Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

XPocalypse, not now

Gregg Keizer | June 9, 2014
Didn't hackers get the memo? They were supposed to be exploiting the unpatched Windows XP

But with each passing day that Windows XP PCs remain unassailed, complacency is sure to set in as users start to believe that Fossen, other security experts and, most of all, Microsoft were crying wolf.

That would feed right into the conspiracy theories some have grasped, that Microsoft only yanked support for XP to boost flagging sales of Windows 8.1 PCs, that it had the capability to provide patches (true, actually) but declined to do so in the expectation that it would reap a windfall from enterprises extorted of millions in extended support contracts (not true, as it significantly reduced prices of those contracts just before XP dropped from support).

One can get a glimpse of both the complacent and the conspiracist simply by looking at the coverage last month of a hack that duped Windows Update into serving Windows XP systems with patches, but patches from a cousin-once-or-twice-removed, Windows Embedded POSReady 2009. That version, admittedly based on Windows XP SP3, was designed for point-of-sale systems, particularly cash registers, and automated teller machines.

The last time we looked, our home and business PCs were not dispensing Andrew Jacksons.

The story got broad play in the tech and even mainstream media. ( Computerworld was not above the fray; it ran a story as well.) And as Microsoft warned customers not to try the hack, some scoffed, hearing yet more dissembling.

"Of course they say it is a bad idea to use the hack, they want people to move to Windows 8 and later Windows 9," chimed in a reader identified only as "nilst2011" in a comment appended to the Computerworld news story.

Complacency ruled, too, as many argued and even more assumed that the hack and its not-quite-XP patches would keep them safe -- attitudes that drove IT managers crazy. On PatchManagement.org's mailing list, where IT professionals discuss patches and patching, the XP hack has been widely panned on several levels, from its legality to whether it really will work long-term.

"If you are willing to risk everything in order to avoid dropping a 10-year-old OS, be my guest. Just stop misleading the average user that they can protect themselves while still using XP," said one clearly-frustrated commenter on the mailing list.

More important, the lack of evidence of ongoing exploits against Windows XP meant nothing, argued Storms. "We all know there are still bugs in XP and we all assume there has to be some zero-days still to be found," Storms said, using the term for an exploit of an unpatched vulnerability. "[And] there is no doubt that some XP zero-days are prancing about the black markets as we speak."

 

Previous Page  1  2  3  Next Page 

Sign up for Computerworld eNewsletters.