Linked by Thom Holwerda on Thu 1st May 2014 16:45 UTC
Internet Explorer

Despite XP's end of support, Microsoft is still going to release the fix for the recent Internet Explorer vulnerability for the ageing operating system.

Even though Windows XP is no longer supported by Microsoft and is past the time we normally provide security updates, we've decided to provide an update for all versions of Windows XP (including embedded), today. We made this exception based on the proximity to the end of support for Windows XP. The reality is there have been a very small number of attacks based on this particular vulnerability and concerns were, frankly, overblown. Unfortunately this is a sign of the times and this is not to say we don’t take these reports seriously. We absolutely do.

If you're still on Windows XP, you deserve to be insecure. Get a modern operating system - Windows 7/8, OS X, Linux, anything. XP is outdated crap, and it's time to move on.

Thread beginning with comment 587921
To read all comments associated with this story, please click here.
Some CANNOT move away from Windows XP
by theosib on Thu 1st May 2014 18:09 UTC
theosib
Member since:
2006-03-02

Back in 2003, you bought a $100K electron microscope with an internal computer running Windows XP. In 2013, your warranty ended, and besides, the currently installed software won’t work in Windows 7. The microscope has to be networked so that you can print and email digital photos of what you view in the microscope. The manufacturer was bought by an overseas company, and they no longer provide support for that particular model (because it wasn’t a new product line when you bought it, and it was discontinued in 2009). The latest models run Windows 7, but that works only for the newest microscopes and doesn’t work for the model you currently own.

You have two options to upgrade your OS. One is to pay the vendor a $130K NRE to port the old software to Windows 7. The other is to pay $130K for a whole new microscope.

What do you do?

Reply Score: 4

Jondice Member since:
2006-09-20

Your point is well made either way, but I would like to know if this is a real story. If it isn't, I'm sure tehre are unfortunately many real stories just like this.

Reply Parent Score: 1

Veto Member since:
2010-11-13

If you are sure there are many stories like this, why do you doubt the authenticity?

Maybe you bought a $100K oscilloscope back in 2008 with Windows XP. Now you need to pay $30K to have it upgraded to Windows 7 to keep having it connected to your corporate network, be able to print and share scope shots and control it remotely.

The real issue is not replacing your ageing PC with a new one. The real issue is how to uphold security of the Internet of Things where software is not easily upgradable. Just imagine how many devices, routers, mobile phones, media boxes, toasters etc. which are still affected by the Heartbleed bug!

Edited 2014-05-01 19:04 UTC

Reply Parent Score: 3

daedalus Member since:
2011-01-14

There are countless cases of this in industry, especially in scientific industries like pharmaceutical and medical. I work in medical devices, and some of the equipment I have to maintain still runs DOS. There's no possible way to move on from that because they either have custom, built-in PCs with dual 386 CPUs (I'm not joking), or need some sort of custom ISA card to run their hardware, or simply use software that directly accesses the hardware, effectively ruling out any OS with an NT kernel.

Pharmaceutical equipment, by the nature of the tightly regulated world it lives in, has a very long development cycle, sometimes over 20 years. You just have to accept that and keep a stock of things like DOS 6.22 and Windows 3.1 install disks lying around, along with old hard drives and spare instruments, because sometimes there is no other way. Some of our newest instruments still on sale use XP embedded, and probably will do for years to come.

Reply Parent Score: 6

drcouzelis Member since:
2010-01-11

Connect it to a Windows 7 computer, and only that computer, through a network, and mount a shared drive from the Windows 7 computer on the Windows XP computer where the images will be saved. Then email the images using the Windows 7 computer.

Or just use a flash drive to transfer the images to a computer that's connected to the Internet.

...unless you're not actually looking for solutions but are just looking to "make a point". ;)

Reply Parent Score: 3

DeepThought Member since:
2010-07-17

Other solution: Invest a few 100$ to put you XP stuff behind a firewall.
Like all the bank automates (money dispensers?): They all use XP, but the bank IT folks don't care: These machines run in a protected environment behind a firewall with (hopefully) the latest OS and bug fixes.

Reply Parent Score: 2

neuechristian Member since:
2007-01-14

Before give any answer, for dont repeat again past mistakes like "dont read the fucking license and dont care about in wich device we invest the money"
Did you took in consideration that hose 130k $ will work only until year 2020?
..and the wheel will move again in that time

Reply Parent Score: 2

anda_skoa Member since:
2005-07-07

You have two options to upgrade your OS. One is to pay the vendor a $130K NRE to port the old software to Windows 7. The other is to pay $130K for a whole new microscope.

What do you do?


The thing you do is realize that you made a mistake and ensure it doesn't happen again.

Buying expensive mission critical equipment without ensuring its maintainability over the desired usage time frame is short sighted at best, bordering on irresponsible.

Whether that is a contractual obligation of the vendor or access to technical documentation and source code (not necessarily OpenSource, lots of proprietary code has ensured availability through software escrow or similar).

It might be cheaper to buy new equipment or run it on a separated and secure network or just risk loss of confidental data, but they are not the only options

Reply Parent Score: 3

oskeladden Member since:
2009-08-05

The thing you do is realize that you made a mistake and ensure it doesn't happen again.

Buying expensive mission critical equipment without ensuring its maintainability over the desired usage time frame is short sighted at best, bordering on irresponsible.


You're assuming the buyer has a choice. I don't know much about the market for electron microscopes, but I've acted for the buyer in transactions where there's a relatively small number of manufacturers of a type of equipment, all of whom contract on a similar set of terms. You either accept those terms, or make do without the equipment.

Reply Parent Score: 3

daedalus Member since:
2011-01-14

This is what I'm trying to say. Some equipment in these fields takes something like 5 or 10 years to develop, and is supported for a further 20 years, so all you can do is go with the newest OS available at the time of release and hope for the best. That's why, up until 2 years ago, I was still receiving software updates on 720k floppy disk for an instrument built around a 486 and QNX. At the time it was cutting edge, but when it takes that long to develop an instrument, you can't just knock out a new design 3 years later with a new OS. It takes at least 10 years to get your development money back, and as a result there's a 20-year gap between generations, and there's nothing the customer can do about that.

Edit: I guess it seems easier when "mission critical" means an off-the-shelf PC that can be replaced in a matter of hours if problems arise which is the case in some industries, but it's simply not possible with big, expensive, long-lifecycle instruments like my examples or the example of the electron microscope.

Edited 2014-05-04 00:12 UTC

Reply Parent Score: 2