Registry Hack Enables Continued Updates For Windows XP

DroidJason1 (3589319) writes "A registry workaround, which tricks Windows Update into thinking you are running Windows Embedded POSReady 2009, allows you to get free security updates until 2019. All you need is a simple 32bit or 64bit registry entry in order to make this work. POSReady 2009 is slated to receive security updates for another five years. Microsoft ended support for Windows XP on April 8th of 2014."

Excellent

[kefkahax]

Get it while it's good. There's quite a few critical security updates.

Re:Excellent

[Skuld-Chan]

I think if your a company that relies on XP (not the POS edition) and you haven't isolated them on a special - no internet vlan - you have bigger issues than making sure your XP machine has security updates.

Re:Excellent

[93 Escort Wagon]

I think if your a company that relies on XP (not the POS edition) and you haven't isolated them on a special - no internet vlan - you have bigger issues than making sure your XP machine has security updates.

I thought all editions of Windows XP deserved the monicker POS?

(Note to the humor-impaired: Chill out, dude. At least I'm not making jokes about your pretend girlfriend, right?)

Re:Excellent

[fahrbot-bot]

I thought all editions of Windows XP deserved the monicker POS?

(Note to the humor-impaired: Chill out, dude. At least I'm not making jokes about your pretend girlfriend, right?)

My pretend girlfriend runs Windows XP - sigh.

Re:Excellent

[Anonymous Coward]

THERE ARE FOUR UPDATES!!!

Re:

[ArcadeMan]

I wonder how many people will get that reference.

Re:Excellent

[barlevg]

This is much funnier if you assume that ArcadeMan is all three ACs in this thread.

Re:Excellent

[ArcadeMan]

I'm not.

I'm also scared by the fact that this was aired 22 years ago.

Re:Excellent

[barlevg]

The new Battlestar Galactica began airing ten years ago.

9/11 was 13 years ago.

The Lion King was 20 years ago.

Face it: we're old.

Re:

[uCallHimDrJ0NES]

There's a new Battlestar Galactica? Disney came out with their Kimba movie starring Matthew Broderick? Wow, the future is AWESOME! Did they bring back Dr. Who?

Re:

[Guspaz]

If you were born before 1992, you were born closer to the first moon landing than today.

Re:

[Cytotoxic]

And if you remember watching the first moon landing.....

Re:Excellent

[Chelloveck]

I was born closer to the first moon landing than to today. That's because I was born on the other side of it. Hell, I was born closer to WWII than to today. And in another year I'll be able to say that about WWI.

Kids. Get off my lawn.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:Excellent

[Zocalo]

Even the older Slashdotters have a blinkered view of culture it seems. The original reference is from George Orwell's "1984", only it was fingers and not lights.

Re:

[uCallHimDrJ0NES]

Although I got the 1984 reference, I have no idea what ST:TNG you're talking about. I've still only seen two seasons. http://www.smbc-comics.com/ind... [smbc-comics.com]

Re:

[avgjoe62]

If you can, watch The Inner Light. It is about the only episode of ST:TNG I will watch whenever it is available.

Re:

[spire3661]

TNG has some utterly fantastic moral explorations you shouldn't just dismiss. The Drumhead (TNG), In the Pale Moonlight(DS9), The Measure of a Man (TNG) are all brilliant.

Re:

[I'm New Around Here]

I'll watch it and see how I like it.

Re:

[I'm New Around Here]

I'll watch these, plus the one avgjoe62 listed, and see how they are.

I'm assuming I can find them somewhere online.

Re:

[spire3661]

Netflix has all of these.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:Excellent

[camperdave]

It was a Cardassian, and he was trying to get Picard to say five lights.

Sheesh!

Re:

[QuantumLeaper]

Cardassian Interrogator, NOT Romulan. Unless you believe there are three lights...

Are you kidding me?

[ArcadeMan]

There's something called "Windows Embedded Piece Of Shit Ready 2009"?

Re:

[Brett Buck]

This is forced by "Truth in Advertising" laws.

Re:

[wiredlogic]

Yep. They also have POSfor.NET library for interfacing with barcode scanners, scales, and receipt printers. Suffice to say it is also a huge, unreliable Piece Of Shit.

Re:Are you kidding me?

[fuzzyfuzzyfungus]

Unfortunately, in the case of a lot of point of sale systems, the acronym does double duty. At least they are surprisingly expensive.

Re:Are you kidding me?

[sjames]

He said duty.

Re:Are you kidding me?

[future assassin]

Yes they are pretty expensive my current one ACE Retail was around $1400 for one computer. I looked at oithers and the prices were insane if you wanted anything not DOS looking like. I did go with ACE as this is what I was use to for the previous 4 years but its amazing how the same bugs have been in the system for the last 6 years and old bugs just pop up out of the blue even though they were suppose to be fixed.

I now have found a Linux based POS http://linuxcanada.com/ [linuxcanada.com] that seems quite good and will be testing it out shortly

Re:

[TechyImmigrant]

>Unfortunately, in the case of a lot of point of sale systems, the acronym does double duty. At least they are surprisingly expensive.

I wrote a POS for my wife's yarn store. I named it the "POSPOS".
 

Re:

[sjames]

That someone thought making a cash register run WindowsXP was a good idea scares me, though.

And justifies the dual meaning of POS :-)

Re:

[ArcadeMan]

Cash registers have to be on networks these days. But on the Internet? Not a good idea.

If necessary, it should be POS -> server -> Internet.

Re:

[barlevg]

That still counts as "on-the-internet" (unless you somehow have a dedicate line going from the POS to the server), so you're plenty vulnerable to spoofing and man-in-the-middle attacks.

Re:Are you kidding me?

[mysidia]

That still counts as "on-the-internet" (unless you somehow have a dedicate line going from the POS to the server), so you're plenty vulnerable to spoofing and man-in-the-middle attacks.

There's this thing called a VLAN [wikipedia.org].

You can use a dedicated Layer 3 switch for your POS network. Setup a Private VLAN (PVLAN) to carry your POS network.
Setup a private promiscuous VLAN for your switch to perform L3 routing on.
Setup a private Isolated VLAN (PVLAN Isolated) for your POS terminals, and enable local Proxy-Arp on your isolated PVLANs.
Place your server on a Server VLAN.

Enable 802.1x wired port security for your POS ports.

Configure routing between your POS Subnet and your POS server's dedicated Subnet. Set it up with Route-maps or ACLs such that; every POS can talk to the server, and the server can talk to any POS terminal, but no two POS can speak to each other, and no other IP address can speak to a POS or the server.

No default route in the routing table of this Layer 3 switch.

No internet connectivity necessary.

Re:

[viperidaenz]

No internet connectivity necessary.

No electronic payments can be processed.

Re:

[mysidia]

No electronic payments can be processed.

Sure they can. Via dedicated proxy server sandwiched between two firewalls that allows HTTP, but to only the payment processor's URL. As discussed in my other post.

Re:

[sumdumass]

Https...

Anyways, i agree and have set up CC payment systems specifically like that. Except one system failed using a proxy so i had to lock the routers into the specific IP address of the processor and forbid http traffic because the suit kept defaulting to it with every update and transmitting in plain text.

Needless to say, i had a long talk with one of their developers and CEO and the company i was working for eventually switched packages altogether.

Re:

[viperidaenz]

You can't restrict the URL, just the host name.
Unless you want to forego HTTPS...

Re:

[viperidaenz]

ethernet... those twisted pair cables than can be tapped and intercepted without detection?

Re:

[xeoron]

One place I do tech work for have POS's that require Net access because part of the services link into API's for UPS, FexEx, and USPS for realtime transactions. The POS software and shipping software get updates regularly, whether it be bug fixes, feature improvements, or shipping rates updates. The POS, also, can links into a noreply email to send people invoices and tracking. Safe guards: being placed on a separate isolated network from the main one, strict firewall settings, intrusion detection, and a go

Re:

[mysidia]

POS's that require Net access because part of the services link into API's for UPS, FexEx, and USPS for realtime transactions.

You don't actually need full Net access for that.

The recommendation here is that you have a proxy server; that the applications required to use these services are configured with. The proxy server should only allow the required URLs.

In some cases, the individual applications can be configured with a unique client-side SSL certificate, username, and password with which to acces

Re:Are you kidding me?

[cusco]

I always like RKeeper's (large Moscow-based POS system) quick-and-dirty solution: make all the POS machines use NetBEUI. Can't route, the only way to get to the machines from outside is through remote controlling the server.

Re:

[viperidaenz]

Some cash registers need to be on the internet. It's how they process electronic payments. Modern eftpos terminals don't use dial-up connections anymore.

Re:

[dcsmith]

Some cash registers need to be on the internet. It's how they process electronic payments. Modern eftpos terminals don't use dial-up connections anymore.

I gave the counter guy at my mechanic a strange look the other day when he processed my payment via credit card and I heard the modem dial out. He rolled his eyes and said, "Yeah, they 'upgraded' us last week. More secure because it doesn't have to go over the Internet."

Re:Are you kidding me?

[The Snowman]

Considering how full of holes Linux based home routers turn out to be, do you think Linux based cash registers would be any better than XP cash registers? I am just flabbergasted that cash registers are on networks with internet access.

Up until a few months ago I worked for a Retail Point of Sale company for more than seven years as a developer. The typical topology goes something like this. Each store has a cable or DSL modem to get to the internet. They have it locked down so the only way in or out is through a VPN to the home office. This essentially gives them LAN access to shared resources such as centralized databases (this is why you can return at a store other than the one where you bought something, or check another store's inventory), payment system gateways, etc. This is a heavily secured and audited network segment due to the sensitive nature of the data. Any "regular" internet access from a register goes through that VPN and a firewall at the home office. Browsers are locked down on each register and regularly patched and updated remotely. They will sometimes use a whitelist of sites, sometimes not: JavaScript and other "features" are typically restricted as much as feasible.

This system works really well, despite having a lot of pieces geographically scattered. The VPN makes it easy to connect to any register in a retail chain since it is essentially a LAN. With the VPN and firewalls, you have a distributed yet secured network. The only times I have ever seen a network intrusion at any customer of my former employer was due to human error: a network technician forgetting to set something up right despite numerous checklists and test environments. Pretty rare in my experience working with 30+ retail customers.

Re:

[ArcadeMan]

Not according to Wikipedia [wikipedia.org]. :p

Re:

[Hognoxious]

I've dealt with the output from them. Horrid. It was a while ago, but IIRC correctly it went like this: because the accursed things have so little storage everything is "compressed", and they were all designed before interwebs were invented so it has to keep the whole shift's crap in there. But not compressed like with gzip, no no no, because it hasn't the CPU or RAM to do that. It's just that every indicator (that tells you if it's a sale or return, or if it's meat or dairy or shoes or flammable or rad

are the people still running XP

[ganjadude]

and who dont have a support contract (example medical and banks) the kinds of people who actually do updates anyway? or are they most likely pirated versions of XP?? also if one did this on a legal version of windows, would microsoft consider it a breech of the TOS? I havent been using XP in a number of years now but im not sure how useful this registry hack is going to be in real world scenarios

Re:are the people still running XP

[dargaud]

I develop on Linux, and for when I need Windows I use XP in a virtual machine. Plenty good enough for only runnign an IDE. Today I had to touch Win7 for the first time because one of my apps wouldn't install. It felt like being raped by Fisher Price.

Re:are the people still running XP

[YrWrstNtmr]

It felt like being raped by Fisher Price.

Comparisons to Fisher Price was one of the main initial complaints about XP.

Re:

[Hognoxious]

XP looked Fisher Price by default, but you could turn that off.

Win 7 behaves Fisher Price and AFAIK you can't do shit about it. Other than installing Linux ...

Re:

[Anonymous Coward]

Yes.

Because driver support for things like musical equipment and old SCSI devices often didn't get updated or supported after XP.

I have a fairly expensive SCSI scanner that can handle poster sized sheets but the only software I can find for it runs in XP. I have 3 Windows 7 boxes and one XP, and I'll keep running XP until I can get all my devices off it (MIDI controllers, instrument packages, old scanner, etc)

It's not my fault these old components have no driver upgrade path, so I'm stuck with one XP box pr

Re:

[ganjadude]

if you are testing I assume you are using a VM that is not talking to other machines on the network. Security updates should have nothing to do with that if configured correctly

Security risk?

[erice]

Point of Sale systems usually operate under more controlled conditions than end user machines. Would these updates keep your XP machine plausibly secure or highly vulnerable to threats not considered serious to point of sale systems? What about vulnerabilities in components not present in POSReady 2009 but used in XP?

Re:Security risk?

[0123456]

No, updating to an actually supported operating system would be better.

Not if it's Window 8.

Yeah not quite...

[craznar]

As someone who works with POS Ready 2009 a lot (I write Point of Sale Software), the catch with this idea is that many (a great many) of the components in normal XP just don't exist in POSReady.

SO you may, or may not get updates for some parts of your OS - because Microsoft will not be writing updates for the rest.

New Critical XP Update...

[The Mysterious Dr. X]

"This patch removes an exploit that caused some machines running Windows XP to apply updates for other operating systems. To learn more about the update, read this knowledge base article..."

Re:

[petermgreen]

They could do it the other way arround, make an update to the updater that (among other things) checks more thouroughly what edition of the OS it's running on, then make it so you have to update the updater to get any other updates.

Re:New Critical XP Update...

[wonkey_monkey]

Yo dawg, I... can't be bothered.

For all of XP?

[viperidaenz]

POSReady 2009 combines the power and familiarity of Windows XP Professional with a smaller footprint and specific features for point of service (POS) computers.

Smaller footprint means fewer files. What ever is cut out of POSReady won't have any issues fixed.

Re:

[drinkypoo]

Smaller footprint means fewer files. What ever is cut out of POSReady won't have any issues fixed.

OK, let's figure out which parts those are, so we can not use them, and replace them with OSS alternatives. Some of us need XP for various applications for which there are no replacements.

Re:

[kimvette]

what's the difference between highly illegal, and illegal? Besides, what is so illegal about changing a registry key or value, or creating a registry key?

Re:This act is highly illegal

[gstoddart]

what is so illegal about changing a registry key or value, or creating a registry key?

In the loosest possible interpretation I can think of (and not one I agree with), you are committing fraud by misrepresenting something in order to get a good or a service.

But, if it's something as trivial as a registry key, which is available for users to update (and which sometimes MS themselves suggest) ... then I've got nothing.

I'm having a hard time believing it's perfectly legal to update one set of registry keys, while being illegal to update another. If they're so special and secret, they shouldn't be something you can update.

Re:This act is highly illegal

[TubeSteak]

I'm having a hard time believing it's perfectly legal to update one set of registry keys, while being illegal to update another. If they're so special and secret, they shouldn't be something you can update.

Since Microsoft offers paid updates for WinXP (at least for corporate customers),
it's not very hard to argue that the registry hack (at least for corporate customers) would qualify as theft of service.

For non-corporate users, Microsoft could argue "unauthorized access," but I can't see them taking the trouble to sue random home users.

Re:

[GNious]

Perhaps they can include an "update" to WindowsPOS(?) that is not an issue for POSes, but detrimental in non-POS use-cases?

Re:

[Hognoxious]

Yeah, I'm like *sure* they could totally get that right.

Re:

[Hognoxious]

I'm having a hard time believing it's perfectly legal to update one set of registry keys, while being illegal to update another.

Clearly this is a hypothetical argument that goes beyond the DeVry Juris Doctor syllabus, but replace "update" with "shove your dick in" and "set of registry keys" with "person's bodily orifice".

Re:

[Jmc23]

It'll void your warranty and then you won't be able to get anymore security updates!!

Re:

[fph il quozientatore]

what is so illegal about changing a registry key or value, or creating a registry key?

What is so illegal about changing 0 to 1 and 1 to 0?

Re:

[NoNonAlphaCharsHere]

Yeah. "Felony Registry Hack" will get you 10 to 20.

Re:

[I'm New Around Here]

But whose anus?

Re:This act is highly illegal

[TWX]

What's illegal about it? Is it illegal to use Microsoft's provided tools to edit my registry, browing to HKEY_LOCAL_MACHINE\SYSTEM\WPA, then creating a new key called PosReady, then creating a new dword in PosReady called "Installed" with a value of 00000001?

Digital:Convergence had much more claim to the cuecat scanner's security than this could ever command.

Re:

[fuzzyfuzzyfungus]

I'm honestly a bit surprised that MS didn't bother to tie point-of-sale status to XP's license authentication mechanism, even in some relatively trivial way.

They were certainly willing to do that with some updates (anything where good old 'Windows Genuine Advantage' popped up) and, while the suitably motivated generally bypassed that without too much trouble, I imagine that that sort of wicked, wicked, circumvention made their legal position markedly less pleasant if MS wished to push the issue.

If it'

Re:

[TWX]

I'm actually surprised that there isn't something else checking versioning in the compiled stuff that can't be readily changed. That it's a registry entry blows my mind. That's so lazy on their part that I have zero sympathy for them if people extend support for their OSes this way.

Re:This act is highly illegal

[gstoddart]

That it's a registry entry blows my mind. That's so lazy on their part that I have zero sympathy for them

You know, some of us have felt this way about the registry as long as it's been around.

It has always seemed like a cheap hack done by lazy people.

It's not secure or safe, it has always been subject to corruption and hacks, and looks like something which was grafted on by someone under time constraints that once it was in the wild they couldn't get away from.

Re:

[drinkypoo]

The true mind-blower of the registry is that even though it's API-based and therefore in theory they can replace it with impunity, they didn't and it still sucks.

The true mind-blower of Unix is how so many people defend their flat files unto death even when it makes zero sense, e.g. dpkg. dpkg desperately needs binary databases, perhaps kyotocabinet or hell just sqlite, anything would be better than the big ugly flat files. And even if those files were only caches of the flat files, and the big stupid ugly

Re:

[fuzzyfuzzyfungus]

It's particularly weird given how touchy XP was about install media: even with a valid key and install medium that provided the same version(home, pro, etc.) it would inevitably whine if you used a retail key with OEM media, the reverse, or any other mismatched combination it happened to dislike, even if the result would be identical to what the poor sucker trying to install had a license key for.

Given that POS probably wasn't sold at a discount, I would have expected it to at least freak out at it being

Re:

[egranlund]

There is probably more to the whole POS installation than just the registry key.

I think someone just noticed that if you happen to only flip one of the many bits for the POS system that it would cause Windows Update to behave differently.

Re:

[Bob9113]

What's illegal about it? Is it illegal to use Microsoft's provided tools to edit my registry, browing to HKEY_LOCAL_MACHINE\SYSTEM\WPA, then creating a new key called PosReady, then creating a new dword in PosReady called "Installed" with a value of 00000001?

See Aaron Swartz [wikipedia.org]: Federal prosecutors later charged him with two counts of wire fraud and 11 violations of the Computer Fraud and Abuse Act,[12] carrying a cumulative maximum penalty of $1 million in fines, 35 years in prison, asset forfeiture, restitu

Re:

[CurryCamel]

What's illegal about it? Is it illegal to use Microsoft's provided tools to edit my registry

... to get a service you don't have a license for. How is that not illegal?

Re:

[BilI_the_Engineer]

I wouldn't be surprised if it is illegal, considering how broken our 'justice' system is.

If editing some data on your own equipment is all it takes to get Microsoft to give you service, and that's illegal, then something is indeed wrong.

Re:

[thestuckmud]

What's illegal about it?

"Whoever ... knowingly and with intent to defraud, accesses a protected computer ... exceeds authorized access, and by means of such conduct furthers the intended fraud and obtains anything of value ... shall be punished ..." - CFAA (18 USC 1030).

That's what. (Disclaimer: IANAL and therefore don't know what I am talking about).

Re:

[wonkey_monkey]

"Whoever ... knowingly and with intent to defraud, accesses a protected computer

Uh... it's my computer.

Re:

[drinkypoo]

What's illegal about it? Is it illegal to use Microsoft's provided tools to edit my registry, browing to HKEY_LOCAL_MACHINE\SYSTEM\WPA, then creating a new key called PosReady, then creating a new dword in PosReady called "Installed" with a value of 00000001?

No more illegal than disguising yourself as a legitimate copyright holder and fooling someone into letting you make a copy of a piece of media.

Re:

[TWX]

If it's outside my legal access, then why does typing in eighteen plain-text keystrokes give me access to it?

If Microsoft didn't want updates to work between different products, then shouldn't those different products have been actually differentiated in their compiled executable files or libraries to make simple maintenance not provide a mechanism to do this?

Re:

[brantondaveperson]

Why do slashdotters find these issues so hard to understand. The law is all about intent. If you intend to access services to which you are not entitled, the ease with which you do so is entirely irrelevant to the discussion of whether or not your actions are legal.

You can type in eighteen "plain text" keystrokes (whatever that means - aren't all keystrokes plain text? Anyway) and log into the Attorney General's gmail account. Well, if you knew the password you could. But the action is trivially simple. And

Re:

[Joe_Dragon]

a BSOD

Re:

[Anonymous Coward]

Windows POSReady 2009 is actually Windows XP though, just stripped down and a lot of stuff removed. The same system files exist in the same versions and thus they have the same exploits and can be patched with the same code.

POSReady 2009 is basically a different "distro" of Windows XP that Microsoft is supporting until 2009. By changing that one registry entry, you get Windows Update to realize you're running that special distro, and you get patches.

Re:

[mysidia]

Windows POSReady 2009 is actually Windows XP though, just stripped down and a lot of bug-ridden exploitable and memory hogging code removed. Almost the same system files exist in the same versions and thus they have many exploits in common and frequently can be patched with the same code.

There, fixed it for you.

Re:

[craznar]

Yes... but many of the security flaws patched in the past have been in that 'stuff' you mention.

Re:Will those patches actually WORK?

[Zocalo]

And there-in lies the problem, "just stripped down and a lot of stuff removed" means that you almost certainly won't be getting patches for the stuff that has been removed, which is just as likely (if not more so) to be the parts that really need patching when the next 0-day comes along. Also, unless all the system files present truly are identical, then replacing random system files on a desktop XP system for a "stripped down" version might, and probably will, cause some functions to stop working. I can see two not necessarily mutually exclusive outcomes from this; people who deploy this are going to end up with a very false sense of security and a lot of systems are going to get hosed because of an update that isn't compatible with desktop XP.

In fact, I wouldn't put it past Microsoft to "accidentally" push out bad patches to deter this behaviour. I'm pretty sure they'd rather XP just cease to exist at this point given all the bad security press it's got them, and any opportunity to ram another nail into the coffin isn't exactly going to be unwelcome.

Re:

[thsths]

I did not matter one bit when XP was released, it matters when a better alternative was available. Windows 7 is not even 5 years old, and 4 years ago Windows XP was still being sold with new netbooks. Those machines do not even run Windows 7 properly unless you upgrade the RAM.

Re:

[Billly Gates]

I remember in the good old days when you were told your system is obsolete and to upgrade your OS after 3 years.

5 years is a long time for support.

Re:

[fizzer06]

I installed Windows Server 2003 to VMWare Player just yesterday. The activation server won't work anymore, so I had to make the dreaded call. The Pakistani sounding guy named "Phillip" was helpful but it would have been easier with Internet activation. He was very curious as to WHY I wanted to install Windows Server 2003.

Windows Update wouldn't work until I downloaded SP2 and installed it. Then I was able to "enjoy" several hours of downloading and installing updates via Windows Update

What I wonder about

Re:Windows Server 2003?

[Billly Gates]

I installed Windows Server 2003 to VMWare Player just yesterday. The activation server won't work anymore, so I had to make the dreaded call. The Pakistani sounding guy named "Phillip" was helpful but it would have been easier with Internet activation. He was very curious as to WHY I wanted to install Windows Server 2003.

Windows Update wouldn't work until I downloaded SP2 and installed it. Then I was able to "enjoy" several hours of downloading and installing updates via Windows Update

What I wonder about is, when I accepted an update and rebooted there were several patches to the updates. Why doesn't MS build the patches into the update?

That is because the certificates were replaced. Remember back in 2011 about one of the root CA servers being compromised. It was only one of the keys used to sign and not the full master but still MS updated its certificates to be safe.

You can download an update (forgot which KB) for both XP & Server 2003. Even XP out of the box wont run updates either without the fix. There is a fixit too that will change them for you.

Re:

[jbeaupre]

Yeah, unless you've got thousands of dollars of software that are locked to that PC configuration (hardware and software). Then you're looking at a major expense and hassle of upgrading everything just to do exactly what you were before.

Re:

[ciroknight]

Or install Linux, since it's free and you can continue using your existing hardware. Then you can just virtualize and continue using your XP license in a nice, safe cocoon.

Re:Just buy a new computer !!!!!

[amiga3D]

It's not about you. You fail to understand your place as a consumer. You spend money and they fuck you. I can't make it any simpler for you.

Re:

[viperidaenz]

4) battery and efficiency technologies can keep a notebook running for several hours, instead of maybe one hour.
My laptop from 8 years ago had 4 hours battery life. It still lasts 15 minutes now that 90% of the capacity has gone.

5) LCD innovations, resolution improvements, and LED back lighting instead of flourescent back lighting.
It's also got a 1024x768 screen, I could have got 1600x1200. Average laptops these days have 1366x768, some have 1920x1080, not much improvement there. It costs a premium to get