Microsoft warns of post-April zero day hack bonanza on Windows XP Microsoft has a Windows XP problem: people still like it and aren't willing to upgrade just yet. So it's warning users that if they don’t upgrade soon, hackers will lie in wait each new Patch Tuesday to reverse-engineer a full set of new vulnerabilities. "The very first month that Microsoft releases security updates for …
Either Windows 95 or Windows 98 - I think it was on the very day that free critical support had expired that they published a flaw in.... something about a malformed JPG data file containing an executable, I think. One that they'd known about for ages, but that was when they graciously decided to issue a fix. I think. I expect. If I was doing it, it's what I'd do, if I also felt contractually and morally obliged to be, well, evil.
Ironic isn't it? When Netbooks were flying out the door with Linux, suddenly Microsoft realised that it could be the end of the line for them so did a quick and dirty deal for flogging XP for Netbooks.
Now they say they are stopping support, how many Netbooks are capable of running Win7? Don't talk about Windows 8 it's unusable.
www.microsoft.com/Windows8 states : Windows 8 has everything you need, right from the Start. [except it doesn't have a start button]
Don't talk about the money either. On the Microsoft store the OS is £100 - OK may be less on the high street, but with CDs, the cost of the initial effort is spread across hundreds of thousands of disks, but each extra disks cost only a penny.
Same goes for Office.
Fact is, Microsoft is scared. This is a company that said the internet was irrelevant. They got left behind. Linux on Netbooks – they only just got that back by playing hardball with suppliers. Suddenly tablets are very powerful, the genie is out of the bottle and they are not in control. The others have got that sewn up for now. I haven't seen one review that says Win8 is really really good. Their tablet ? Hmmm…
Tablets – a bit of Text; a bit of Spreadsheet; a bit of Mail; a bit of browsing; a lot of Facebook, Twitter, and Youtube; then why do you need a full blown PC with a full blown OS? Put your tablet in a docking station with keyboard, mouse and big screen and you're away. Oh and thousands and thousands of Apps – like Where's my car? Star Maps, Mapping, you name it.
I'm not working full time these days, so I don't know what businesses are doing, but it's a fair bet that a lot of stuff is browser based and it's only the managers that need the full monty to write reports to send upstairs.
For the business user a lot of mission critical stuff was running on NT and XP. Microsoft said Vista is coming, business said OK we'll see. Vista was a turkey so Microsoft said Windows 7 is coming. Business said OK we'll see – we heard all about Vista so we're not going to do anything soon and our mission critical stuff is plodding on nicely. Business didn't move. Then Microsoft said Windows 8 is coming. Business said OK we'll see. Windows 8 is a) unusable and b) how the hell are we gonna migrate our mission critical stuff onto that?!. Then Microsoft said if you don't migrate, we'll break the thing that runs your mission critical stuff.
Business doesn't trust you.
Unless Windows 9 delivers, like really delivers, you could see the biggest, fastest business collapse in history.
It was fun while it lasted.
Right with you on this. Microsoft's blunder with Vista meant that we no longer blindly believed that newer was better. And with Windows 8 they have done it again. I have clients still running DOS applications because the amount of time and effort they invested in data entry cannot be replicated due to cost.
Personally I believe that it is well past time to have a CE mark for software like we do for hardware. All software would have to comply fully with all declared standards or the vendor\manufacturer would be required to fix the problem at their own cost, just like if the brakes don't work on your car. Software is so central to the survival of businesses that it is about time they got better protection than just "Caveat Emptor".
Is it just me, or does this entire argument predicate that the bad guys were *not* aware of these vulnerabilities for YEARS before Microsoft decided to patch them?
Seems to me that the issue also being present in XP means by definition that the issue has existed since 2001. Are we to believe that Microsoft is so much better at finding security defects than the average criminal programmer that exploits found 12 years after release had not yet been found by said criminal? In substantial numbers?
If you believe that, I have a version of Windows 8 that doesn't suck to sell you.
Seriously, the ONLY motivation for this announcement is to scare you into buying another copy of Windows.
You have not understand how these bugs arise.
The process of removing bugs is called debugging. So what is it called, the process of putting bugs into software?
It's called programming.
Every time MS add or change anything in XP, they add bugs. The best news about April 2014? MS will stop screwing around in XP.
You've not understood how bugs arise on a closed codebase. These aren't new bugs MS are scaring us about, they are bugs in 12 year old piece of software (as they keep shouting) that they haven't yet discovered.
In effect, MS is saying "Watch out, this software is so full of holes, we haven't even come close to finding all the major bugs in 12 years and billions of installations. Bugs in our new versions will probably apply to the old software too, since our "new versions" are really just the old software tarted up a bit."
It is an interesting threat...
If you don't upgrade, we will specifically and with malice, sabotage your system with bugs on patch Tuesdays...
I quit Microsoft in 2004, for exactly that reason. They were not patching errors known for over 10 years, and when patcher were made, blowing my system out of the water...
So...
They promise to deliberately do to your system, that which they normally do to your system via incompetence...
You may scream about me, and how great micro-soft is...
How many patch Tuesdays have been bug free recently???
Apart from money, its software that was badly written, poorly packaged. Or do stupid things like write to program files or worse the windows folder. 7 will run fine on a core 2 duo with 2gb of ram. If your lowest spec is lower than this the performance would be poor even on xp.
Is Windows 3.11 still in operation anywhere critical ?
But if I specifically wanted to run Win 3.11 or even DOS apps, I'd set up a machine for that purpose.
A lot of businesses, large and small are still using Windows XP because of the applications they are using. Just like UK Govermin is resistant to change from Windows 2000, it's the cost of upgrading the applications as well as the OS, as well as the hardware - for ALL your Users, which makes the process something you don't do lightly or over night. The sensible approach is to roll out as and when the upgrade is required. Usually, this is some time after the early adopters have had their burned fingers bandaged and the major bugs have been discovered and ironed out. I imagine that this is one of the main reasons why so many people and businesses are still using XP, not 'cos they like the badge or Bill Gates. When upgrading you are going to be throwing away money that you earlier invested in stuff like, version of Adobe PhotoShop which still serves it's purpose on an XP machine, but won't run on the latest OS.
But most of these apps will still be able to be used on an XP box which doesn't have an Internet connection. And remove any USB/floppy disk ports, NICs, etc to reduce the opportunity for Users to import malware onto the machine from their BYOD devices.
Running a Linux distro with XP and it's retro applications in a Virual Machine seems an obvious means to enjoy modern hardware along your favourite interface.
It is time to upgrade the "tool" when upgrading the "tool" presents an advantage to the business, not when you are being held to ransome by the company who sold you the tool in the first place. If the new tool is superior in some way, then there may be a tangible reason to upgrade, but for f*cks sake, 7, 8, 8.1, RT !!!!
There are better tool makers these days, Linux anyone.
"A lot of businesses, large and small are still using Windows XP because of the applications they are using."
A lot of people are running XP because that's what was on their PC when it shipped, and they were given no choice by the machine vendor.
I wonder if any of you recall, or have even heard of, 'buffer overflow' errors?
Way back in the early days of Windows (3.1 and 3.11) I recollect they mentioned it, and how Redmond FIXED the problem...
them thar expurtz at Redmond...
Why, dag nab it... When was the last time ya ever heerd of thet thar 'buffer overflow' thigmabob?
Oh, yes... they still have them... regularly...
It is not planned obsolescence.
I am quite aware of how complex and intricate a full blown and well back doored operating system can be.
Even with proper intent of writing good, secure and efficient software, and having full monitoring of code generated by one, and certified by at least one other... Errors Happen....
I am not sure Redmond comes close to that standard... which is why I don't trust them...
That is why, hopefully sooner than later, the less than efficient programmers at Redmond, may be finding that, in spite of all their efforts to ignore what is known as a problem...
OS and really Functional software will be created by computers and system analysts...
A set up that doesn't have all the foibles of poor construct, security, and onerous back doors, (even programmer sabotage, perhaps) that many, especially Windows, has today.
The OSs of that nature, will NOT be designed in this country...(USA)...
Any software organization that would try such, would find they are losing personnel to quaint accidents... those that didn't 'willingly' sell out.
But, it will come... The software to do so, might even become open source, to really upset the apple cart (no pun intended)
Unless, of course, All countries outlaw such software, for lack of security reasons.
Everyone who acquires technology makes a decision on whether to insist on robust quality up front at a price (money or another resource like your own time -- this is called due diligence), or settle for qood enough and hope that the probability gods will bankroll your gamble on probability.
As a society we are very very tough on some things (like airplanes) were we insist on very high design, manufacturing, usage, and maintenance standards. Alas, commercial general purpose OS are not one of those things we are tough on (would you fly a plane whose automation OS was Windows XP,7,8, etc.).
Commerical OS (and other types of software) vendors by definition have the incentive to get you to buy the OS at a reduced price and make that money up with $ervices, update$, etc. With Microsoft, perhaps you get an OS good enough to get you to buy cheap -- with you paying and paying and paying (blood, sweat, and tears) forever.
Everyone who acquires technology makes a decision on whether to insist on robust quality up front at a price (money or another resource like your own time -- this is called due diligence), or settle for qood enough and hope that the probability gods will bankroll your gamble on probability.
As a society we are very very tough on some things (like airplanes) were we insist on very high design, manufacturing, usage, and maintenance standards. Alas, commercial general purpose OS are not one of those things we are tough on (would you fly a plane whose automation OS was Windows XP,7,8, etc.).
Commerical OS (and other types of software) vendors by definition have the incentive to get you to buy the OS at a reduced price and make that money up with $ervices, update$, etc. With Microsoft, perhaps you get an OS good enough to get you to buy cheap -- with you paying and paying and paying (blood, sweat, and tears) forever.
" we are very very tough on some things (like airplanes) were we insist on very high design, manufacturing, usage, and maintenance standards"
s/are/used to be/
s/we insist/used to insist/
Yes that reads more realistically now.
Have you been following the Dreamliner nightmare much? There is more then a suggestion that having suppliers do their own certification for regulatory purposes is not a bright idea for safety purposes.
"Alas, commercial general purpose OS are not one of those things we are tough on (would you fly a plane whose automation OS was Windows XP,7,8, etc.)."
You don't need Windows to foul up a safety critical system. You just need a broken software development and certification process (see above).
I'd love to see a suggestion that the regulatory authorities actually understand some of the more dubious things they've apparently been approving on the Dreamliner (and elsewhere - the Dreamliner is just highly visible).
But this thread is about MS. Not about aviation.
Windows for Warships might be on topic as it was based on XP (not sure whether it was XP Embedded or XP EverythingElse. XP Embedded is supported for another couple of years yet). It'd be interesting to hear where Windows for Warships is at these days.
There's no way on earth a company in Europe would get away with something like this. I've been trying out Linux Mint recently, and it's bloody good! Can even get games like DOTA 2 on Steam - and you get much higher framerates for your hardware.
So Microsoft are determined to run themselves into the ground. GOOD.
people are not upgrading. Rather than use a veiled threat to those that have not upgraded.
Of course it is interesting that since Windows XP people have not purchased upgrades at the same rate as they did when everyone raced to upgrade from Windows Me. Probably because Windows Me (was the Me for Mess) was terrible and buggy.
Now maybe if Microsoft had introduced issues that made XP less desirable to use for example crashing at random and nice blue screens then maybe people would have jumped to upgrade when when something works you don't want to change. People that switched from Windows 98se to Windows Me learned that sometimes an upgrade is not an upgrade it's a nightmare and it worried people that they would pay for an upgrade that turned into a nightmare.
Yes, price is a big issue, Microsoft seem to think that their OS is a premium product while they hype the improvements in real terms that hype doesn't match the actual product.
Windows 8 is the reason that I paid extra and purchased a Mac this time round! I would rather pay a low price for an upgrade and by the time Apple stop supporting the model of Mac I will already be planning to purchase a replacement and $20 for an upgrade is better than $120 for what is really a gamble. You don't know if it will run perfectly on your PC or the PC will grind to halt.
We did pay for the Windows 8 upgrade and tried multiple times to get it to work. We went from Windows 7 to Windows 8 and we even tried wiping the hard drive and doing a clean install and Windows Explorer would crash every 20 minutes with a message and have to restart. Hardly compatible with productivity and, to add insult to injury, it ran slower than Windows 7, against the promise of it being more efficient, sleeker and quicker. We vowed that it was end the our relationship with Microsoft. That PC is now running Linux.
Bye Bye Microsoft. This very may push people that have been tentative about trying Linux to switch to that.
"XP less desirable to use for example crashing at random and nice blue screens"
Please don't give them ideas. Though I have to say it has occurred to me that another way they could 'force' people to upgrade would be to release a security patch that did just that..
After losing what tenuous faith I had left in Microsoft thanks to their insane antics over the last ten months, my credulity meter has gone so far into the negative that I have ceased to be surprised at anything they do and say.
All Microsoft are doing now is making the rubble bounce.
Please take time to read the original blog from MS http://blogs.technet.com/b/security/archive/2013/08/15/the-risk-of-running-windows-xp-after-support-ends.aspx You will find the register has alter the contacts.
Microsoft is NOT introducing new issues, its just not supporting old ones. So when cross systems vulnerabilities get patched in Windows 7, Windows 8, and Widows 8.1 etc., there will have been no patch for Windows XP, that is what the original blog is saying.
As for your mac, how far back dose it support the MAC OS!!!!
So why not sell it? Let people who care buy an extended support licence so the cost of churning out patches is covered. A sizable chunk of a certain former electrical retailer's income used to come from extended warranties. It allows M$ to magic up a new revenue stream out of thin air.
The software implementation is probably the hardest bit.
"So why not sell it? Let people who care buy an extended support licence so the cost of churning out patches is covered."
It's obtainable from MS if the price is right (there are applications which WILL NOT run on later OSes) along with extended support licenses (for the right price, if you're willing to pay it)
The surprising thing these days for commercial operations is that they're used to NOT paying support fees for MS stuff. That's been normal (even on Linuxen) for decades.
As for home users: if you want to pay, you can get premium support, but upgrading to Win7/8/Linux is much cheaper.
because its a waist of resource.. How far back dose apple support its OS! Most people with XP have it because they can not afford to purchase a new system, so they probably can not afford support.
Do you know how any lines of product MS have ? I know people running MS windows 3.1 because they say its the best (REALY ????) .. so you think MS should be supporting them?
Please take time to read the original blog from MS http://blogs.technet.com/b/security/archive/2013/08/15/the-risk-of-running-windows-xp-after-support-ends.aspx You will find the register has alter the contacts.
Microsoft is NOT introducing new issues, its just not supporting old ones. So when cross systems vulnerabilities get patched in Windows 7, Windows 8, and Widows 8.1 etc., there will have been no patch for Windows XP, that is what the original blog is saying.
Do you know how many times you've posted on this single thread? We get it, you <3 Microsoft, you want us to read your blog (I'm sorry, Microsoft's blog).
El Reg has this wonderful feature where by I can click on your name and see a history of your posts. You only talk on MS topics and you are only (overwhelmingly) pro MS. You're determined and professional in your comment carpet bombing campaign. I think it is about time those nice guys at Redmond sent you a Surface Pro to "review".
XP is 12 years old, so why is Redmond still fixing vulns? Updates added that open new loopholes? What about supporting new crapware that has been added to the OS? What happens if the last patch Tuesday for XP contains another vuln?
I moved away from Windows 4 years ago and can only see Linux going from strength to strength.
Me, I'm just a low level man, you can tell me by the way I walk...
If the patches can be reverse-engineered in order to discover the holes, is it possible they could be reverse-engineered to create patches?
Could a 3rd-party like Comodo or Nortons sell legacy support for XP by clean-room reverse-engineering patches that MS release for 7 or 8? This isn't a cure for zero-day, because you'd be waiting for the patch while the hole was open, but it might be an interim solution between a hardware upgrade and a 7 rollout with Browsium.
Actually Hippyfreetard, you really bring up a valid point. Microsoft have only ever been REACTIVE towards fixing vulnerabilities! i.e. They only fix security holes when someone brings it to light and it is public knowledge. There is no need for someone to 'reverse' engineer the fixes. If they were willing to reverse engineer the fixes they would find the new security hole that the fix opened up while trying to close another one. Something that Microsoft manages to do on a regular basis. They patch a security hole, then patch another hole that the first patch made and then do another patch to fix the two patches! If they made a visual map of the fixes it would look like a crazily made patchwork quilt.
I am sure that any holes that Microsoft patch on the later supported versions of Windows the people that are likely to take advantage of those security issues are already aware of them.
As for a 3rd party. I would bet that Microsoft would be quick to take legal action against such a company. How dare anyone mess with code that is 'owned' by Microsoft. Though the true reason is very much more likely that it would put a spanner in the works with their push to get people to either buy new PC's or pay their inflated upgrade pricing.
Maybe it really is time that people started turning their backs on Microsoft. They have lost their way and are so blinkered that they can't get anything right anymore.
Let's face it, these days Linux in it's various incarnations are far easier to use. After all, people are using it in one form or another and Android is really just Linux on a tablet or smart phone and I am sure that many that wouldn't consider it before would be more likely to switch to it if it was made as easy to install apps on a PC using Linux.
Really?? ... you think running android on what aver phone trains you up for using Linux on a computer?
Microsoft are active in locking for bugs, and in the last year are also paying bounties for bugs and fixes.
As for this FUD of article Read the original blog from MS http://blogs.technet.com/b/security/archive/2013/08/15/the-risk-of-running-windows-xp-after-support-ends.aspx You will find the register has alter the contacts.
"...Really?? ... you think running android on what aver phone trains you up for using Linux on a computer?..."
In some ways yes, it introduces you to the concept of downloading and installing software as a data package from a single signed and trusted source rather than the Windows way of downloading and running executables from random locations on the Internet.
One of the reasons why Windows is full of malware.
Maybe if Microsoft released a Windows that was completely bare bones, just a start menu and a desktop to run software, and other than that just gets out of the way, people would switch away from Windows XP.
In software, good engineering is whatever gets the job done without calling attention to itself. Every new version of Windows fails this test in a bigger and bigger way.
Exactly.
An OS which does its job and doesn't hog resources.
If Microsoft can't (or perhaps can) see this it's because it would lead to widespread layoffs at Redmond, probably couldn't command a hefty retail price and wouldn't create a (mythical) $12bn sales opportunity for hardware sellers.
But I guess we can dream. Or switch to Linux.
The consumer dose not want, and would not purchase true bare bones. Now if you want to talk about the crap ware that gets loaded on the a lot of the consumer line PCs I am 100% with you, and they do cause a problem of instability and slowness, even vulnerabilities sometimes .. BUT that is not Microsoft, they is the PC producer who takes money from someone to preload their crap on PCs.
There are some places that do unloaded installs, Dell do for at least corporation not sure about consumer, and if you buy direct from Microsoft Store online or physical outlet then those PC are with out crap and bloat ware.
Read the original blog from MS http://blogs.technet.com/b/security/archive/2013/08/15/the-risk-of-running-windows-xp-after-support-ends.aspx You will find the register has alter the contacts.
I have a small XP partition for stuff that doesn't behave well under Wine. Most programs out there are made for XP anyway, so there's no real reason to "upgrade". On top of that, XP works perfectly with as little as 10-12 services running in the background, depending on ones preferences. I've disabled stuff like firewalls, security center, automatic updates and suchlike a long time ago, Needless to say, I don't run any AV / Anti-malware stuff either Never had any problems, though. The weak link is always the user and nothing can change that. To me, XP is the Windows version for computer savvy people, who know what they are doing.
Surely this has to be the lowest form of revenue generation this shoddy organisation can stoop to, what next when this fails? I suspected they may engineer & distribute viruses for older versions of Windows...
Im also sure they will do the same to future versions of windows, just to lever more cash & makes me all the more determined to never use any of their software, products or services.
If I was a shareholder, I'd be selling right away, perhaps the on-line community could fight back by persuading shareholders to do just that?
Please take time to read the original blog from MS http://blogs.technet.com/b/security/archive/2013/08/15/the-risk-of-running-windows-xp-after-support-ends.aspx You will find the register has alter the contacts.
Microsoft is NOT introducing new issues, its just not supporting old ones. So when cross systems vulnerabilities get patched in Windows 7, Windows 8, and Widows 8.1 etc., there will have been no patch for Windows XP, that is what the original blog is saying.
Here we go again... Who gives a tweet? How many of the W7/W8 patches will translate to a all-Winblows landscape vulnerability? It's quite likely a small number. Of that small number, how many will allow rooting the box? Quite likely an even smaller number. And of those, how many will have impossible to close attack vectors that make patches a must and not a "if available"? Think you get the idea...
This whole "XP gonna die an horrible death" hammering is just driving the point home. The point that MS f'ed up badly with every OS since then and now they're getting desperate with a userbase that just WON'T "upgrade". It's not XP's fault for being too good as it isn't, it's just better than the crap they churned out to replace it...
p.s. to the *nix crowd, give up. That you might have a (technological) edge on the OS wars is debatable. That you aren't even a runner up on the application wars is a fact. Until you loose that delusional mindset that GIMP can replace PS and app XYZ can replace it's win/osx established industry standard replacement, you're going nowhere and doing the community a disservice...
XP has an edge in the application wars ???
Please take time to read the original blog from MS http://blogs.technet.com/b/security/archive/2013/08/15/the-risk-of-running-windows-xp-after-support-ends.aspx You will find the register has alter the contacts.
Microsoft is NOT introducing new issues, its just not supporting old ones. So when cross systems vulnerabilities get patched in Windows 7, Windows 8, and Widows 8.1 etc., there will have been no patch for Windows XP, that is what the original blog is saying.
Free upgrade to 7 for anyone holding a valid XP OEM or SLK key.
Distributed by DVD-R in the form of a disk image and partitioner that avoids the need to do a fresh install. complete with all current patches on the disk.
It would probably cost Microsoft less than trying to firefight on a broken system..
AC/DC
But why would anyone want to upgrade (if that's the word) to Windows 7 or later? I have the misfortune to have to use Windows 7 at work. Fortunately, there are still some proper machines with XP around. It's much nicer to work with than Windows 7. If we must have a newer version of Windows, why can't we have one that looks like XP but with the bugs fixed?
This post has been deleted by its author
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
