Slashdot is powered by your submissions, so send in your scoop


Forgot your password?
Windows Bug Internet Explorer Microsoft Security

Why Microsoft Shouldn't Patch the XP Internet Explorer Flaw 345

Hugh Pickens DOT Com writes: "Sebastian Anthony argues that Microsoft is setting an awful precedent by caving and issuing a fix for Windows XP. 'Yes, tardy governments and IT administrators can breathe a little easier for a little bit longer,' writes Anthony, 'and yes, your mom and dad are yet again safe to use their old Windows XP beige box. But to what end? It's just delaying the inevitable.' Lance Ulanoff argues that Microsoft can't turn a blind eye the security of XP users, even though the company ended support for the 12-year-old operating system on April 8, a fact that Microsoft has been warning about for, literally, years. But this won't be the only vulnerability found in XP, says Dwight Silverman. 'If Microsoft makes an exception now, what about the flaw found after this one? And the next? And the one after that, ad infinitum?' Even though Microsoft has released a patch for the IE flaw, and Windows XP is included, it's time to move on – really. 'I don't want to hear that tired "if it ain't broke, don't fix it" line. Hey, XP IS broke, and it will just get more so over time. Upgrade to a newer version of Windows, or switch to another modern operating system, such as OS X or Linux.'"
This discussion has been archived. No new comments can be posted.

Why Microsoft Shouldn't Patch the XP Internet Explorer Flaw

Comments Filter:
  • by Anonymous Coward on Friday May 02, 2014 @05:54PM (#46903441)

    Microsoft is already contractually obligated to program these patches for its thousands of paid XP support customers. It has the right to decide whether the bug is critical enough that the situation warrants releasing the patch to the general XP userbase for free.

    Rest assured that Microsoft is not doing an iota of extra work on this front. It already has the patch. It will also have patches for every XP bug discovered for the next few years. It's just a question of how widely it wants to distribute each one.

  • Really? (Score:5, Insightful)

    by Alomex ( 148003 ) on Friday May 02, 2014 @05:56PM (#46903465) Homepage

    Does this idiot also let play kids with loaded guns because "that will teach them"?

    I mean, sure don't fix minor flaws, we discontinued support, tough bananas if you keep on using it. But a major security flaw for which you already have the solution for? Anyone but a douchebag would release the patch.

  • by raymorris ( 2726007 ) on Friday May 02, 2014 @06:02PM (#46903523) Journal

    Agreed. Patching a major security hole isn't the same thing as continuing to provide regular support.

    My company does something similar. We offer an option at purchase where you can choose to forego any direct support and save a few dollars. We've still contacted those customers in the rare case of a significant security update.

  • Re:Idiot (Score:5, Insightful)

    by lgw ( 121541 ) on Friday May 02, 2014 @06:17PM (#46903665) Journal

    There are a few people out there using XP because they think it's a cool, lightweight OS (mostly for gaming). That's a very geeky crowd who can likely manage on their own, until the "open source XP project" matures the was DOSbox did.

    Pretty much everyone else left on XP is a company install needed because some important, expensive, hard to replace thing happens to need XP. If you've got some $50k equipment that's halfway through its 20 year useful life that needs XP, you have a PC somewhere running the XP you need. Microsoft's patching policies won't likely change that, one way or another.

  • by phantomfive ( 622387 ) on Friday May 02, 2014 @06:24PM (#46903757) Journal
    In case anyone cares who these people actually are:

    Sebastian Anthony: A semi-hobo living in the middle of England, who thinks he's an engineer because he took apart a VCR. Literally.
    Lance Ulanoff: An editor and story teller. Used to be an editor for PCMag. Gets invited to speak at SXSW because he is a good story teller.
    Dwight Silverman: He seems to have been blogging since April

    None of these guys seem to understand corporate software. They seem to look at it as child-training or something, which it isn't. In all likelihood some companies were complaining to Microsoft about this bug, some product managers inside Microsoft thought it would be worth fixing to make them happy, so they allocated time to work on it. The idea that the CEO was personally involved is possible, but certainly not given. He has more important things to worry about than legacy software.
  • now wait... (Score:4, Insightful)

    by roc97007 ( 608802 ) on Friday May 02, 2014 @06:30PM (#46903805) Journal

    There's something about this that I'm having trouble wrapping my brain around. We (the collective "we" of businesses and individuals still using XP) are stupid for not giving wads of cash to Microsoft when Microsoft says to do so? And Microsoft is stupid for choosing to patch a vulnerability in a half billion PCs?

  • by Xeno man ( 1614779 ) on Friday May 02, 2014 @06:38PM (#46903871)
    My god, it's barely been a frigging month since support ended and now they have set a president? I don't think so. It's no different than any other company that makes exceptions for just out of warranty.

    It's like having a car with 100,000km warranty and at 100,500km the gas tank falls out. They have every right to tell you its not covered but most decent dealers will cover you because it's either a know issue or because they want to treat you right as a customer.

    This is no different, the patch was being made regardless and the seriousness of the problem warranted a release. It just happen to fall just on the other side of an arbitrary date. Nothing special has occurred here.
  • by AudioEfex ( 637163 ) on Friday May 02, 2014 @07:04PM (#46904065)

    It never ceases to amaze me how out-of-touch with the "real world" so many /. commenters are. Or, more precisely, how out-of-touch they come across as, because I don't think half of the folks who post some of this stuff actually believe what they say, they know better - the other half I do believe actually think what they are saying is accurate, because they don't associate with anyone who doesn't know the difference between SRAM and DRAM.

    "Switch to another modern operating system, such as OS X and Linux" - yeah, that's gonna happen. To run OS X one needs to buy a new, overpriced machine that isn't going to be compatible with a lot of existing stuff and is way overkill for the needs of most average folks. And Linux? Seriously? Linux is so out of reach of most folks it's not even funny. I'm sure someone will come along and say "well X distro is easy to install!" and they miss the entire freaking point. Linux is not for "average" users, or even for well-versed computer users, it's for tinkerers and folks who want to spend as much time working on their OS as they do using the computer. It's a ridiculous notion.

    The truth is, XP is not going away. Folks are saying "but they've been announcing this forever!" - not to middle America, they haven't. Those folks don't keep up on tech sites, and it's not like MS is sending them pop-ups to let them know. They just want to get on their computer and use Facebook and check their email, maybe play a few games. They also don't often have computers that even could run Windows 7 or better. Gone are the days when everyone had to replace their PC every 2-3 years, max - I know tons of folks who have PC's that are nearing a decade old and still in use and work just fine for them. Asking folks who have computers that to them seem working perfectly fine, and that meet their needs, to go out and buy a new one just to continue to do what they are already doing is never going to fly.

    MS is going to relent and continue to release security patches - I have no doubt. They already are making them for the large companies/governments that are paying for them, and there are going to be some major battles which will probably end up in the legal system over what really is MS hanging a large portion of users out to dry. As someone else said, these security flaws are already there, they are just fixing what they didn't do correctly in the first place - we all know the limited understanding of the court system of computer technology, that's what it's going to look like to lawyers and judges. We might finally see some real legal tests of EULA's in general, as well - if I put a bumper sticker on my car that says "I am not liable for any accidents I may cause" that doesn't absolve me of liability, and I have a feeling that just may be how some judges will interpret this (correctly or not).

    I know all of this is going to seem like bullshit to a lot of /.ers, but it's reality - XP was good enough that it will remain "good enough" for a lot of folks, and not issuing security patches isn't going to stop them from using it, because they never are going to know. It's in MS best interests to continue issuing these patches until these PC's finally die off and folks need to buy a new one, which is still going to be a few more years.

    Rant all you wish about how stupid they are, or how they just should stop using MS to begin with and use Linux (the most absurd notion - because even if they did, if Linux actually had more than the less than 2% install base it has, they'd just start trying to exploit that - and with all the different distros, etc. - what a clusterfuck that would be - Linux users just fly under the radar, for now). It's not going to change the reality that these folks aren't going to upgrade their OS until they buy a new PC - and if MS doesn't issue these patches, then once the news finally filters down to these folks (via local newsbroadcasts, etc.) the suggestion will just be to use a different browser, since most security issues are IE related - which is the LAST thing MS wants to happen.

  • by musixman ( 1713146 ) on Friday May 02, 2014 @07:22PM (#46904201)
    'I don't want to hear that tired "if it ain't broke, don't fix it" ... "Upgrade to a newer version of Windows, or switch to another modern operating system, such as OS X or Linux."

    You are obviously very out of touch with the WHO & WHY of why people continue to use XP.

    1) Not everyone can AFFORD to update their computer, buy a new computer or buy a new copy of windows. Let alone get a Mac...
    2) Most of the world is not tech savvy. The idea that you would get them to install Linux is really not practical. People are creatures of habit & that will never change. Look at how many people freaked out when W8 removed the start button.
    3) A large % of users are in 2nd & 3rd world countries. The fact they even HAVE a computer & electricity to power it is a BIG deal. You're being very dismissive of how the majority of the world lives. You should travel more.

    XP is like an old car... sure it eats 5x the amount of gas, but it gets you from point a to b.
  • by fustakrakich ( 1673220 ) on Friday May 02, 2014 @07:23PM (#46904203) Journal

    You can keep your outdated OS, just don't complain about how evil Microsoft is when you stop getting updates...

    I will hold them responsible as long as they hold on to their copyright privileges. What I can or can't afford is nobody's business. If you insist that I update, then YOU pay for it.

  • by DocHoncho ( 1198543 ) <dochoncho AT gmail DOT com> on Friday May 02, 2014 @08:15PM (#46904583) Homepage

    Nonsense. They didn't take it away from you, they didn't flip a switch and remove the possibility of using XP. I can't believe I'm defending Microsoft here, but they've really got nor responsibility to subsidize your, or anyone else's, decision to continue using the software. Where does the line end? Are they to keep updating your precious XP for another ten years? Twenty? Dealing with the aftermath of XP being EOL'd seems to me to fall squarely in the "consequence of your own personal decisions" camp, rather than "they owe me updates forever because I paid them once for something."

    Windows 7 is fine, once you get past your heebie-jeebies about the updated interface. The 32-bit version should be able to run nearly everything, save for such software that is so breathtakingly awful, or tied to a specific version of Windows in some kind of unholy union, that it simply can't handle anything else. You can even still run the old 16-bit shit you've got laying around, probably even without significant issues. If you went and got yourself stuck using software that is incapable of running on a newer, and largely compatible, OS, well frankly it's your own god damned fault, and Microsoft shouldn't be expected to ensure your particular requirements are taken care of for free, forever.

  • by turbidostato ( 878842 ) on Friday May 02, 2014 @09:09PM (#46904895)

    "MS did everyone a service supporting XP as long as they did"

    So MS did a service to anyone exactly how? By delivering such a faulty OS that after 15 years providing monthly patches still has critical security flaws that need to be patched?

  • by scsirob ( 246572 ) on Saturday May 03, 2014 @02:50AM (#46906321)

    By your reasoning you'd claim anyone who buys a Volkswagen Golf today is buying a 40 year old car. The Golf was introduced 40 years ago and you can still get one today. Never mind it has zero components in common with the Golf from 40 years back..

    XP was and is doing everything the majority of users expect from an operating system. Many of the changes since XP are not exactly improvements for many of the users. Some are, some are not.

    Microsoft can stop XP support in only one way. That's when they stop taking money from government or corporations for extended support. They will need to say 'no' to the hand that feeds then. Until they do so, they are obliged to patch XP. Not just for those who pay hefty support fees, but also to tose who bought their XP new, just 4 years ago.

God help those who do not help themselves. -- Wilson Mizner