Microsoft's Ticking Time Bomb Is Windows XP 829
Hugh Pickens DOT Com writes "Shona Ghosh writes at PC Pro that the final deadline for Windows XP support in April 2014 will act as the starting pistol for developing new exploits as hackers reverse-engineer patches issued for Windows 7 or Windows 8 to scout for XP vulnerabilities. "The very first month that Microsoft releases security updates for supported versions of Windows, attackers will reverse-engineer those updates, find the vulnerabilities and test Windows XP to see if it shares [them]," says Tim Rains, the director of Microsoft's Trustworthy Computing group. Microsoft says that XP shared 30 security holes with Windows 7 and Windows 8 between July 2012 and July 2013. Gregg Keizer says that if a major chunk of the world's PCs remains tied to XP, as seems certain, Microsoft will face an unenviable choice: Stick to plan and put millions of customers at risk from malware infection, or backtrack from long-standing policies and proclamations." (Read on for more.)
"In either case, it will face a public relations backlash, whether from customers who complain they've been forsaken or those angry at Microsoft for pushing them to upgrade when, in the end, they didn't need to." Microsoft makes little or no revenue from customers with old PCs, and desperately wants them to buy a new Windows system of some sort. "It's very easy to say 'just upgrade,' but not all business can do so," says Lawrence Pingree, citing money, resources and mission-critical software. "One of the main reasons why people cannot leave XP is compatibility with other software." Nor is Microsoft blameless. XP has hung around because of the mistakes Microsoft made with Windows Vista, the OS flop that outgoing CEO Steve Ballmer copped to as his biggest regret. If Vista had been more like Windows 7, or had shipped at its original "Longhorn" timetable of 2004, then been followed three years later by Windows 7, XP would not have had the opportunity to lock up the ecosystem for a decade. Pingree has a suggestion for Microsoft. ""If it's such a big problem, maybe they should offer an 'Extended Life' [support] subscription and charge for it.""
Slashdot Poll ? (Score:4, Interesting)
I feel a Slashdot Poll might be in our future:
Number of Windows XP security updates Microsoft will release in the first and second year after they said they wouldn't:
- 0
- 1-5
- 5-10
- 11 or more
Re:The Solution is Obvious (Score:5, Interesting)
The question is: How much does it actually cost them (in dollars) to support XP?
I get the feeling this is just to try and push people to upgrade, not because XP can't be supported.
I own two machines which cannot be upgraded for very good reasons.
(And right now they have auto-update disabled because of the "Windows update uses 100% CPU and leaves the machine unusable" problem which appeared a couple of months ago - a coincidence that this happened just before XP is retired...?)
It is cheaper than programmers at 100K/year (Score:1, Interesting)
And then there is the overhead expenses (roughly the same as salary).
And then there is difficulty in layoffs...
Re:The Solution is Obvious (Score:4, Interesting)
Microsoft will never Opensource XP. Mostly because it would be a major liability with no benefit to them. Yes, liability. If you have your programmers going through the code and find a module that obviously didn't work like it was supposed to, and exposed the machines to a 0-day hack, your lawyers would race to file law suites against Microsoft to compensate for the companies losses. Or lets say you figure out what ALL the settings in the registry do, including the ones for exclusive use of the FBI/NSA/Microsoft. Now you know that they were fully able to bypass the Microsoft supplied firewalls, and grab whatever info they wanted. And you would spill that knowledge all over the net.
Where is Microsoft's benefit in all this? It's just not there.
The only project to Opensource XP that I've heard of is ReactOS [reactos.org], and it is STILL in Alpha stage, even after all these years. I suppose if the demand for it is there, some companies could be encouraged to donate time/money and accelerate the project, for their own benefit.
Re:So upgrade already (Score:5, Interesting)
Also, Microsoft's Win32 application compatibility via the Windows 6.x kernel is decent for 32-bit and weak for 64-bit (WoW). To add, there's so much 16-bit code floating out there in businesses, written during the Win9x era, especially from vendors that no longer exist. Even trying to get some Microsoft programs working is a chore--e.g. Visual FoxPro 9 SP2. (I don't give a shit how "old" it is, it's still used and doesn't work well with Win7 x64). Microsoft has the R&D resources to figure out how to run 16-bit code on 64-bit Windows (e.g. NTVDM running on WoW--essentially a VM within a VM), and we'd be fully in the 64-bit OS era...
Re:The Solution is Obvious (Score:5, Interesting)
Of those reasons, I'm betting #1 is 'No driver support for half the hardware in the system.'
I have tons of equipment that's better than crap being produced today, but drivers for it don't exist past XP.
Re:The Solution is Obvious (Score:5, Interesting)
There is almost no scenario where continuing to use XP as your main desktop makes sense
Take the case of my 74-year-old dad.
His Gateway runs XP, and runs well. Chrome is fast, YouTube vids of his grandkids play fine.
Upgrading to Win 7 will cost him $300 - The Win 7 DVD + a new printer, as his HP 1012 doesn't have a Win 7 driver. If there was a $20 / year subscription option I'm sure he'd take it.
Re:If you think Win 8 is crap (Score:5, Interesting)
Re:Microsoft isn't Putting Customers at Risk (Score:4, Interesting)
It is 13 years since MS started selling XP. Even as late as 2010 when Windows 7 was just released; XP was still offered to enterprise customers since Vista was shit.
Windows 8 does not run many applications developed using tools that came with and later supported XP. And these apps are not even 2 years old.
So please cut out the "13 year old XP" crap. MS is still officially selling XP for some enterprise customers. They better support it for 7 years AFTER they stop selling XP. Say 2020.
If Vista had been more like Windows 7 - BULLSHIT (Score:4, Interesting)
If Vista had been more like Windows 7
This is such bullshit! In the alternative universe where Windows 7 was ready on the day Vista came out, software drivers for W7 would have been as unavailable as they were for Vista. All sorts of software that required users to have full admin permissions would have been broken by W7 UAC as it was by Vista's UAC. All PCs sold with 512MB or 1GB RAM would have still be slow compared to XP.
Only 1 or 2 years down the line when OEMs had caught up and released proper drivers, when PCs were being sold with 2GB+ RAM and when people learned to separate normal from admin users did Windows Vista/7/8 become less of a nuisance. It had very little to do with Windows 7 being so awesome.
advice on Linux alternatives? (Score:4, Interesting)
Requirements:
- fast and light: will run fine on a Thinkpad T41 (which doesn't support PAE kernel)
- Windows-like interface (I'm thinking LXDE, definitely not Unity)
- easy to use Wi-Fi manager (some of the Wi-Fi managers in lightweight Linux distros are way too technical for a novice)
- once a year if any on-site maintenance (remote maintenance is fine if necessary)
- auto updates in background but with very low chance of system breaking with an update (maybe no auto updates is better?)
- ACPI support (at least lid closed = suspend)
- printer support
Chromium OS seems like a good option, and it will run on one laptop (Thinkpad T61) but I'm pretty sure it uses a PAE kernel, ruling out the T41. I've been looking at Lubuntu, Peppermint OS, Porteus, Slax, Puppy Linux. All seem like viable options with a 30-minute test drive, but this is where I'm seeking feedback: on how some of these distros might be good or bad choices in the long-term, especially given that I won't be able to be physically present if something goes wrong.
Microsoft should off load to open source (Score:3, Interesting)
Re:Needless expense (Score:4, Interesting)
Your company doesn’t consider security updates necessary?