Microsoft: After April 8th, Windows XP will have "zero day" exploits forever

Microsoft has been pushing hard to let the many users of PCs that still have Windows XP installed to upgrade to a more modern version of the OS before April 8th, 2014. After that, Microsoft will no longer issue updates of any kind, including security patches, for Windows XP. Despite this looming date, the OS is still being used by over 37 percent of all PCs worldwide, according to Net Applications.

In a new post on the Microsoft Security blog, Tim Rains, the director of its Trustworthy Computing division, says that while he has heard of many businesses that will be upgrading their PCs from Windows XP to Windows 7 or 8, he has also heard from others that they don't plan on upgrading before the support cut off date. He added, "I have even talked to some customers that say they won’t migrate from Windows XP until the hardware it’s running on fails."

Rains points out that when Microsoft releases security bulletins every second Tuesday of the month, they release them for all versions of Windows that are currently supported. However, some hackers then try to reverse engineer those patches to find the exploits that the bulletins were designed to fix and then create exploits that affect software that don't have those updates.

Rains states that after April 8, 2014, Windows XP won't get the security bulletins that will be included for Vista, 7, 8 and 8.1 users. He adds:

The very first month that Microsoft releases security updates for supported versions of Windows, attackers will reverse engineer those updates, find the vulnerabilities and test Windows XP to see if it shares those vulnerabilities.  If it does, attackers will attempt to develop exploit code that can take advantage of those vulnerabilities on Windows XP.  Since a security update will never become available for Windows XP to address these vulnerabilities, Windows XP will essentially have a “zero day” vulnerability forever.

The malware infection rate on Windows XP is already much higher than more recent versions of Windows, as seen by this Microsoft-created chart above. In addition, Microsoft has released an infographic, shown below, that attempts to explain that the entire PC industry has changed since the launch of Windows XP in 2001, including the types of security threats that have to be dealt with.

Source: Microsoft | Images via Microsoft

Report a problem with article
Previous Story

Image supposedly shows Nokia Windows RT tablet destined for Verizon

Next Story

Games for Windows Live store to close next week

78 Comments

Commenting is disabled on this article.

They should just release a Windows XP 2014 and charge people $19.99 to upgrade and continue the security updates.

Well anyone that uses an XP machine after the cut off date is playing with fire, only have themselves to blame if they do get screwed because of that decision.

Look, I'm not saying that it isn't a security risk but I find these articles tend to blow it out of proportion by making it sound like after the cut-off date, you will instantly be infected and have all your data stolen. Most people don't want your data as much as you think they want it.
Also, when I realized that the info picture thing's website listed at the bottom was run by Microsoft, I immediately dismissed lots of the "facts" as FUD to push upgrades.

Tha Bloo Monkee said,
Look, I'm not saying that it isn't a security risk but I find these articles tend to blow it out of proportion by making it sound like after the cut-off date, you will instantly be infected and have all your data stolen. Most people don't want your data as much as you think they want it.
Also, when I realized that the info picture thing's website listed at the bottom was run by Microsoft, I immediately dismissed lots of the "facts" as FUD to push upgrades.

It isn't just about people's data, it's about hackers that f*** up people's PCs just because they can... you know the same kind of R-Tards that are responsible for writing millions of viruses. In a business downtime caused by security problems is costly

I am not liking this part of the graphic: Introduction of tablet PC in (colon conveniently left out) (big letters) 2000 - Projected number of tablet shipments in 2013: (big letters) 150 million. Bit misleading if you ask me.

Microsoft should push linux so the people that don't want to upgrade because of financial issues can still run a secure modern OS.

Better get your copies of 32-bit Windows-7 while you can. Waiting for Windows-9 to fix the Windows-8 mess could be a very risky bet.

for business, the minute MS stop fixing exploits and zero day exploits get more and more numerous, the bigger a security risk it is to the companies shortsighted enough to stick with XP after this date.

Some complain "but waah it will cost £x to replace our fleet..." how much is your data worth to a) your company and b) how much is the negative press worth for data leakage due to a hack exploiting your aging XP machines or c) to your market competitors......

For that reason alone we are pushing for budgets to finally remove XP from any LAN globally by April 2014.

We have had an edict from our Corporate HQ, if any IT dept has or tries to connect XP to their global domain after April 1st 2014, the IT department & Manager will be looking for a new employer......and for once I actually agree with them, any company worth their salt have a rolling 3 year replacement program.....its called CAPEX and depreciation 33.3% P.A.

A year ago I was working for a software company that had XP on most of its machines and likely still does. It was a nightmare.

Now I'm working for a different company that's all Windows 7. Our only XP system is a VM. Much better job B)

UXGaurav said,
Metro style scaring

errr no.....they are spot on the money this is EXACTLY what will happen after April 2014

UXGaurav said,
Good then with that happening to millions of PCs, MS may extend the deadline again or risk infecting Windows 7/8 machines.

Wat

There's no more risk on April 8th, 2014 to Windows 7 or Windows 8 machines from an infection than there would be April 7th, 2014 - the 0-day happens, Microsoft patches it on supported platforms (Vista and newer), and it's no longer a threat to those platforms. Only folks running Windows XP and older versions would potentially be at risk. Your argument is inaccurate at best.

darkpuma said,
Thank god, maybe my company will finally upgrade to windows 7...

interesting thought. I bet most will wait to see what windows 9 is all about.

Spicoli said,
It's about time. It's become like IE6 in being a big pain to support.

I've completely stopped support IE 6. Everyone would have got IE 8 through Windows Update by now (expect those companies/individuals who just can't accept the change... )

Yea, we dropped IE6 a while back when the usage stats went under 1%. None of our new jquery based stuff works on it anyway. Now IE8 is the problem one lacking the rounded divs and drop shadows.

Spicoli said,
Yea, we dropped IE6 a while back when the usage stats went under 1%. None of our new jquery based stuff works on it anyway. Now IE8 is the problem one lacking the rounded divs and drop shadows.

I totally dropped developing for IE 8. It's usage is so low, it's only 3rd world countries and people stuck on office machines that they're not allowed to install a new browser on that use it. The other ~10% of IE 8 users that aren't in those categories are like dinosaurs. I just offer them a nice little message to upgrade to IE 9 or use the latest Chrome, Safari, or Firefox.

More FUD.
XP is still function and it could be extended his functionality using a firewall or using other browser than iexplorer.

Brony said,
More FUD.
XP is still function and it could be extended his functionality using a firewall or using other browser than iexplorer.


Maybe you should study computer security before y make sure statements. Hopefully you don't work in any it or consultancy role so your suggestion can't harm anyone but yourself, even that is bad enough as your infected machine can harm others in turn.

You could say the same about Win 95, it would be just as ignorant (from a security perspective.) Also the numbers speak for themselves, XP is about 55 times more likely to be infected than Windows 8.

HawkMan said,


Maybe you should study computer security before y make sure statements. Hopefully you don't work in any it or consultancy role so your suggestion can't harm anyone but yourself, even that is bad enough as your infected machine can harm others in turn.

Exists two kind of security threads:
-passive
-actives.

Passive are (ahem) caused without the user intervention. The solution is as simple as to close the ports or block the access. However, since most IP connection aren't direct (it pass through a gateway, i.e. users using a fake ip) then, by default, most connection are safe (unless the gateway is NAT the connection). And while always exists the risk of a lan attack but is really a minor issues (is not the same to deal with 1000 computer inside a lan versus 1 billion of computer). If the lan is a risk then, putting a firewall (or "moving" the machine to another segment) is enough.

Active is when the user intervene. I.e. opening a trojan for example or visiting a bogus webpage. If the user is clumsy then, an antivirus is more than enough. However, if the user is cautious and uses an updated browser - updated plugins then it is not a real deal.

So, what's your point?

BTW. exists system that, for many reason, can't be updated or upgraded, including system that are "open" to internet. This include system that uses windows nt 4.0. And they are still running without any problem.


Antivirus can't find most new computer malware, it is actually pretty trivial to change malware so it is not recognized. The non-IE browsers have poor malware blocking (like 30% vs. IE's 99%). Additionally when 0-days do happen, XP is not protected against them like Vista, 7, and 8. Look at the number of infections per 1,000 chart. That is XP SP3, the firewall has been active since XP SP2. Probably the same number of XP users use chrome/firefox as Vista, 7, 8 users (probably more actually since new IE versions don't work on XP), it obviously is not enough.

Edited by J_R_G, Aug 16 2013, 12:35pm :

Brony said,
More FUD.
XP is still function and it could be extended his functionality using a firewall or using other browser than iexplorer.

I agree, there's FUD. Microsoft want to make updates compulsory for business reasons, it's not just about security.

bigmehdi said,

I agree, there's FUD. Microsoft want to make updates compulsory for business reasons, it's not just about security.

As usual, nobody thinks through their clever conspiracy theories. Businesses pay MS the same amount no matter what OS they use. http://www.microsoft.com/licen...ware-assurance/default.aspx - Some people refuse to accept that MS looks out for its customers, but what they miss is that when MS customers do well, MS does well.

J_R_G said,

Businesses pay MS the same amount no matter what OS they use.

That looks like an overstatement to me, although I don't know all the details ( Software Insurance ? ).

I tend to agree. This is just a scare campaign. I know many businesses that do plan to run till the hardware fails and given the relative risks, I can't fault them. Security based on 'client' PCs is so passe.

'Security' types are simply legal aids in disguise. Its all about the illusion of safety.

Dashel said,
I tend to agree. This is just a scare campaign. I know many businesses that do plan to run till the hardware fails and given the relative risks, I can't fault them. Security based on 'client' PCs is so passe.

'Security' types are simply legal aids in disguise. Its all about the illusion of safety.


Windows 8 runs quite decent as old as hardware dating back to 2004 . If systems are that old, they should seriously be upgraded/replaced by now. Maintenance will on 9 year old computers be more costly in the end then upgrading to 7 or 8 with the hardware it requires. You don't want your systems open for infection, nor do you want to pay the top price for security patches I suppose.

Actually, it doesn't due to GPU limitations on most (if you don't get snagged by the CPU reqs). Win8 needs Win7 capable hardware, which isn't the boat many XP systems are in.

J_R_G said,
The non-IE browsers have poor malware blocking (like 30% vs. IE's 99%).

It is FUD. I am not blaming you but those studies. The last virus trigged by a website (excluding flash and java runtime) ran wild 5-6 years ago. It is because hackers earn money selling those vulnerabilities to some security agency than to spreading it for free.

Brony said,

Exists two kind of security threads:
-passive
-actives.

Passive are (ahem) caused without the user intervention. The solution is as simple as to close the ports or block the access. However, since most IP connection aren't direct (it pass through a gateway, i.e. users using a fake ip) then, by default, most connection are safe (unless the gateway is NAT the connection). And while always exists the risk of a lan attack but is really a minor issues (is not the same to deal with 1000 computer inside a lan versus 1 billion of computer). If the lan is a risk then, putting a firewall (or "moving" the machine to another segment) is enough.

Active is when the user intervene. I.e. opening a trojan for example or visiting a bogus webpage. If the user is clumsy then, an antivirus is more than enough. However, if the user is cautious and uses an updated browser - updated plugins then it is not a real deal.

So, what's your point?

BTW. exists system that, for many reason, can't be updated or upgraded, including system that are "open" to internet. This include system that uses windows nt 4.0. And they are still running without any problem.



And again you show a criminal lack of understanding of the concept.

So let's go with your passive and active concept, which itself is a terrible way to describe it but anyway. So the solution is to block ports and block the access huh...

well lets think of all the ports we can't block. that leaves a gapign hold in your theory.

a bigger hole in your theory is that your "passive" threats don't really need a port to infect the computer. there's many way to "passively" infect the computer without direct user interaction

Lets look at the few most common
- Mail viruses exploiting zero day security flaws in the mail app. (if you know what zero day flaw is, you know you can't use "good AV" as a defense here)
- Man in the middle attack, websites, software, banking could be anything, man in the middle attack takes infects the computer or steals info is the end result anyway. info stealing you can't defend against anyway, but at least newer windows OS' are far more secure from infection from these.
- Then there is of course zero days flaws in software on the client computer like Java, Adobe reader, flash and so on. These can go both in yoru active and passive category depending on the attack vector.

So no, a NAT doesn't "defend" the end users against every passive threat there is.

Now when it comes to your "active" category, it gets even more interesting, as this is especially where Windows 8 is far safer and more secure than XP. as the article described, zero day flaws in 7 and 8 will get patched. and these patches can get reverse engineered to find the flaw it patched.
Now Windows 7 and 8 is protected from this flaw. XP is not, while XP can do some degree be protected with AV. AV also can't protect from zero day attacks, that's why they are zero day. and the way AV works they can't patch all these holes either, they scan for viruses. If you where to protect all these holes with an AV, you're right back to Norton 2007. 90% CU being used by the AV to secure your computer.

And no. no matter how careful the user is. updated browsers and plugins is not enough. that alone makes you a threat to security in any company you would work in a IT or consultant role for. you are literally ignorant about security, and especially the danger of zero day flaws.

No matter how updated your browsers and plugins are, zero day flaws will get through. and even so. how does the browser and plugin protect the user against flaws in the OS! this is about security flaws not being patched in the OS not the plugins or the browser. and the whole point of the article is that the flaws don't get patched, and your coutner argument is "patch the plugins" :facepalm:

Shadowzz said,

Windows 8 runs quite decent as old as hardware dating back to 2004 . If systems are that old, they should seriously be upgraded/replaced by now. Maintenance will on 9 year old computers be more costly in the end then upgrading to 7 or 8 with the hardware it requires. You don't want your systems open for infection, nor do you want to pay the top price for security patches I suppose.

And this. new computer with fully updated AV gets infected by ukash EVERY DAY!. with Brony as the security consultant for your company, every computer there would e infected by ukash daily.

Brony said,

Exists two kind of security threads:
-passive
-actives.

Passive are (ahem) caused without the user intervention. The solution is as simple as to close the ports or block the access. However, since most IP connection aren't direct (it pass through a gateway, i.e. users using a fake ip) then, by default, most connection are safe (unless the gateway is NAT the connection). And while always exists the risk of a lan attack but is really a minor issues (is not the same to deal with 1000 computer inside a lan versus 1 billion of computer). If the lan is a risk then, putting a firewall (or "moving" the machine to another segment) is enough.

Active is when the user intervene. I.e. opening a trojan for example or visiting a bogus webpage. If the user is clumsy then, an antivirus is more than enough. However, if the user is cautious and uses an updated browser - updated plugins then it is not a real deal.

So, what's your point?

BTW. exists system that, for many reason, can't be updated or upgraded, including system that are "open" to internet. This include system that uses windows nt 4.0. And they are still running without any problem.


All it takes is for ONE compromised machine (any OS) in the LAN then it will be able to spread infections to all the XP machines on the LAN. XP is stupid to run unless it's not connected to a network.

mrp04 said,
All it takes is for ONE compromised machine (any OS) in the LAN then it will be able to spread infections to all the XP machines on the LAN. XP is stupid to run unless it's not connected to a network.

Exactly...

Many people don't take security as seriously as they should. Many businesses get almost (or totally) ruined because they hire these people.

The consequences of a security beach can put a small business out of business, and can cause larger businesses to lose a fortune. Sitting back and saying, "it probably won't happen and it's no big deal if it does" is just asking for a s*** storm.

Everyone I know in security that's good at their job is paranoid, with good reason. When someone thinks that their security is unbreakable, that's usually when their security is broken. There's always something new, and always a sucker running (or doing) something old.

Dashel said,
Actually, it doesn't due to GPU limitations on most (if you don't get snagged by the CPU reqs). Win8 needs Win7 capable hardware, which isn't the boat many XP systems are in.

In that time period, 64-128mb was normal low-mid. Which should be plenty as it will fall back to the slower CPU rendering anyhow.

Its about as fruitful to debate which OS is more responsive on such hardware, as it is to think security scares will suddenly cut through the calluses of anyone running XP that long.

If there is a significant amount of risk that can be mitigated by making more people aware how hard can it be to put a reminder on all XP systems so that none can say they were not aware of the looming problem?

This simple move I guarantee will have a significant impact.

Consider this one thing as well: Windows 7 users get a "free" license for XP Mode which is an XP Professional virtual machine they are free to install and use directly from Microsoft - now, the question becomes if people continue to use that XP Mode virtual machine with Windows 7 since they are tied together directly by licensing, doesn't that mean Microsoft should be required to continue support for that virtual machine for the support life cycle of Windows 7 itself?

I wonder... hrmmm...

Windows 7 XP Mode is available for Enterprise and Ultimate editions. You don't get it free either, you are paying more for those products.

Odom said,
Windows 7 XP Mode is available for Enterprise and Ultimate editions. You don't get it free either, you are paying more for those products.

http://windows.microsoft.com/e...ts/features/windows-xp-mode

It's available for Professional as well (my OS of choice and yes I paid for it years ago) and no, it doesn't alter the cost basis for said OSes at all. Regardless, the point I was making still stands: the license is "free" as part of that cost basis and the license is tied directly to Windows 7 itself so, again, it should be supported as required.

It's all semantics at this point: Microsoft wants XP dead, period, end of story, and it's going to happen regardless of the level of outcrying that people or organizations can muster. They should have moved on by now anyway, a long time ago.

The License is indeed tied to the Windows 7 license, but it is still a Windows XP license.
Besides this runs in a virtual machine, where it still gets security updates if malware finds ways to infect the host OS. Security isn't an issue.

br0adband said,
Consider this one thing as well: Windows 7 users get a "free" license for XP Mode which is an XP Professional virtual machine they are free to install and use directly from Microsoft - now, the question becomes if people continue to use that XP Mode virtual machine with Windows 7 since they are tied together directly by licensing, doesn't that mean Microsoft should be required to continue support for that virtual machine for the support life cycle of Windows 7 itself?

I wonder... hrmmm...

No. It didn't ship with the OS. You are allowed to download it if you have Pro or higher but it's not a feature of the OS so it doesn't have to be supported.

@br0adband, mrp04 and others here are right, that license you got for Windows XP was a Windows XP license. Support for it ends on April 8th, 2014, just like it would for a physical installation of Windows XP outside of XP mode. There is no extra support just because it was acquired as part of a Windows 7 Professional or Enterprise license. It was provided to you for application compatibility reasons, to allow more time for running old, incompatible apps while you worked towards acquiring newer versions or different packages altogether to handle that need.

The day of reckoning has arrived for all who haven't heeded the warnings, XP (and XP mode) officially stop being supported without a very expensive custom support agreement on April 8th, 2014.

What is strange is that this article and even responses are acting like keeping XP is a 'valid/good/needed/smart' choice.

If users were running OS X from 2001 or even a Linux Distribution from 2001, most people would agree that this would be insane outside of a closed installation.

If companies what to pay Microsoft to maintain the code, they still have this option. However expecting Microsoft to continue to update and maintain XP 12 years later is just wasting resources. Even car builders stop making replacement parts after about 10 years, and yet we are treating software like it needs longer term durability.

Maybe if it was stated like this: Microsoft has provided a long term update to Windows XP, it is called Windows 8, after installing this update, you will get continued updates and support.

Installed XP on a virtual machine the other day. Despite being a great OS it certainly feels old now. RIP XP.

I thought the Windows 7 and 8 code base were very similar... Correct me if I'm wrong. So how can 7 be six times more vulnerable (under the same circumstances - ie. using desktop apps)?

68k said,
I thought the Windows 7 and 8 code base were very similar... Correct me if I'm wrong. So how can 7 be six times more vulnerable (under the same circumstances - ie. using desktop apps)?

Because Microsoft has - for the most part - given up supporting Windows 7 in favor of targeting all development, efforts, and support to Windows 8, basically. It's a damned shame, honestly, since Windows 7 is arguably the best desktop OS they've ever produced. I won't get into a 7 vs 8 debate, suffice to say that if they'd made Metro completely optional (like an option you could install at a later time with a checkbox in the Windows Components section of Add/Remove Programs and Software) then I'd consider it worthy to some degree for use on my own hardware, but they didn't, and I won't.

As soon as the "official" word came down a little over a year ago that Windows 7 would not be getting a proper Service Pack 2 that was the death knell for Windows 7 support by and large. A clean install of Windows 7 SP1 today means you end up downloading just over a gigabyte of patches and updates to make it "complete" as of this morning - I know because I just did a clean install on my Latitude an hour ago and it's STILL installing the 1st round of updates with 3 more rounds to go). The base SP1 installation sits at 7.2GB not counting the hibernate and page files; after all the updates are installed and Windows Update says there's nothing left, the installation swells to 13.9GB in size because of all the duplicated files in the WinSxS folder which is fairly inefficient overall but it's how it works.

Even so, I won't be using Windows 8 or 8.1 or even 9 or 10 anytime soon - I'll be using Windows 7 until they pull the plug on it totally after which I might just use a Linux distro full time, but that's years from now.

Shame on you, Microsoft, Windows 7 is a damned fine product and you dropped it like it was a bad habit or something.

68k said,
I thought the Windows 7 and 8 code base were very similar... Correct me if I'm wrong. So how can 7 be six times more vulnerable (under the same circumstances - ie. using desktop apps)?

This is why the hype and focus on the Modern UI and being more tablet friendly has left the technical community and general users uniformed about Windows 8.

There are many reasons Windows 8 is faster, more stable and more secure than Windows 7, yet sadly unless you spend time read whitepapers or sitting through presentations, you won't have heard about them in the technical press.

br0adband: Lack of support has nothing to do with the question 68K asked. MS provides the patches, not putting them in an SP is probably not going to contribute to any security issues. I'm sure you can still download all the patches from somewhere on the web, and integrate them into the installation media if you choose as well. Windows 8 also has about a GB of patches at this point in time as well.

br0adband said,

Because Microsoft has - for the most part - given up supporting Windows 7 in favor of targeting all development, efforts, and support to Windows 8, basically. It's a damned shame, honestly, since Windows 7 is arguably the best desktop OS they've ever produced. I won't get into a 7 vs 8 debate, suffice to say that if they'd made Metro completely optional (like an option you could install at a later time with a checkbox in the Windows Components section of Add/Remove Programs and Software) then I'd consider it worthy to some degree for use on my own hardware, but they didn't, and I won't.

As soon as the "official" word came down a little over a year ago that Windows 7 would not be getting a proper Service Pack 2 that was the death knell for Windows 7 support by and large. A clean install of Windows 7 SP1 today means you end up downloading just over a gigabyte of patches and updates to make it "complete" as of this morning - I know because I just did a clean install on my Latitude an hour ago and it's STILL installing the 1st round of updates with 3 more rounds to go). The base SP1 installation sits at 7.2GB not counting the hibernate and page files; after all the updates are installed and Windows Update says there's nothing left, the installation swells to 13.9GB in size because of all the duplicated files in the WinSxS folder which is fairly inefficient overall but it's how it works.

Even so, I won't be using Windows 8 or 8.1 or even 9 or 10 anytime soon - I'll be using Windows 7 until they pull the plug on it totally after which I might just use a Linux distro full time, but that's years from now.

Shame on you, Microsoft, Windows 7 is a damned fine product and you dropped it like it was a bad habit or something.

Couldn't agree with those last 2 paragraphs anymore than I am right now!

I've already started the migration to Linux, some what, but then again, I've always played around with some variant of it.

XP and 7 are easily the 2 best OS's MS has done to date and if you think people can freak out over the difference between XP and 7, just watch them freak out over the difference between 7 and 8!! Oh wait, we already know how that's going, don't we!

J_R_G said,
They are very similar, in most respects, but Win 8 has a bunch of anti-exploit techniques added, even over 7. And likewise, 7 had some over Vista, and Vista had many over XP.
Here are some good smallish papers on the topic,

https://docs.google.com/file/d...0VidkM5V3M/edit?usp=sharing
https://docs.google.com/file/d...ENWUDZGNk0/edit?usp=sharing
https://docs.google.com/file/d...EJDVWFnSDg/edit?usp=sharing

Hey, thanks for posting those, they're awesome! If these features were "advertised" better I'm sure there would be a lot less debate. They've certainly convinced me to upgrade soon!

This one doesn't open BTW: https://docs.google.com/file/d...EJDVWFnSDg/edit?usp=sharing (requires login)

I`d like to say thanks for posting these papers as well, some good insight there. I wonder how many (if any) of these exploits are prevented by EMET on 7, seems a few are HEAP attacks and i know EMET does counter some

br0adband said,

A clean install of Windows 7 SP1 today means you end up downloading just over a gigabyte of patches and updates to make it "complete" as of this morning - I know because I just did a clean install on my Latitude an hour ago and it's STILL installing the 1st round of updates with 3 more rounds to go). The base SP1 installation sits at 7.2GB not counting the hibernate and page files; after all the updates are installed and Windows Update says there's nothing left, the installation swells to 13.9GB in size because of all the duplicated files in the WinSxS folder which is fairly inefficient overall but it's how it works.

Try these Windows 7 SP1 integrated ISO from authorized Microsoft distributor.
http://forums.mydigitallife.in...9&viewfull=1#post469389

br0adband said,

Because Microsoft has - for the most part - given up supporting Windows 7 in favor of targeting all development, efforts, and support to Windows 8, basically. It's a damned shame, honestly, since Windows 7 is arguably the best desktop OS they've ever produced. I won't get into a 7 vs 8 debate, suffice to say that if they'd made Metro completely optional (like an option you could install at a later time with a checkbox in the Windows Components section of Add/Remove Programs and Software) then I'd consider it worthy to some degree for use on my own hardware, but they didn't, and I won't.

As soon as the "official" word came down a little over a year ago that Windows 7 would not be getting a proper Service Pack 2 that was the death knell for Windows 7 support by and large. A clean install of Windows 7 SP1 today means you end up downloading just over a gigabyte of patches and updates to make it "complete" as of this morning - I know because I just did a clean install on my Latitude an hour ago and it's STILL installing the 1st round of updates with 3 more rounds to go). The base SP1 installation sits at 7.2GB not counting the hibernate and page files; after all the updates are installed and Windows Update says there's nothing left, the installation swells to 13.9GB in size because of all the duplicated files in the WinSxS folder which is fairly inefficient overall but it's how it works.

Even so, I won't be using Windows 8 or 8.1 or even 9 or 10 anytime soon - I'll be using Windows 7 until they pull the plug on it totally after which I might just use a Linux distro full time, but that's years from now.

Shame on you, Microsoft, Windows 7 is a damned fine product and you dropped it like it was a bad habit or something.

What are you whining about? They're releasing security updates until the date they said they'll stop.

If you really reinstall windows that much then integrate the patches into an ISO or download an ISO with the patches already integrated from somewhere.

Or heck just install 8 and one of the many free start menu replacement / metro disabler programs.

Well, the information in the article is partially true. Whilst private users will not be receiving any updates at all, companies however can still pay Microsoft to develop Security Updates, but it will be very very expensive for them.
Support for less than 100 machines running XP would cost in the mid 50.000€, whilst having more than 100 machines could be anywhere from hundreds of thousasnd € to millions. You will be paying for the support and you get one free Security Update. After that you will be paying for each Security Update you want developed plus an additional fee for every XP machine you have.

Since flaws are found and fixed in XP almost every month, then they assume when support ends, more flaws will be found and they won't be fixed. Are you suggesting there won't be flaws after support ends? Cuz that would be a new one from the XP necro-ers.

Yes, to customers willing to pay for it. Those patches are released to those customers under NDA, so they can't be given to anyone outside the organization and they cannot be installed on any machines not covered by the custom support agreement they are given under, at least legally.

And that starts expensive, and gets even more expensive as time goes on. It starts as a bridge to allow more time for organizations to migrate to another supported OS version, but eventually it becomes a punishment for those who do not.

cluberti said,
Yes, to customers willing to pay for it. Those patches are released to those customers under NDA, so they can't be given to anyone outside the organization and they cannot be installed on any machines not covered by the custom support agreement they are given under, at least legally.

And that starts expensive, and gets even more expensive as time goes on. It starts as a bridge to allow more time for organizations to migrate to another supported OS version, but eventually it becomes a punishment for those who do not.


Yeah but nothing wrong with that, it's the same with everything else you purchase. A car or a computer 12 years old will have expensive maintenance if issues rise up. Same for an OS.

But any sane cooperation in a network does not rely on the security of the client OS to protect their network/systems.

Any corp that *doesn't* rely on security at the endpoint level, along with security at every other point in the access/storage/ingress/egress points of a network / network segment is creating a candy bar network, which is worse. It's crunchy on the outside, but chewy on the inside. That one thing is the reason any XP machine still in use after April 8th, 2014 should be either completely disconnected from any network connection, or put on it's own VLAN segment, without access to any other segment, and monitored like a DMZ - because allowing unpatched and unprotected systems on any other part of a business network would be considered career suicide, and yet there are admins out there who seem to think it'll somehow be OK to leave it on an end-user's desk. That scares me, honestly.

seta-san said,
continued use of XP is an attack on digital morality...

You don't really have to stop using it (in fact, I won't) - just maybe don't connect it to the internet...

I run XP in a virtual machine so I can use a thermal printer , thats about it. Do have Windows XP on a dekstop I dont use much right now. it's pieced together

There are many people that do not care and will use Windows XP. They have never heard of Neowin or any other computer blogs and will probably never know that XP is at the end if its support. These people are so many that will make the charts look strange to us even after years.

I agree with you, the average home user does not look to the web to find out when support for their product ends. Unless they see it on TV, radio or as email in their inbox they will not know about it.
I'm deploying Windows 7 at work and so far all the pilot users tell me "Oh, that looks different". When I talk to them it turns out they never used Windows 7. I had thought that so many years after its release most people would have had it at home.

In regard to companies, many cannot get rid of Windows XP on some of their machines, and there can be tons of reasons for that.