Well ...
Technically it's a patch for IE... so not specifically for XP...
(and since it's the best kind of correct...)
Microsoft has released patches for the latest critical security vulnerability plaguing Internet Explorer, including for Windows XP – despite months of claiming that it would never release another patch for the outdated OS past April 8 of this year. According to a blog post by Microsoft's general manager of Trustworthy …
Yes, but weren't Microsoft fond of claiming that IE was heavily integrated into the OS and could not be separated?
"Microsoft has held that this is not meaningful; that in Windows 98 and newer versions, "Internet Explorer" is not a separate piece of software but simply a brand name for the web browsing and HTML rendering capacities of the Windows operating system. In this view, the result of removing IE is simply a damaged Windows system; to have a working system without IE one must replace Windows entirely."
- from http://en.wikipedia.org/wiki/Removal_of_Internet_Explorer
@poopypants, I think that quote is pretty much right, that whole antitrust debacle was around Windows 98 (or maybe an update to Win95)? Internet Explorer hasn't been "tightly integrated" for quite some time, though it's somewhat easier to just not use it rather than remove it. I imagine you'd get worse results removing Safari from iOS, though I expect that's not an easy task.
Just an off-topic anecdote here, but I started using IE over Netscape Communicator (nee Navigator) around 1996/97 because Netscape became so bloated that when loaded into my 4MB of RAM the system ground to a halt. I already had e-mail and Usenet clients that I was happy with and I just wanted a web browser that didn't take three minutes to load.
These days I tend to use whichever browser works best for the purpose I want to use it for, which is very rarely IE. Generally I end up being forced to use it because some web app requires NTLM authentication, or because I have to view some non-standard "html" generated from a Microsoft application.
So in a couple of weeks time, when the next zero-day comes out, they're going to get hung with their own rope and the logic will apparently be that four weeks past EOL date deserves a goodwill patch for XP but six weeks is far too long. Or perhaps CERT, UK CERT, and so on just need to raise a stink every time it happens and Microsoft will cave in and push out another patch.
The thing that I never understood, was how MS were going to provide their "Premium Support for a Year" for those big organisations that cared to pay for it?
Surely these big corporates expect to get IE / XP patched (whichever one it is) so that means the patch still needs to be written, and therefore releasing it to all and sundry costs MS precisely nothing.
"Surely these big corporates expect to get IE / XP patched (whichever one it is) so that means the patch still needs to be written, and therefore releasing it to all and sundry costs MS precisely nothing."
Actually, it sort of does.
If everyone sees that a patch will be released even for those not paying for support, then what's the point in paying for support? Why pay to have the patch when you can just mooch of the freebies?
Of course, if everyone stopped paying, then there would be no patches, but that's a different issue.
"Surely these big corporates expect to get IE / XP patched (whichever one it is) so that means the patch still needs to be written, and therefore releasing it to all and sundry costs MS precisely nothing."
To get any kind of fix, security (GDR) or non-security (LDR), for a product past its extended support date requires a Custom Support Agreement (CSA), and Extended Hotfix Agreement (EHA) and a payment per fix request.
After having the 2 contracts in place and paying for the bug to be filed, there is still no guarantee it will result in a hotfix.
Even if a hotfix is created, if another customer requests the same thing then they have a CSA & EHA and pay too.
Yes, Microsoft still make available updates for MSE/XP. But they leave the MSE icon at a warning red even if it is up to date, and MSE puts up a nag message at every restart.
So Microsoft are being stroppy, and any spirited customer will be more determined to tough it out. We never had nonsense like this when earlier Windows versions were pensioned off. Let me remind Microsoft of the old fable about the competition between the wind and the sun to see who could make the traveller take off his coat.
So incensed was I about this that i decided i simply had to upgrade my XP machines to Win7 Ultimate X64.
So, after reflashing the BIOS on the mother boards with modded ones that contain SLIC2.1, i was easily able to upgrade them to Win7 X64 Ultimate for free!!!!
Thanks MS... You just saved me a fortune...Cost you 4 copies of Win7.
ALL you had to do was keep releasing MSE updates for XP and not piss us off with your "scary" pop up messages.
Might want to think about your legacy customers a bit more in the future...
"So, after reflashing the BIOS on the mother boards with modded ones that contain SLIC2.1, i was easily able to upgrade them to Win7 X64 Ultimate for free!!!!
Thanks MS... You just saved me a fortune...Cost you 4 copies of Win7."
That didn't actually directly cost Microsoft anything. And remember the first time you launched IE and it went to the Microsoft portal? They made advertising money out of that...
"they leave the MSE icon at a warning red even if it is up to date"
I thought so, too, but my son's XP machine (which spends most of it's time connected to Steam) has MSE and it is currently showing a green icon with tick, and says it's up-to-date and protected. I've no idea why, unless MS got tired of nagging everyone.
Have just read Mister Bee's message, so will try that the next time I get an opportunity - perhaps the Boy knows more than I thought!
That's odd, because I just installed it and it calls itself
Security Update for Internet Explorer 8 for Windows XP (KB2964358)
which looks rather like support for Windows XP to me.
In fact if you look at the Microsoft Security Bulletin Summary they still seem to be supporting Internet Explorer 6, and we know how much they like that.
Kind of a shame that Microsoft can't sell products on their actual merits, eh? At this point, I have accumulated several years of post-XP experience, and I cannot give a single positive reason to upgrade beyond XP. Ditto Word, Excel, and recent versions of other Microsoft Office components.
I think there are two aspects of Microsoft's business model that explain this: (1) It isn't their fault and no matter what happens to you because of Microsoft's incompetence or negligence, you can't sue them. Check your EULA if you think otherwise, but I bet you can't even read it with understanding. (2) They don't sell to you anyway. Their products are 'sold' to the manufacturers and rammed down your throat. This is NOT a case of a good idea that isn't worth stealing. It's mostly a natural result of that assuming all their potential end-user customers are thieves.
Me? I prefer personal responsibility (NOT (1)) and I resent being called a thief (NOT (2)) and I even want good software (NOT Microsoft).
Personal disclaimer time? I think the aspect that most pisses me off about this is that I fixed an old machine that still runs XP. The repair was expensive, and upgrading on a Windows path isn't even possible, but a big FY is the norm of my dealings with the big MS.
"At this point, I have accumulated several years of post-XP experience, and I cannot give a single positive reason to upgrade beyond XP. Ditto Word, Excel, and recent versions of other Microsoft Office components."
Presumably because you are too stupid to use a computer and use the CDs as door stops. There are thousands of reasons to move to newer versions - better security, performance, stability and many useful new features would be high on the list. Regardless of what you think of Microsoft or its products, claiming that sticking with XP as opposed to newer versions of Microsoft products is a good idea is ignorance of the highest order.
This post has been deleted by its author
When JRE 6 went end of support last year, Oracle released a few more security patches for the more serious bugs. They eventually stopped, as I'm sure Microsoft will, but just like XP there's a huge installed base. And in the case of JRE, some crappy web applications limit a company's ability to upgrade the Java that's providing the browser plugins for fear of breaking said crappy applications.
If they keep going with this, the people who bought custom support agreements at full price are going to start getting very upset...
When JRE 6 went end of support last year, Oracle released a few more security patches for the more serious bugs. They eventually stopped,
You'd like to think so wouldn't you. We're currently up to JRE 6 update 75 and counting, as of a couple of weeks ago, and still going strong until June 2017 apparently.
The gift that keeps on giving, and giving, and giving some more.
Funny how that happens when you don't have new products (that are worth anything) for 10 years.
God forbid if vehicles were like operating systems. We would be in a bunch of hurt (money wise). Me? I still have to get a 2009 recall done on my 2002 vehicle.
MS actively tied features into XP and IE to allow them to lock users onto their platform at the time. Unfortunately, a lot of developers went along with this and built tools and websites around IE6 and were so tied to it that they couldn't work on even later versions of IE which is why there are still IE6 users out there. This quackery hackery of theirs also made it exceedingly difficult to get off XP in the future and now we're seeing the results. All that money put into technologies that would only work on XP forced the OS to stay around for as long as it has and then stinkers like Vista, Vista again but with the rough edges knocked off (7) and now 8 (just no, really, no) why should anyone be surprised that XP still holds 30% of the Windows market?
Will the customers learn from this and avoid this sort of lockin in future? I don't know. The proliferation of other platforms may prevent it because creating an environment around a single browser version isn't practical today so I'm hopeful at least.
For now though, MS should be made to support XP because they can't claim they didn't make this problem in the first place. I don't care that it is old, it still works for a lot of people.
I've just stuck Windows 7 on a friend's machine because we both decided that Windows 8 was undesirable but she felt (understandably) queasy about sticking with Windows XP. Good news is that because there is no hardware acceleration for the shitty SiS graphics, IE is borked! :-)
Had a go installing Kubuntu on a second partition but it, too, seemed to struggle with the graphics. Might have another with that or Mint or PC-BSD tomorrow.
Bad memories of SIS onboard graphics from many years ago. I resolved it by buying a fairly cheap but current graphics card.
FWIW Mint in any incarnation since 10 wasn't happy with the onboard graphics on my 2010 Win7 box. Scientific Linux, Fedora and openSUSE both worked fine on it when I tried those.
Leaving it as is for the moment. 1280 x something even if some text looks a bit weird. See how it goes. Had to fork out € 80 for 2GB DDR-1 RAM but still the cheapest option so far. My local Chinese dealer says he's got newish notebooks complete with Windows 7 for € 150 but we hope the system stays up for another couple of years. I suspect it's unlikely but if my experience is replicated in any scale, then OEMs will be trying to renegotiate licence terms with Microsoft. You can still get Win 7 on "professional" notebooks, whatever the definition of "professional" is.
@Charlie Clark - try Puppy Linux?
Microsoft were "warning users that if they don’t upgrade soon, hackers will lie in wait each new Patch Tuesday to reverse-engineer a full set of new vulnerabilities."
@Microsoft - when making a "what-a-caring-company" gesture that also FUDs users into moving off XP perhaps it would be best not to pick one of your many zero day vulnerabilities that highlights the crappy security in all of your operating systems and software...
People are still paying for patches on custom support agreements, so it's not like dev work is not going on to fix identified vulnerabilities, they are just not generally available to the public.
Which is a tad frustrating as HM Govt has paid MS for patches for HMRC, as a tax payer, I'd want those patches to be made available to UK XP Users too using Geo-IP location in Windows Update.
"Which is a tad frustrating as HM Govt has paid MS for patches for HMRC, as a tax payer, I'd want those patches to be made available to UK XP Users too using Geo-IP location in Windows Update."
I'm sure if you are an XP user that you would want that, but they only paid for custom support for HMRC - not for the whole country!
WRONG. That would only be right if that millions paid covered that one patch for that one specific product which happened to be the patch that was released.
Clearly it isn't, and clearly there's a ton of patches for XP that are and will be continually created specifically for the people who paid for it.
This specific patch is just one that was freely released at Microsoft's discretion - the rest (of which there will be many for XP this month) won't be.
Because it represents a total rip-off for the people who paid for extended support, such as our own government.
If they keep doing this, those organisations will be wondering why they spent any money in the first place, and should be battering down Microsoft's door for their cash.
It's also a poor decision because it will keep people thinking that XP will get important patches anyway. Complacency needs to end.
Nope. It was one patch to address one specific problem in a specific product (IE) that coincidentally ended it's free support a few weeks ago. It's hardly a rip-off because there'll be a ton of security updates for XP from now till (potentially according to the paid-for contracts) next year, just only for the people who paid for it.
So calm down.
"I don't understand how software companies get away with releasing software that is full of security holes, not just one or two vulnerabilities but hundreds.What a sad joke it is that people pay good money for what is essentially partiallly functioning garbage."
Yep - modern software often really sucks. For instance Linux has had over 900 security vulnerabilities in the kernel alone, OS-X is on over 2,000 and SUSE 10 is on over 4,000!
For comparison, Windows XP is approaching 700 known vulnerabilities.
I happen to be familiar with Linux, and 900 security vulnerabilities seems to me a bit off the mark. Care to link to your sources?
Nah, I think that you're exposing your ignorance here. SUSE 10 may have or have not 4000 vulnerabilities, but if the kernel had 900, and SUSE is using the same kernel, you're saying that the whole lot of software shipped with SUSE 10 had what, 3100 vulnerabilities?
Go scare somewhere else.
One morning in a galaxy far, far away:
"Yes, let us abandon the most popular desktop OS we've ever sold in such a way as to leave us open to stories forevermore on how we walked away from a trainwreck in the interest of sales.
Wait, wouldn't that get us seen in a bad light by the only people who don't hate us now? I mean seriously, have you used windows 8? What a big pile of stinking OH HELLO BOSS. What's that? New policy? I'll get right on it!"
So 30% of all Windows desktops run XP according to my reading of the posts here. These machines work perfectly well and/or the software/OS/browser is locked in - which is why they are still in use - but we are supposed to just dump them? It's insane.
Imagine if car manufacturers behaved this way. Oh, sorry sir we can't be arsed to make the parts for your model any more, even though 30% of our customers drive them. Go and sling it in the dump and then have a look around the showroom.
I've got my popcorn ready for the MASSIVE botnet offensive that Microsoft will create. It will cause misery for everyone who upgraded as well as those that didn't.