

Microsoft rescues XP users with emergency browser fix - quackerhacker
http://news.msn.com/science-technology/microsoft-rescues-xp-users-with-emergency-browser-fix

======
DigitalSea
XP is turning out to be quite the headache for Microsoft. Undoubtedly it is
one of the best versions of Windows ever put out, but it's 13 years old now
and not even corporate conglomerates have an excuse for not updating. Yes, the
alternative to XP is only a meagre few years old and I understand it costs
money to upgrade, especially a large-scale corporate network spread out over
multiple locations, regions and continents.

But then we need to ask ourselves this: at what point does supporting an older
operating system like XP cost you more money then it would to spend the money
upgrading to a later version of Windows? Surely there is a point where you're
spending more money on maintaining the older version on-top of added security
expenses and unexpected expenses due to loss because of an undiscovered
vulnerability.

~~~
CapitalistCartr
My CNC machines aren't so easy to update.

~~~
batuhanicoz
For closed systems I think there is no need to upgrade.

What is the harm of not upgrading, what is the worst thing that can happen?

Of course, this is for a system that is not connected to the outside world.

~~~
rbanffy
> what is the worst thing that can happen?

An operator that plugs in an infected USB drive that injects a virus that will
destroy your Uranium enrichment facility? Air gaps are not what they used to
be.

~~~
Crito
The USB drive was presumably infected on a computer that _is or could be_ up
to date though, indicating the strong possibility that even if the CNC machine
were or could have been up to date, it would still be vulnerable.

------
filmgirlcw
Microsoft is going to have to take a stand and make this the last XP patch
(for anyone not paying for extended support like certain governments)
forRealThisTime if they ever want to move on.

In this case, I can understand the reprieve, if only because it came like 20
days after the EOL. In fact, you almost wonder if this wasn't publicized until
after the EOL in an attempt for malicious parties to do maximum damage.

But this won't be the last hole. Others will exist and if Microsoft doesn't
stop from now on, it won't disappear until web standards change to such an
extent that all versions of IE that run on XP won't render modern sites at
all.

Kind of a good reason, in retrospect, to decouple the web browser from the OS,
huh?

~~~
rbanffy
> Microsoft is going to have to take a stand

And risk having all those corporate drones move to Linux, Android, ChromeOS or
anything non-Microsoft or, worse, Microsoft-hostile? Risk spawning a non-
Microsoft ecosystem around vast IT-deficient corporations (any reasonably
managed IT infrastructure has moved on long ago) that would undermine their
other side businesses?

They'll never do that.

~~~
vacri
No other desktop is suitable for the enterprise desktop environment out-of-
the-box. Much as Windows is maligned, OSX doesn't have the range of tools
available for enterprise use, and free desktops still aren't quite there for
regular users en masse.

~~~
rbanffy
There may be many Windows-specific functionalities missing, but it's certainly
possible to work around those. Why do you think OSs like Ubuntu or Red Hat are
not suitable to be used as enterprise desktops?

~~~
vacri
My housemate is a regular user (not power user) and a known potterer. He loves
figuring things out and patching things together, and wanted to try a linux
desktop, so I set him up with one. He didn't want me to help him out, as he
wanted to find things out for himself, to try it without me coming in and
'just fixing it'. I watched him struggle for months, then he admitted defeat
and went back to Windows. He still (theatrically) shivers if we discuss the
topic.

I've seen this experience is seen in the wider desktop space - the only time a
free desktop is suitable for low support usage is when it's so locked down
it's not really a proper desktop environment anymore; that locked down, it's
more like an appliance. When something goes wrong with a free desktop, it's
not just a matter of figuring out what went wrong, but which are the right
steps to fix it. This error on Gnome, will this fix I found for Fedora work on
Debian? Is the problem in Gnome desktop or in the distro?

My colleague once had a problem with something in Ubuntu, and found that there
were four different solutions depending on which of the last four releases
were in use. When your changing releases are years apart (Windows) this is
less of a problem than when they're 6 months apart. I was pleasantly surprised
when I loaded up ubuntu 14.04 and saw that it looked the same as before.

Note that I'm not in the enterprise environment, only that I've had to help a
lot of people with changes from OS version to version, and understand the need
for stability... which is a reason why the path Win8 took particularly puzzles
me, given Microsoft's strong position in the business world. I think that the
free desktops are getting there, but haven't quite arrived yet.

~~~
Amadiro
Your anecdote may tell us something about the "typical grandma end-user"
situation, but it is totally irrelevant for situations that arise in large
"enterprise" IT facilities, where the admins set everything up for you (in
some central, network-booted/installed image), and the users don't really have
to figure out anything. Configurations are centrally managed with cfengine
etc.

Where I work we have around 10k RHEL workstations, and they are all centrally
managed. Users neither install nor uninstall software, they don't set up
printers, they don't set up their own hardware configurations, ...

Another example is Disney animations/pixar, where all animators use RHEL
workstations.

Your colleague may have given up on ubuntu because he couldn't get "desktop
dungeons" or "plants vs. zombies" to run without windows, but in a coorporate
setting, management does not generally consider that a priority.

~~~
vacri
You make valid points, but please stop saying that naive users are grandmas. I
even specified he was my housemate - how many elderly people do you know share
a house? It's even the wrong gender. The world's non-power computer users are
not limited to grandmothers (who seem to be all about desktop use) and
toddlers (who seem to be all about iOS).

Also, my colleague didn't give up on Ubuntu. He just noted four different ways
to fix the given problem in four consecutive six-month releases.

------
clinton_sf
It's breathtaking to see such a blunder: a Forune 100 company telling nearly
20% [1] of its installed user base, it's second largest desktop OS customer
base, to stop and make a financial decision about what to do, instead of
giving them a low-cost, path of least resistance option to continue in some
way similar to the status quo. For many people still on XP, the users are not
technical enough to understand how to do an OS upgrade or how to migrate user
data to a new machine, let alone understand why they would want to when the
current system appears to work fine.

I'm surprised that they're not trying to monetize their current XP user base
with some sort of "XP extended support" fee-based subscription so they don't
force users to look elsewhere for a desktop OS -- between Windows 8's blunders
and a Mac, I suspect many of those XP users will consider a Mac. Or simply by
offering a ~$40 upgrader app to get to Windows 7 "lite" for XP users that
works on the same hardware and drivers...

[1] [http://techcrunch.com/2014/04/02/discontinued-windowsxp-
stil...](http://techcrunch.com/2014/04/02/discontinued-windowsxp-still-
no-2-desktop-os-after-windows7-windows-8-lagging-far-behind/)

------
ars
It's pretty obvious that they did this because people were being advised not
to use IE - without specifying a version.

If they didn't update IE on XP then even IE on Win 7/8 would get hit by advice
not to use it.

~~~
filmgirlcw
Right. Of course, the fact that that advice came from DHS, which still has a
ton of XP/IE6-based internal apps probably made it that much worse. The
government is a big client. Having them move to another browser, even if they
haven't agreed to upgrade all the clients to the new Windows yet, is just a
bad idea.

------
ddoolin
What I'm wondering is how many times is this going to happen? Where they're
more-or-less forced to continue emergency patch mode for major vulns?

------
ehPReth
Out of support should mean out of support -- no one off patches.

ETA: Organizations will use these 'emergency patches' as yet another reason
not to upgrade.

