Microsoft Extends Updates For Windows XP Security Products Until July 2015 417
An anonymous reader writes "Microsoft today announced it will continue to provide updates to its security products for Windows XP users through July 14, 2015. Previously, the company said it would halt all updates on the end of support date for Windows XP: April 8, 2014. For consumers, this means Microsoft Security Essentials will continue to get updates after support ends for Windows XP. For enterprise customers, the same goes for System Center Endpoint Protection, Forefront Client Security, Forefront Endpoint Protection, and Windows Intune running on Windows XP."
*sigh* (Score:5, Insightful)
If companies claim they haven't had enough time to upgrade their OS or update/rewrite their software, it is because they never will.
Dear Microsoft, (Score:3, Insightful)
We would be pleased to consider a reasonable subscription fee for such updates as it would afford us significant peace of mind and stability.
Signed,
Many Customers
Stupid! Stupid! (Score:4, Insightful)
Windows XP or security products? (Score:5, Insightful)
In case some people don't RTFA,
In other words, while Windows XP will no longer be a supported operating system come April, companies will be at least partially protected (the actual OS still won’t get security updates) until next July.
Emphasis mine. XP updates ARE ending, but MSE/Forefront will still get updated. XP will still be susceptible to any zero day until it gets detected by MSE--if it's even installed at all. This is a marginal increase in safety for XP post-EOL, at best. The apocalypse is still nigh.
My advice for fellow ITAs. Don't mention this to your boss at all if you're still trying to migrate. It's not really relevant to the threat posed by XP's end of support. If they get wind of it on their own, emphasize that XP itself is still going to be wide open. At best all MSE does is let you know you've been owned after the fact once MS gets around to updating the definitions. MSE already has a pretty poor record for detecting even older threats. It's better than nothing but you shouldn't be relying on it.
No, this is smart. This is to keep the customers. (Score:5, Insightful)
The idea that people won't ever move off is absurd. They will. Problem is, if they do so this year a good number are going to OS X, Ubuntu, Chromebooks, etc. Then those new Mac/Linux/Googlized people will begin experimenting with alternatives to Microsoft Office as well. Fuck.
If Microsoft can have those people wait for Windows 9 and Windows 9 is an improvement of any sort, they stand a better chance of keeping the customers. That's all this is.
Re:*sigh* (Score:5, Insightful)
..or maybe xp is good enough for them and the newer versions of windows don't offer enough incentive to upgrade. Considering how bad current microsoft contracts are, it might actually make more sense to wall those machines off from the net and keep using them instead of staying on that one-more-patch-tuesday-til-I'm-secure treadmill.
Re:*sigh* (Score:5, Insightful)
Or because they've lost the source code, or because the only person who knew the software has long since left the company, or they've tried three times since 2003 but each time was over budget and did not deliver usable code, or development has been at a standstill since they offshored the development team. Or because they don't have the budget to push out new hardware in a down economy. Or, yes, ok, because they never will.
Re:*sigh* (Score:5, Insightful)
It's not so simple.
I'm sitting here now, virtualizing applications in App-V for an XP --> 7 migration project. Most people have no idea the scope of applications used by any sufficiently large company, the sort of resources it takes to locate, acquire, and upgrade existing products, or the skill necessary to shoe-horn old applications business can't move quickly away from into an operating system they were never intended for.
My previous employer had 40,000+ endpoints at 40+ facilities. Each of those facilities was part of a loose federation of medical providers and hospitals, each running their own software, each with dozens of departments with unique applications. Their migration to Windows 7 wasn't going to be free. It took money and manpower, and that doesn't happen overnight.
My current situation is similar, just reduced in size by an order of magnitude. Still nearly a thousand applications -- sure, you can throw a lot of them away, but that takes meeting endlessly with department heads and finding replacements - and testing them - and packaging them for distribution to your new OS in the new tool, since the old tool needs to be replaced along the way. Not everyone had a direct upgrade path to the next version of System Center.
Entire infrastructures needed replaced in a LOT of companies. You can spin up a HP Client Automation infrastructure in a day - if you're the only guy in an IT department, and don't need to wait for a change window to have DBAs configure your backend, and need to wait for networking to make sure machines outside the DMZ can still patch. People over-simplify what has to happen in the "simple" upgrades, and Windows 7 migrations were more than just going out to a PC with a copy of USMT and swapping their hardware.
Oh, and I hope you have an enterprise agreement with Microsoft, and you budgeted all of this years ago in your long-term financial plan, and you're not middle-way through any other initiatives that might cause you to have a moving target - like desktop or application virtualization. If you're going to pull off the bandaid, pull the damned thing off already. Lets get off physical boxes too! I'm sure we'll have all the USB printer issues worked out on the non-persistent desktops soon enough.
You can lose days in finding keys for "critical" one-off licensed software for a machine swap. God forbid you're moving to 64-bit and dealing with old .NET apps that nobody's going to ever re-write. It's not just walking around and swapping out some PCs.
Anyone who tells you otherwise is being willfully ignorant.
Re:*sigh* (Score:5, Insightful)
Re:*sigh* (Score:5, Insightful)
The FACT is that most of them run just fine and don't NEED to upgrade.
Just because someone says "get on this treadmill" doesn't mean you need to.
Depending on what you want to do with a computer, you could be running flippin' DOS and be perfectly fine (not to mention have your pick of pretty-much-free machines in the dustbin that would run whatever ancient apps you need SCREAMINGLY fast).
Re:*sigh* (Score:2, Insightful)
XP was never that great even when it was recent. It's certainly much, much worse than Windows 7, 8, and even Vista. Fucking well past time to let that shit die.
Competition will Support XP (Score:4, Insightful)
Other Anti-Virus vendors like Symantec [symantec.com], McAfee [mcafee.com], and Kaspersky [kaspersky.com] are going to continue to support XP past April, so why should Microsoft concede market share to these competitors?
Also, Microsoft is going to look pretty bad if a new virus makes a major impact, so having their security product database updates continue will mitigate that. Doing otherwise could easily be spun as irresponsible.
Re:*sigh* (Score:4, Insightful)
Of course it isn't. It's just not that much worse to justify changing it over, especially for old hardware. No version of windows is safe from the internet. I guess I'm saying that if the need for security is important enough, it's better to cut access to the net for the average workstation regardless of windows version.
Most of those infected xp machines are owned by careless/clueless users who will soon be just as infected on windows 8 as they were under xp.
Re:Oh great... (Score:4, Insightful)
Dude. Some shit ain't going to get upgraded no matter how many times you taze that dead horse.
Hell, I've still got SunOS 4.0 in production.
Re:*sigh* (Score:5, Insightful)
the larger the organization the harder it is to change. it is why large government projects fail so hard. How many tries did it take the FBI to update it's systems?
I know one company(80 people) that tried for 5 years to find a fairly simple path to upgrade obsolete IBM server. they still haven't done so. and still connect to the server through special terminal programs.(IBM used an IBM only terminal emulator which they no longer have source code for).
The company i currently work for(20 people) did an ERP switch. the actual data transfer went mostly painlessly. training the users in the much simpler and effective UI took a month of dedicated training, and 6 months of answering "how do I" questions. every once in a while those questions still appear but that is normal.
Now image trying that with a couple of thousand employees, and you have a nightmare.
Re:Dear Microsoft, (Score:4, Insightful)
Dear Microsoft,
Please shutter the part of your company that makes money, and provide us updates and support as a charitable donation for the life of my computer.
Signed,
Irate Engineer
FTFY
Re:*sigh* (Score:3, Insightful)
Re:Dear Microsoft, (Score:5, Insightful)
Except that OSes dont have near that long of a lifespan.
2001 was Linux kernel 2.4 2000 was 2.2. Both have long since been EOL'd If you want to look at a full OS, I think Red Hat Linux 7.2 would be right about the same age as XP; it was EOL'd in December 31, 2003 (source [redhat.com]).
Microsoft has gone way beyond what any other OS vendor has ever done, excepting perhaps IBM with some of their ancient AIX boxes.
Re:No, this is smart. This is to keep the customer (Score:4, Insightful)
Re:*sigh* (Score:5, Insightful)
Because, uh, Linux upgrades are free, and generally automated?
Free for sure, but generally automated? Not on every distro. It's often easier to do a full save, a fresh install, and then restore whatever you need. My Linux Mint upgrades take about a day of work to get everything back to where I want it. That occurs maybe every 18 months, so I don't mind it so much, and I have complete control over the process and a very high probability of complete success (100% success so far, going back many years before Mint, to Ubuntu and Suse before that). It's an annoyance, but hardly fatal.
Re:*sigh* (Score:5, Insightful)
Windows Vista introduced a proper security model. 7 was a substantial improvement, 8 was a bit cleaner and 2 steps backwards in usability, 8.1 is about on par with 7 really, with a start screen instead of a start menu.
Without getting into whether 8.1 is better than 7, anything from Vista onwards got the new security model, and THAT is a reason to upgrade.
But remember, security doesn't sell, and this thread just shows how deeply that goes. Because here on /. we spent over a DECADE mocking Windows XP and previous versions running as administrator (aka root), and the majority of users running as administor.
And then Microsoft finally fixed that, and today Windows security and reliability is a lot better as a result, but here we are on /. no less, listing to people tell us with a straight face that there is no reason for them to upgrade from XP.
Security just doesn't sell, not even here. That's sad.
Re:*sigh* (Score:2, Insightful)
It's nice that Microsoft introduced a "proper security model" in Vista.
Unfortunately, the malware writers have not noticed this and have continued to write very effective hacks for Windows.
So... I will continue to mock Windows (all versions) for being a pathetic excuse for an OS which should be avoided by everyone except the clueless.
Windows security is still a joke.
(Disclaimer... I have had a fair amount of good Scotch and Bordeaux tonight which may have influenced my opinion... YMMV)
Re:*sigh* (Score:4, Insightful)
..and instead of making assumptions, you could just explain why you think the meme is stupid, or just not comment.
It's general practice to use a firewall at least. Ask yourself why that is. If your machines are bare or just depend on the built-in firewall, they are not secure.
Re:*sigh* (Score:2, Insightful)
so your offering to provide 50$ worth of ram and paid for windows licensees for every workstation entire companies, just so they can run the same fucking visual basic program and outlook they have been for over a decade
thats nice of you
see its a huge cost to companies with no rewards, you have to upgrade hardware, software liscences, rewrite your entire infrastructure and what do you get for it? a fucking live tile for facebook and netflix
why
cause microsoft didnt think that far ahead in their change everything jizzfest
Re:*sigh* (Score:2, Insightful)
Yes, it's 2014 and I can pay and extra $50/computer, plus technician time and losses to system down time if the IT staff doesn't have a night shift to add another 4GB of RAM in order to be able to gracefully run a newer OS which will cost me another $100 (plus technician and down time). So I've paid $200 or more to upgrade an old computer to a newer OS and my return on investment is... what exactly?
> XP doesn't scale well past 2 cores and is not optimized with CPU instructions from more modern CPUs
Completely irrelevant to office computers which spend most of their time waiting in the interminable gulfs between key presses.
I'll admit the security nightmare, but if security is a major concern I'd probably have upgraded long ago, and if I do upgrade and am at all conscientious about it I'm probably going to need a good reason to upgrade to a more recent version of the same nightmare causing codebase instead of a lateral migration to a far more secure *nix-based system which has a fair chance of being able to run all the same Windows apps thanks to Wine, if I'm not happy with the native options. After all my employees will all have to learn a new interface anyway, and most of the common popular Linux GUIs are a lot more similar to XP than Windows 8 is, or can at least be easily configured to be so. And most tend to have less demanding system requirements than even XP, far less in some cases.
Re:*sigh* (Score:4, Insightful)
4,000 employees waiting 10 minutes for their workstations to boot as XP lacks a registry defragger and runs apps which cause winrot, not to mention lack ahci command queing for data so your disks can only handle one thing at a time, plus an added batshit paging and swap algorithm will do just that.
Now add no work for 4 hours during your mccrappy virus scan and that is more money lost. Cryptolocker locking a share randsom due to security not up to par as Windows 7 and more $$$$.
Should I go on?
You also can keep that IE 6 shitwareERP by insecure ltd by using Citrix or VMware and run it in a browser. Even your IPad has access.
The licensing savings will pay for this due to not upgrading.
That is what a good IT professional does. He is proactive and not reactive who lets harm come in by being lazy.
Re:*sigh* (Score:4, Insightful)
I think you mean 0.5GB of RAM lost. Lot's of funky memory mapping stuff using the address space above 3GB, but the first three had no major issues, and you were able to use much of the forth GB as well. And if you need enough compliance and security software running at all times to consume a GB or two of RAM I have to suggest that you're not a typical office user.
As for performance - I rarely have fewer than 20 Firefox tabs open, and often several times that, and it's not all that uncommon to also simultaneously be running an IDE with a mid-sized hobbyist application, a few multilayer images in GIMP, maybe a few vector graphic files in Inkscape, and a handful of Sketchup scenes spread across a half-dozen virtual desktops. Nothing really huge, but a lot more active data than most office workers are dealing with at one time. And this all runs reasonably smoothly on my horribly outdated 32-bit single-core XP gaming rig with only 2GB of RAM. (what can I say, I don't game like I used to and just can't justify spending $1000+ for prettier graphics in the same games). Admittedly I have done some non-standard optimizations to help things out a fair bit (the biggest one - setting the minimum swap file size to 6GB and making sure it's completely defragmented and at the front of the disk where access is fastest). Things are a bit snappier feeling on the more modern systems I use, but realistically I doubt the difference is enough to save me even a minute a day in actual productivity. If you're seeing drastically worse performance then I would suggest you may have other issues lurking within the system. Or you're just using some seriously resource-hogging applications.