Slashdot Mirror
Why Microsoft Shouldn't Patch the XP Internet Explorer Flaw
Hugh Pickens DOT Com writes: "Sebastian Anthony argues that Microsoft is setting an awful precedent by caving and issuing a fix for Windows XP. 'Yes, tardy governments and IT administrators can breathe a little easier for a little bit longer,' writes Anthony, 'and yes, your mom and dad are yet again safe to use their old Windows XP beige box. But to what end? It's just delaying the inevitable.' Lance Ulanoff argues that Microsoft can't turn a blind eye the security of XP users, even though the company ended support for the 12-year-old operating system on April 8, a fact that Microsoft has been warning about for, literally, years. But this won't be the only vulnerability found in XP, says Dwight Silverman. 'If Microsoft makes an exception now, what about the flaw found after this one? And the next? And the one after that, ad infinitum?' Even though Microsoft has released a patch for the IE flaw, and Windows XP is included, it's time to move on – really. 'I don't want to hear that tired "if it ain't broke, don't fix it" line. Hey, XP IS broke, and it will just get more so over time. Upgrade to a newer version of Windows, or switch to another modern operating system, such as OS X or Linux.'"
Guy on the Internet says "Shut Down XP."
Where are the crickets when we need them the most?
Microsoft is already contractually obligated to program these patches for its thousands of paid XP support customers. It has the right to decide whether the bug is critical enough that the situation warrants releasing the patch to the general XP userbase for free.
Rest assured that Microsoft is not doing an iota of extra work on this front. It already has the patch. It will also have patches for every XP bug discovered for the next few years. It's just a question of how widely it wants to distribute each one.
Does this idiot also let play kids with loaded guns because "that will teach them"?
I mean, sure don't fix minor flaws, we discontinued support, tough bananas if you keep on using it. But a major security flaw for which you already have the solution for? Anyone but a douchebag would release the patch.
Agreed. Patching a major security hole isn't the same thing as continuing to provide regular support.
My company does something similar. We offer an option at purchase where you can choose to forego any direct support and save a few dollars. We've still contacted those customers in the rare case of a significant security update.
The author seems to have no grasp on why there's still so many XP installations out there. Sure, there are a bunch that are just because home users don't know better or offices don't want to spend a few hundred bucks to upgrade, and for those use cases where all that really matters are being able to edit Word documents and browse the web, then his ideas apply. Problem is, there are a ton of users that are using niche software, whose creators have either gone out of business or simply stopped developing upgrades, that won't work on anything other than XP. Upgrading would cost millions to a business and/or affect the work flow of the whole organization. For example, there's super-duper expensive hospital equipment that can only be run by software running on Windows XP. You can't air-gap it, because it has to be networked in order to move data around to actually be useful. Upgrading from XP means scrapping the equipment and spending 6-7 figures for just that one piece of equipment, which is otherwise still working fine. There's other systems that don't necessarily run hardware, but would cost 6-7 figures in implementation to switch systems, and not all businesses that use that software have that kind of spare cash so it's not necessarily that they are just being greedy.
Yes, this is a problem, no, I'm not saying it's okay, what I am saying is that not issuing security fixes isn't going to force those types of users to upgrade, it just means they'll be forced to use a system that isn't secure. You have to fix the culture of the vendors who make this shitware (where there are usually no alternatives) before you can force their users to upgrade.
A patch to remove the entire networking stack. Done.
Please keep us updated on all conversations you have with your mother. Thanks.
That isn't helpful, XP is a modern operating system. It has user accounts, processes and all that stuff. It misses a desktop compositor but do we have to care about windows flying around?
In fact I would like linux to catch up. Using LXDE makes it relatively close to XP in speed and stability, MATE is a slower but decent, but it could use some more driver quality and importantly I hope there'll finally be a way to fix backwards compatibility and game availability, which go hand in hand.
Get me right, I know that XP has to be abandoned and advocate for it , I tell people to use Mint and do all updates (almost security only) that show up. The updates are pleasant instead of being a hassle. Though as usual I need to wait again. Wait for Mint 17 to be out, since Mint 16 will be deprecated despite coming out in last November.
Now, every 0day that hits, and Microsoft DOESN'T patch XP, after product end-of-life? Deep pockets. Lawsuit. Precedent has been established. :-)
"Flyin' in just a sweet place,
Never been known to fail..."
There are a few people out there using XP because they think it's a cool, lightweight OS (mostly for gaming). That's a very geeky crowd who can likely manage on their own, until the "open source XP project" matures the was DOSbox did.
Pretty much everyone else left on XP is a company install needed because some important, expensive, hard to replace thing happens to need XP. If you've got some $50k equipment that's halfway through its 20 year useful life that needs XP, you have a PC somewhere running the XP you need. Microsoft's patching policies won't likely change that, one way or another.
Socialism: a lie told by totalitarians and believed by fools.
In case anyone cares who these people actually are:
Sebastian Anthony: A semi-hobo living in the middle of England, who thinks he's an engineer because he took apart a VCR. Literally.
Lance Ulanoff: An editor and story teller. Used to be an editor for PCMag. Gets invited to speak at SXSW because he is a good story teller.
Dwight Silverman: He seems to have been blogging since April
None of these guys seem to understand corporate software. They seem to look at it as child-training or something, which it isn't. In all likelihood some companies were complaining to Microsoft about this bug, some product managers inside Microsoft thought it would be worth fixing to make them happy, so they allocated time to work on it. The idea that the CEO was personally involved is possible, but certainly not given. He has more important things to worry about than legacy software.
"First they came for the slanderers and i said nothing."
There's something about this that I'm having trouble wrapping my brain around. We (the collective "we" of businesses and individuals still using XP) are stupid for not giving wads of cash to Microsoft when Microsoft says to do so? And Microsoft is stupid for choosing to patch a vulnerability in a half billion PCs?
Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
It never ceases to amaze me how out-of-touch with the "real world" so many /. commenters are. Or, more precisely, how out-of-touch they come across as, because I don't think half of the folks who post some of this stuff actually believe what they say, they know better - the other half I do believe actually think what they are saying is accurate, because they don't associate with anyone who doesn't know the difference between SRAM and DRAM.
"Switch to another modern operating system, such as OS X and Linux" - yeah, that's gonna happen. To run OS X one needs to buy a new, overpriced machine that isn't going to be compatible with a lot of existing stuff and is way overkill for the needs of most average folks. And Linux? Seriously? Linux is so out of reach of most folks it's not even funny. I'm sure someone will come along and say "well X distro is easy to install!" and they miss the entire freaking point. Linux is not for "average" users, or even for well-versed computer users, it's for tinkerers and folks who want to spend as much time working on their OS as they do using the computer. It's a ridiculous notion.
The truth is, XP is not going away. Folks are saying "but they've been announcing this forever!" - not to middle America, they haven't. Those folks don't keep up on tech sites, and it's not like MS is sending them pop-ups to let them know. They just want to get on their computer and use Facebook and check their email, maybe play a few games. They also don't often have computers that even could run Windows 7 or better. Gone are the days when everyone had to replace their PC every 2-3 years, max - I know tons of folks who have PC's that are nearing a decade old and still in use and work just fine for them. Asking folks who have computers that to them seem working perfectly fine, and that meet their needs, to go out and buy a new one just to continue to do what they are already doing is never going to fly.
MS is going to relent and continue to release security patches - I have no doubt. They already are making them for the large companies/governments that are paying for them, and there are going to be some major battles which will probably end up in the legal system over what really is MS hanging a large portion of users out to dry. As someone else said, these security flaws are already there, they are just fixing what they didn't do correctly in the first place - we all know the limited understanding of the court system of computer technology, that's what it's going to look like to lawyers and judges. We might finally see some real legal tests of EULA's in general, as well - if I put a bumper sticker on my car that says "I am not liable for any accidents I may cause" that doesn't absolve me of liability, and I have a feeling that just may be how some judges will interpret this (correctly or not).
I know all of this is going to seem like bullshit to a lot of /.ers, but it's reality - XP was good enough that it will remain "good enough" for a lot of folks, and not issuing security patches isn't going to stop them from using it, because they never are going to know. It's in MS best interests to continue issuing these patches until these PC's finally die off and folks need to buy a new one, which is still going to be a few more years.
Rant all you wish about how stupid they are, or how they just should stop using MS to begin with and use Linux (the most absurd notion - because even if they did, if Linux actually had more than the less than 2% install base it has, they'd just start trying to exploit that - and with all the different distros, etc. - what a clusterfuck that would be - Linux users just fly under the radar, for now). It's not going to change the reality that these folks aren't going to upgrade their OS until they buy a new PC - and if MS doesn't issue these patches, then once the news finally filters down to these folks (via local newsbroadcasts, etc.) the suggestion will just be to use a different browser, since most security issues are IE related - which is the LAST thing MS wants to happen.
'I don't want to hear that tired "if it ain't broke, don't fix it" ... "Upgrade to a newer version of Windows, or switch to another modern operating system, such as OS X or Linux."
You are obviously very out of touch with the WHO & WHY of why people continue to use XP.
1) Not everyone can AFFORD to update their computer, buy a new computer or buy a new copy of windows. Let alone get a Mac...
2) Most of the world is not tech savvy. The idea that you would get them to install Linux is really not practical. People are creatures of habit & that will never change. Look at how many people freaked out when W8 removed the start button.
3) A large % of users are in 2nd & 3rd world countries. The fact they even HAVE a computer & electricity to power it is a BIG deal. You're being very dismissive of how the majority of the world lives. You should travel more.
XP is like an old car... sure it eats 5x the amount of gas, but it gets you from point a to b.
Windowx XP is not a "12 year old operating system"
It's 4 years old, 6 years at best. It was still being sold by Microsoft up until June 30 2008. It was still being sold preinstalled on machines up until October 2010.
What of those people who have 3 1/2 year old PC's? You can't tell them its a 12 year old operating system. It was still brand new in 2010.
I was reading a finance forum earlier today, and came across a post from a guy talking about his frugal habits, which included still using Windows 98. That's not frugal, that's insane!
(On the bright side, he also still uses dial-up, so at least the rate at which his zombied PC can spew shit is somewhat limited...)
"[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz
There's a better way.
"[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz
If the defect may kill you car makers may fix something 12 years old. Maybe. If the defect will allow someone to easily unlock your doors and steal everything in the car they won't care.