Bad firewall
THE PREVIOUS post showed that Windows is now at risk of being kicked off the Internet if it cannot be properly secured (it hardly can). This gets worse though.
Microsoft says it won't patch Windows XP for a pair of bugs it quashed Sept. 8 in Vista, Windows Server 2003 and Windows Server 2008. The news adds Windows XP Service Pack 2 (SP2) and SP3 to the no-patch list that previously included only Windows 2000 Server SP4. 'We're talking about code that is 12 to 15 years old in its origin, so backporting that level of code is essentially not feasible,' said security program manager Adrian Stone during Microsoft's monthly post-patch Webcast, referring to Windows 2000 and XP.
Microsoft late last week said it won't patch Windows XP for a pair of bugs it quashed Sept. 8 in Vista, Windows Server 2003 and Windows Server 2008.
The news adds Windows XP Service Pack 2 (SP2) and SP3 to the no-patch list that previously included only Windows 2000 Server SP4.
[...]
The bugs in question are in Windows' implementation of TCP/IP, the Web's default suite of connection protocols. All three of the vulnerabilities highlighted in the MS09-048 update were patched in Vista and Server 2008. Only two of the trio affect Windows Server 2000 and Windows XP, Microsoft said in the accompanying advisory, which was refreshed on Thursday.
[...]
During the Q&A, however, Windows users repeatedly asked Microsoft's security team to explain why it wasn't patching XP, or if, in certain scenarios, their machines might be at risk. "We still use Windows XP and we do not use Windows Firewall," read one of the user questions. "We use a third-party vendor firewall product. Even assuming that we use the Windows Firewall, if there are services listening, such as remote desktop, wouldn't then Windows XP be vulnerable to this?"
“What about the many existing users?”"Since Linux is faster and easier to use on the netbooks," tells us a reader, "Microsoft is still shipping XP in order to hang on to the OEM monopoly. Yet at the same time the official party line is that there will be no patches for XP.
"Do you suppose Microsoft employees managed to lose or erase the source code for that part of XP?"
Could Microsoft be trying to urge people to abandon XP? If so, Vista 7 sure seems like a problem because not only does it rely on XP but it is already a problematic downgrade/upgrade (no genuine consensus or verdict on whether it's an "upgrade" yet). Ars Technica claims that it can take an entire day just to move to this operating system, even on a fast machine. The source of the claim is Microsoft Corporation.
Microsoft: Windows 7 upgrade can take nearly a day
[...]
The biggest thing that stands out about this chart is the very broad range of the upgrade time: from 30 minutes to 1,220 minutes. That second extreme is not a typo: Microsoft really did time an upgrade that took 20 hours and 20 minutes. That's with 650GB of data, 40 applications, on mid-end hardware, and during a 32-bit upgrade. We don't even want to know how long it would take if Microsoft had bothered doing the same test with low-end hardware.