backtop


Print 39 comment(s) - last by NellyFromMA.. on May 6 at 9:31 AM

Microsoft extends an olive branch to XP users

Earlier this week, we learned of a new zero-day flaw that affects Windows and Internet Explorer. According to Microsoft, the flaw could allow attackers to:
  • view data
  • change data (memory injection)
  • delete data
  • install keylogging software
  • install malicious programs
  • create accounts to give attacker full user rights 
Seeing as how Microsoft officially ended support for end-users of Windows XP on April 8, it was assumed that all of those users would just be out of luck or have to rely on third-party patches to close up the security hole. However, Microsoft made a bold move today by announcing that it would extend the fix to XP users.
 
Adrienne Hall, Microsoft’s General Manager for Trustworthy Computing, wrote the following on the Official Microsoft Blog:
 
Even though Windows XP is no longer supported by Microsoft and is past the time we normally provide security updates, we’ve decided to provide an update for all versions of Windows XP (including embedded), today.  We made this exception based on the proximity to the end of support for Windows XP.
 
As a result, all Windows users (as of 1 PM EST today) can download a patch for this flaw from Windows Update.

Adrienne Hall, Microsoft’s General Manager for Trustworthy Computing 

However, don’t think for a second that Microsoft is content with users sticking around with a 14-year-old operating system. The company is still, understandably, trying to encourage customers to upgrade to a more modern Microsoft operating system like Windows 7 or Windows 8.1.
 
“Just because this update is out now doesn’t mean you should stop thinking about getting off Windows XP,” Hall added. “Of course we’re proud that so many people loved Windows XP, but the reality is that the threats we face today from a security standpoint have really outpaced the ability to protect those customers using an operating system that dates back over a decade.”
 
So XP users, take this as a warning. Microsoft was kind enough to make an exception this time around with regards to a zero-day exploit it Windows XP, but don’t expect the software giant to be so eager to help out in the future.

Source: Microsoft



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

Very bad form, Microsoft
By piroroadkill on 5/2/14, Rating: 0
RE: Very bad form, Microsoft
By NellyFromMA on 5/2/2014 10:22:02 AM , Rating: 4
LMAO. Seriously?! You're the perfect example of why MS can't please everyone ever.

Here, MS has essentially GIVEN AWAY a HUGE life-saving patch for XP-clingers when MS already EOL'ed the product which they didn't have to do. If they didn't patch this, then the XP-clingers would be very upset (whether rightly so or not, I won't touch on).

And yet, this gift from MS is cause for anger from you? Yeah, MS should have TOTALLY not released this patch to the general public. I'm sure when the patch leaked it would have been great PR for MS.

C'mon!


RE: Very bad form, Microsoft
By Gondor on 5/2/2014 10:31:16 AM , Rating: 1
They haven't "given" anything away. IE6 is used in other M$ operating systems which haven't reached their end-of-extended/support deadline yet (and won't for more than one whole year), namely the Windows Server 2003 R2 family.

They HAD to implement this patch to IE6 as well as other browsers and they simply ended up making a publicity stunt (and a new Windows 7/8 advertisement campaign - note how they are still selling old version of windows even though the most recent one is out, which, at least according to some folks here, is a big no-no?) out of this fact.


RE: Very bad form, Microsoft
By NellyFromMA on 5/2/2014 1:18:41 PM , Rating: 2
Explain to me how MS supplying users of EOL software a HUGE security patch for FREE ISNT' giving it away?


RE: Very bad form, Microsoft
By ppi on 5/2/2014 5:08:51 PM , Rating: 2
Since the easiest and most sensible way to patch it is to change to Chrome/Firefox, they quite likely did their math and decided to slow down reduction of IE market share. Plus it is a good PR, as this is high-profile exploit. And it is free for them, since they needed to develop the patch anyway.


RE: Very bad form, Microsoft
By NellyFromMA on 5/6/2014 9:31:18 AM , Rating: 2
On XP, the vast majority likely already are on Chrome/Firefox as IE 8 is garbage, especially by todays standards.

Of course they made that assessment. Still, those are signs that an intelligent thought process took place and they helped the community as a result.

The majority of what you say is correct, and it resulted in a free giveaway of a major patch to consumers. A big win all around I'd say.


Were alll IE versions patched
By DanNeely on 5/1/2014 2:27:22 PM , Rating: 2
... or just IE7/8? The latter browsers are part of still supported OSes, so patching them on XP was essentially free for MS.




RE: Were alll IE versions patched
By Flunk on 5/1/2014 2:32:47 PM , Rating: 2
Microsoft dropped support for IE versions lower than 8 long ago so I expect it will only be for IE 8.0.


By atechfan on 5/1/2014 2:38:46 PM , Rating: 3
Unless their is something you absolutely need that only works in IE 6, there is no reason to be still on the antiquated garbage anyway.


By DanNeely on 5/1/2014 2:50:46 PM , Rating: 2
No they haven't. MS has always supported the released version of IE from each version of windows through OS end of life. IE6 only had the plug pulled last month; IE7 will be kept on life support until Vista ends in 2017.


By Philippine Mango on 5/1/2014 9:14:03 PM , Rating: 2
I mean yes Windows XP came out in 2001 but Microsoft continued to sell windows XP well into 2010 so really, they're only supporting the operating system for 4 years after it last sold. XP was sold for a long time so using the date of first sale is sort of dumb when it's the last date of sale that should matter.




By Alexvrb on 5/1/2014 11:17:05 PM , Rating: 1
The last date of sale doesn't change the date it was released. You could maybe make an argument about the major revisions (Service Packs) released for the OS but those were released for free to all XP users and thus they didn't get to sell a bunch of new licenses to existing users.

Anyway, compare this "unacceptable" support to smartphones. If you buy a phone that has been on the market for a year or so, don't expect a lot of support. Heck, some Android OEMs drop support fairly quickly (particularly on non-flagship models) so they can sell you a new phone every couple of years. Often this is proceeded by a large final update designed to make the phone feel old and slow.

Maybe MS should consider doing the same thing. Release an SP4 for WinXP... it's got lots of security enhancements... and makes your PC incredibly slow so you'll buy a new one!


By Labotomizer on 5/2/2014 10:12:15 AM , Rating: 2
XP wasn't sold since Vista SP1. Just because you had downgrade rights doesn't matter. XP hasn't been sold since 2007. So 7 years.


By NellyFromMA on 5/2/2014 10:18:37 AM , Rating: 2
By your reasoning, software would have to stop being sold altogether for a buffer period where they have to support the software without revenue supporting it at all in order for the last person sold to get > 4 years of support.

You are also forgetting the only reason it was sold for so long at all were for corporate legacy concerns. They even offered support for XP up, through and into two complete successor product cycles: Vista and 7. If they did as you essentially indicate they should, way more people would be upset that XP wasn't even an option earlier than they are now. They actually did the community a great service for keeping it available and supporting it as long as they did, even though some still feel like something was taken away from them.

It's always good to think outside of the box, but I think if you consider the suggestion all the way through it becomes clear why using last date of sale isn't realistic or even beneficial.


IE Patch
By TheT3ch on 5/2/2014 2:19:38 AM , Rating: 2
Here's a list of IE versions and OS with their respective patch. Enjoy!

https://www.thetech-m.blogspot.com/2014/05/microso...

Like my FB page for more updates!
https://www.facebook.com/TheTech3Ts




RE: IE Patch
By NellyFromMA on 5/2/2014 1:19:31 PM , Rating: 2
Spam. The link has a bad SSL certificate, do not click.


April 8th...
By croc on 5/3/2014 10:11:51 PM , Rating: 2
World will end! XP will be totally unsupported, zero day exploits will take the Internet by the neck and choke it until it is DEAD! April 9th... BAU... Now, zero day exploit befalls MS IE, one that also affects Win XP. Ms patches it, including XP versions. World will end! MS still patching XP!




Pry it
By SteelRing on 5/1/14, Rating: -1
RE: Pry it
By gixser on 5/1/2014 2:32:10 PM , Rating: 5
quote:
nothing to lose for you.


Any nothing to gain either it would seem.


RE: Pry it
By PrinceGaz on 5/1/2014 3:23:26 PM , Rating: 2
They would gain from not having so many people running unsupported Windows XP which becomes riddled with malware and is then used to target newer versions of Windows, launch DOS attacks, and send out loads of virus-laden spam.

Anyway, it's the same argument that is used with software piracy-- if they can't get it for free, they wouldn't have got it anyway so no money has been lost when it is pirated. How many people with an old computer running Windows XP (in my case built in 2005, old but still very useable with its Athlon 64 X2 4400+) would buy a copy of Windows 7 for it? I like to think Microsoft prefer it being updated to Windows 7, rather than it continuing to run XP every day.

Note that the above should be read as a hypothetical scenario only, and I do not condone software piracy.


RE: Pry it
By HostileEffect on 5/1/2014 10:58:14 PM , Rating: 2
Bout to put Windows 7 on my P4 2.0Ghz soon, though its still powered off since I was on business for an extended time. I can't stand the thought of paying more ransom money to Microsoft because they want to hold (insert updated feature) hostage. Its pretty cheap to just wait for an old laptop to turn in up the garbage and harvest parts and that shinny little windows OS sticker under it. Licensed Windows OS for free, just borrow some discs.

I have 4-5 old laptops with Windows 7 keys not being used... yeah. Anyone who tells me to pay for Windows needs to pound sand when I can get it for free, legally.


RE: Pry it
By Labotomizer on 5/2/2014 10:13:54 AM , Rating: 2
OEM licenses are non-transferrable. That's why they're so much cheaper. Moving the sticker does NOT legally transfer the license. Does MS care enough to stop you from doing it? Probably not.

Still not sure I'd be proud of rummaging in the garbage bin to save $99... But to each their own.


RE: Pry it
By Mitch101 on 5/1/2014 2:35:06 PM , Rating: 4
You got to give props to Microsoft they don't have to do what they did and consider that XP was launched in October of 2001 seems pretty amazing.


RE: Pry it
By marvdmartian on 5/1/2014 3:04:03 PM , Rating: 2
Nice that they did it, for sure....but in my mind, only right that they did it, too. That exploit has been around since IE6. Meaning back around the time of XP's introduction, in 2001. IMHO, it would have been a much bigger black eye for MS, if they hadn't patched XP, along with newer operating system versions.

http://en.wikipedia.org/wiki/History_of_Internet_E...


RE: Pry it
By NellyFromMA on 5/2/2014 1:22:59 PM , Rating: 2
Well, then you can say MS does actually do the right thing then.

You can say not patching it would have been a bad move, or say that their patching was a smart move. Which you choose to label their action as says a lot about what you think of MS in general and highlights the catch 22 they have been locked in for at least a decade.

Perspective rises its head again.


RE: Pry it
By Argon18 on 5/1/14, Rating: -1
RE: Pry it
By inighthawki on 5/1/2014 5:19:47 PM , Rating: 2
quote:
"Amazing"? Lol. Plenty of amazing things in the world, but an IE patch isn't one of them.

He wasn't stating the IE patch was amazing, he was claiming it was amazing how much Microsoft has gone out of their way to support an OS whose life cycles actually ended years ago. Even after being officially unsupported, they took the time and money to develop a patch for it. I can't think of another software vendor that would have done this.

quote:
Those without the Redmond Blinders on can see now the fatal flaw of "integrating" the web browser with the OS. When OS support ends, so does your browser support. In a world where the killer apps are increasingly web based, this is a serious shortcoming of Windows.

IE is no longer so intrinsically tied to the OS. On top of that, nothing stops you from using other browsers.

quote:
You can run the latest greatest Firefox on XP. Ironic, isn't it, that Netscape's legacy is one of the things keeping XP around?

One of, sure, but hardly the biggest reason. IE compatibility is nothing compared to the amount of application compatibility issues and sheer upgrade cost that most IT departments are dreading.


RE: Pry it
By HoosierEngineer5 on 5/1/14, Rating: 0
RE: Pry it
By SteelRing on 5/1/14, Rating: 0
RE: Pry it
By Sivar on 5/1/2014 2:53:02 PM , Rating: 2
I think Windows 7 is an extremely compelling upgrade from XP, but that is a matter of opinion.

Would you suggest that Microsoft should pay to maintain a 13-yr old product?
Name another consumer software vendor that does this.


RE: Pry it
By tim851 on 5/2/2014 3:35:15 AM , Rating: 2
quote:
Would you suggest that Microsoft should pay to maintain a 13-yr old product?

They sold XP licences for netbooks until October 2010. That's three and a half years.
It's not the customers' fault that Microsoft continued to sell a NINE year old operating system!

quote:
Name another consumer software vendor that does this.

Apple is frequently criticized for dropping support early. You can't chastise the fruit company for doing so and not Microsoft.


RE: Pry it
By Belegost on 5/1/2014 2:54:45 PM , Rating: 5
Who is holding anyone hostage? Is Mazda holding you hostage because your car is outside the 5 year warranty?

There's a reasonable limit on how long a company can be expected to support a product. 13 years of support seems like a pretty good run, better than you will get from competing OSes. Why people have to act like ending support is some evil plot I have no idea - it's just reasonable business. I don't see similar wailing when Apple stops supporting old OSX versions, or Red Hat stops supporting old RHEL LTS versions.

And there are good reasons to upgrade to Win7, better support for newer hardware, a more stable driver model, better account controls for improved security, etc.

If you in particular don't need them, fine. As for staying with XP, please don't let me stop your search for someone who cares, use whatever you want.


RE: Pry it
By Argon18 on 5/1/14, Rating: -1
RE: Pry it
By themaster08 on 5/1/2014 3:50:42 PM , Rating: 3
The analogy is flawed. Software is hardly comparable to any tangible object.

Compare XP's support lifecycle to RHEL's, and it's comparable. The main difference is that after 10 years, the last 3 years of RHEL support is limited, and an ELS add-on can be purchased to continue support of versions 3 and 4. Similarly, enterprise customers have paid for continuing support of XP.

Do you expect these companies to continue to support these products forever? The main difference is that a tangible object, especially if mechanical, will eventually break, and original parts will no longer become available. Sure, you can purchase 3rd party or pre-owned parts, similarly to how you can use 3rd party applications and security to continue to run your ancient software, but eventually it becomes more of a burden than a convenience. For example, using XP without the internet is absolutely fine, but it's a huge inconvenience. Similarly, a 50 year old vehicle can be restored, but you'll find its main use is for motor shows, special occasions. Using it as a main driver will no doubt run into problems.

How is a company expected to make money if their product has reached saturation? The logic of some people here is astounding.


RE: Pry it
By Dorkyman on 5/1/14, Rating: -1
RE: Pry it
By inighthawki on 5/1/2014 9:17:30 PM , Rating: 5
quote:
But instead MS has booked sweetheart deals with hardware vendors so that when you buy a new PC it WILL come with a version MS says you will have, even if you would have preferred the version you had been using.

Buy a PC and install whatever OS you want on it. Some OEMs have in the past offered older OSs or will actually ship a PC without an OS at all. If it's that big of an issue, build your own, because if you care that much about having an older version of the OS, you're also a tech savvy minority who would anyway. No other vendor in the world does what you're asking.

If you buy a new MAC, guess what, you get the latest version of OSX. If you buy a new phone, you get the latest version of iOS, Android, WP, etc. Buy a new tablet, same deal. Nobody buys an Android tablet and then decides "You know what, I'd rather have Gingerbread than Kit Kat."

quote:
The Feds should have broken up this MS monopoly long ago.

I don't think you know what monopoly means.

quote:
In fact, it makes a lot of sense to buy an old restored car for daily use. It just keeps going up in value.

I don't know a lot about cars, so maybe someone else could comment, but wouldn't putting additional mileage and use on a remodeled 50 year old car make it deprecate in value? Why would I pay a premium for a remodeled classic that someone has been driving around for everyday use?


RE: Pry it
By Alexvrb on 5/1/2014 11:48:25 PM , Rating: 3
quote:
I don't know a lot about cars, so maybe someone else could comment, but wouldn't putting additional mileage and use on a remodeled 50 year old car make it deprecate in value? Why would I pay a premium for a remodeled classic that someone has been driving around for everyday use?

It only makes sense to do something like this if money is no object, and even then it is debatable. They often require more regular maintenance over years of heavy driving, racking up miles devalues it, the daily wear and tear gradually ruins it (and further increases the amount/rate of maintenance and repairs), fuel costs are typically significantly higher, less amenities, less reliable (more likely to suffer mechanical breakdown), if something fails parts may not be readily available, and it isn't as safe as an equivalent modern car (no airbags, ABS, traction, ESC, inferior suspension, etc).

With that being said, I'd still love to own certain classic cars and drive them on weekends around town. But not as a commuter car, and I probably wouldn't have them fully restored to 100% like-new condition. Just "close enough to drive". Now, if you were talking about a full restomod, that's a completely different story. But those aren't truly valuable restored classics, since they're not original in many areas. Modern engine, trans, amenities, suspension, brakes, etc. Nicer to drive, but not worth as much.


RE: Pry it
By inighthawki on 5/2/2014 12:10:07 AM , Rating: 2
Thanks for the input :)


RE: Pry it
By ie5x on 5/2/2014 4:09:53 AM , Rating: 2
In my country, because of anti-pollution norms, running any vehicle older than 20 years is illegal and would attract heavy fine.


"I mean, if you wanna break down someone's door, why don't you start with AT&T, for God sakes? They make your amazing phone unusable as a phone!" -- Jon Stewart on Apple and the iPhone














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki