I've still got SunOS 4.0 in production.

Re:Oh great...

[LinuxIsGarbage]

Dude. Some shit ain't going to get upgraded no matter how many times you taze that dead horse.

Hell, I've still got SunOS 4.0 in production.

We still have PDP-11's in service. We though we had a solution with an emulator that will run on Windows XP.

Now we are working to upgrade the host OS to Windows 7 which brings along a whole 'nother round of headaches.

Re:Oh great...

Security. Windows Vista, 7, 8, and 8.1 all offer better security than XP.

Performance. Windows Vista, 7, 8 and 8.1 have better support for SATA controllers and SSDs than XP.

Modern hardware support. Eventually those 5+ year old PCs die and you have to buy new stuff.

IE > 8. See security.

Bitlocker encryption.

This is just a start. There are many reasons to upgrade past 2002 technology. XP fan boys should be shot at this point.

familiar

Like Duke Nuke'm Forever, except opposite.

Final Update to XP

I want to see Microsoft issue one last update to every version of IE available on XP that replaces all of their cryptic as fuck SSL errors so instead of saying "the site you are trying to go to is broken" they say "The site you are trying to go to requires a higher level of security than is available on windows XP". Hell, throw a store link in there so they can go buy windows 9 or whatever and upgrade their security, damned if I care.

Until then, it is single-handedly holding back TLS 1.x (>0) and SNI adoption. I can't turn it on on my server or half my customers will call to blame me for my server being "down".

Re:Final Update to XP

[TaliesinWI]

For SNI, you can enable it, but you can't rely on it since IE on XP will show SSL errors. However, there are many, many other devices out there aside from IE on XP that don't support SNI.

Most of which are pretty deprecated at this point. Android Honeycomb came out in late 2011, Windows Mobile 6.5 in late 2009, iPhone 4 in mid 2010. All of those (and anything later) are SNI capable. It's pretty much been the "IE on XP" crowd that's holding back adoption, everyone else would be in the 1% "other" category of most web sites.

Pffft....... Thanks, Oba-

[thatshortkid]

Oh.

Dear Microsoft,

[Irate+Engineer]

We really liked Windows XP. Windows 7 is OK too, but please stop churning your OS versions for planned obsolescence and give us what we really want: a stable, updated, secure OS that will last as long as our hardware.

We would be pleased to consider a reasonable subscription fee for such updates as it would afford us significant peace of mind and stability.

Signed,

Many Customers

Re:Dear Microsoft,

[epyT-R]

Dear Microsoft Customer,

We know that you like Windows XP. We like it too, and Windows 7 is alright. OS churn bothers us as well, but the last thing the rest of us want is software as a service that turns our computers into cable boxes.

Signed,

Many Smart Customers

Re:Dear Microsoft,

[bobbied]

All of them except the hard drive, which I replaced 10 years ago when I rand out of space.

It's a laptop, there isn't any upgrading it. Oh, the battery and the charger, but none of those have anything to do with XP.

Yes, I'm cheap, but if it works for what I want it to do, why spend money to upgrade when I have to pay for the kid's college?

Re:Dear Microsoft,

[LordLimecat]

Dear Microsoft,
Please shutter the part of your company that makes money, and provide us updates and support as a charitable donation for the life of my computer.

Signed,
Irate Engineer
FTFY

Re:Dear Microsoft,

[LordLimecat]

Except that OSes dont have near that long of a lifespan.

2001 was Linux kernel 2.4 2000 was 2.2. Both have long since been EOL'd If you want to look at a full OS, I think Red Hat Linux 7.2 would be right about the same age as XP; it was EOL'd in December 31, 2003 (source).

Microsoft has gone way beyond what any other OS vendor has ever done, excepting perhaps IBM with some of their ancient AIX boxes.

Re:Dear Microsoft,

[0123456]

It's been over a decade and they've updated & supported it.

That's odd. I didn't buy my netbook with XP installed 'over a decade' ago.

That's still working perfectly fine after three years, yet if I hadn't wiped XP and installed Linux a couple of years ago it would now be obsolete solely because Microsoft say so.

And you wonder why users are pissed off?

Re:Dear Microsoft,

[0123456]

Microsoft has gone way beyond what any other OS vendor has ever done, excepting perhaps IBM with some of their ancient AIX boxes.

No-one cares when Microsoft started selling XP. They care about when Microsoft STOPPED selling XP, which was only a few years ago. There are a ton of XP machines only three or four years old that work fine and are deliberately being made obsolete just so Microsoft can make money.

On the plus side, at least some of those forced to upgrade will dump Windows completely and go for a different operating system.

Re:Dear Microsoft,

[Billly+Gates]

We really liked Windows XP. Windows 7 is OK too, but please stop churning your OS versions for planned obsolescence and give us what we really want: a stable, updated, secure OS that will last as long as our hardware.

We would be pleased to consider a reasonable subscription fee for such updates as it would afford us significant peace of mind and stability.

Signed,

Many Customers

That subscription and update is called Windows 7.

The reason it is not compatible is the same reason Java is not. They do not have the same security and many poorly written apps require local admin or use a particular bug like an IE 6 rendering glitch to position elements, or rely on non recommending practices.

I remember when the same happened with the introduction of XP/Windows 2000 with these apps with peaks and pokes from DOS still in them not running. I survived just fine and it was a big deal after the upgrade to what we had which lasted so long and cut down support costs on a momentous scale!

If you want to keep getting hacked and have 5 minute startups due to windows rot in your registry and security deficiencies that is your problem. 5 minutes a day for everyone in the office for a whole damn year adds up! Windows 7 is a fine OS improvement and every client who upgrades tell me malware infections have been cut in half and pc's no longer need to be re-imaged every year because they stay fast longer.

Trust me like the move to Windows 2000 which was tough it was roses compared to the daily crashes wasn't it? It is time to move on.

Re:Dear Microsoft,

[Merk42]

Yet if they had STOPPED selling XP years prior people like you would complain they killed it too soon
Microsoft is damned if they do, damned if they don't.

Re:Dear Microsoft,

[Kjella]

No-one cares when Microsoft started selling XP. They care about when Microsoft STOPPED selling XP, which was only a few years ago. There are a ton of XP machines only three or four years old that work fine and are deliberately being made obsolete just so Microsoft can make money.

Well, if they stopped selling XP back in 2007 and told everyone to STFU and switch to Vista we'd be screaming bloody murder about that so damned if you do and damned if you don't. All their support lifecycle clocks start running from when they release the N+1 product (and N+2 for extended support), now that Windows 8 is out the countdown towards Windows 7 EOL is ticking even though they still allow you to buy a Windows 7 machine. Mainstream support ends January 13, 2015 and extended support January 14, 2020. It's not like this is a bloody secret, the policy has been published and the dates set long ago. In short, if you bought XP after April 14, 2009 you know (or should have known anyway) that you were buying an OS already in the extended support phase. Why is ignorance an excuse in the tech world?

Stupid! Stupid!

[Nethemas+the+Great]

How do you (Microsoft) expect to get people off of that d*mn OS if you keep patching security holes. That was the one lever that might just have been able to do it and now you've gone an f**ked that up. To make matters worse, your piecemeal security patching (MSE, etc.) but not the OS proper will give these holdouts the false impression that their systems are secure when nothing could be further from the truth. Windows 9 won't move them off any more than Windows 8 was able to. All you're doing is hanging yet another neon sign pointing to the ragged, fetid and diseased hole of the malware whore these XP boxes have become.

Re:Stupid! Stupid!

[epyT-R]

Are you aware that current versions of windows are not much better off? Most of the attack vectors come from browser holes and bad user choices. No OS will save you from that. Windows Vista/7/8 are not magic fix-alls. If you are 'that' concerned about security and you need windows software, disconnect the machine from the net, at which point it doesn't matter what OS you use.

Re:Stupid! Stupid!

[roc97007]

So, wait. What, aside from age, exactly is wrong with XP? It loads programs just fine, even today.

Re:Stupid! Stupid!

[roc97007]

Previous responder had said they could "ask the same question about RHEL 5". You're actually reinforcing my point.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Windows XP or security products?

[sqrt(2)]

In case some people don't RTFA,

In other words, while Windows XP will no longer be a supported operating system come April, companies will be at least partially protected (the actual OS still won’t get security updates) until next July.

Emphasis mine. XP updates ARE ending, but MSE/Forefront will still get updated. XP will still be susceptible to any zero day until it gets detected by MSE--if it's even installed at all. This is a marginal increase in safety for XP post-EOL, at best. The apocalypse is still nigh.

My advice for fellow ITAs. Don't mention this to your boss at all if you're still trying to migrate. It's not really relevant to the threat posed by XP's end of support. If they get wind of it on their own, emphasize that XP itself is still going to be wide open. At best all MSE does is let you know you've been owned after the fact once MS gets around to updating the definitions. MSE already has a pretty poor record for detecting even older threats. It's better than nothing but you shouldn't be relying on it.

No, this is smart. This is to keep the customers.

The idea that people won't ever move off is absurd. They will. Problem is, if they do so this year a good number are going to OS X, Ubuntu, Chromebooks, etc. Then those new Mac/Linux/Googlized people will begin experimenting with alternatives to Microsoft Office as well. Fuck.

If Microsoft can have those people wait for Windows 9 and Windows 9 is an improvement of any sort, they stand a better chance of keeping the customers. That's all this is.

holy fucking nut balls

[slashmydots]

I did not see this coming. I'm CIO and for the last 2 years I've warned the bosses about the problem @ about 95% XP and so far in those 2 years we've replaced negative 2. We added 2 seats and replaced zero lol. Every 100 days (the pattern I developed) they kicked it to the next period. Time to spend the $20 we do have in the IT budget to get a cake tomorrow and I'll announce it to the bosses!
But seriously, our shared and internet surfer and PoS computers are just fine with a socket 775 HT Pentium chip and 2GB of RAM. Why pull them just for XP?

Re:holy fucking nut balls

[Billly+Gates]

Time to sign a resignation letter.

You are going to be fired for not keeping things secure when production stops for 1 month as you start after April the migration from zCrypto locker which will keep running around the clock as no patch will be made after you clean each node. As a cost center you will get shafted anyway so might as well do it on your terms rather than the company president.

Idiots. Sorry man but you're screwed and another job is in order. It is not fair to you that a lack of planning on your bosses part causes an emergency on your part.

Server 2003

I knew this was going to happen because Server 2003 was planned to receive extended support until July 14, 2015 and Server 2003 (NT 5.2) is the server edition of Windows XP (NT 5.1).

You're Welcome.

XP is still being used in many places

[hambone142]

Take a look at the PC screens at Home Depot (Windows XP). Fry's Electronics (heck, they sell the new stuff... they're using XP on the store's floor). My dentist office (XP). It goes on. What other big hitters that I've missed? http://redmondmag.com/articles/2013/09/23/xp-still-in-use-by-28-percent.aspx indicates 28.98% are still using XP.

Competition will Support XP

[ScottCooperDotNet]

Other Anti-Virus vendors like Symantec, McAfee, and Kaspersky are going to continue to support XP past April, so why should Microsoft concede market share to these competitors?

Also, Microsoft is going to look pretty bad if a new virus makes a major impact, so having their security product database updates continue will mitigate that. Doing otherwise could easily be spun as irresponsible.

Re:No, this is smart. This is to keep the customer

[Luckyo]

Actually he's correct and you're the one with no clue. Modern attack vectors are not the OS holes - they are browser holes, email software holes, PDF reader holes and so on. In fact, essentially all OS holes that can be exploited directly without third party are secured by a solid third party firewall.

All these will continue to be updated. In fact, as long as your friend runs solid 3rd party firewall software, he'll cruise for years after microsoft kills support, simply because he'll keep infection vectors closed. OS can have all the vulnerabilities it wants, as long as all the vectors to hit them are closed, you're safe. And that's where that 3rd party support is far, far more important than microsoft's support will ever be.

Re:No, this is smart. This is to keep the customer

[WaffleMonster]

Actually he's correct and you're the one with no clue. Modern attack vectors are not the OS holes - they are browser holes, email software holes, PDF reader holes and so on. In fact, essentially all OS holes that can be exploited directly without third party are secured by a solid third party firewall.

I've noticed a number of GDI and Font type patches drop over the last years... these can get thru firewalls and exploit OS specific issues from any number of browsers or document rendering technology. Coupled with a few privilege escalation vulns of which there are infinite numbers and the result is you can still get owned pretty quickly hiding behind your firewalls.

Re:No, this is smart. This is to keep the customer

[exomondo]

Yeah i'm sure all those people who were confused by the lack of a start menu while retaining existing application compatibility are going to be real happy with another OS that also doesn't have a start menu and discards existing application compatibility.

Re:No, this is smart. This is to keep the customer

[roc97007]

Although I'm not particularly a Mac fan, obligatory xkcd.

In other words, for some significant subset of the people still using XP who aren't doing it merely because of compatibility with old software, perhaps a browser and a few other basic resources would be enough.

Well I for one, appreciate this

[Trax3001BBS]

Looking at the subject line of the comments, this decision didn't go over well here...

I don't use XP, I like it; Only went to Win7 as Battle Field 3 required it or I'd still be using XP.
I'm sure there are more like me that didn't upgrade as they didn't have a reason.

I appreciate this as well for the fact that miniXP is being treated as public domain, and will be upgraded.
Linux excluded, for me the miniXP has overtaken a Win98 boot disk when it comes to Windows recovery software.

FWIW: Most of my USB pendrives will boot into a Win98 DOS window that will read and write to NTFS drives.
http://bootdisk.com/

Re:Internet Explorer

[Badooleoo]

And a service pack 4.