Microsoft is killing Windows XP --but how much support had they been doing recently?

With all the hoopla about the end of support for XP:
I’m trying to remember the last time I received the benefit of that support. (I have an XP computer at home.)

Yeah, once in a while when I turned it off at night, I’d see a little red icon telling me to wait while Windows updates itself. I assume that the only reason Microsoft bothered to send me the update was that some hackers forced them to admit that there was a hole in their security, so they patched it.
I think I saw that notice once or twice in the past year.Am I wrong?

So , over the past year or so…How many patches did Microsoft actually send me ? And were those patches really all that critical to me?

Probably just tiny fixes here and there. The major hackers and virus authors focus on newer operating systems, because they’re far more likely to discover potential “Zero Day” exploits within them.

WinXP’s been updated and upgraded so much during its lifespan, any remaining vulnerabilities are probably few and far between (we hope…)

XP was already in “extended support”, which basically means MS would only fix the most egregious flaws, the ones marked as “critical”. So your analysis is correct.

It’s also worth pointing out that the original end-of-life for Windows XP SP2 was mid-2010, so it was already extended way past the original plan. (Due to the poor reception of Vista, and the as-it-turns-out temporary fad of low-power netbooks.)

I definitely got some updates on my XP netbook (which I’m having to use until a new one arrives because my main computer died) It seemed to be the same number of security updates as I had gotten for Win7.

There’s a partial correlation with this. An error found in a library usually exists in the same library in several versions of MS-Windows. So fix for Windows7 frequently means that the same fix needs to be rolled out for XP.

This is one concern about EOL for XP. The next set of patches for supported OSes will give malware folk an idea about where XP will be vulnerable. Even if there isn’t an explicit reason given for a patch, a diff on the object code tells you where it was patched, and disassembling that tells you what was wrong with the code.

My guess is the main significance of this has little to do with what MS does, but what applications and add-on hardware vendors do. When they upgrade applications or come out with new ones, they’ll drop XP support, unless it comes at no cost. The fact that MS no longer supports it gives them pretty reliable marketing input that they won’t have a big user base demanding support for it, and if they get grief, they can always point to MS as the baddie.

Fortunately, a lot of XP code runs just fine on Win 7, thanks to compatibility modes (which hopefully will continue to be supported). Drivers might be a different story; I don’t know how different Win7 drivers are to XP. Not to mention Win8, of course – with any luck I’ll skip it.

Good point!

I work in IT and our security guys (who monitor hacker forums and the like) are pretty convinced that there are a number of exploits that have been discovered over the years that have been deliberately held back. Their expecting a flood of hacks to hit when support ends

You know, I’m down with the concept of Microsoft being one giant conspiracy to dominate the world’s computer market via planned obsolescence…but, puhleeeze. //rolleyes//

I don’t think joemama24_98 is talking about Microsoft conspiring to hold stuff back, but rather about the hackers who discovered certain exploits doing so. Microsoft will not have patched for these exploits because it never knew about them, and now it never will. (I do not know if hackers are really so focused as to do stuff like that, but it is quite a different issue from Microsoft being baddies.)


And it is important to remember that this is a business decision for Microsoft, not a technical one. Microsoft is committed to developing new XP security patches for another 5 years (POSReady 2009, which is a stripped-down version of XP for point-of-sale, ATM, etc. applications, is supported through 2019). They want people to purchase a license for a newer version of Windows.

I doubt MS deliberately witholds fixes. All it would take is one disgruntled programmer from MS to blow the whistle, and the level of lawsuits would be amazing - probably negate any saving acquired by ending support work.

Also remember, a lot of XP is not vintage 2002. there are 3 major service packs, and countless updates since. The service packs replaced huge sections of the base OS. The usual danger is, you change the code to fix one thing, you may open the door for something else, especially if you do major sugery instead of tweaking.

then there’s code re-use. Remember several years ago there was a JPG vulnerability, an (im)properly contructed JPG could result in a buffer overflow or something that could allow code embedded in the JPG to execute. Presumably, the front end name of the library DLL that processes the JPG, and the calling parameters, may be slightly different from one Windows version to the other - but the code that translates JPG compression into uncompressed image is the same.

It’s probably the same with a lot of other code. IE8 is fairly recent, and some of its code is presumably still present in newer Explorer versions. Same with networking, security and authentication, HTML and XML interpretation, program launchers,etc. - When MS fixes an issue in Windows 7 or 8 (or 2008 Server, etc.) the black hats will look at what’s been changed. they will then see if the same code (and hence, possible holes) exist on XP.

if it does, this hole may never be fixed on XP.

i wouldn’t shut down XP today, but be aware that as time goes on, there will be a growing list of possible hles - sooner or later a really bad one may hit the news. MS may decide to do a 1-time fix, or may simply say “you system needs upgrade$”

My XP computer is set to get a notification when an update is available, rather than downloading it automatically, and has been getting them regularly, including this morning. I presume that will be the last one.

With it was a readme.txt that said, “From now on, you are dead to us, unless you fork out for Windows 8, in which case you’ll be our BFF, lol.”

Well, they’ve been saying for years now that XP support is ending. And they’ve been consistent with that message. The point I was trying to make is that Microsoft will still be producing fixes for the XP codebase, both for the POSReady 2009 variant and for the volume customers who have purchased extended support. Yes, they could post those fixes on Windows/Microsoft Update as well, and there’s very little direct cost involved in doing so (perhaps having one employee to do that, and another few to handle any support cases).

They’ve made a business decision to not do that, presumably to try to induce the installed base to purchase a copy of a newer Windows version. They’re well within their rights to do that. But users don’t have to like it.

XP SP3 has been the only supported version of XP for some time now. So, unless there are customers paying for special development of fixes for earlier XP releases, things won’t get fixed on pre-SP3 systems, just like they haven’t been getting fixed there previously. But SP3 is a freely available download that any XP user could legally install, so that shouldn’t be a barrier to adoption. Contrast with Windows 95 OSR2, where you had to be an OEM to get that update.

My point being, it will be fixed on XP - Microsoft just won’t publish the fix on Windows/Microsoft Update where regular XP users (and Automatic Updates) can download and install it.

If you’re running POSReady 2009, you’ll get those updates. If you’re paying Microsoft for extended support, there will be some mechanism for obtaining them. I don’t know if that will be through Automatic Updates or not.

Thank you - that is exactly what I meant.

FWIW: There were at least 24 update for me yesterday.

I’ve got some PC’s that have been off the net for about a year, and I’m getting 100+ updates.

Almost all of them are ‘critical updates’ and ‘security updates’, that is, fixes that you’ll never notice. A few are ‘updates’: that means changes to daylight savings is some other country, and changes to certificate revocation lists.

I don’t know if the ‘critical updates’ and ‘security updates’ includes kill lists for active-x controls, or if they are all real (if minor) changes to Windows.

I haven’t had any device-driver updates for a couple of years, and I think only ever one update for compatibility with server features introduced for Win8 clients.

Going back, there have also been post-service-pack new features we don’t need, like dot net 4, and updates we don’t want, like Windows search (indexed search like you get in Vista and Win 7).