Jump to content
MSFN is made available via donations, subscriptions and advertising revenue. The use of ad-blocking software hurts the site. Please disable ad-blocking software or set an exception for MSFN. ×

microsoft is still making security updates for windows xp, but they say you can’t get them unless you're an enterprise with money


Recommended Posts

I found this article from how-to-geek that says microsoft Is still makeng updates but only for enterprise customers this article Is from chris-hoffmen on how to geek here Is the link to the article  is here ------>  https://www.howtogeek.com/186754/microsoft-is-still-making-security-updates-for-windows-xp-but-you-cant-have-them/

Windows XP isn’t dead and buried yet. Microsoft will be creating security updates for XP for years to come, but those updates won’t be available to normal users. No, they’re just for large businesses and governments with money to burn.

Most people still using Windows XP at home are happy with their PCs and don’t want to pay more money, so Microsoft isn’t offering this service to normal users. They’d probably just be upset if a request for $200 popped up.

Windows XP is now out of the “extended support” phase where Microsoft creates security updates for Windows XP and distributes them to all users via Windows Update. Microsoft won’t release any more security updates to most Windows XP users. But Microsoft still offers “custom support relationships” for organizations. Organizations must contact “their account team or their local Microsoft representative for more information. The wording here makes it clear that these support contracts aren’t for typical users or even small businesses. They’re intended for large organizations.

More than 27% of computers on the Internet still run Windows XP. This includes critical government computers, hundreds of thousands of ATMs, and a huge amount of mission-critical computers inside slow-moving businesses. These governments and businesses may have been asleep at the switch and missed the upgrade deadline, but they’re now scrambling to secure those computers. They have money to burn, and Microsoft will happily take their money.

For a fee of about $200 per PC for the first year — or maybe as low as $100 per PC if you negotiate — Microsoft will continue producing security updates for Windows XP and giving them out to you. That’s just for the first year — the per-PC price will go up in future years.

Microsoft’s quotes for custom support have apparently ranged from $600,000 to $5 million for the first year alone  An IT manager, who wished to remain anonymous because he was not authorized to speak on the matter, told Computerworld that Microsoft had quoted his company $1 million for the first year of custom support to cover 5,000 Windows XP machines, $2 million for the second year, and $5 million for the third.

Worse yet, these quotes apparently only include the price of critical security updates. If you want an update for an issue only considered “important”, you’ll have to contact Microsoft and pay extra.

The UK government is apparently paying £5.5 million for the first year of custom support, while the Dutch government is also paying several million euros for its own deal.

These high prices serve two purposes. On the one hand, they make a good amount of profit for Microsoft. It’s hard to feel too sorry for organizations who have known for years that the Windows XP end-of-support deadline was coming up. Microsoft even extended this deadline several times in the past. They have to pull the plug at some point. At least some of the money goes toward paying software engineers to produce and test updates.

On the other hand, the high prices encourage organizations to move away from Windows XP as quickly as possible. Microsoft really wants organizations to upgrade so it can forget Windows XP, and punitive fees encourage that.

Custom support isn’t intended for typical users. Microsoft would rather they upgrade from Windows XP by buying a new computer or a boxed copy of Windows 8. They’re not interested in charging normal computer users for security updates. Users would probably react negatively if a request for hundreds of dollars popped up on their Windows XP PCs every year.

Luckily, there’s one free way for Windows XP users to get security updates — upgrade to Linux. Microsoft’s updates are pricey.  

Custom support makes a lot of sense. Microsoft wants to end support for Windows XP, but there are large organizations and governments in a panic, willing to pay almost anything for an extension. They’ve had years of warning and multiple extensions of support. They can profit from the situation, get good press for saving governments from a complete security disaster, and encourage everyone to upgrade.

But this may leave a bad taste in some people’s mouths. If Microsoft is already producing security updates for Windows XP, why can’t they just release them to all Windows XP users so everyone can be as secure as possible? If you live in the UK and your government is paying millions of pounds for XP security updates, why can’t you get those updates your dollars are paying for?

We’re also in uncharted waters here — never before have there been so many users of a now-unsupported operating system. What will happen when we see an Internet Explorer vulnerability that infects millions of Windows XP users? People will call for Microsoft to release the security patches they’ve already made to everyone. Will Microsoft hold firm, or will they buckle and release the occasional security update to everyone? It’ll be a no-win scenario for Microsoft — they can look bad by refusing to release a critical update or they can release it and continue keeping Windows XP on life support forever.  Windows XP support is a mess. Microsoft is throwing a lifeline to governments and other large organizations who were asleep at the switch, but they’re also making good money from it. You probably don’t have millions of dollars to spend on security updates, so Microsoft isn’t offering this service to you

Edited by VistaEX
Link to post
Share on other sites
  • VistaEX changed the title to Microsoft is Still Making Security Updates for Windows XP, But They Say You Can’t Get Them Unless Your A Enterprise With Money

This has been known for years. And this is obviously a years-old article, too... as Windows XP does NOT have 27% market share since probably 2014. And, Windows 8 is cited as "new". You did give credit to the site and author of the article, but a direct link (no shorteners) would be very handy, and reccommended to include should you share another article.
 

Also, it is considered weird and somewhat annoying by many to capitialize the first letter of every word in English. Only the first word of a sentance, names (Microsoft, Bob, Ontario, etc.), and acronyms (Such as M.A.D.D.) would typically be capitalized. I don't know about whatever your first language is if it isn't English, but in English it's not customary To Capitialize Every Word In A Sentence As You Always Do.
Just a tip.

Edited by i430VX
  • Like 1
  • Upvote 5
Link to post
Share on other sites
  • VistaEX changed the title to Microsoft is still making security updates for windows xp, but they say you can’t get them unless your a enterprise with money

To each their own, but since you bring it up and seem to be requesting feedback  --  my feedback is this, I DON'T GIVE A RATS ARSE ABOUT "UPDATES".

The very FIRST thing I do whenever I install ANY operating systems is to DISABLE UPDATES !!! !!! !!!

However, I do SLIPSTREAM updates before every installation - so I do "update".

And one of the things I *LOVE* about Win XP is that I don't have to WASTE THE TIME slipstreaming MORE updates.

I stopped slipstreaming and patching SO-CALLED "risks" in June 2017 on this computer (WinXP x64) and in January 2018 on my SIX computers running WinXP x86.

I do NOT run antivirus - haven't for a good 15 years or so.

If you know "how" to use a computer and know when to click and when not to click and if you do NOT let your software "phone home" and if you only allow WHITELISTED javascript, then "you'll do just fine".

And make sure your hardware firewall (I also no longer waste my time with software firewalls) is set up properly.

"You'll do just fine".  WITHOUT concerning yourself with HYPOTHETICAL "so-called" 'security risks' propegated by an industry perpetuated as "needed" only when you allow 12 year olds to install "games" or when grandma installs some "coupon app".

 

But anywhoo...

  • Like 4
Link to post
Share on other sites
  • Dave-H changed the title to Microsoft is still making security updates for Windows XP, but they say you can’t get them unless you're an Enterprise with money

Don't forget that the Windows XP code was leaked, so Microsoft must do something in order to protect all Windows XP computers. Maybe they must make updates for all people, but not free.

  • Like 1
Link to post
Share on other sites

I'm not sure i'd consider that an obligation. EOS is EOS, they already have been "generous" in that regard, several out-of-support updates were released for XP (truly vanilla XP, not a derivitive using compatible updates). Some semblence of modern updates would certainly be nice, though.
That being said, the last of the POSReady 2009 updates were getting a quite a bit flaky (built to require SSE2 often and without warning, buggy, or outright broken). I'd hate to see what their NT5 updates would look like now.

  • Like 1
Link to post
Share on other sites
On 2/18/2021 at 11:38 PM, VistaEX said:

What will happen when we see an Internet Explorer vulnerability that infects millions of Windows XP users? People will call for Microsoft to release the security patches they’ve already made to everyone. Will Microsoft hold firm, or will they buckle and release the occasional security update to everyone? It’ll be a no-win scenario for Microsoft — they can look bad by refusing to release a critical update or they can release it and continue keeping Windows XP on life support forever.  Windows XP support is a mess. Microsoft is throwing a lifeline to governments and other large organizations who were asleep at the switch, but they’re also making good money from it. You probably don’t have millions of dollars to spend on security updates, so Microsoft isn’t offering this service to you

Already after the end of POSReady support, 0-days vulnerabilities in I.E. also targeting I.E.8.
Just take the proper precautions.

A recent example (we do not know due to lack of data) if the vulnerability below also affects I.E.8.
I bet yes because it is similar to some past vulnerabilities that I have dealt with:

https://blog.0patch.com/2021/02/remotely-exploitable-0day-in-internet.html

  • Like 1
  • Upvote 1
Link to post
Share on other sites
On 2/19/2021 at 11:12 PM, Sergiaws said:

Don't forget that the Windows XP code was leaked, so Microsoft must do something in order to protect all Windows XP computers.

Kernel source code from sp1. SP2 kernel was more like windows server 2003 kernel. Many of sp1 security issues were fixed on sp2 (many were ones nt4 had) and on security updates so many attacks may fail.

Link to post
Share on other sites
  • VistaEX changed the title to microsoft is still making security updates for windows xp, but they say you can’t get them unless you're an enterprise with money

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...