Microsoft's Ticking Time Bomb Is Windows XP

Hugh Pickens DOT Com writes "Shona Ghosh writes at PC Pro that the final deadline for Windows XP support in April 2014 will act as the starting pistol for developing new exploits as hackers reverse-engineer patches issued for Windows 7 or Windows 8 to scout for XP vulnerabilities. "The very first month that Microsoft releases security updates for supported versions of Windows, attackers will reverse-engineer those updates, find the vulnerabilities and test Windows XP to see if it shares [them]," says Tim Rains, the director of Microsoft's Trustworthy Computing group. Microsoft says that XP shared 30 security holes with Windows 7 and Windows 8 between July 2012 and July 2013. Gregg Keizer says that if a major chunk of the world's PCs remains tied to XP, as seems certain, Microsoft will face an unenviable choice: Stick to plan and put millions of customers at risk from malware infection, or backtrack from long-standing policies and proclamations." (Read on for more.)

"In either case, it will face a public relations backlash, whether from customers who complain they've been forsaken or those angry at Microsoft for pushing them to upgrade when, in the end, they didn't need to." Microsoft makes little or no revenue from customers with old PCs, and desperately wants them to buy a new Windows system of some sort. "It's very easy to say 'just upgrade,' but not all business can do so," says Lawrence Pingree, citing money, resources and mission-critical software. "One of the main reasons why people cannot leave XP is compatibility with other software." Nor is Microsoft blameless. XP has hung around because of the mistakes Microsoft made with Windows Vista, the OS flop that outgoing CEO Steve Ballmer copped to as his biggest regret. If Vista had been more like Windows 7, or had shipped at its original "Longhorn" timetable of 2004, then been followed three years later by Windows 7, XP would not have had the opportunity to lock up the ecosystem for a decade. Pingree has a suggestion for Microsoft. ""If it's such a big problem, maybe they should offer an 'Extended Life' [support] subscription and charge for it.""

Slashdot Poll ?

[Lennie]

I feel a Slashdot Poll might be in our future:

Number of Windows XP security updates Microsoft will release in the first and second year after they said they wouldn't:
- 0
- 1-5
- 5-10
- 11 or more

Re:The Solution is Obvious

[Joce640k]

The question is: How much does it actually cost them (in dollars) to support XP?

I get the feeling this is just to try and push people to upgrade, not because XP can't be supported.

I own two machines which cannot be upgraded for very good reasons.

(And right now they have auto-update disabled because of the "Windows update uses 100% CPU and leaves the machine unusable" problem which appeared a couple of months ago - a coincidence that this happened just before XP is retired...?)

It is cheaper than programmers at 100K/year

[Anonymous Coward]

And then there is the overhead expenses (roughly the same as salary).

And then there is difficulty in layoffs...

Re:The Solution is Obvious

[hot soldering iron]

Microsoft will never Opensource XP. Mostly because it would be a major liability with no benefit to them. Yes, liability. If you have your programmers going through the code and find a module that obviously didn't work like it was supposed to, and exposed the machines to a 0-day hack, your lawyers would race to file law suites against Microsoft to compensate for the companies losses. Or lets say you figure out what ALL the settings in the registry do, including the ones for exclusive use of the FBI/NSA/Microsoft. Now you know that they were fully able to bypass the Microsoft supplied firewalls, and grab whatever info they wanted. And you would spill that knowledge all over the net.

Where is Microsoft's benefit in all this? It's just not there.

The only project to Opensource XP that I've heard of is ReactOS [reactos.org], and it is STILL in Alpha stage, even after all these years. I suppose if the demand for it is there, some companies could be encouraged to donate time/money and accelerate the project, for their own benefit.

Re:So upgrade already

[BUL2294]

I'm sorry, but tell me an easy way for a non-technical business (e.g. a dentist's office) to shut off Internet access in most consumer-grade VMs (VMWare Player, Hyper-V, Win7's VirtualPC, etc.) while keeping network access alive. Yes, there's things like fiddling with hosts files and the like, but no consumer-level VM offers a "keep networking but disallow Internet access" switch. (Sure, you can disable NAT, but then your VM can't network, so what's the point???)

Also, Microsoft's Win32 application compatibility via the Windows 6.x kernel is decent for 32-bit and weak for 64-bit (WoW). To add, there's so much 16-bit code floating out there in businesses, written during the Win9x era, especially from vendors that no longer exist. Even trying to get some Microsoft programs working is a chore--e.g. Visual FoxPro 9 SP2. (I don't give a shit how "old" it is, it's still used and doesn't work well with Win7 x64). Microsoft has the R&D resources to figure out how to run 16-bit code on 64-bit Windows (e.g. NTVDM running on WoW--essentially a VM within a VM), and we'd be fully in the 64-bit OS era...

Re:The Solution is Obvious

[Khyber]

Of those reasons, I'm betting #1 is 'No driver support for half the hardware in the system.'

I have tons of equipment that's better than crap being produced today, but drivers for it don't exist past XP.

Re:The Solution is Obvious

[CohibaVancouver]

There is almost no scenario where continuing to use XP as your main desktop makes sense

Take the case of my 74-year-old dad.

His Gateway runs XP, and runs well. Chrome is fast, YouTube vids of his grandkids play fine.

Upgrading to Win 7 will cost him $300 - The Win 7 DVD + a new printer, as his HP 1012 doesn't have a Win 7 driver. If there was a $20 / year subscription option I'm sure he'd take it.

Re:If you think Win 8 is crap

[TheGoodNamesWereGone]

I know of NO businesses that are just hankering with bated breath to use Windows 8. They would rather upgrade to 7. Home users are having it shoved down their throats with every new PC they buy and they hate it too. You can argue about all the new wonderful things it has under the hood, but the interface is shit. Don't say "It's fine once you get used to it," because it's a step backward in usability. Even after installing something like Classic Shell or Start8 the 'Modern' apps still run fullscreen. "But you can learn your way around that!" you cry. That's some helluvan arrogant attitude to have. The only reason M$ dumped the old menu/window-based interface is because they it would benefit THEM in some imagined convergence of the desktop and tablet, **not** to benefit users or create something more efficient. They were wrong.

Re:Microsoft isn't Putting Customers at Risk

[jkrise]

It is 13 years since MS started selling XP. Even as late as 2010 when Windows 7 was just released; XP was still offered to enterprise customers since Vista was shit.

Windows 8 does not run many applications developed using tools that came with and later supported XP. And these apps are not even 2 years old.

So please cut out the "13 year old XP" crap. MS is still officially selling XP for some enterprise customers. They better support it for 7 years AFTER they stop selling XP. Say 2020.

If Vista had been more like Windows 7 - BULLSHIT

[bazorg]

If Vista had been more like Windows 7

This is such bullshit! In the alternative universe where Windows 7 was ready on the day Vista came out, software drivers for W7 would have been as unavailable as they were for Vista. All sorts of software that required users to have full admin permissions would have been broken by W7 UAC as it was by Vista's UAC. All PCs sold with 512MB or 1GB RAM would have still be slow compared to XP.

Only 1 or 2 years down the line when OEMs had caught up and released proper drivers, when PCs were being sold with 2GB+ RAM and when people learned to separate normal from admin users did Windows Vista/7/8 become less of a nuisance. It had very little to do with Windows 7 being so awesome.

advice on Linux alternatives?

[gaiageek]

I've got a couple 70-something members in my family who are running XP laptops just to run a web browser: email and the basics. Having moved to Linux myself and being the family computer guy, I'm wanting to switch these two laptops to some lightweight flavor of Linux that will work for them and require little or no support from me. I've tried many different lightweight distros in the past year, but I thought I'd ask here for input from any of you who have actually done what I'm about to do.

Requirements:
- fast and light: will run fine on a Thinkpad T41 (which doesn't support PAE kernel)
- Windows-like interface (I'm thinking LXDE, definitely not Unity)
- easy to use Wi-Fi manager (some of the Wi-Fi managers in lightweight Linux distros are way too technical for a novice)
- once a year if any on-site maintenance (remote maintenance is fine if necessary)
- auto updates in background but with very low chance of system breaking with an update (maybe no auto updates is better?)
- ACPI support (at least lid closed = suspend)
- printer support

Chromium OS seems like a good option, and it will run on one laptop (Thinkpad T61) but I'm pretty sure it uses a PAE kernel, ruling out the T41. I've been looking at Lubuntu, Peppermint OS, Porteus, Slax, Puppy Linux. All seem like viable options with a 30-minute test drive, but this is where I'm seeking feedback: on how some of these distros might be good or bad choices in the long-term, especially given that I won't be able to be physically present if something goes wrong.

Microsoft should off load to open source

[kawabago]

Microsoft should transition all those XP users to a linux distro made to look and behave more like Windows. If Windows really is better then those customers will come back when they buy a new machine. In the mean time, Microsoft will have off loaded maintenance onto open source and freed itself to innovate. No doubt they will do something else, that will turn out to be stupid.

Re:Needless expense

[LMariachi]

My company uses XP on the majority of our computers and there is nothing whatsoever in Vista, Windows 7 or Windows 8 that is necessary for us.

Your company doesn’t consider security updates necessary?