
Microsoft’s First Windows XP Patch in Years Is a Bad Sign - cgtyoder
https://www.wired.com/story/microsoft-windows-xp-patch-very-bad-sign/
======
ducttape12
XP has been out of support for 5 years. I get it, IT is hard and expensive,
but you've had 5 years (and multiple years leading up to it) to find a
solution. At this point it's your fault, not Microsoft's or your software
vendor's.

~~~
Sohcahtoa82
I look at it another way.

XP is almost 18 years old. If you were running an 18 year old operating system
in 2010, you'd have been running Windows 3.11 while everyone else is on
Windows 7.

Running XP now is like running Linux Kernel 2.4 today.

If the computer in question is connected to any network, to keep it so out-of-
date is simply irresponsible.

~~~
cgarden
Not particularly. Most large enterprise networks rely upon many more layers
than the OS to protect and secure their infrastructure.

The cost and logistics involved in replacing legacy systems trumps the
need/inability of highly skilled engineers to protect an old OS.

~~~
closeparen
And yet attackers routinely make it onto “secure” networks and stay ahead of
attack signature databases.

Other layers might save you, you hope, sometimes. It is still irresponsible.
Most actively developed and diligently patched software is bad enough; after
EOL it is beyond the pale.

The cost needs to be properly internalized so that getting owned really is
more expensive than migrating legacy; today I’d have to agree with you that it
isn’t.

------
mugwort13
More “let’s hate on Microsoft because it’s trendy” bandwagoneers. I guess the
25 year old vulnerability in bash was not a bad thing, eh? Or scp’s 35 year
old vuln did not affect anyone? Come on, people. Stop acting like Microsoft is
the only vendor worth criticizing

~~~
CivBase
That's not what I took from the article at all. Here are the two points I got:

1\. Microsoft is releasing a patch for Windows XP, which is odd because they
no longer support it. This could indicate that a very serious vulnerability is
about to be revealed - one which likely goes beyond XP itself.

2\. There are still far too many computers running Windows XP. Doing so is a
dangerous practice - especially if the device is networked - and keeps getting
harder to justify.

------
0815test
A bad sign? Far from it. It's good that they're still supporting a vintage OS
when it matters, even though Windows XP users really should have moved to
better options (GNU/Linux, ReactOS, whatever) by now.

~~~
blueboo
consumers who buy and use ten year old machines to read facebook and email
their grandkids aren't going to install reactos

------
squarefoot
Actually, support for XP for POS terminals was terminated on 2019-04-09, that
is, less than 2 months ago. One may argue that a POS connected to the Internet
would be a no-no, but the hack that enabled faking normal XP installs as POS
devices to keep getting updates has been well known for years, and just a
registry key away, so the number of connected XP/"POS" devices might well be
much higher than expected.

------
dTal
>The saving grace for all of this is that computers running Windows 8 and up
aren’t affected.

Burying the lede? The implication here is that all unpatched Windows 7
computers will be utterly pwned within 24-48 hours of that announcement - i.e.
a week ago. That's _way_ more serious than a Windows XP problem. Tons of
people are still on Windows 7 - justifiably.

~~~
ABeeSea
There really isn’t a justifiable reason to use windows 7 anymore.

~~~
thethirdone
There absolutely is. A significant amount of software hasn't been updated to
work on Windows 8/10\. If you need a specific piece of software that only
works on Windows 7, that is a perfectly justifiable reason.

Windows 7 is only 10 years old at this point.

~~~
acqq
I still own perfectly functioning hardware... but functioning only if the
Windows 7 is running on it. Nobody made newer drivers: Intel didn't and
Microsoft didn't. And the hardware is surely nothing obscure: it's the Intel
chips.

------
graphicsRat
WinXP is still very much alive in the retail sector. Retailers are extremely
sensitive about migrating their systems.

