Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Windows XP: All dead, or just mostly dead?

Gregg Keizer | June 15, 2017
Microsoft's actions this month (and last) prompt questions about company's support policy

Windows injection

Security and patch experts contend that Windows XP is still retired, still obsolete, still dead, even though Microsoft has arguably muddied the waters by issuing security updates two months running for the 16-year-old operating system.

"It's retired," said Amol Sarwate, the director of Qualys' vulnerability lab. "It's still obsolete."

Chris Goettl, product manager with patch management vendor Ivanti, concurred. "Windows XP is retired," Goettl said. "This is definitely unprecedented, but [Microsoft is] saying that this is not normal, and is not going to continue."

Questions about Windows XP's status -- dead or undead? -- surfaced in May when Microsoft distributed patches to the no-more-support XP, Windows 8 and Windows Server 2003. Those updates were issued to protect the trio from the fast-spreading "WannaCry" ransomware campaign.

After Microsoft repeated the policy-busting move Tuesday, with officials citing the possibility of new attacks by government-sponsored hackers to explain the release of additional updates, the questions resurfaced.

Microsoft has been adamant about cutting off users when a version of Windows exhausts its 10-year support lifespan. Cynics have long portrayed that as strong-arming customers into upgrading for Microsoft's financial benefit. Meanwhile, the company typically boasts that the newer version of Windows is better, faster, and most important, more secure, and like a rusty tool, has worn out its usefulness.

Historically, support deadlines have driven upgrade cycles in the enterprise, as organizations hustle -- sometimes in panic -- to purge their networks of the older operating system. Some, not able to finish the job in time and unwilling (or unable) to expose unpatched systems to possible attacks, pay princely sums to Microsoft for after-retirement custom support.

But by issuing patches to Windows XP three years after expiration, some worried that Microsoft had set a precedent it might regret.

"If Microsoft says that Windows 7 truly reaches end of life in [January] 2020, is it really going to cut off support, or will they release critical patches like they have done twice with Windows XP?" asked Brad Sams of Petri.com on Tuesday.

Sarwate didn't see it that way. He accepted Microsoft reasons for updating Windows XP, and believed the company when its officials said that it had not changed its support policies, even after two consecutive months of patches.

He also contended that it is against Microsoft's interest to disinter a dead OS. "This is a double-edged sword," he said of Microsoft's XP patch releases. "It's true that big issues like these need to be patched, but if they do this too much, it works against their objective getting folks onto a newer OS."

 

1  2  Next Page 

Sign up for Computerworld eNewsletters.