Feeds

back to article Microsoft: You know we said NO MORE XP PATCHES? Well ...

Microsoft has released patches for the latest critical security vulnerability plaguing Internet Explorer, including for Windows XP – despite months of claiming that it would never release another patch for the outdated OS past April 8 of this year. According to a blog post by Microsoft's general manager of Trustworthy Computing …

COMMENTS

This topic is closed for new posts.

Page:

Silver badge

Well ...

Technically it's a patch for IE... so not specifically for XP...

(and since it's the best kind of correct...)

10
2

Re: Well ...

Yes, but weren't Microsoft fond of claiming that IE was heavily integrated into the OS and could not be separated?

"Microsoft has held that this is not meaningful; that in Windows 98 and newer versions, "Internet Explorer" is not a separate piece of software but simply a brand name for the web browsing and HTML rendering capacities of the Windows operating system. In this view, the result of removing IE is simply a damaged Windows system; to have a working system without IE one must replace Windows entirely."

- from http://en.wikipedia.org/wiki/Removal_of_Internet_Explorer

9
0
Silver badge
Linux

Re: Well ...

to have a working system without IE one must replace Windows entirely.

That's exactly what I've got. I removed IE from the system and replaced Windows entirely.

24
4
Silver badge

Re: Well ...

But none of the versions of IE available on XP are supported either...

This is a goodwill gesture.

3
1
Silver badge

Re: Well ...

So in a couple of weeks time, when the next zero-day comes out, they're going to get hung with their own rope and the logic will apparently be that four weeks past EOL date deserves a goodwill patch for XP but six weeks is far too long. Or perhaps CERT, UK CERT, and so on just need to raise a stink every time it happens and Microsoft will cave in and push out another patch.

3
0
Anonymous Coward

Re: Well ...

Well at least IE has far fewer holes than Firefox or Chrome.

http://secunia.com/vulnerability-review/browser_security.html

4
16
Bronze badge

Re: Well ...

The thing that I never understood, was how MS were going to provide their "Premium Support for a Year" for those big organisations that cared to pay for it?

Surely these big corporates expect to get IE / XP patched (whichever one it is) so that means the patch still needs to be written, and therefore releasing it to all and sundry costs MS precisely nothing.

3
0
Bronze badge

Re: Well ...

That's exactly what I've got. I removed IE from the system and replaced Windows entirely.

Me too, back in 2007 with Ubuntu.

5
0

Re: Well ...

"Surely these big corporates expect to get IE / XP patched (whichever one it is) so that means the patch still needs to be written, and therefore releasing it to all and sundry costs MS precisely nothing."

Actually, it sort of does.

If everyone sees that a patch will be released even for those not paying for support, then what's the point in paying for support? Why pay to have the patch when you can just mooch of the freebies?

Of course, if everyone stopped paying, then there would be no patches, but that's a different issue.

4
0
Anonymous Coward

Re: Well ...

"Surely these big corporates expect to get IE / XP patched (whichever one it is) so that means the patch still needs to be written, and therefore releasing it to all and sundry costs MS precisely nothing."

To get any kind of fix, security (GDR) or non-security (LDR), for a product past its extended support date requires a Custom Support Agreement (CSA), and Extended Hotfix Agreement (EHA) and a payment per fix request.

After having the 2 contracts in place and paying for the bug to be filed, there is still no guarantee it will result in a hotfix.

Even if a hotfix is created, if another customer requests the same thing then they have a CSA & EHA and pay too.

0
0

Re: Well ...

@poopypants, I think that quote is pretty much right, that whole antitrust debacle was around Windows 98 (or maybe an update to Win95)? Internet Explorer hasn't been "tightly integrated" for quite some time, though it's somewhat easier to just not use it rather than remove it. I imagine you'd get worse results removing Safari from iOS, though I expect that's not an easy task.

0
0

Re: Well ...

Just an off-topic anecdote here, but I started using IE over Netscape Communicator (nee Navigator) around 1996/97 because Netscape became so bloated that when loaded into my 4MB of RAM the system ground to a halt. I already had e-mail and Usenet clients that I was happy with and I just wanted a web browser that didn't take three minutes to load.

These days I tend to use whichever browser works best for the purpose I want to use it for, which is very rarely IE. Generally I end up being forced to use it because some web app requires NTLM authentication, or because I have to view some non-standard "html" generated from a Microsoft application.

1
0
Unhappy

Stick to your guns: Stop supporting XP

I'm very disappointed in Microsoft. First caving on MSE updates, and now caving on this Internet Explorer update. XP belongs in a museum, not on a PC with users that goes online.

10
42
Bronze badge

Re: Stick to your guns: Stop supporting XP

Yes, Microsoft still make available updates for MSE/XP. But they leave the MSE icon at a warning red even if it is up to date, and MSE puts up a nag message at every restart.

So Microsoft are being stroppy, and any spirited customer will be more determined to tough it out. We never had nonsense like this when earlier Windows versions were pensioned off. Let me remind Microsoft of the old fable about the competition between the wind and the sun to see who could make the traveller take off his coat.

4
1
Bronze badge
Holmes

The gun is pointing at your head

Kind of a shame that Microsoft can't sell products on their actual merits, eh? At this point, I have accumulated several years of post-XP experience, and I cannot give a single positive reason to upgrade beyond XP. Ditto Word, Excel, and recent versions of other Microsoft Office components.

I think there are two aspects of Microsoft's business model that explain this: (1) It isn't their fault and no matter what happens to you because of Microsoft's incompetence or negligence, you can't sue them. Check your EULA if you think otherwise, but I bet you can't even read it with understanding. (2) They don't sell to you anyway. Their products are 'sold' to the manufacturers and rammed down your throat. This is NOT a case of a good idea that isn't worth stealing. It's mostly a natural result of that assuming all their potential end-user customers are thieves.

Me? I prefer personal responsibility (NOT (1)) and I resent being called a thief (NOT (2)) and I even want good software (NOT Microsoft).

Personal disclaimer time? I think the aspect that most pisses me off about this is that I fixed an old machine that still runs XP. The repair was expensive, and upgrading on a Windows path isn't even possible, but a big FY is the norm of my dealings with the big MS.

18
11
Silver badge
Pirate

Re: Stick to your guns: Stop supporting XP

So incensed was I about this that i decided i simply had to upgrade my XP machines to Win7 Ultimate X64.

So, after reflashing the BIOS on the mother boards with modded ones that contain SLIC2.1, i was easily able to upgrade them to Win7 X64 Ultimate for free!!!!

Thanks MS... You just saved me a fortune...Cost you 4 copies of Win7.

ALL you had to do was keep releasing MSE updates for XP and not piss us off with your "scary" pop up messages.

Might want to think about your legacy customers a bit more in the future...

5
4
Anonymous Coward

Re: The gun is pointing at your head

"At this point, I have accumulated several years of post-XP experience, and I cannot give a single positive reason to upgrade beyond XP. Ditto Word, Excel, and recent versions of other Microsoft Office components."

Presumably because you are too stupid to use a computer and use the CDs as door stops. There are thousands of reasons to move to newer versions - better security, performance, stability and many useful new features would be high on the list. Regardless of what you think of Microsoft or its products, claiming that sticking with XP as opposed to newer versions of Microsoft products is a good idea is ignorance of the highest order.

8
28
Anonymous Coward

Re: Stick to your guns: Stop supporting XP

"So, after reflashing the BIOS on the mother boards with modded ones that contain SLIC2.1, i was easily able to upgrade them to Win7 X64 Ultimate for free!!!!

Thanks MS... You just saved me a fortune...Cost you 4 copies of Win7."

That didn't actually directly cost Microsoft anything. And remember the first time you launched IE and it went to the Microsoft portal? They made advertising money out of that...

4
0
Anonymous Coward

Re: Stick to your guns: Stop supporting XP

The Nag message may be turned off with about 3 clicks! (Delete the scheduled task)

4
0

Re: Stick to your guns: Stop supporting XP

"they leave the MSE icon at a warning red even if it is up to date"

I thought so, too, but my son's XP machine (which spends most of it's time connected to Steam) has MSE and it is currently showing a green icon with tick, and says it's up-to-date and protected. I've no idea why, unless MS got tired of nagging everyone.

Have just read Mister Bee's message, so will try that the next time I get an opportunity - perhaps the Boy knows more than I thought!

0
0
Bronze badge

Re: Stick to your guns: Stop supporting XP

MSE is a product and not to do with XP at all. That can and will follow a totally different support schedule to XP, or it could coincidentally follow the same schedule as XP (as IE did).

It isn't doing the latter, so get over it.

0
0
Silver badge

Re: Stick to your guns: Stop supporting XP

Stick and carrot

You're OS is no longer supported, unless you slip us a couple of million.

Look at the new shiny shiny and it has free support.

0
0
Anonymous Coward

MSE nag screen

Simple. Zap MSE, replace with another AV. Problem gone.

0
0
Bronze badge

Re: It isn't doing the latter, so get over it.

That's odd, because I just installed it and it calls itself

Security Update for Internet Explorer 8 for Windows XP (KB2964358)

which looks rather like support for Windows XP to me.

In fact if you look at the Microsoft Security Bulletin Summary they still seem to be supporting Internet Explorer 6, and we know how much they like that.

0
0

This post has been deleted by its author

Good decision

Microsoft need to do "good deeds" like this on a more regular basis. They might actually gain support rather than lose it in droves recently :)

17
1
Anonymous Coward

Re: Good decision

I doubt it, no good deed goes unpunished.

3
0
Silver badge
Facepalm

Microsoft: The comedy gift

That just keeps on giving.

13
4

Oracle did this with JRE 6 for a while.

When JRE 6 went end of support last year, Oracle released a few more security patches for the more serious bugs. They eventually stopped, as I'm sure Microsoft will, but just like XP there's a huge installed base. And in the case of JRE, some crappy web applications limit a company's ability to upgrade the Java that's providing the browser plugins for fear of breaking said crappy applications.

If they keep going with this, the people who bought custom support agreements at full price are going to start getting very upset...

7
0
Anonymous Coward

Re: Oracle did this with JRE 6 for a while.

When JRE 6 went end of support last year, Oracle released a few more security patches for the more serious bugs. They eventually stopped,

You'd like to think so wouldn't you. We're currently up to JRE 6 update 75 and counting, as of a couple of weeks ago, and still going strong until June 2017 apparently.

3
0

Re: Oracle did this with JRE 6 for a while.

True -- if you're a paying customer who bought a support agreement. My Oracle Support has the non-free JRE 6 patches, but the last public one was 45. So it's true that they haven't stopped -- they just stopped giving them away for free.

0
0
Anonymous Coward

General manager of Trustworthy Computing... what a job title!

6
0
Bronze badge

Windows XP ...

The gift that keeps on giving, and giving, and giving some more.

Funny how that happens when you don't have new products (that are worth anything) for 10 years.

God forbid if vehicles were like operating systems. We would be in a bunch of hurt (money wise). Me? I still have to get a 2009 recall done on my 2002 vehicle.

4
1

MS created this situation

MS actively tied features into XP and IE to allow them to lock users onto their platform at the time. Unfortunately, a lot of developers went along with this and built tools and websites around IE6 and were so tied to it that they couldn't work on even later versions of IE which is why there are still IE6 users out there. This quackery hackery of theirs also made it exceedingly difficult to get off XP in the future and now we're seeing the results. All that money put into technologies that would only work on XP forced the OS to stay around for as long as it has and then stinkers like Vista, Vista again but with the rough edges knocked off (7) and now 8 (just no, really, no) why should anyone be surprised that XP still holds 30% of the Windows market?

Will the customers learn from this and avoid this sort of lockin in future? I don't know. The proliferation of other platforms may prevent it because creating an environment around a single browser version isn't practical today so I'm hopeful at least.

For now though, MS should be made to support XP because they can't claim they didn't make this problem in the first place. I don't care that it is old, it still works for a lot of people.

22
3
Silver badge

Luckily unaffected

I've just stuck Windows 7 on a friend's machine because we both decided that Windows 8 was undesirable but she felt (understandably) queasy about sticking with Windows XP. Good news is that because there is no hardware acceleration for the shitty SiS graphics, IE is borked! :-)

Had a go installing Kubuntu on a second partition but it, too, seemed to struggle with the graphics. Might have another with that or Mint or PC-BSD tomorrow.

3
0

Are SIS still around?

Bad memories of SIS onboard graphics from many years ago. I resolved it by buying a fairly cheap but current graphics card.

FWIW Mint in any incarnation since 10 wasn't happy with the onboard graphics on my 2010 Win7 box. Scientific Linux, Fedora and openSUSE both worked fine on it when I tried those.

3
0

Re: Luckily unaffected

@Charlie Clark - try Puppy Linux?

Microsoft were "warning users that if they don’t upgrade soon, hackers will lie in wait each new Patch Tuesday to reverse-engineer a full set of new vulnerabilities."

@Microsoft - when making a "what-a-caring-company" gesture that also FUDs users into moving off XP perhaps it would be best not to pick one of your many zero day vulnerabilities that highlights the crappy security in all of your operating systems and software...

4
3
Silver badge

Re: Luckily unaffected

Shitty SIS GFX.

+1

The number of systems that i have had to "fix" due to that dog egg of silicon is not funny...

2
0
Bronze badge

Re: Luckily unaffected

The number of systems that i have had to "fix" due to that piece of dog egg of shit silicon is not funny...

FTFY!!!

2
0
Silver badge

Re: Are SIS still around?

Leaving it as is for the moment. 1280 x something even if some text looks a bit weird. See how it goes. Had to fork out € 80 for 2GB DDR-1 RAM but still the cheapest option so far. My local Chinese dealer says he's got newish notebooks complete with Windows 7 for € 150 but we hope the system stays up for another couple of years. I suspect it's unlikely but if my experience is replicated in any scale, then OEMs will be trying to renegotiate licence terms with Microsoft. You can still get Win 7 on "professional" notebooks, whatever the definition of "professional" is.

0
0
Anonymous Coward

People are still paying for patches on custom support agreements, so it's not like dev work is not going on to fix identified vulnerabilities, they are just not generally available to the public.

Which is a tad frustrating as HM Govt has paid MS for patches for HMRC, as a tax payer, I'd want those patches to be made available to UK XP Users too using Geo-IP location in Windows Update.

6
1
Anonymous Coward

"Which is a tad frustrating as HM Govt has paid MS for patches for HMRC, as a tax payer, I'd want those patches to be made available to UK XP Users too using Geo-IP location in Windows Update."

I'm sure if you are an XP user that you would want that, but they only paid for custom support for HMRC - not for the whole country!

0
0
Bronze badge

This of Course has...

Nothing to do with governments advising people not to use IE until this bug is fixed, all those XP people getting used to another browser before they upgrade to a new version of windows, is of no interest to MS.

6
1
Silver badge
Holmes

Re: This of Course has...

IE can be used for something other than downloading Chrome?

7
1
Bronze badge
Happy

Re: This of Course has...

>IE can be used for something other than downloading Chrome?

What you never used Windows Update ! The primary reason for keeping IE on Windows...

1
1
Anonymous Coward

Re: This of Course has...

"IE can be used for something other than downloading Chrome?"

Yep - there is plenty more insecure spyware like Chrome out there to download if you really want to....

4
5
Bronze badge

Re: This of Course has...

You can use IE to download Ninite and install Chrome, and Firefox and everything else from one installer.

Seriously, Ninite has saved me so much time when installing a new computer. (not as much as WDS, but it doesn't require weeks of setup)

2
0

Re: This of Course has...

IE of any version has this feature at its core. Anon, I got a good laugh at your remarks. Very good indeed.

0
0
Gold badge

Maybe for IE?

I'm wondering if maybe they will release the IE patches (that are common to IE on XP and Vista/7) but just not work on any others?

0
0
Bronze badge

Re: Maybe for IE?

That's exactly what is happening. They aren't going to release any more patches for XP - but this one was specifically for IE and totally at their discretion - don't expect to see specific XP patches (for free, that is).

1
0

Page:

This topic is closed for new posts.