Feeds

back to article China's web giants unite to defuse Windows XP bombshell

A gaggle of Chinese web firms have come together with a plan to protect Windows XP users in the Middle Kingdom for at least the next two or three years, according to local reports. The unusual step will see messaging giant Tencent, search engine Sogou, software company Kingsoft and several others offer technical support for XP …

COMMENTS

This topic is closed for new posts.
Silver badge

Progress?

I'm not sure that Microsoft will ever really get a grip on China. I just found this 2007 article on CNN.com.

By 2001, Microsoft executives were coming to the conclusion that China's weak IP-enforcement laws meant its usual pricing strategies were doomed to fail. Gates argued at the time that while it was terrible that people in China pirated so much software, if they were going to pirate anybody's software he'd certainly prefer it be Microsoft's.

Today Gates openly concedes that tolerating piracy turned out to be Microsoft's best long-term strategy. That's why Windows is used on an estimated 90% of China's 120 million PCs. "It's easier for our software to compete with Linux when there's piracy than when there's not," Gates says. "Are you kidding? You can get the real thing, and you get the same price." Indeed, in China's back alleys, Linux often costs more than Windows because it requires more disks. And Microsoft's own prices have dropped so low it now sells a $3 package of Windows and Office to students.

3
0
Silver badge

Re: Progress?

"Microsoft's own prices have dropped so low it now sells a $3 package of Windows and Office to students."

So, in this world of global companies, global markets and global choice of (low) tax regimes, why can't I buy Windows and Office for $3 from China, eh? eh? eh?

1
0
Silver badge

Re: Progress?

You can. But it is the Chinese language version, so there may be a learning curve.

1
0
Silver badge

Just wondering ...

" ...the Chinese government has tried to intervene by persuading Redmond to continue support for the legacy OS."

Did they intervene, in any useful way, to prevent the use of pirated XP installations?

(I am not a Windows fanboi and I do know how easy it was/is to clone an XP installation or get a key.)

2
0
Silver badge

Re: Just wondering ...

> (I am not a Windows fanboi and I do know how easy it was/is to clone an XP installation or get a key.)

You don't need to be any kind of fanboy to know that it's ridiculously easy. If you're an admin or on support duties or just need to test on XP VMs a lot, you pretty soon find out that you can either

a - go through the continued pain in the arse Windows Genuine Advantage(?!) hassle all the time or

b - disable WGA, disable WGA updates and throw it a cracked key

4
0
Silver badge

Maybe

These guys will be repackaging XP Embedded updates. Which are till 2016 or later I think.

2
0
Bronze badge

Re: Maybe

I suppose it depends if they have access to the source code as well, I can't see it being done without some form of access to the operating systems source code (Not sure how much access MS give these days).

0
0
Bronze badge

Re: Maybe

"I suppose it depends if they have access to the source code as well"

I keep saying that patching with the owners consent a newly discovered vulnerability in Windows is lot easier than coming up with a scheme to exploit it without the owners consent. The people exploiting the vulnerability don't have source code either (except maybe the NSA :)).

Well done China's web giants for understanding and organizing a cheap solution to the problem.

0
0

Re: Maybe

You really don't need source code to repackage a compatible binary, drop it on the system, and write the required registry keys and configuration data.

Years ago, as a teenager, I played around with turning a spare Server 2003 license I had into a workstation since it ran better than XP overall. Restoring features missing from it as compared to XP was as simple as modifying registry values and a few INI files and inserting the XP disc as the installation source. Likewise, installing features such as the Link-Layer Topology Discovery Responder to Server 2003 was similarly simple.

And don't forget about Windows Embedded 2009. I'm not sure whether it's NT 5.1 or 5.2, but most of the updates should probably still be compatible with XP. That said, redistributing these updates in a way not approved by official sources probably breaks copyright law in most countries, but...

0
0
M7S
Bronze badge

Lets face it

If anyone (other than the NSA) knows how to find any vulnerabilities in (any version of) Windows, then given their resources, my money would be on the Chinese.

2
0

Why China wants to save XP.

Having worked for a company whose crypto is in every military vehicle, every soldier's gear, the President's red phone and more is under constant, unstoppable APT attacks (because SafeNet refuses to address them) - China LOVES XP.

Every workstation they attack is XP. They never touched Win7. Every server they attack, Windows 2003......never 2008. They would come and go as they pleased, between 2AM and 6AM EST (Working hours their time....how convenient).

Major Phishing campaigns, reverse shells, custom versions of WCE that are not detectable by AV, keyloggers, beacons, etc....and the dumping of every AD account's NTLM hashes on multiple domains, ....and FTP'ing them out. THey knew that they didn't even have to compress or encrypt the data. PCAP analysis showed plain text hash exfiltration....but they didn't care. Management and the Venture Communist owners are just bleeding that company dry until it collapses. Addressing it would cost a LOT of money, and then the CIO may not be able to afford her "Lake Home" if they 'wasted' money on fighting APTs.

Companies like Mandiant (now Fireeye), CyberPoint and even the FBI and NSA would provide detailed, irrefutable logs of exfiltration. This isn't about MS's IP. It's about China's ability to obtain our Nations business' IP. Nothing more.

The best part is that the FBI and NSA would collect any info we had gathered for THEIR INTERESTS, but would never share in return, because (and I quote), "Everything we know is classified". Much like SafeNet, the GOV doesn't care about anything other than themselves.....just like China. They all take and take and take, and give nothing in return. You have your users to thank......maybe they'll click another link today.

1
1
Bronze badge

Oh what a twisted web Microsoft weave

0
1
Silver badge

> Oh what a twisted web Microsoft weave

When they make an OS and then support it for over 13 years in production.

Hold on, that's not Shakespeare.

1
0
G2
Mushroom

support WinXP? maybe with EMET.. unfortunately no longer a solution

without access to WinXP source code i don't see how they can provide updates... maybe they thought they could rely on Microsoft's EMET ?

i'ts already been bypassed, even on latest windows OS's

http://tech.slashdot.org/story/14/02/25/0139202/complete-microsoft-emet-bypass-developed

quote: "Researchers took a real-world IE exploit and tweaked it until they had a complete bypass of EMET's ROP, heap spray, SEHOP, ASLR, and DEP mitigations"

1
0

WTF?! WHAT FUCKING SUPPORT ARE YOU VERBARRHEING ABOUT? WHAT FUCKING SUPPORT?! All the important patches all done long time ago! Everything is working! If not - your XP was installed and configured by a shithead! I have about 30 XPs in service! Some users even have admin rights! NEVER was a virus involved because of an exploit! It is always the user himself! Restore from clone, while drinking all the guilty users beer, and done! XP is a great and working OS! And you don't need to buy laptops who don't have XP ACPI utility! Because drivers are not the problem! Lame morons who pretend to be sysadmins are the problem!

1
0
This topic is closed for new posts.