Forgot your password?
typodupeerror
Microsoft Operating Systems Windows Technology

Windows XP SP2 Support Ends Tomorrow 251

Posted by CmdrTaco
from the better-get-patching dept.
Vectormatic writes "As can be seen on the product page for Windows XP, support for SP2 ends tomorrow, while the majority of Windows XP users still haven't upgraded to SP3. This could open up millions of users/businesses to exploitation, since security updates for SP2 will stop coming in while security fixes to SP3 may clue hackers in to vulnerabilities."
This discussion has been archived. No new comments can be posted.

Windows XP SP2 Support Ends Tomorrow

Comments Filter:
  • Note (Score:5, Informative)

    by segin (883667) <segin2005@gmail.com> on Monday July 12, 2010 @09:42AM (#32873872) Homepage
    It should be noted that XP SP2 x64 has support until whenever XP SP3 x86 runs out. There is no XP SP3 x64
    • Re:Note (Score:5, Funny)

      by fuzzyfuzzyfungus (1223518) on Monday July 12, 2010 @09:46AM (#32873916) Journal
      Luckily, XP x64 was always basically immune anyway. It's pretty hard to get 0wn3d when you can't find a NIC driver...
      • by Jeng (926980)

        I wonder how XP64 got that reputation, cause it sure doesn't reflect reality.

    • Re: (Score:2, Interesting)

      by Anonymous Coward

      It should be noted that XP SP2 x64 has support until whenever XP SP3 x86 runs out. There is no XP SP3 x64

      Despite the name, XP x64 is actually the same codebase as win2003 server x64.

      • by lennier1 (264730)

        Exactly, which is why tying its support timeframe to XP SP3 x86 instead of the server OS doesn't make much sense.

    • Re: (Score:3, Informative)

      by BigDish (636009)

      XP x64 is really Server 2003 "Workstation Edition" - it's compiled from the Server 2003 code, thus uses the same patches (and has the same lifecycle) as Server 2003, not XP.

  • Oh Noes!!! (Score:5, Insightful)

    by B5_geek (638928) on Monday July 12, 2010 @09:42AM (#32873882)

    The sky is falling!!!

    If these people/companies don't care enough to have upgraded to SP3, they won't care that support for the OS has ended either.

    • Re: (Score:3, Interesting)

      by Sycraft-fu (314770)

      Ya, sympathy meter reads 0 for these folks. You cannot expect to never update an OS and have it stay safe, particularly a consumer OS where things are opened up and easy to use. I suppose if you really lock down and harden an OS (or use one that is hardened by default) and do not install new applications you can be somewhat secure with no updates, but for a desktop OS, updates are necessary.

      Also I get tired of the idea that companies should have to support software forever. SP2 is OLD. STFU and upgrade to

      • So you had a brick house, while those around you had wood... When the whole city goes up in flames and there are 10 story fire tornadoes going around your house, it doesn't matter that your house was reasonably fire safe on its own.

        So yeah, we don't care about them, until their myriad systems become malware platforms and clog up the entire internet with spam, DDOS attacks, and generally make the whole internet a mess.

  • xp and _win2k_! (Score:5, Interesting)

    by aradnik (1831756) on Monday July 12, 2010 @09:43AM (#32873890)
    what's more important is that win2k support is withdrawn as well... and quite a few major organization still rely on it...
    • Re: (Score:2, Informative)

      by Theoboley (1226542)
      I know the company i currently work at freaked out about 2 months back as the deadline approached for the Win2k Cutoff. Spent a crapload of money to ugrade to server 2008.
      • Re: (Score:2, Interesting)

        by TheLink (130905)
        Why'd they freak out? If it doesn't keep falling over (and it shouldn't), it's not as if it'll suddenly fall over tomorrow just because Microsoft stops supporting it.
        • Re:xp and _win2k_! (Score:5, Insightful)

          by PPalmgren (1009823) on Monday July 12, 2010 @10:34AM (#32874420)

          Liability. Its kind of hard to say "we tried to be as secure as possible but got owned anyway" when you're using an outdated OS out of its support cycle. Now they can shift the blame back on Microsoft's swiss-cheese.

          Could you imagine the damage done if said company makes headlines for losing tons of sensitive customer data, and then has a follow-up headline showing their security practices?

          • Uh... Doesn't the software license from Microsoft specifically disclaim responsibility for most conceivable negative events?

            • Re: (Score:3, Insightful)

              by compro01 (777531)

              Financial responsibility, yes, but not PR responsibility. You can blame them even if you can't sue them over it.

            • by kimvette (919543)

              Yes. Yes it does.

              Windows is not "backed by a large company" in any way when it comes to reliability, maintainability, or liability. You're better off with F/OSS solutions because you get the same backing, but save thousands per server and the ability for your staff to review code if liability really is such a large concern.

              Better yet, if you need "backing of a large company" check out either SUSE Enterprise Linux or RedHat Linux.

          • by delinear (991444)
            Even so, it's not like this date just jumped out on them, I remember talking about this something like four years ago. I wouldn't expect them to replace anything until the last minute, because that costs money and it's almost always smarter to wait in big business infrastructure, but if they got to two months away and didn't even have a migration plan, that's just incredibly shoddy.
          • by Jurily (900488)

            Could you imagine the damage done if said company makes headlines for losing tons of sensitive customer data, and then has a follow-up headline showing their security practices?

            Like this? [serverfault.com]

          • by kimvette (919543)

            They just upgraded to Windows 2008? That's not a great use of resources.

            Liability? Have you read Microsoft's EULA? They disclaim all liability (even for their negligence), retain the right to install whatever they want to your system, and expressly disclaim any warranty. There goes any argument of a big company backing Windows.

            . . . and this is superior to F/OSS how, exactly?

            Why spend thousands to tens of thousands on a server OS and licensing on fast hardware, only to have to install third-party firewall,

            • by Vancorps (746090)

              Way to totally discount existing infrastructure and training. While your points about licensing are valid I think you have a hard sell to many people that Windows 2008 is inferior especially in the Mail and database world. SQL 2005/2008 are solid products and Exchange is as yet unmatched in features. People do take risks with the proprietary format and if it were a completely new setup I would definitely say it's worth it but when you have existing applications a few hundred thousand dollars in licensing is

        • Re:xp and _win2k_! (Score:4, Informative)

          by shutdown -p now (807394) on Monday July 12, 2010 @11:46AM (#32875140) Journal

          Why'd they freak out?

          It's not going to be receiving any updates from now on, including security updates.

        • by drsmithy (35869)

          Why'd they freak out? If it doesn't keep falling over (and it shouldn't), it's not as if it'll suddenly fall over tomorrow just because Microsoft stops supporting it.

          Risk assessment is a case of probability * consequences. While the probability of failure hasn't changed, the consequences (additional support costs) has, presumably to an unacceptable level.

    • Re: (Score:3, Informative)

      by antdude (79039)

      Also, there seems to be no updates for W2K SP4 for tomorrow as well that I read. :( So last month's updates were the last ones!

    • what's more important is that win2k support is withdrawn as well... and quite a few major organization still rely on it...

      And these are the types of companies Microsoft is going to have little-to-no regard for.

    • by Sycraft-fu (314770) on Monday July 12, 2010 @12:30PM (#32875580)

      People need to stop with this bullshit of wanting to stay on an OS for ever. No company supports a product for all eternity. 2000 was supported when its replacement came out (XP) and when that's replacement came out (Vista) and even for a while when that's replacement came out (7). It was supported for over 10 years (despite the nae it came out in 1999). It isn't like an upgrade has been something you've had to do quick.

      It is just laziness on the part of companies that do this. Also, I'd bet these very same companies would tell me to go away if I brought i one of their products from 10 years ago and wanted support on it. They'd say "That is out of warranty, buy a new one." Yet somehow they think MS should have to support their OSes forever.

      Also I'll add you CAN get systems that are supported pretty much perpetually. Mainframes are like that. You can run those for decades and even after new version come out, the support continues. However you pay a ton to buy it, pay even more in maintenance (support isn't free, software or hardware, you have to pay yearly upkeep) and they are going to certify it for certain apps and you'll run those and no other, or lose support.

      If that's not your cup of tea, if you want cheap OSes that let you do as you please, well then deal with the fact that you "only" get a decade of support (though sometimes more like with XP).

      • by wvmarle (1070040)

        Warranty is over, sure. But there is a difference between software and other products:

        • Software comes known with flaws. Over time those flaws are found, and especially security issues have to be fixed.
        • Warranty runs out, fair enough. A car comes with maybe two years warranty, after that you can keep it running at your own expenses: you pay for "extended warranty" or simply for repairs as they come along. Though an "extended warranty" scheme, kind of insurance plan covering repairs, is surely imaginable.
        • So
      • Re: (Score:3, Interesting)

        by dbIII (701233)
        Several features were removed between 2000 and XP, the most annoying of which is the reduced number of people that can connect to a network drive. Server 2008 is of course the expensive and time consuming answer which can be hard to justify against something that already works as well as it needs to.
  • Astonishing (Score:5, Insightful)

    by jsnipy (913480) on Monday July 12, 2010 @09:44AM (#32873902) Journal
    It is amazing that an service pack would even be supported up to 2 years after the next service pack.
    • Unless that next service pack breaks the OS. Which was exactly what happened to me. SP3 brought my machine to a near halt. After a full three days search how to repair it, I got a new machine.
  • Huh? (Score:5, Insightful)

    by The MAZZTer (911996) <megazzt@gma[ ]com ['il.' in gap]> on Monday July 12, 2010 @09:44AM (#32873904) Homepage
    "while the majority of windows XP users still haven't upgraded to SP3"? Citation needed. SP3 is delivered via Windows Update. I had it before I switched to 7, my company it using it. It's been out for quite a while. I don't see why the majority of XP users would not be using it...
    • Re:Huh? (Score:4, Interesting)

      by $RANDOMLUSER (804576) on Monday July 12, 2010 @09:48AM (#32873940)
      Because lots and lots (and lots and lots) of people don't see the Genuine Advantage? That's how you get SP3 via Windows Update.
      • by williamhb (758070)

        Because lots and lots (and lots and lots) of people don't see the Genuine Advantage? That's how you get SP3 via Windows Update.

        So you mean there really is a Genuine Advantage then ... not being owned by hackers tomorrow! My goodness, Slashdot just discovered a Microsoft slogan is right after all. Has the world gone mad?

      • by hodet (620484)
        This is not true. Windows Automatic Update still works on illegitimate copies of XP. SP3 would have gotten blown down regardless. I have seen unlicensed copies receive SP3 and IE8. All friends of mine of course....not me....ahem...no.
        • by delinear (991444)
          Well I'm sure there are still plenty of SP2 machines out there on illegitimate copies, probably the armies of botnets in the middle east that never got updated because the owners never saw the point (or they bought the machine in that condition and lacked the knowledge to update to a later cracked version), but there were also plenty of concerns about updating to WGA on legitimate XP installs. I don't know how much of an issue it is now, but at the time SP3 first released there were all kinds of horror stor
    • Re:Huh? (Score:5, Insightful)

      by malignant_minded (884324) on Monday July 12, 2010 @09:55AM (#32874032)
      While I can't vouch for the majority of windows xp users I know a bunch of companies that are still at SP2. Also I would guess that many home XP users have found their computer infected enough times to find that it was cheaper to buy a new one than it was to pay a shop three hours to clean it up, thus they ended up with Vista or 7 eliminating them from the statistic. This leaves companies that are making a decision to stay at XP and IE6 since it breaks their hack code Intranet, many of those may be for similar reasons at SP2.
      • by Inda (580031)
        SP2 here. 3,000 people in this building alone. 20,000 people company wide.

        I look forward to the next infection. Blaster was a blast.
      • by westlake (615356)

        I would guess that many home XP users have found their computer infected enough times to find that it was cheaper to buy a new one than it was to pay a shop three hours to clean it up.

        The number of PC users is usually estimated at around 1 billion.

        Call it 900 million users for versions of all versions of Windows and 600 million users for XP.

        There are only three PC repair shops prosperous enough to afford a banner add in my suburban phone book - and eight in the metropolitan area, population 1.1 million. (G

    • posted it in the main thread already, but this is the source i have on it:

      http://laws.qualys.com/2010/05/end-of-life-for-windows-xp-sp.html [qualys.com]

      My own company (world wide ~90000 employees) pushed SP3 only just a few months ago, and we are actually an IT-minded club

    • Re: (Score:3, Interesting)

      by soupforare (542403)
      Over half of the machines I see at the shop that are running XP, are still running SP2. The problem is that even if the machine is genuine, people don't interact with the WUA. Of those that do, many are running software that prevents it from being installed, Norton, Trend, HPcrapware, etc. There's a lot of things out there that screw up an sp3 install.
    • by Culture20 (968837)
      Most companies progressive enough to upgrade to XP SP3 have probably already upgraded to Win7. Companies with special needs that SP2 provides (read: poorly written specialty software that takes advantage of holes in SP2) will still be using SP2. Of course, they probably don't use these machines on the internet or at least they're heavily firewalled.
  • by GigsVT (208848) on Monday July 12, 2010 @09:44AM (#32873906) Journal

    Is it 3G and does it have the wifis?

  • so what? (Score:4, Interesting)

    by l2718 (514756) on Monday July 12, 2010 @09:45AM (#32873910)

    Business and private people have had years to evaluate SP3 and plan for its deployment, or in the alternative to switch to other operating systems. The summary seems to assume an implied responsibility of Microsoft to support SP2 simply because the public likes it.

    It is true that had XP+SP2 been free software, there would be an option of obtaining patches and support from other vendors, but this is not a complaint against Microsoft but rather against those that chose to use Microsoft's software.

    • by GigsVT (208848)

      It's just a practical observation... a lot of people are going to be using something that's going to be very exploitable very soon. I don't get the feeling that the summary is implying any kind of moral imperative.

    • Re:so what? (Score:5, Interesting)

      by Vectormatic (1759674) on Monday July 12, 2010 @09:51AM (#32873990)

      submitter here,

      I didnt mean to imply MS has any kind of responsability to keep support going for SP2 longer, i much more agree with cmdrTaco's stance "from the better-get-patching dept". My goal wasnt to start a whole new thread of MS bashing, more to just notify people about the end of SP2 support, which i think is significant for most nerds/geeks, even if they moved themselves to *nix ages ago, their parents/siblings/friends might still run SP2 somewhere.

      Not to mention that SP2 made XP actually good, sp1 was OK as well, but SP2 was a pretty big thing.

      • ...My goal wasn't to start a whole new thread of MS bashing...

        You must be new here! Shame on you!

        • oh yes i know, "hand in you geek-card", "judging from his high UID" and all that, with some hot gritts and a naked and petrified natalie portman thrown in..

          i just found it noteworthy that starting tomorrow, SP2 is no longer actively supported, i should have known anything MS related wont work for a reasonable discussion on /.

    • Support drops off after a time. I mean yes, you technically could hire a developer to keep maintaining it, but realistically, it is the same situation as everything else in that support goes away after a time.

      For that matter, you actually CAN pay MS to support your old shit. I don't know what it costs, but they do that. There's still a limit, something like 5 years after their extended support ends, but it is out there. So if you, really, really need you can get support by paying a developer, same as with O

  • ten years (Score:4, Insightful)

    by FuckingNickName (1362625) on Monday July 12, 2010 @09:46AM (#32873924) Journal

    I wish Apple or Linux supported a base system for ten years.

    $1.20 says they'll continue releasing critical updates as they've done for a while for "retired" service packs in the past.

    while the majority of windows XP users still haven't upgraded to SP3

    Evidence?

    • by DragonHawk (21256) on Monday July 12, 2010 @10:24AM (#32874302) Homepage Journal

      I wish ... Linux supported a base system for ten years.

      Linux isn't a person or organization and thus can't support anything.

      The best organization I know of (in terms of length of support for a given Linux configuration) is Red Hat, which supports RHEL for seven years. Still not as good as Microsoft's ten year policy.

      Microsoft will support you even longer, if you pay for a custom support agreement. I'm told prices start around $40K.

      I suppose, for that price, you could pay someone to maintain your Linux configuration for you. You do have the source code. But you'd have to start doing it sooner.

      $1.20 says they'll continue releasing critical updates as they've done for a while for "retired" service packs in the past.

      Can you cite specific examples? In my experience, support for Microsoft products starts to be curtailed near end-of-life, not extended past it. NT4, 2000, XP have all had security vulnerabilities discovered which Microsoft did not fix, but which were fixed for later releases of Windows. MS09-048 for 2000/XP. Another I can't recall right now for NT4. Yah, they had their reasons, but the fact remains that once the successor products arrive, support starts to degrade for the old releases.

      • General support is 5 years. That is when you get new service packs, new features, that kind of thing. Full support, more or less. Extended support is 5 more years. That is bug fixes and usually little more, though sometimes features happen too. Those are the committed times. They sometimes extend them, as they have for XP.

        In terms of long support life Sun also offers, or at least used to (dunno with Oracle), long support of things, but it cost money. You had to pay a yearly maintenance fee per server. Howev

  • by Vectormatic (1759674) on Monday July 12, 2010 @09:56AM (#32874044)

    http://laws.qualys.com/2010/05/end-of-life-for-windows-xp-sp.html [qualys.com]

    That article states SP2 is still used on 50% of XP machines

    • Re: (Score:2, Insightful)

      by Anonymous Coward

      be nice if we could get a citation on the citation, since they just show a graph with no explanation of where they got the numbers they used for it.

  • by petes_PoV (912422) on Monday July 12, 2010 @10:08AM (#32874170)
    Just like my virtualised version of W2K. Just 'cos the supplier won't provide any more updates doesn't mean anything bad will happen. Since I have automatic updates switched off and the machine is secure and doesn't get bugs, virues, trojans it makes very little difference whether the vendor supports it any more or not.

    BTW, on a related note. Since the machine runs in a secure environment, it neither has nor needs AV. It's surprising how fast a 256MB P3 is without all that overhead.

    • Re: (Score:3, Informative)

      by Spad (470073)

      By "secure environment" I presume you mean "without network connectivity"? Because otherwise, it just isn't.

      • by bigtrike (904535)

        Agreed. Worms tend to have a way of infiltrating private networks. This is especially true if any of your users have laptops that are allowed to connect to the outside world or even worse, leave the building.

  • Joke's on them, I'm still running Windows 98SE!

    • by Hatta (162192)

      Funny thing is, you're probably safer at this point with Win98 than an old version of XP.

"Silent gratitude isn't very much use to anyone." -- G. B. Stearn

Working...