Microsoft Gets Pushy About Stopping XP Usage

Microsoft is losing its cool, and is giving the business community the full court press about switching away from Windows XP. It is getting to be very evident that the greed is getting the best of them in Redmond, as the push is coming on all fronts.

Not only is the company starting to push mightily against XP, in certain circumstances, it is refusing to tell users the truth about continued use of XP.

In an article in InfoWorld, it was reported that Microsoft is not fixing bugs in Windows XP, that were repaired for Vista recently. Since Microsoft has decided that the bugs are not of great concern, the fixes will not come, they say.

Microsoft late last week said it won’t patch Windows XP for a pair of bugs it quashed Sept. 8 in Vista, Windows Server 2003, and Windows Server 2008.

The news adds Windows XP Service Pack 2 (SP2) and SP3 to the no-patch list that previously included only Windows 2000 Server SP4.

“We’re talking about code that is 12 to 15 years old in its origin, so backporting that level of code is essentially not feasible,” said security program manager Adrian Stone during Microsoft’s monthly post-patch Webcast, referring to Windows 2000 and XP.

Is this Microsoft’s admission that they write unsustainable, spaghetti code, which was poorly written, and more poorly patched, through the years?

“An update for Windows XP will not be made available,” Stone and fellow program manager Jerry Bryant said during the Q&A portion of the Webcast (transcript here).

Last Tuesday, Microsoft said that it wasn’t patching Windows 2000 because creating a fix was “infeasible.”

Wow, bad English to go along with the lies…

The bugs in question are in Windows’ implementation of TCP/IP, the Web’s default suite of connection protocols. All three of the vulnerabilities highlighted in the MS09-048 update were patched in Vista and Server 2008. Only two of the trio affect Windows Server 2000 and Windows XP, Microsoft said in the accompanying advisory, which was refreshed on Thursday.

In the revised advisory, Microsoft explained why it won’t patch Windows XP, the world’s most popular operating system. “By default, Windows XP SP2, Windows XP SP3 and Windows XP Professional x64 Edition SP2 do not have a listening service configured in the client firewall and are therefore not affected by this vulnerability,” the company said. “Windows XP SP2 and later operating systems include a stateful host firewall that provides protection for computers against incoming traffic from the Internet or from neighboring network devices on a private network.”

Although the two bugs can be exploited on Windows 2000 and XP, Microsoft downplayed their impact. “A system would become unresponsive due to memory consumption … [but] a successful attack requires a sustained flood of specially crafted TCP packets, and the system will recover once the flood ceases.”

And with that, literally hundreds of malware writers were launched on a journey! Can you imagine the [class action] lawsuit that might occur when ‘the world’s most popular OS’ ‘gets hacked, because of Microsoft’s willful insistence on leaving the holes there?

Microsoft rated the vulnerabilities on Windows 2000 and XP as “important” on Windows 2000, and as “low” on XP. The company uses a four-step scoring system, where “low” is the least-dangerous threat, followed in ascending order by “moderate,” “important” and “critical.”

The same two bugs were ranked “moderate” for Vista and Server 2008, while a third — which doesn’t affect the older operating systems — was rated “critical.”

So we have Microsoft, on the one hand, after a commitment to service bugs until 2014, refusing to fix a bug, simply because it is considered  ‘low priority’.

On the other, we have the company telling people to move now. As recounted in Maximum PC, the pushing was rather blunt and forceful.

In a new enthusiastic effort, Microsoft is making the “case” to its enterprise customers to please, let go of Windows XP.  Microsoft recently published a bunch of case studies of companies who have made the switch, and are better for it.

In the past Microsoft may have coddled those customers unwilling to adopt newer products due to deployment cost or security concerns.  Not this time, however, they are insisting companies can save money in the long term and be using a much better product.  They are especially making this plea to those customers who own volume license contracts for XP where they are entitled to the upgraded software.  One Windows general manager, Gavriella Schuster, put it bluntly: “Hey, you own it. Deploy it, and get off of XP. Move on.”

Many consider the wide adoption of Windows 7 in businesses extremely important to the success of the operating system.  Most consider the clear advantages Windows 7 offers over XP no-brainer evidence to make the switch.

These guys at Microsoft need to get over it, and move on. Since when do you tell paying customers what to do? After many years as a salesman, and many training classes, and seminars along the way (we all need to continually learn and refresh), I can’t ever remember the lesson concerning being blunt and pushy. It simply is not in anyone’s playbook.

The greed and witlessness of these folks at Microsoft is showing badly these days. It may be that they are still not sure about adoption by business, because, the last time I read about any surveys, more than half had no intention of upgrading soon. Microsoft should take the fact that many home users seem overly happy with Windows 7, and wait for the others to catch up.

Perhaps they could spend the extra time coding the repairs for Windows XP’s problems with TCP/IP – it will take their collective mind off of it. (Since they are still selling Windows XP, it is more than keeping to a promise given for an older operating system, it is part of the expectations of those who are still getting Windows XP on a new computer.)

§

•