09.15.09

Gemini version available ♊︎

Is Microsoft Making Windows XP Illegal for Use on the Internet?

Posted in GNU/Linux, Microsoft, Security, Vista 7, Windows at 9:01 am by Dr. Roy Schestowitz

Windows XP wallpaper style
Bad firewall

Summary: As ISPs may prepare to require full patching as a precondition to connecting, what does Microsoft’s refusal to patch actually mean?

THE PREVIOUS post showed that Windows is now at risk of being kicked off the Internet if it cannot be properly secured (it hardly can). This gets worse though.

Mentioned the other day was the fact that Microsoft is leaving Windows XP vulnerable with no intention of patching known security bugs. That, by definition, may render Windows XP unsuitable for use on the Internet; it cannot ever be made fully patched and since there is no access to the source code, only one company rules on the matter. As the debate carries on, Slashdot reveals that Microsoft is indeed saying “no” to patching of XP.

Microsoft says it won’t patch Windows XP for a pair of bugs it quashed Sept. 8 in Vista, Windows Server 2003 and Windows Server 2008. The news adds Windows XP Service Pack 2 (SP2) and SP3 to the no-patch list that previously included only Windows 2000 Server SP4. ‘We’re talking about code that is 12 to 15 years old in its origin, so backporting that level of code is essentially not feasible,’ said security program manager Adrian Stone during Microsoft’s monthly post-patch Webcast, referring to Windows 2000 and XP.

Here is the newly-cited report.

Microsoft late last week said it won’t patch Windows XP for a pair of bugs it quashed Sept. 8 in Vista, Windows Server 2003 and Windows Server 2008.

The news adds Windows XP Service Pack 2 (SP2) and SP3 to the no-patch list that previously included only Windows 2000 Server SP4.

[...]

The bugs in question are in Windows’ implementation of TCP/IP, the Web’s default suite of connection protocols. All three of the vulnerabilities highlighted in the MS09-048 update were patched in Vista and Server 2008. Only two of the trio affect Windows Server 2000 and Windows XP, Microsoft said in the accompanying advisory, which was refreshed on Thursday.

[...]

During the Q&A, however, Windows users repeatedly asked Microsoft’s security team to explain why it wasn’t patching XP, or if, in certain scenarios, their machines might be at risk. “We still use Windows XP and we do not use Windows Firewall,” read one of the user questions. “We use a third-party vendor firewall product. Even assuming that we use the Windows Firewall, if there are services listening, such as remote desktop, wouldn’t then Windows XP be vulnerable to this?”

Amazing!

Does that mean that Microsoft intends to stop sales of XP on all machines? What about the fact that Vista 7′s principal feature is virtualisation of XP? How can that be secured? What about the many existing users?

“What about the many existing users?”“Since Linux is faster and easier to use on the netbooks,” tells us a reader, “Microsoft is still shipping XP in order to hang on to the OEM monopoly. Yet at the same time the official party line is that there will be no patches for XP.

“Do you suppose Microsoft employees managed to lose or erase the source code for that part of XP?”

Could Microsoft be trying to urge people to abandon XP? If so, Vista 7 sure seems like a problem because not only does it rely on XP but it is already a problematic downgrade/upgrade (no genuine consensus or verdict on whether it’s an “upgrade” yet). Ars Technica claims that it can take an entire day just to move to this operating system, even on a fast machine. The source of the claim is Microsoft Corporation.

Microsoft: Windows 7 upgrade can take nearly a day

[...]

The biggest thing that stands out about this chart is the very broad range of the upgrade time: from 30 minutes to 1,220 minutes. That second extreme is not a typo: Microsoft really did time an upgrade that took 20 hours and 20 minutes. That’s with 650GB of data, 40 applications, on mid-end hardware, and during a 32-bit upgrade. We don’t even want to know how long it would take if Microsoft had bothered doing the same test with low-end hardware.

Assuming a wage of roughly $100 per day, the price of Vista 7 sure is higher than the price tag suggests. And what about the cost of insecurity?

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email

Decor ᶃ Gemini Space

Below is a Web proxy. We recommend getting a Gemini client/browser.

Black/white/grey bullet button This post is also available in Gemini over at this address (requires a Gemini client/browser to open).

Decor ✐ Cross-references

Black/white/grey bullet button Pages that cross-reference this one, if any exist, are listed below or will be listed below over time.

Decor ▢ Respond and Discuss

Black/white/grey bullet button If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

DecorWhat Else is New

  1. EPO Has No F-ing Oversight

    Earlier today SUEPO mentioned this new article demonstrating that EPO President António Campinos can very obviously and blatantly violate the Code of Conduct of the Office without facing any consequences; there are translations too, so the report is now available in four languages

  2. [Meme] Linux-Rejecting Foundation

    The Linux Foundation never really leads by example; by default, it uses proprietary software

  3. Linux Foundation Almost Never uses Open Source

    The Linux Foundation uses proprietary software (look where they hire and take money from) and be sure they're probably not even aware of it

  4. Links 17/05/2022: Many More Games on GNU/Linux, YaST Development Report

    Links for the day

  5. Links 17/05/2022: Rocky Linux 8.6 and Budgie Desktop in Fedora

    Links for the day

  6. Patent Examiners Rising Up Against EPO Abuse

    Unhappy with the law-breaking autocracy (the EPO‘s management breaks the law as a matter of routine), fast-deteriorating working conditions and rapidly-decreasing quality of work (or lack of compliance with the law), workers have escalated further, topping off strikes and industrial actions with a large-scale petition

  7. [Meme] What Managers (Really) Mean by Acting Professionally

    The myth of 'professionalism' needs to die along with the façade of conformity as prerequisite for employment (Linus Torvalds can work just fine in a bathrobe in his own home)

  8. Internal Poll: 93% of European Patent Office (EPO) Workers Are Unhappy With the EPO

    On top of strike/s and industrial action/s there are now also petitions; at the EPO, almost all staff is "disgruntled" because of utterly corrupt and defunct leadership

  9. Links 17/05/2022: OpenSUSE Leap 15.4 Release Candidate

    Links for the day

  10. IRC Proceedings: Monday, May 16, 2022

    IRC logs for Monday, May 16, 2022

  11. Links 16/05/2022: FreeBSD 13.1 and Inkscape 1.2 Released

    Links for the day

  12. Archiving Latest Posts in Geminispace (Like a Dated Web Directory But for Gemini)

    Earlier today we saw several more people crossing over from the World Wide Web to Gemini; we're trying to make a decent aggregator and archive for the rapidly-expanding Geminispace, which will soon have 2,500 capsules that are known to Lupa alone

  13. Microsoft Vidal Does Not Want to Listen (USPTO is Just for Megacorporations)

    Microsoft Vidal knows her real bosses. They’re international corporations (multinationals like Microsoft), not American people.

  14. Links 16/05/2022: China Advances on GNU/Linux and Maui 2.1.2 is Out

    Links for the day

  15. Jim Zemlin: Chief Revenue Officer in 'Linux' Seat-Selling Foundation

    Board seats in the Linux Foundation are basically a product on sale, based internal documents

  16. Reminder: Linux Foundation's Last IRS Filing is Very Old (Same Year the CFO Left)

    People really need to ask the Linux Foundation, directly, why its filings are years behind; this seems like a sensitive subject

  17. Linux Foundation Does Not Speak for GNU/Linux Users

    There's a serious problem in the "Linux" world as the so-called 'Linux' Foundation claims to speak for us (the GNU/Linux community) while in fact speaking against us (on the payroll of those looking to extinguish us)

  18. IBM's Lennart Poettering on Breaking Software for Pseudo Novelty

    Recently-uploaded ELCE 2011 clip shows a panel with Linus Torvalds, Alan Cox, Thomas Gleixner, Paul McKenney, and Lennart Poettering (relevant to novelty or perceived novelty that mostly degrades the experience of longtime users, e.g. Wayland and systemd)

  19. IRC Proceedings: Sunday, May 15, 2022

    IRC logs for Sunday, May 15, 2022

  20. Links 15/05/2022: Linux 5.18 RC7 and Calls for More Mass Surveillance

    Links for the day

  21. Audio: Mark Shuttleworth Marketed to Young Males, With Sexy Pictures

    The Web is rotting away, old links become broken links within months or years, so I’ve decided to encode a 3-minute segment of the whole as Ogg

  22. What a Difference Half a Decade Makes (When Linux Foundation is 'Having Fun')

    Media shaming campaigns may have taken their toll on the founder of Linux, who is now bossed by someone who rejects Linux and is married to a Microsoft booster. Like Richard Stallman under FSF guidance (and conditions for return, mostly for fear of further media assaults and attack dogs), he has become a more publicity-shy and private person. The Linux Foundation has in effect reduced the founder of what it’s called after (Linux) into a weekly release manager and mascot, whose brand it is gradually diluting/cheapening.

  23. Links 15/05/2022: GNU libiconv 1.17

    Links for the day

  24. [Meme] Unitary Patent and Unified Patent Court (UPC) Cannot Be Reconciled With the Law

    Unitary Patent and Unified Patent Court (UPC)? Impossible. But Team UPC counts on an endless torrent of fake news managing to convince you (and more importantly politicians) otherwise.

  25. Even Team Battistelli is Sometimes Admitting -- Out in Public! -- That Unified Patent Court (UPC) is Neither Legal Nor Desirable

    Daniel X. Thomas and other people who are “too old to punish” (consequences to their career profoundly minimised owing to seniority) are among those who push back against the Unitary Patent or Unified Patent Court (UPC); any sane person — not a career-climbing litigation zealot — can identify the pertinent facts and realise that what’s going on here is an injustice of unprecedented proportions in the patent discipline

  26. [Meme] Common Sense at EPO

    The European examiners who deal with patents prefer a system that works for science, for Europe, not for foreign megacorporations that amass millions of low-quality patents and weaponise these to discourage competition

  27. Patent Granting at the EPO Has Collapsed by 24% Owing to Much-Needed Industrial Action

    Seeing that the EPO’s management routinely violates the law and even the very legal basis of the EPO’s existence (it is a monopoly in Europe; no body has the authority to compete against it), the EPO’s examiners have embarked on a ‘Work-to-Rule’ campaign — working in compliance with the rules as defined 49 years ago and revised over the decades — and the European Patent Convention (EPC) takes priority over unlawful demands from middle and upper management; this is proving highly effective so far and it will carry on until demands are met, i.e. until the law is obeyed and staff is treated with respect/dignity

  28. [Meme] Milan is a Suburb in London

    As long as Italy is not the UK and London means London “proper” (not the French town called London) the UPCA is invalid and no matter how much Team UPC (and its puppets in EPO management) may plead, this whole system is bound to implode

  29. The Latest Propaganda Tactics of Team UPC: Pretending Unified Patent Court Already Exists and Unitary Patents Are Default When If Fact None Even Exists

    8 years ago Benoît Battistelli said that the UPC was imminent; now, after 4 years of António Campinos, it’s still not here and Team UPC speculators say it won’t happen this year, either; just like the EPO constantly lies (both to the public and to its very own staff) Team UPC continues to lie to itself (self-delusion) and to us; both also routinely break the law, engage in deliberate violations of longstanding conventions, and scrap constitutions, which in turn becomes a breaking point for the EU’s credibility and the legal profession

  30. Links 15/05/2022: More Azure Shutdowns and Windows Security Blunders Aplenty

    Links for the day

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts