Slashdot Mirror

← Back to Stories (view on slashdot.org)

XP Systems Getting Emergency IE Zero Day Patch

Posted by timothy on from the patches-galore dept.

msm1267 (2804139) writes "Microsoft announced it will release an out-of-band security update today to patch a zero-day vulnerability in Internet Explorer, and that the patch will also be made available for Windows XP machines through Automatic Update. At the same time, researchers said they are now seeing attacks specifically targeting XP users.

Microsoft no longer supports XP as of April 8, and that includes the development and availability of security updates. But the about-face today speaks to the seriousness of the vulnerability, which is being exploited in limited targeted attacks, Microsoft said. Researchers at FireEye, meanwhile, said multiple attackers are now using the exploit against XP machines, prompting the inclusion of XP systems in the patch."

179 comments

  1. Out of Band? by Anonymous Coward · · Score: 0

    Cool, When will they patch Windows 3.1?

    Oh yeah, I forgot, it's down to userbase isn't it?

    1. Re:Out of Band? by armanox · · Score: 2

      Windows 3.1 doesn't support Windows Update.

      Actually, 3.1 doesn't include Internet Explorer either, so it's not vulnerable. I don't know if 16-bit IE (I have a VM with IE 5 on 3.11) is vulnerable.

      --
      I'm starting to think GNU is the problem with "GNU/Linux" these days.
    2. Re:Out of Band? by Anonymous Coward · · Score: 2, Funny

      (Floppy) discs will be sent out soon for registered users.

    3. Re:Out of Band? by Teresita · · Score: 1

      Actually, 3.1 doesn't include Internet Explorer either, so it's not vulnerable.

      Those AOL 3.0 floppies (which is what most people used before Win95) had a custom version of IE. I'm not too worried though, even though I mess with Win 3.1 a lot myself, the malware's 32 bit API calls to modify the registry won't work, not even under Win32s.

    4. Re:Out of Band? by Richy_T · · Score: 2

      Or even come with a TCP/IP stack (though it's possible to add one)

    5. Re:Out of Band? by rubycodez · · Score: 1

      there is Windows for Workgroup, and in any case you can put Mosaic on either one to browse web pages

    6. Re:Out of Band? by Anonymous Coward · · Score: 0

      there is Windows for Workgroup

      That's Windows 3.11

    7. Re:Out of Band? by rubycodez · · Score: 1

      Which is in the Windows 3.1 (Janus) series

    8. Re:Out of Band? by Richy_T · · Score: 1

      Streeeeeeeeeeeeeeeeetch

    9. Re:Out of Band? by Blaskowicz · · Score: 1

      There is Windows 3.1 for Workgroups and Windows 3.11 not-for-Workgroups, but those versions must be extremely rare.

    10. Re:Out of Band? by unixisc · · Score: 1

      So this patch - it includes IE6 as well, which is thought to be the most common IE version on XP?

    11. Re:Out of Band? by dryeo · · Score: 1

      Updating Win 3.1 to 3.11 was just a matter of downloading a couple of files (as a package IIRC) from MS and installing them. Never owned Windows for Workgroups but do own WinOS2 which is a fork of Win3.1.

      --
      https://en.wikipedia.org/wiki/Inverted_totalitarianism
    12. Re:Out of Band? by Richy_T · · Score: 1

      I stuck with Trumpet Winsock for a very long time. It was a far superior stack (I believe it supported IPV6 many years before Microsoft too. Not that I ever used it)

  2. just kill them already by slashmydots · · Score: -1, Troll

    Seriously? Like you need to encourage these people. Just let them get hacked and get rid of their internet-connected XP machines already. They're 7+ years old! If they're using them for web surfing AND using IE8 to do it, you should not be assisting people that stupid.

    It's not secret that if you pay MS money, they'll keep patching XP and if you don't, they'll pretend like they're not patching it but I STILL think they shouldn't do anything to help people who are that dumb.

    1. Re:just kill them already by Ionized · · Score: 5, Insightful

      the problem is when they get hacked, they aren't going to get rid of their machines or go offline.

      they will just become one more in the zombie army, and the REST of us end up suffering.

      Microsoft is doing the right thing here.

    2. Re:just kill them already by Anonymous Coward · · Score: 0

      I'm using XP on most of my desktop machines still. Whatcha gonna do 'bout it?

      Glad MS has done this. It's a big and hilarious Fuck You to the HURRR BLACK HAT HAX0RS who have been sitting on vulnerabilities until last month.

    3. Re:just kill them already by holostarr · · Score: 3, Insightful

      XP is used in many commercial products which cannot easily be replaced by the end user. For example: http://rightfast.com/index.php...

    4. Re:just kill them already by Anonymous Coward · · Score: 1

      Oh man, serves them well. When I go to that website I get "Your browser doesn't support Javascript". Seriously. The rest of the world disagrees though. If they can't make a website without depending on explorer specific js hacks it's no wonder they write software for specific OSes too.

    5. Re:just kill them already by datapharmer · · Score: 5, Funny

      Car analogy: I told the used car dealer to stop selling that garbage and just send all his vehicles to the dump. I mean they were all from like 2007 or before! I mean seriously, who uses a car that old (except for all the retro ones that were sold up until 2012 - and those suck too. They aren't hip at all)? They don't have the latest rear view cameras and other safety equipment or anything. It is no secret if you buy the after market warranty you can get your crappy old car fixed, but if you don't it isn't my problem you can't get parts when you need them because you are a dumb poopy pants. I throw everything away because there is a newer model that surely must be better because new and shiny!

      --
      Get a web developer
    6. Re:just kill them already by slashmydots · · Score: 1

      But they can be and are not bought by intelligent IT workers who review them ahead of time.

    7. Re:just kill them already by Anonymous Coward · · Score: 1

      For some of us, MS Windows is only useful for legacy application. For instance, up to this year I had a production machine running XP. It is old and cannot be upgraded to MS Windows 7 or 8. but was running programs that I needed. I will phase out the programs and machine, but there was hardly a reason to buy a new machine. Like many other people, I do run MS Windows to do work, and when doing work something old is often good enough.

      In addition, MS made a decision to push IE only web coding into the 21st century. As such there are intranet pages out there that still require IE. Again, it may not be cost effective to upgrade or replace these machines. Why should the MS business model drive the internal requirements of a small office?

    8. Re:just kill them already by Richy_T · · Score: 1

      No, it's easy. You only install the services you ne...

      I'm sorry, I just can't keep a straight face anymore.

    9. Re:just kill them already by Anonymous Coward · · Score: -1

      The right thing would be to submit a patch to remove their network drivers. if they know how to reinstall them, let them take the risk.

    10. Re:just kill them already by holostarr · · Score: 2

      That is just a merchant site, their site works regardless of what browser you are using, however, it requires Javascript since it is Ajax based. My point is there are many businesses who use products which are running on top of XP and cannot simply be replaced because Microsoft has stopped support for the OS.

    11. Re:just kill them already by Anonymous Coward · · Score: 0

      Look, XP is still perfectly fine for people who only read their emails and things like that. Why should they fork up $400+ for a new PC they don't need just because the current one is "old", yet works perfectly fine for their purpose?

    12. Re:just kill them already by Grishnakh · · Score: 0

      Wow, that's an utterly stupid analogy. No one is still selling Windows XP, and I doubt anyone cares if someone resells their old computer with XP on it. The problem is that people want Microsoft to continue issuing security patches for XP, even though no one (except for some governments) is actually paying MS for this service.

      No one expects Ford or Toyota to do recalls for 20+ year old cars when safety problems are discovered. Everyone with a brain knows that quarter-century-old cars do not offer nearly the crash protection that newer cars do, but there's no push to get automakers to somehow retrofit old cars to meet modern crash standards. But somehow MS is expected to provide endless support for an ancient OS?

    13. Re:just kill them already by holostarr · · Score: 2

      It has nothing to do with intelligent IT workers, majority of times these purchase decisions are made outside the knowledge of IT, the IT department is simply tasked afterwards with the support. Even if IT is involved, a lot of times politics are involved to a point where the OS is not even considered as a topic. Also many of times you have very little choice when it comes to what OS the appliance supports, you may not have a choice.

    14. Re:just kill them already by Anonymous Coward · · Score: 0

      LOL at the idea IT has anything to do with purchasing. Back to school, Timmy. When you hit the real world you'll understand.

    15. Re:just kill them already by ledow · · Score: 3, Informative

      Ironically, my laptop cost a lot more than my car.

      The analogy isn't really fair, though. Your car doesn't get pulled abut and poked and investigated by random wandering people throughout the entire day looking for a vulnerability. Even in a crime-ridden area. Your car isn't a guardian on the front line between all your financial, personal and secret information and the public Internet (whether you have a firewall or not, the OS is still the guardian of your data here).

      And, still, cars get recalled, discontinued, or just taken off the road no matter their age. If it's not a "vintage" car, good luck as it gets older getting it to pass whatever your local roadworthiness test is, especially with shrinking emission limits and tightened safety requirements.

      I speak as someone whose car is 15 years old - I wouldn't touch a PC over 4-years-old for my own use unless it was incredibly well-managed (and, yes, I manage networks for a living and have managed much older PC's adequately - I'm only two years past a XP->Windows 8, Office 2003->2013, Server 2003->Server 2012R2 upgrade, precisely because it worked and it was managed adequately, but we still couldn't carry it forever). I speak as someone who buys an "old banger" of a car every time my one won't pass the next test or starts edging out of roadworthiness, and never pays more than the cheapest of new laptops for the next one.

      XP is dead. Kill it. Stop dragging it. It was good and fun while it lasted, but 7 or even 8 (with some tweaks) isn't that much of a loss at all. And I've yet to see a decent reason for a program you are using not to be updated to run on 7 (and, sorry, that matters more than anything else - the OS is irrespective if you're putting all your trust, money and maybe even life / business into an app that people can't be bothered to maintain once a decade or so).

      I've put people on Ubuntu in the in-between. I've pulled Windows 8 into a system people can recognise and get along with. I've needed to support the most dumb, and the most eager, and the most knowledgeable users simultaneously.

      But XP is dead. The fact that I acknowledge it is extremely telling. I never kill anything without a purpose. It's tricky to even install the fucking thing on anything approaching modern hardware (a lot of BIOS do not support legacy IDE any more, and SATA installs can be a minefield of AHCI drivers in XP).

      You want to keep it? Install Linux and virtualise it. But, for fuck's sake, stop running it as the primary barrier between your personal files, local network and the Internet (no Internet firewall in the world can stop you getting infected and spewing your data OUT of the network, especially in the consumer/home use price ranges).

    16. Re:just kill them already by techno-vampire · · Score: 0

      Switch them over to Linux, and they'll never know the difference except that they won't have to reboot several times a day.

      --
      Good, inexpensive web hosting
    17. Re:just kill them already by mark-t · · Score: 1
      That's fine, as long as no security issues get discovered in XP that Microsoft decides are not worth their effort to fix, but which are still serious enough to compromise the user's network.

      If a vulnerability that turns an XP machine into a zombie that can endlessly send out spam emails, for instance, it's a pretty safe bet that their ISP will simply disconnect them and won't allow them to reconnect until they are using a newer version of the OS.

      --
      File under 'M' for 'Manic ranting'
    18. Re:just kill them already by Anonymous Coward · · Score: 0, Insightful

      The fuck are you on about, cunt? Our household just had a safety mailout+free fix on one of our 15 year old Nissans. I don't know much about Ford nor Toyota, but Nissans aren't hipster cars, so you're not expected to landfill them after your Applecare runs out.

      And expecting an old car to come up to modern safety regulations isn't the same thing as finding that it has always had a fault which would have been immediately so identified if spotted during manufacturing.

      So many people angry today because MS does something responsible and impossible to attack with reason alone.

    19. Re:just kill them already by Anonymous Coward · · Score: 0

      If the one they have works perfectly fine they should stop bitching about how they don't get updates.

      If you think you need updates you clearly don't think your system works fine as is.

    20. Re:just kill them already by Anonymous Coward · · Score: 4, Interesting

      There are a lot of people out there who may not be able to afford better hardware, or a copy of Windows 7. Given a choice between a roof over the head versus an upgrade of Windows, I'm sure not many would choose homelessness.

      Then there is the fact that a lot of XP systems cannot be upgraded, and are part of an embedded system. A friend of mine has a $9000.00 sewing machine that runs XP, and if one tries to stick W7 on it, it won't have the drivers to move the embroidery head.

      Then there is software that requires XP to function. Another friend of mine has a CNC mill for 2D wood carving that he copies data to a full size PCMCIA card. The reader/writer on the computer will not work with Vista or newer, and it won't work in a VM, so it is XP or nothing.

      People don't -want- to run XP... but a lot have to. Just like the guy who drives the 10 year old Honda Civic. It isn't because he is in love with the car, but that he can't afford a new car, or he has other priorities.

    21. Re:just kill them already by CheshireDragon · · Score: 1

      One would think if they know how to reinstall their network drivers they'd be just fine in keeping their system secure enough.

      --
      "That's right...I said it."
    22. Re:just kill them already by Anonymous Coward · · Score: 0

      Microsoft is doing the right thing here.

      And in the process giving XP users less reason to switch to another browser like firefox that still does receive security updates on XP.

      After all, it is a hellavu lot easier to switch to a new browser than it is to switch to a new OS.

    23. Re:just kill them already by Anonymous Coward · · Score: 0

      No one expects Ford or Toyota to do recalls for 20+ year old cars when safety problems are discovered.

      XP was still being sold to OEMs until late in 2010, and I'd expect computers running XP were probably on the shelves until mid 2011.

      So, yes, people do expect security fixes for a three-year-old computer.

    24. Re:just kill them already by Anonymous Coward · · Score: 0

      I see where you are coming from. But there is an element of moral hazard to this too.

      I think the last patch that Microsoft should push to XP should be a patch removing all of the networking stack.

    25. Re:just kill them already by Anonymous Coward · · Score: 0

      I'm using XP on most of my desktop machines still. Whatcha gonna do 'bout it?

      But are you using IE or a more secure and standards-compliant browser like FireFox or Chrome?
      -----
      Posted from my XP machine.

    26. Re:just kill them already by Dutch+Gun · · Score: 4, Interesting

      XP is used in many commercial products which cannot easily be replaced by the end user. For example: http://rightfast.com/index.php...

      I'm going to go out on a limb here and say that there's nothing wrong with XP in an embedded environment (such as in a bank's ATM). Exploits in most operating systems are almost always related to application-level attack surfaces, such as IE and Flash (as was this particular vulnerability). In a point of sale unit, there is no one surfing the web with the browser. As long as the front-facing application and hardware are properly locked down, there should be no problems. Note that Target's POS data breach was NOT done through the machines themselves, but through the backend network itself. Granted, lack of address space randomization makes it an easier target, but note carefully that the exploit discussed in the article was available on ALL platforms and IE versions, not just XP/IE6.

      Where a company or user will get into trouble is if they're using Windows XP + IE6 in a user-controlled, internet-facing computer. And let's be clear here, it's been IE6 and not really XP that was the problem since the latest patches and the firewall was turned on by default. If they rely on IE6, then there's a good bet that they also rely on Flash or a Java plugin as well, and that's just tripling your attack surface, especially if they're not kept up to date as well for reasons of compatibility or laziness.

      There's sort of a media feeding frenzy about Windows XP and it's end-of-life. Yes, people should move on to a supported OS as soon as it's practical, but XP users can greatly reduce their risk simply by using up-to-date applications. Use Chrome or Firefox when browsing, and if possible remove Flash and Java (I actually removed Flash about half a year ago for security reasons, and found that, for the most part, I don't really need it anymore). Note that this exploit was performed with the help of Flash as well - nothing to do with XP.

      --
      Irony: Agile development has too much intertia to be abandoned now.
    27. Re:just kill them already by Anonymous Coward · · Score: 0

      the problem is when they get hacked, they aren't going to get rid of their machines or go offline.

      they will just become one more in the zombie army, and the REST of us end up suffering.

      Microsoft is doing the right thing here.

      The next patch should just remove network support.

    28. Re:just kill them already by zwarte+piet · · Score: 1

      Yeah, that. And nobody sensible uses IE anyway.

    29. Re:just kill them already by Anonymous Coward · · Score: 0

      Just like the guy who drives the 10 year old Honda Civic. It isn't because he is in love with the car, but that he can't afford a new car, or he has other priorities.

      Speaking as someone who drives a 10-year-old Honda Civic, I'll have to disagree. You keep driving it because it Just Works.

      (Seriously. 10 years, and the most expensive repair I've had was a set of new tires.)

    30. Re:just kill them already by LinuxIsGarbage · · Score: 3, Informative

      Proper embedded applications using XP should be on Windows XP Embedded/ "Windows Embedded Standard 2009". WES2009 is XP based and will get security updates until 2019.

    31. Re:just kill them already by Goetterdaemmerung · · Score: 1

      Wow, that's an utterly stupid analogy. No one is still selling Windows XP, and I doubt anyone cares if someone resells their old computer with XP on it

      My company paid a quarter grand for a test system that came with XP. Last year or suppliers purchased additional equipment with XP. XP was still available for new computers just a few months ago.

    32. Re:just kill them already by Goetterdaemmerung · · Score: 1

      Wow, that's an utterly stupid analogy. No one is still selling Windows XP, and I doubt anyone cares if someone resells their old computer with XP on it.

      My company paid a quarter million 6 months ago for a test system that came with XP. Our suppliers purchased other equipment with XP just last year. I bet you can find "new" XP licenses still going out the door.

    33. Re:just kill them already by unixisc · · Score: 1

      Can firewalls block nodes based on what OS the sender is internally running?

    34. Re:just kill them already by mark-t · · Score: 1

      It is theoretically possible, but not terribly practical. Basically, it would involve doing a port scan when you first receive a packet from a given IP, and it is possible to determine (or make an educated guess) from the results what OS a person has (or what OS they are simulating). As I said, not terribly practical.

      That's not required for the ISP, however... the ISP can certainly disconnect somebody who is creating problems for their network, regardless of the OS that is being run. I've seen an ISP do this to somebody I know when their machine was turned into a zombie without their knowledge. They disconnected him, and made an attempt to contact him by telephone, leaving a message for him to call them. Once he called back, they reconnected him provisionally as long as he promised to have the issue fixed within one day, which he did, by downloading an antimalware program that was recommended by his ISP. Fortunately, in his case, it was fixable by such a program, and running the malware removal program purged the unwanted software from his computer.

      But theoretically, a vulnerability could exist in XP itself that third-party software will not be able to fix, and if Microsoft were to not address it, then the aforementioned situation of people getting disconnected from their ISP's is all but certain to happen to potentially very large numbers of people.

      --
      File under 'M' for 'Manic ranting'
    35. Re:just kill them already by vlueboy · · Score: 1

      Use Chrome or Firefox when browsing, and if possible remove Flash and Java (I actually removed Flash about half a year ago for security reasons, and found that, for the most part, I don't really need it anymore). Note that this exploit was performed with the help of Flash as well - nothing to do with XP.

      For those whose flash lockin is Youtube content (Let's Play videos), I finally found an answer to questions I'd explored months ago. We are forced to allow flash before seeing some monetized content. It's annoying how Google refuses to give you flash-less webm and mp4 streams and even lies that Flash is a must --until you force the right browser identification strings.
      The Video without flash extension for firefox is a welcome solution for Youtube and some other mainstream sites known to have HTML5 video content.

      The extension gets around the problem and you can use content such as mid-quality Webm. Though there are a few bad videos still, it's 100 times more effective than the rigged HTML5 "trial" youtube offers. I enjoy longer battery life. I also enjoy skipping like in olden times *without* a crippled default flash player that insists on DISCARDING the full video's past and future on *every* click.

    36. Re:just kill them already by perryizgr8 · · Score: 1

      but why would your friend use ie on his sewing machine? imo, xp is perfectly fine for such embedded uses, but please move on when it comes to your personal general purpose computer.

      --
      Wealth is the gift that keeps on giving.
    37. Re:just kill them already by Anonymous Coward · · Score: 0

      Of course people are still selling XP. If you go to computer shows, you can find people selling Windows 98.

    38. Re:just kill them already by BVis · · Score: 1

      What is reasonable for people to expect generally only tangentially has anything to do with what they actually DO expect. Sometimes you need to punch people in the face to get their attention, then kick them in the balls to get them to do the right thing.

      --
      Never underestimate the power of stupid people in large groups.
    39. Re:just kill them already by Anonymous Coward · · Score: 0

      I drive my 13 year old Honda Civic because I'm in love with the car. :-(

    40. Re:just kill them already by Anonymous Coward · · Score: 0

      Just remove MSIE and it's underlying rendering engine, that's where most exploits live these days.

    41. Re:just kill them already by Anonymous Coward · · Score: 0

      Netscape Navigator 4.08 actually.

  3. That deteriorated quickly. by Anonymous Coward · · Score: 0

    for Microsoft.

    1. Re:That deteriorated quickly. by Anonymous Coward · · Score: 0

      One word, lawsuit.

      They must have realized whta waited for them if they had not patched.

    2. Re:That deteriorated quickly. by Ash-Fox · · Score: 1

      One word, explain.

      --
      Change is certain; progress is not obligatory.
    3. Re:That deteriorated quickly. by Anonymous Coward · · Score: 1

      Microsoft has the patch with the fix but they refuse to release it, meaning instant lawsuit.

    4. Re:That deteriorated quickly. by Kalriath · · Score: 1

      Which would inevitably fail. So, irrelevant.

      --
      For a site about things like basic rights, Slashdot users sure do like to censor "dissent".
    5. Re:That deteriorated quickly. by Anonymous Coward · · Score: 0

      I wouldn't be so sure given the amount of XP machines still used by the DOJ.

    6. Re:That deteriorated quickly. by Ash-Fox · · Score: 1

      DOJ can pay for their patches like the IRS does.

      --
      Change is certain; progress is not obligatory.
  4. WTF by Anonymous Coward · · Score: 1, Interesting

    Patching a dead OS just confuses users. No, really, this OS is dead except sometimes.

    1. Re:WTF by viperidaenz · · Score: 4, Funny

      I know right, like recalling cars out of warranty.

    2. Re:WTF by Ravaldy · · Score: 2

      Good luck getting a 15 year warranty on your car.

    3. Re:WTF by Anonymous Coward · · Score: 0

      My 13 year old car (out of warranty) just had a recall repair done to it, so yeah...

    4. Re:WTF by wcrowe · · Score: 2

      The auto manufacturer is responsible for safety recalls for a very long time, if not forever. I've gotten safety recalls for cars that I haven't owned in years and that are way past the warranty period. I was the last known owner, so I got the letter.

      This kind of thing is very much like a safety recall for cars, except it is for an operating system.

      --
      Proverbs 21:19
    5. Re:WTF by CheshireDragon · · Score: 1

      Same here, I had a recall for my 2002 Ford Ranger a few years ago. I haven't owned that truck since 2007.
      The recall had something to do with an ignition switch catching fire...even when the vehicle was not in use. Last I checked I don't think anyone's comp was at risk of bursting into flames due to a security patch not being installed.
      Car comparisons won't work on this because if cars aren't recalled for dangerous flaws, owners and other people are in danger of injury or death. The only way my computer is going to kill someone is if i use it to beat them to death with it
      (or if I play games on it for days on end.)
      http://www.telegraph.co.uk/new...
      http://www.telegraph.co.uk/new...
      http://www.smh.com.au/articles...
      And there are a shit ton more articles on that topic...

      --
      "That's right...I said it."
    6. Re:WTF by drinkypoo · · Score: 1

      The auto manufacturer is responsible for safety recalls for a very long time, if not forever.

      They're responsible for ten years from the date the recall is issued, unless it's a seatbelt or maybe airbag recall. I believe seatbelt recalls are forever, not sure about airbag recalls but I'd bet the same way on them.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    7. Re:WTF by Ravaldy · · Score: 1

      We have an ex-Chrysler employee working at my office and he had a small involvement in recalls. He said the automakers are forced to honor vehicles up to 8 years of age but it may differ from one country to another. Past this, they can choose to honor the recalls but in many cases it will be at your expense.

    8. Re:WTF by Torodung · · Score: 1

      Windows XP: Zombie Edition lives! IT'S ALIVE!

      Either that or it's only "mostly dead" and MS is giving it a miracle pill.

    9. Re:WTF by Anonymous Coward · · Score: 0

      did this pill happen to come from Miracle Mac's?

      hehe sorry I couldn't help it.

    10. Re:WTF by cbiltcliffe · · Score: 1

      Good luck getting a 15 year warranty on your car.

      Back when I was younger, and living on student income, I had warranty work done on a car when it was 14 years old.

      --
      "City hall" in German is "Rathaus" Kinda explains a few things......
    11. Re:WTF by cbiltcliffe · · Score: 1

      Either that or it's only "mostly dead" and MS is giving it a miracle pill.

      Shortly before this patch was issued, Windows XP distinctly said "The blaaaaaayth!"

      --
      "City hall" in German is "Rathaus" Kinda explains a few things......
    12. Re:WTF by Ravaldy · · Score: 1

      I need to know the name of the car company because that just doesn't happen today. It's not a sustainable model for any company.

      And again, they probably weren't obligated to do it. The government only holds them responsible for the cost of the repair until the vehicle is 8 years of age.

    13. Re:WTF by cbiltcliffe · · Score: 1

      It was a Chevy Malibu. Yes, the "domestics are shit because....GM!!" fixed a problem for free, on my 14 year old car.

      --
      "City hall" in German is "Rathaus" Kinda explains a few things......
    14. Re:WTF by Ravaldy · · Score: 1

      Fact is, they weren't obligated

  5. That's smart by meta-monkey · · Score: 1

    1) Stockpile exploits for Windows XP until after Microsoft no longer releases updates for it.
    2) Hack XP users.
    3) Profit!

    --
    We don't have a state-run media we have a media-run state.
    1. Re:That's smart by Teresita · · Score: 1, Insightful

      But the about-face today speaks to the seriousness of the vulnerability...

      No, it speaks to the seriousness of letting 30% of the PC user base twist in the wind, and start thinking about 2020 when the same thing will happen to 7, and maybe start browsing the Apple stores.

    2. Re:That's smart by Anonymous Coward · · Score: 2, Informative

      Soo... apple is still releasing patches for OSX v10.1 "Puma", which came out the same time as XP originally... or is it that the OS X v10.5.8, the last supported OS by many of the machines from that time period (and came out between XP SP2 and SP3, to put things in perspective), is still getting security updates? Because the answer is no and no.

      In fact, the oldest OSX which is still getting security updates (Lion) was released not quite three years ago. Great.

    3. Re:That's smart by Himmy32 · · Score: 5, Informative

      Apple isn't even releasing updates for Snow Leopard from 5 years ago. Which 20% of their user base is on...

      Reality distortion field on.

    4. Re:That's smart by Anonymous Coward · · Score: 0

      As far as I've seen, Apple hasn't released any statements to that effect. The stated reason the last two big security patches were not made available to 10.6 Snow Leopard is because the problems they were patching were introduced in 10.7 Lion.

    5. Re:That's smart by Zaiff+Urgulbunger · · Score: 1

      As far as I've seen, Apple hasn't released any statements to that effect. The stated reason the last two big security patches were not made available to 10.6 Snow Leopard is because the problems they were patching were introduced in 10.7 Lion.

      I don't think Apples vague maybe/maybe-not support policies really help much.

  6. hacking windows xp by Anonymous Coward · · Score: 0

    is like pimping a 2 dollar whore.

  7. Microsoft has no spine. by Lumpio- · · Score: 1, Informative

    "XP support is over" my ass.

    1. Re:Microsoft has no spine. by Anonymous Coward · · Score: 0

      "XP support is over" my ballsack.

    2. Re:Microsoft has no spine. by rujasu · · Score: 5, Insightful

      Yes, how dare they provide support for a large percentage of their userbase, rather than try to force their users to pay them more money for the latest version! Those bastards!

      Seriously, I get that XP is old and there are real disadvantages to its continued use, but it's amazing to me that we've actually reached the point where MS is getting flack for not adhering strongly enough to planned obsolescence. Like, we want them to be greedier now and stop providing free updates? I'd like to believe that they'll continue supporting Win7 for quite some time. I don't particularly like the idea of forced paid upgrades, or the "subscription Windows" that everyone seems to think is coming.

      I'd love it if people would start moving off of XP and onto modern OS'es, but that's not going to happen right away regardless of what MS does, and I'm not going to knock them for supporting their product long-term.

    3. Re:Microsoft has no spine. by sexconker · · Score: 1

      "XP support is over" my hammy.

    4. Re:Microsoft has no spine. by Ravaldy · · Score: 2

      I agree with you. I don't know one XP user that would pay for a subscription. MS is a business and for some reason the expectation is that they should continue supporting the product at no charge. Yet we don't have that expectation of anything else in life. The software world always gets shafted.

      I had customers contacting me regarding a 10 year old project with a bug recently discovered. I sent them a quote to fix the issue and they asked me why I was charging to fix the software. They also told me they expected the software to work on Windows 2012 Server which I never tested... Oh well!!!

    5. Re:Microsoft has no spine. by Grishnakh · · Score: 2

      Why should they continue to spend money to support an ancient OS that no one is buying any more? They're not receiving any new revenue for it, so why should they continue to support it? Who would expect any company to continue to support obsolete products a decade or more after they were sold, without some kind of service contract? In most places, a 1 or 2-year warranty is all you can expect.

      I'd rather see them stop supporting XP at all, for anyone. If people don't like that, they should switch to something else. If this is a problem for them, they should have thought about that before assuming that XP would somehow be supported for the rest of their lives.

    6. Re:Microsoft has no spine. by fustakrakich · · Score: 5, Insightful

      They should support it as long as they hold copyright on it. When the support ends, it should be put in the public domain.

      --
      “He’s not deformed, he’s just drunk!”
    7. Re:Microsoft has no spine. by Anonymous Coward · · Score: 0

      Perhaps because instead of just fixing bugs these years, they have used updates as an excuse to add more features to suit their needs.
            WGA was my all time favorite.

      If the do actually stop supporting it, then 'nix and wine works mighty fine.

    8. Re:Microsoft has no spine. by Anonymous Coward · · Score: 0

      "XP support is over" my whore house filled with fleas.

    9. Re:Microsoft has no spine. by DogDude · · Score: 4, Insightful

      They're not receiving any new revenue for it, so why should they continue to support it?

      Because they're acting as a responsible corporate entity, maybe? It must be shocking to Apple users to see something like this, but Microsoft has actually been a relatively responsible, responsive company for a long time, now.

      --
      I don't respond to AC's.
    10. Re:Microsoft has no spine. by mythosaz · · Score: 1

      I don't know one XP user that would pay for a subscription.

      Allow me to introduce you to one...

      http://www.engadget.com/2014/0...

    11. Re:Microsoft has no spine. by steelfood · · Score: 1

      It's one thing to stop feature updates. That happened once Vista came out. But security updates? That's like knowing that your product is certain to cause property damage after a certain amount of use but still keeping it out in the wild. With non-software, there'd be mass mandatory recalls. At least with software, it's a matter of putting out an update.

      And yes, severe security vulnurabilities are a defect in the product and zombies do cause monetary property damage albeit a very small amount individually.

      --
      "If a nation expects to be ignorant and free in a state of civilization, it expects what never was and never will be."
    12. Re:Microsoft has no spine. by CheshireDragon · · Score: 1

      "XP support is over" here fixing my shit

      --
      "That's right...I said it."
    13. Re:Microsoft has no spine. by Anonymous Coward · · Score: 2, Funny

      They should support it as long as they hold copyright on it. When the support ends, it should be put in the public domain.

      And I want a pony.

    14. Re:Microsoft has no spine. by Anonymous Coward · · Score: 0

      I don't think it would be such a bad idea to push the deadline from a few weeks ago to something like 2018 for severe security issues, but still withdraw everything else from said OS.

    15. Re:Microsoft has no spine. by citylivin · · Score: 2

      "it's amazing to me that we've actually reached the point where MS is getting flack for not adhering strongly enough to planned obsolescence"

      After painstakingly upgrading the entire office to windows 7 over the last few years, recommending to all friends family and clients that they NEED to upgrade, I am somewhat conflicted.

      Firstly, microsoft is making me look like a lying dick. When I heard about this IE vulnerability, I thought "awesome! now everyone that hummed hawed and complained at me for forcing upgrades will be apologizing!". So i am pretty pissed off that they now go back on their word and still support XP making me look like I didn't know what I was talking about.

      On the other hand, I do like companies stepping up and patching bugs in legacy products. So I'm not terribly sure what to feel right now.

      When in doubt, be pissed off at M$ I guess! Damned if you do and damned if you don't. I guess they did the "right" thing. But for how long? will they still be patching xp in 2025? I know a guy who still runs windows 98 with kernel extensions or something like that. He loves it!

      --
      As a potential lottery winner, I totally support tax cuts for the wealthy
    16. Re:Microsoft has no spine. by Anonymous Coward · · Score: 0

      "They're not receiving any new revenue for it, so why should they continue to support it? "
      ---
      Actually they are receiving tens if not significantly more of millions in support contract revenue on the XP side, and still have to support server 2003r2 (effective XP in the patching sense in most cases) through next July. So these patches would exist anyway, the fact they have offered this particular one in the usual public ways (including windows update for XP) out of band for this issue should be looked as a good thing, and one that makes perfect sense given the wide spread attention this particular one has received. I'd expect this to happen a couple more times in the next ~year.

    17. Re:Microsoft has no spine. by triffid_98 · · Score: 1

      Why should they continue to spend money to support an ancient OS that no one is buying any more?

      ...because this is the exact same patch that they're already contractually obligated to release for Windows 2003 (which won't EOL until next July)?

    18. Re:Microsoft has no spine. by Grishnakh · · Score: 1

      Actually they are receiving tens if not significantly more of millions in support contract revenue on the XP side

      Not from consumers they're not.

      and still have to support server 2003r2 (effective XP in the patching sense in most cases) through next July.

      That's not really relevant. Doesn't matter if it's technically similar, it's still a different product with a different market. They have every right to treat them differently, and to shut off support for one and not the other.

    19. Re:Microsoft has no spine. by Anonymous Coward · · Score: 1

      It's not an XP problem but an IE problem.

      So they probably realized that they just have to provide the patch to XP users as well.

    20. Re:Microsoft has no spine. by Blaskowicz · · Score: 1

      Firstly, microsoft is making me look like a lying dick. When I heard about this IE vulnerability, I thought "awesome! now everyone that hummed hawed and complained at me for forcing upgrades will be apologizing!". So i am pretty pissed off that they now go back on their word and still support XP making me look like I didn't know what I was talking about.

      That's okay. Your friends and family won't hear of that flaw and patch unless they read Slashdot or other tech websites.
      There's also a pretty much untold story. Google Chrome and maybe Firefox and some other stuff support XP for an additional year. Microsoft does support a version of XP for one more year too!, it's called Windows Server 2003 with final EOL on July, 14th 2015. It is not strictly XP but is rather close.

    21. Re:Microsoft has no spine. by Anonymous Coward · · Score: 0

      Yes, they have every right to do that – but they chose not to. That really speaks for them.

    22. Re:Microsoft has no spine. by Anonymous Coward · · Score: 0

      Copyright for XP will end well after copyright for Mickey Mouse ends. So don't hold your breath, because the copyright for the icon of Disney is now over 85 years old....

    23. Re:Microsoft has no spine. by mcrbids · · Score: 1

      I don't understand why a spine is necessary. If the market is crying out for XP, why not just simply migrate XP to an annual license of $20 and let people keep their beloved 512 MB P IVs going for as long as their bits keep shuffling?

      Microsoft had an awesome opportunity with WinXP and they just threw it away...

      --
      I have no problem with your religion until you decide it's reason to deprive others of the truth.
    24. Re:Microsoft has no spine. by Anonymous Coward · · Score: 0

      "XP support is over" my ass.

      XP support was NEVER over for their customers who were willing to pay for extended support. They were going to release this patch to those customers anyway, and given the seriousness of the bug, they decided just to release it to the entire public for free.

    25. Re:Microsoft has no spine. by Anonymous Coward · · Score: 0

      They're not receiving any new revenue for it, so why should they continue to support it?

      Because they're acting as a responsible corporate entity, maybe? It must be shocking to Apple users to see something like this, but Microsoft has actually been a relatively responsible, responsive company for a long time, now.

      When did Microsoft stop extorting money for each Android phone sold?

    26. Re:Microsoft has no spine. by mpe · · Score: 1

      They should support it as long as they hold copyright on it. When the support ends, it should be put in the public domain.

      About the only way this could work would be if Microsoft lobbied (and got) sane copyright terms into law.
      The obvious related issues are that some parts of Win XP may exist in other Microsoft products. Microsoft may not actually be the copyright holder for all of XP. Some bits they may have licenced, other bits they may have "pirated". (Piracy within proprietary software, even of OSS, dosn't appear to be that uncommon.)

    27. Re:Microsoft has no spine. by Lumpio- · · Score: 1

      Because as long as XP exists, Microsoft isn't the only one that will be forced to support it. Old software has to eventually die to drop some of the backwards compatibility burden and make way for progress.

    28. Re:Microsoft has no spine. by Anonymous Coward · · Score: 0

      And what was stopping those paying customers from leaking said patch on public forums for everyone to download?

    29. Re:Microsoft has no spine. by Anonymous Coward · · Score: 0

      And what was stopping those paying customers from leaking said patch on public forums for everyone to download?

      Who would trust a link on some forum?

  8. Xp embedded is still getting updates by Anonymous Coward · · Score: 0, Insightful

    So it not really that big of a deal to also update the desktop xp as well

    1. Re:Xp embedded is still getting updates by Anonymous Coward · · Score: 0

      And all of the commercial customers who pay a few hundred bucks a year for "Extended Support". Since Microsoft already wrote the patch for THEIR Windows XP systems, it was even more trivial to throw it on Windows Update.

  9. The reasons for the patch by Anonymous Coward · · Score: 0

    They are not to support users. They are not to protect the internet. They are to protect commercial closed software. Richard Stallman was right about this, with closed source you are at the mercy of the company providing it. If more flaws come up, Microsoft will still patch them because otherwise users will flee to alternatives rather than newer Windows versions. Not all of them, but little by little is how you erode monopolies.

    1. Re:The reasons for the patch by Anonymous Coward · · Score: 0

      Richard Stallman was right about this, with closed source you are at the mercy of the company providing it.

      Ok. What if you wanted to still use, say, KDE3? There's Trinity Desktop, but it is not updated regularly due to not having enough interest and/or developer resources. Soon there will be a full year from the last update. So how is this any better? It's open source, right? Sure, you could maintain it yourself, but it would be too complex project for one man to handle. You are still at the mercy of other people.

      If more flaws come up, Microsoft will still patch them because otherwise users will flee to alternatives rather than newer Windows versions.

      I do not see anything wrong with that. Good that patches are coming. That's commercial software powered by commercial interests. Nothing terribly evil there.

  10. So Microsoft lied by Anonymous Coward · · Score: 0, Funny

    Ballmer gave his word that there would be no more updates. You can’t believe a damn thing that asshole says. This further proves that Microsoft is run by Republicans. They don’t give a fuck about their customers or the truth. Again they have proven themselves to be the most dishonest large corporation in the world.

    1. Re:So Microsoft lied by rubycodez · · Score: 1

      I'll file that right next to Jobs saying in the early 90s he'd never go back to Apple. Proves that Apple is run by those fucking lying Democrats, they don't give a fuck about their customers or the truth....

    2. Re:So Microsoft lied by UnknownSoldier · · Score: 1

      Well, Jobs never will go back to Apple now ... ;-)

    3. Re:So Microsoft lied by Anonymous Coward · · Score: 0

      I'll file that under Torvalds working for Transmeta. Which only goes to prove that fucking socialists can't even pick a good company to work for. Actually, it doesn't prove that at all, but neither do the other examples.
      I'm pretty sure more examples will follow till we cover the whole spectrum of hated philosophies and hated companies. But only if you aren't using Slashdot beta because in that case what's the point?

  11. What idiot would trust Automatic Update ? by Anonymous Coward · · Score: 0

    Make sure you have a backup before you turn on "Automatic Update".
    And remember, when your updated system crashes, you won't get any support from MS.
    Good Luck

  12. The irony? by Culture20 · · Score: 2, Funny

    XP updates are initiated via IE.

    1. Re:The irony? by Anonymous Coward · · Score: 1

      Hello, Alanis. Still don't know what irony is, eh.

    2. Re:The irony? by antdude · · Score: 1

      Is IE still used to download and install through Automatic Updates?

      --
      Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
    3. Re:The irony? by just_another_sean · · Score: 1, Informative

      No, you can only enable Automatic Updates and wait for them to get pushed down. The Windows Update site has not worked on XP for a couple years now, although I can't remember when it officially happened. It's the same with Windows Server 2003...

      --
      Creationist Textbook Stickers Declared Unconstitutional by CowboyNeal
    4. Re:The irony? by chiefcrash · · Score: 1

      The windows update site worked for me just fine for me this morning...

      --
      Show me on the 1st Amendment bobblehead where the moderator touched you...
    5. Re:The irony? by chiefcrash · · Score: 1

      Redundant "for me" is redundant for me...

      --
      Show me on the 1st Amendment bobblehead where the moderator touched you...
    6. Re:The irony? by timeOday · · Score: 1

      Why does that matter? Unless the Microsoft update site hosts the exploit?

    7. Re:The irony? by drinkypoo · · Score: 1

      The Windows Update site has not worked on XP for a couple years now

      It works on some of my installs, and not on others. My working theory is that windows installs sometimes get owned during install while doing some kind of autoupdate :)

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    8. Re:The irony? by Anonymous Coward · · Score: 0

      Wrong the windows update site works fine on XP\2003, always has and I just got this particular update via it today.
       

    9. Re:The irony? by ShaunC · · Score: 1

      The Windows Update site has not worked on XP for a couple years now, although I can't remember when it officially happened.

      That's not accurate at all, Windows Update works just fine on XP SP3. You can install a fresh copy of XP today and patch it all the way "current" via Windows Update. You need SP3 either slipstreamed or as a manual download, but both are widely available. Once SP3 is installed, Windows Update will bring you all the way up to date (April 8, and then some).

      Automatic updates turned off, going through the "Custom" button at windowsupdate.microsoft.com, guess what just showed up today on an XP SP3 machine running IE8? That's right.

      --
      Thanks to the War on Drugs, it's easier to buy meth than it is to buy cold medicine!
    10. Re:The irony? by Anonymous Coward · · Score: 0

      Its probably a bug in his operating system.

  13. There should be only two options by fustakrakich · · Score: 0, Troll

    Either Microsoft continues to accept responsibility for its obsolete systems, or it shall forfeit all copyrights and patents to those systems.

    --
    “He’s not deformed, he’s just drunk!”
    1. Re:There should be only two options by Anonymous Coward · · Score: 0

      Under what authority? By what legal justification?

    2. Re:There should be only two options by Anonymous Coward · · Score: 0

      Either Microsoft continues to accept responsibility for its obsolete systems, or it shall forfeit all copyrights and patents to those systems.

      I like that idea because legislation like that (which wouldn't be limited to just Microsoft) would screw over Linux and the BSDs royally. Good luck supporting the original kernel release and the early RH releases, freetard.

    3. Re:There should be only two options by fustakrakich · · Score: 1

      Copyright law

      --
      “He’s not deformed, he’s just drunk!”
    4. Re:There should be only two options by fustakrakich · · Score: 1

      You're not making any sense. Anybody is free to update early kernels and any other open software.

      --
      “He’s not deformed, he’s just drunk!”
    5. Re:There should be only two options by amicusNYCL · · Score: 4, Insightful

      So whenever a company discontinues a product, they relinquish all rights they had to that product? I don't think that's how copyright or patent law works.

      --
      "Our two-party system is like a bowl of shit looking at itself in a mirror." - Lewis Black
    6. Re:There should be only two options by NotSanguine · · Score: 1

      You're not making any sense. Anybody is free to update early kernels and any other open software.

      That's true. But the copyrights are still valid. I you want a software regime where [no support] = [copyright lapse], I suggest you contact your congressperson and try to get the copyright laws changed. Good luck with that.

      --
      No, no, you're not thinking; you're just being logical. --Niels Bohr
    7. Re:There should be only two options by fustakrakich · · Score: 2

      No, but that's how it should work. But the public interest is not what copyright is about.

      --
      “He’s not deformed, he’s just drunk!”
    8. Re:There should be only two options by Anonymous Coward · · Score: 0

      But it's how copyright law should work. If you won't fix your software, you'd better be ready to hand out the source code to those who will... or forgo any copyright protection.

    9. Re:There should be only two options by Anonymous Coward · · Score: 0

      >Anybody is free to update early kernels and any other open software.

      Yeah, anybody is free to do it but the point is that they don't.

    10. Re:There should be only two options by amicusNYCL · · Score: 4, Interesting

      So you're saying that Dodge should be obligated to release all intellectual property associated with, say, the Magnum. Even though that same technology is used in their other vehicles. Or Sony should release everything associated with the Playstation 3 and before. I don't think you've thought this through. If a product is ultimately superceded by a different product, and thus discontinued, the manufacturer should not be obligated to release anything.

      --
      "Our two-party system is like a bowl of shit looking at itself in a mirror." - Lewis Black
    11. Re:There should be only two options by fustakrakich · · Score: 4, Insightful

      Yes, if I own a Magnum, and Dodge refuses to support it, then I should be able to go to somebody who can and will. So, yes, Dodge should lose its exclusive privileges granted by copyright law, absolutely.

      --
      “He’s not deformed, he’s just drunk!”
    12. Re:There should be only two options by Anonymous Coward · · Score: -1

      OK, but society shouldn't be obligated to protect the property of companies which don't cooperate with it.

    13. Re: There should be only two options by Ash-Fox · · Score: 1

      You can't even compile windows xp with regular compilers.

      --
      Change is certain; progress is not obligatory.
    14. Re:There should be only two options by JourneymanMereel · · Score: 0

      Yes... and if Disney refuses to sell a copy of a movie, I should be allowed to obtain it from other sources.

      --
      Life has many choices. Eternity has two. What's yours?
    15. Re:There should be only two options by Anonymous Coward · · Score: 0

      There is nothing stopping a country like the UK considering eminent domain on older Microsoft OSes if MS fail to support them...

  14. MSIE 6 by Anonymous Coward · · Score: 0

    I tried using Internet explorer 6 on my old Windows XP computer out of curiosity but the browser kept crashing. I guess modern websites use HTML code that MSIE 6 doesn't understand properly.

    even when I was able to visit some online stores, the stores told me to upgrade my web browser because MSIE 6 is no longer supported. lol

  15. "Why should the MS business model drive the inter by Anonymous Coward · · Score: 0

    Because they choose to buy from MS. If they wanted not to be driven by MS business model, they shouldn't have bought Windows XP in first place. They made their choices, now will suffer the consequences.

  16. looks like i will be the first to say by Anonymous Coward · · Score: 0

    thanks

  17. If you're gonna keep running XP by 93+Escort+Wagon · · Score: 2

    At least switch to a non-Microsoft browser and email client - something that'll continue to get updated like Firefox, Chrome, Thunderbird, etc.

    --
    #DeleteChrome
    1. Re:If you're gonna keep running XP by maz2331 · · Score: 1

      Except, of course, that some business-critical sites will ONLY work with IE. It sucks, but until the vendors fix them, it is what it is.

    2. Re:If you're gonna keep running XP by DigiShaman · · Score: 1

      Vendors?! You mean like a dev team that built an old Intranet site? The same dev team that long disbanded and a copy that doesn't have a migration path to a new platform? Yea, that company is pretty much fucked with their ass hanging in the breeze.

      --
      Life is not for the lazy.
    3. Re:If you're gonna keep running XP by Anonymous Coward · · Score: 0

      ...If you insist on using it, fine. Just keep it off the bloody internet.

    4. Re:If you're gonna keep running XP by zwarte+piet · · Score: 1

      Those sites will still work with opera if you set opera to report itself as IE. Handly little feature.

    5. Re:If you're gonna keep running XP by Anonymous Coward · · Score: 0

      Like all of our original .NET sites that require IE6. All employees here have to use IE6 several times each week. Also, you won't even get paid here or get benefits unless you run MSIE 6 because our Microsoft garbage attempt at a web site requires it. Microsoft is a fucking disaster. Why can't they fix their garbage? Instead, I didn't get paid for six weeks and was evicted because I couldn't get XP mode to run so that I could enter my direct deposit info.

    6. Re:If you're gonna keep running XP by Anonymous Coward · · Score: 0

      Outlook 2010/2013 keep getting updates. No need to change from those if you use them.

    7. Re:If you're gonna keep running XP by Anonymous Coward · · Score: 0

      This makes no sense. You'd only be running such old crap if its been feeding you a steady stream of money. And if it has been, its time to pay the piper have your legacy code upgraded. Or did you forget to factor that into your costs of doing business?

  18. I still run MSIE6 on my Windows 95 machine! by Anonymous Coward · · Score: 0

    Where's my patch?? My hardware doesn't have drivers for anything later and MSIE7 won't install onto 95.

    1. Re:I still run MSIE6 on my Windows 95 machine! by jones_supa · · Score: 2

      It is now safe to turn off your computer.

    2. Re:I still run MSIE6 on my Windows 95 machine! by Anonymous Coward · · Score: 0

      For XP Users:

      It's now unsafe to turn on your computer.

  19. Not Hacked by Anonymous Coward · · Score: 0

    Well, they aren't being "hacked".

    A researcher is merely trying to ascertain the security level of the systems.

    After finding any vulnerabilities, they will down load whatever valuable data they find and post it as an example of how insecure the system was. It's all done with the best of intentions.

  20. That should be true for all software by Anonymous Coward · · Score: 1

    When support is dropped, it should be put into the public domain so others can provide support.

  21. Why Microsoft won't abandon those users by DigitAl56K · · Score: 3, Insightful

    Why should they continue to spend money to support an ancient OS that no one is buying any more? They're not receiving any new revenue for it, so why should they continue to support it?

    They are absolutely receiving revenue for it, just not directly. These users are part of the Windows total addressable market. Developers choosing to write applications and looking at which platform to choose look at this number. 30% of the Windows userbase comes from XP. If Microsoft upsets these users by letting rampant malware trash their systems, a chunk of these people may switch to e.g. Apple. Oops! Now we have more cross platform or Apple-native apps being developed because there are more users there. Microsoft does not want this to happen.

    1. Re:Why Microsoft won't abandon those users by Grishnakh · · Score: 1

      I don't think XP users are buying applications at this stage. They're just using their old computer for web-browsing and email at this point.

    2. Re:Why Microsoft won't abandon those users by Blaskowicz · · Score: 1

      Windows users rarely buy applications in general. They use freeware and open source ones, and play games. Some will get a pirated version of Photoshop or stuff like Reason and Ableton Live.

  22. FireEye should not be trusted by Anonymous Coward · · Score: 0

    Their XP end of life article read like an advertisement for their silly security software. I refuse to read their articles anymore, and so should you. I can't believe their little two-bit operation even made it into Slashdot headlines.

  23. "Out-of-band" Are you awake editors? by sirwired · · Score: 2

    I thought Slashdot was supposed to be a geek site. It's an "out-of-cycle" patch, not an "out-of-band" one, although I assume it could be delivered out-of-band if you really wanted to (USB stick, CD, whatever.) Most users will certainly be receiving the patch in-band.

    Submitters are allowed to be ignorant and make stupid mistakes; it's the job of the editors to correct those mistakes before posting a story.

  24. As usual, everyone is missing the point.... by kgoods · · Score: 1

    They've had 12+ years to secure it. If they had done that there would be no need for emergency security updates. Everyone would be happy. MS wouldn't have to create security updates and customers would be able to use it as long as they want without having to live in fear of being compromised.

  25. As I see It..... by NormAtHome · · Score: 1

    Support is not over, I believe I read that the UK government is paying in excess of 55million or more for XP support and then the Dutch government is doing the same. If Microsoft is being paid by multiple government entities to continue to provide patches and updates for XP why not give the general public the benefit of those patches as well? I realize that the most likely answer to that is why should they when what they want is everyone still using XP to go out and buy a shiny new Windows 8/8.1 PC. But at the very least, a case could be made that the citizens of those governments paying for extended support should be able to download and install those patches since their tax dollars are paying for them. I also doubt very much that the patch Microsoft is releasing was made solely for the benefit of all users, they probably already had it done for the UK and Dutch governments (who as I said paid for it) and just decided to release it to the general public.

  26. It Makes Perfect Sense by cstacy · · Score: 1

    The exploit has been known -- to SOMEONE -- for a while. So why did it come out of inventory all the sudden right now? Afraid that too many valuable targets would switch off XP or install new protection? Hardly likely that XP users will really switch this year. And where did it come from anyway? Transmitted from secret MS operatives to the bad guys? NSA wants to scare people into switching? Stupid bad guys just decided to use it while it was still fresh? There are many conspiracy theory variants on this episode.

    Microsoft had to issue the patch for XP, otherwise the timing might look too suspicious (whether they were involved in promulgating the exploit, or not). Regardless, MS has mitigated the impact and can now say with a straight face, "See! We told you this could happen!" Next time, regardless of who may or may not be behind the exploit du jour, they really really won't be patching XP. Microsoft is now in the position they wanted. They have tried to help as much as possible, everyone has had not only a warning but a credible scare, and needs to upgrade to a new version of WIndows.

    (People who are running XP or DOS on embedded systems that can't be upgraded have worse problems; that's a whole other discussion.)

  27. Give us the old GUI on windows 7 / 8 by Blaskowicz · · Score: 1

    I guess people would object less to giving up Windows XP if the plain old simple GUI was still an option. Not just "Classic" UI in Windows 7 : that one is crippled with the colour themes removed, it is absent from Windows 8.x, the task bar has to be tweaked and feels maybe not 100% the same (I want "show desktop" on the left, not the right). Most of all, if you go that way you have that ugly ass file manager. It's ugly and wastes space.

    I used a 3rd party file manager, but it was not integrated (start menu, desktop icons or win+r will still open Windows's file manager)

    1. Re:Give us the old GUI on windows 7 / 8 by jones_supa · · Score: 1

      Most of all, if you go that way you have that ugly ass file manager. It's ugly and wastes space.

      Click the little arrow on the top right corner of the window. It allows you to hide the Ribbon menu (after that it will be temporarily shown when you open the subsections). From the View subsection you can also hide the side pane to make it even more compact.

  28. XP and Internet by Anonymous Coward · · Score: 0

    If you're on XP and need internet access, you might put your browser into a Linux VM.

    http://www.sirrix.com/content/pages/BitBox_en.htm

  29. Premise untrue by johnw · · Score: 1

    Microsoft no longer supports XP

    Why do people keep saying this? It's simply untrue.

    Microsoft do still support XP. The real change that has happened is that Microsoft have gone from providing free support to charging a lot of money for the same support. That's all.

  30. Enabling user to stick with XP by Anonymous Coward · · Score: 0

    For me this is like giving candy to a diabetic because they want it. Knowing full well its not good for them. Its not like Microsoft has not given ample opportunity and notice for XP users and their is alternative browsers that would be much more secure on XP the IE. In the end Microsoft can be titled a enabler and has as much problem moving from XP as some of its users. Yea, its more of a PR thing then anything else.