09.15.09

Gemini version available ♊︎

Is Microsoft Making Windows XP Illegal for Use on the Internet?

Posted in GNU/Linux, Microsoft, Security, Vista 7, Windows at 9:01 am by Dr. Roy Schestowitz

Windows XP wallpaper style
Bad firewall

Summary: As ISPs may prepare to require full patching as a precondition to connecting, what does Microsoft’s refusal to patch actually mean?

THE PREVIOUS post showed that Windows is now at risk of being kicked off the Internet if it cannot be properly secured (it hardly can). This gets worse though.

Mentioned the other day was the fact that Microsoft is leaving Windows XP vulnerable with no intention of patching known security bugs. That, by definition, may render Windows XP unsuitable for use on the Internet; it cannot ever be made fully patched and since there is no access to the source code, only one company rules on the matter. As the debate carries on, Slashdot reveals that Microsoft is indeed saying “no” to patching of XP.

Microsoft says it won’t patch Windows XP for a pair of bugs it quashed Sept. 8 in Vista, Windows Server 2003 and Windows Server 2008. The news adds Windows XP Service Pack 2 (SP2) and SP3 to the no-patch list that previously included only Windows 2000 Server SP4. ‘We’re talking about code that is 12 to 15 years old in its origin, so backporting that level of code is essentially not feasible,’ said security program manager Adrian Stone during Microsoft’s monthly post-patch Webcast, referring to Windows 2000 and XP.

Here is the newly-cited report.

Microsoft late last week said it won’t patch Windows XP for a pair of bugs it quashed Sept. 8 in Vista, Windows Server 2003 and Windows Server 2008.

The news adds Windows XP Service Pack 2 (SP2) and SP3 to the no-patch list that previously included only Windows 2000 Server SP4.

[...]

The bugs in question are in Windows’ implementation of TCP/IP, the Web’s default suite of connection protocols. All three of the vulnerabilities highlighted in the MS09-048 update were patched in Vista and Server 2008. Only two of the trio affect Windows Server 2000 and Windows XP, Microsoft said in the accompanying advisory, which was refreshed on Thursday.

[...]

During the Q&A, however, Windows users repeatedly asked Microsoft’s security team to explain why it wasn’t patching XP, or if, in certain scenarios, their machines might be at risk. “We still use Windows XP and we do not use Windows Firewall,” read one of the user questions. “We use a third-party vendor firewall product. Even assuming that we use the Windows Firewall, if there are services listening, such as remote desktop, wouldn’t then Windows XP be vulnerable to this?”

Amazing!

Does that mean that Microsoft intends to stop sales of XP on all machines? What about the fact that Vista 7′s principal feature is virtualisation of XP? How can that be secured? What about the many existing users?

“What about the many existing users?”“Since Linux is faster and easier to use on the netbooks,” tells us a reader, “Microsoft is still shipping XP in order to hang on to the OEM monopoly. Yet at the same time the official party line is that there will be no patches for XP.

“Do you suppose Microsoft employees managed to lose or erase the source code for that part of XP?”

Could Microsoft be trying to urge people to abandon XP? If so, Vista 7 sure seems like a problem because not only does it rely on XP but it is already a problematic downgrade/upgrade (no genuine consensus or verdict on whether it’s an “upgrade” yet). Ars Technica claims that it can take an entire day just to move to this operating system, even on a fast machine. The source of the claim is Microsoft Corporation.

Microsoft: Windows 7 upgrade can take nearly a day

[...]

The biggest thing that stands out about this chart is the very broad range of the upgrade time: from 30 minutes to 1,220 minutes. That second extreme is not a typo: Microsoft really did time an upgrade that took 20 hours and 20 minutes. That’s with 650GB of data, 40 applications, on mid-end hardware, and during a 32-bit upgrade. We don’t even want to know how long it would take if Microsoft had bothered doing the same test with low-end hardware.

Assuming a wage of roughly $100 per day, the price of Vista 7 sure is higher than the price tag suggests. And what about the cost of insecurity?

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email

Decor ᶃ Gemini Space

Below is a Web proxy. We recommend getting a Gemini client/browser.

Black/white/grey bullet button This post is also available in Gemini over at this address (requires a Gemini client/browser to open).

Decor ✐ Cross-references

Black/white/grey bullet button Pages that cross-reference this one, if any exist, are listed below or will be listed below over time.

Decor ▢ Respond and Discuss

Black/white/grey bullet button If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

DecorWhat Else is New

  1. Links 08/06/2023: Istio 1.18 and FreeIPMI 1.6.11

    Links for the day

  2. Gemini Links 08/06/2023: Sourcehut, Gemini Identity, and BBS Comments on Cosmos

    Links for the day

  3. IRC Proceedings: Wednesday, June 07, 2023

    IRC logs for Wednesday, June 07, 2023

  4. The Need to Evolve on the Internet

    Tux Machines is one year away from its twentieth birthday and its increased focus on protocols aside from HTTP/S is paying off; Tux Machines also weaned itself off all social control media, including Mastodon and Diaspora (they're not the future, they're the past)

  5. EPO Management is Still Bullying the Staff (While Breaking the Law and Violating the European Patent Convention)

    Overloaded or overworked EPO workers are complaining about further deterioration at the workplace and their representatives say "this management style may well contribute to feelings of disengagement, depression, or even burn-out"

  6. His Majesty’s Revenue and Customs (HMRC) Not Responding After 20 Days (Well-Founded Report of Tax Fraud) and British Police Pretending Not to Exist

    The crimes of Sirius ‘Open Source’ have helped unearth a profound problem in the British law enforcement authorities; What good is a monopolistic taxman (called after the British Monarchy even in 2023) that cannot assess its own tax abuses? Or abuses connected to it via a contractor? Meanwhile, as per what I was told, the police is not responding to my MP and that’s ANOTHER scandal (police not only refusing to act against crimes, committed against many people, but moreover not responding to elected politicians)

  7. Links 08/06/2023: Cinnamon 5.8 and Leap 15.5 Release Mature

    Links for the day

  8. Gemini Links 08/06/2023: Emacs and Thoughts on Bubble

    Links for the day

  9. Links 07/06/2023: Reddit Layoffs and OpenGL 3.1 in Asahi Linux

    Links for the day

  10. Gemini Links 07/06/2023: Jukka Charting Geminispace

    Links for the day

  11. IRC Proceedings: Tuesday, June 06, 2023

    IRC logs for Tuesday, June 06, 2023

  12. NOW LIVE: Working for the Public — Universities, Software and Freedom - a Talk by Richard Stallman at Università di Pisa (Italy)

    As noted a few hours ago, Richard Stallman is delivering a talk at Università di Pisa this morning

  13. Richard Stallman's Talk is in Two Hours and There's a BigBlueButton Livestream

    Dr. Stallman is in Italy to give talks at universities this week; he will soon give a live talk, accessible in his site or directly at the source

  14. Links 06/06/2023: Angie 1.2.0, New EasyOS and EndeavourOS Released

    Links for the day

  15. Gemini Links 06/06/2023: OpenKuBSD, GrapheneOS, and More

    Links for the day

  16. Links 06/06/2023: OpenSUSE Plans for Leap

    Links for the day

  17. Gemini Links 06/06/2023: Bubble 4.0, Neutral News, and Older Bits

    Links for the day

  18. IBM's War on Open (Look at the Pattern of Layoffs at Red Hat)

    By abandoning OpenSource.com and OpenOffice.org/LibreOffice IBM sends out a clear signal that it doesn’t understand or simply does not care about the community of Free software users; its siege against the FSF and other institutions never ended and today we look at who’s being laid off or shown the door (the work environment is intentionally being made worse)

  19. Links 06/06/2023: IceWM 3.4.0 and Liveslak 1.7.0

    Links for the day

  20. Gemini Links 06/06/2023: Apple Might Kill VR, Tea Tea Deluxe 1.2.7 and Tea Land

    Links for the day

  21. IRC Proceedings: Monday, June 05, 2023

    IRC logs for Monday, June 05, 2023

  22. Links 05/06/2023: Debian 12 Almost Ready, Hong Kong 'Cannot' Remember Tiananmen Massacre

    Links for the day

  23. Gemini Links 05/06/2023: New Ship in Cosmic Voyage, Stack Overflow Moderator Strike

    Links for the day

  24. IRC Proceedings: Sunday, June 04, 2023

    IRC logs for Sunday, June 04, 2023

  25. Links 04/06/2023: Unifont 15.0.05 and PCLinuxOS Stuff

    Links for the day

  26. Gemini Links 04/06/2023: Wayland and the Old Computer Challenge

    Links for the day

  27. StatCounter: GNU/Linux (Including ChromeOS) Grows to 8% Market Share Worldwide

    This month’s numbers from StatCounter are good for GNU/Linux (including ChromeOS, which technically has both GNU and Linux); the firm assesses logs from 3 million sites and shows Windows down to 66% in desktops/laptops (a decade ago it was above 90%) with modest growth for GNU/Linux, which is at an all-time high, even if one does not count ChromeOS that isn’t freedom- or privacy-respecting

  28. Journalism Cannot and Quite Likely Won't Survive on the World Wide Web

    We’re reaching the point where the overwhelming majority of new pages on the Web (the World Wide Web) are basically junk, sometimes crafted not by humans; how to cope with this rapid deterioration is still an unknown — an enigma that demands hard answers or technical workarounds

  29. Do Not Assume Pensions Are Safe, Especially When Managed by Mr. EPOTIF Benoît Battistelli and António Campinos

    With the "hoax" that is the financial assessment by António Campinos (who is deliriously celebrating the inauguration of illegal and unconstitutional kangaroo courts) we urge EPO workers to check carefully the integrity of their pensions, seeing that pension promises have been broken for years already

  30. Links 04/06/2023: Why Flatpak and Wealth of Devices With GNU/Linux

    Links for the day

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts