Still holding on to Windows 2000, XP RTM or XP SP1? No more Firefox for you, my friend – Mozilla has just upped its minimum supported Windows version to Windows XP SP2. In addition, support for Firefox 3.6 will end April 24. Asa Dotzler presents Opera as an alternative for you crazy people still on Windows 2000, XP RTM or XP SP1.
Well, Firefox 10 ESR is available for the rest of 2012, right?
I wouldn’t really recommend it though.
http://www.chriscoulson.me.uk/blog/?p=111
Anyone with half a clue should not be running 2k or XP anymore anyway. There’s no issue here at all.
OK, so I guess I have less than 50% of a proverbial “clue” – I am running XP on 3 (three) computers out of 6. XP SP3 mind you, but XP nevertheless.
And in all seriousness I do not understand why is it NOT OK to run a legacy OS on perfectly functional legacy hardware? Why do I have to “upgrade” a 5 – 6 year old box to the newest OS just because it’s what everybody does? If OS security is up to date, which it still is, and OS features are adequate for my needs, why do I have to spend more money, pray tell?
That is the whole point, you can’t get any security updates anymore for the old Windows 2000, XP without SP3.
And this has been true for a while now (2000 and XP SP2 ended in 2010, Vista SP1 in 2011).
Putting Win2K/XP on the open internet would be foolish, but appropriately firewalled the lack of OS security updates is essentially a moot point. Furthermore, you can really trim down 2000 & XP, down to ~6 processes and no inbound open ports in the case of the former, which reduces the attack profile to virtually nothing. Except for the now out-of-date web browser, of course.
Who said that Microsoft has stopped releasing security updates for XP? It will be supported for two more years.
I probably should have specified SP2 and earlier. Either way, XP had enough remote exploits that I still wouldn’t trust it on the open internet, even though it’s probably safe with the latest updates.
Putting any Windows on the public Internet is risk, I would never do it.
The problem isn’t so much with the browser, it is with the plugins.
For example you don’t get any updates for Flash, Acrobat Reader and possibly Java.
If the browser would disable/blacklist all old versions of plugins by default that would be a start. But they don’t.
Edit: I should add, I also have some Windows 2000 machines still running. So I understand the “pain”.
My solution is: Linux or VM with readonly imagefile (everytime you boot, it will use the files every time).
And if I’m gonna run a VM on an other machine/server, might as well replace the old computer with a Raspberry Pi.
When I get one, it is what I’ll try to do.
Edited 2012-03-24 08:42 UTC
Because this “legacy os” is abandoned by its creator, and will never receive any security updates ever again… It’s also closed source and proprietary so noone else can provide fixes for it instead.
As such, using it on the Internet is wholly irresponsible.
You may feel that by turning off unused services means you are safe, but then this is something you should have done in the first place and should also be doing with any modern os. Turning off services only reduces the risk.
Why would a workstation have any inbound ports at all? Surely the most common use case of a workstation is that you only make outbound connections.
Also, making outbound connections also carries risk, you may be running an up to date browser, but that browser also has to interact with the rest of the OS, and this too can introduce risks. There have been several security vulnerabilities in windows which can be attacked through third party browsers, and if any more are found in these old versions they will never be fixed.
Also, just because firefox doesn’t officially support these old systems, doesn’t mean you can’t compile your own binaries for it. The source is available, so if there is any demand then someone will make it available. Debian and NetBSD make firefox available for all manner of niche hardware platforms, just this week i installed firefox on an ia64 box.
If you use your machine just for surfing web/video chatting and all those daily chores, access your bank, order some thing from ebay or pizza hut…….nothing wrong…Win2k and XP by that time will have very low user base that attackers will care worth attacking for…run it with a restricted user and you are good to go…use old browsers (FF and chrome) till the versions they keep releasing I mean
Security updates mostly, if you have to stick with Windows you should at least look into ReactOS for those old boxes if not switching to Linux+Wine.
You couldn’t trust XP when it was current, to trust it now is insanity.
I love ReactOS but telling people to use it as their primary OS is just silly. It barely works. Both Win2K and WinXP would be a better choice.
I cannot wait to start recommending ReactOS but that day has not yet come.
Almost same here, 2 notebooks and 4 “desktops”. 2 Desktops with XPSP3 + openSUSE. They boot really fast. One notebook with vista (came with it), the other has Win7 + openSUSE. The other 2 are used as servers. All Win* machines are “locked” and the account used for common tasks does not have adm privileges.
I know it depends on the user, but I never got a virus on any them. Actually, the funny thing is that I use the 2 XPSP3 to clean from virus HDs from machines that use WIn7, mostly.
I run XP in virtual machines all the time. It is much lighter weight. WinFLP is even lighter and is really XP under the hood.
To be honest, I wish that I could still run Win2K. I did right up into the Vista era but there is just too much software that will not work with it now and the security updates have stopped flowing.
XP will continue to get security updates for two more years. It has plenty of life left.
What I am confused about is why they were supporting Windows XP RTM and SP1 given that you can update your software free of charge to the latest service pack. As for people who have said, “oh, just upgrade”, there are millions of netbooks right now with Windows XP, many of which are run by people who don’t know how to upgrade so it is easier said that done.
As for removing Windows 2000 support – I’m surprised they supported it for that long but I guess there was sufficient demand for it and there was no negative impact on the platform over all.
XP SP2 broke a lot of Win2k software. That was 8 years ago, but I guess this is why someone would voluntarily run SP1 or RTM. Pirated box probably account for the other 10%. There is probably very few 9 years old computers still running without reformat. P3 and P4 become unusable without maintenance for 3 years. It take 30 minute too boot and opening a website is impracticable.
Want it or not, even mom, dad and junky teen computer can’t last that long. It take someone at some point of clean the “leftover” of daily WinXP activities.
blackwingcat has made KDW – an XP dll wrapper – and with some tinkering foobar2000 works on w2k again
Windows XP is still as productive as it’s offspring for most tasks. If it weren’t for security problems and waining support, I’m sure many people would find that it does what they need it to.
What I’ll miss about XP particularly is that it was the last MS OS to offer kernel access for private and open source kernel developers. Starting with vista, users would have to find hacks to install either their own drivers or open source drivers. Even hardware which was otherwise compatible with Vista couldn’t be used any more for this reason. Dont ya love DRMification.
Then you are not crazy….you are bat-S!@# crazy. Worm city is what it should be called.
I know of companies that have older legacy servers that they have to use windows 2000 Server for the OS because the software they run on it never got updated to work with 2003 or 2008. I can see the need to keep running legacy software in situations like this, especially if it’s being run in a Virtual Machine. But running windows 2K Pro or XP RTM or SP1, yeah you’re on your own there.
They state that in addition, they’re dropping support for Firefox 3.6, which is what is currently used in Debian Squeeze, RHEL 5 (and probably 6) etc.
These are current Linux distributions. Then again, Debian technically runs Iceweasel and will be backporting all the security updates anyhow, and I’m sure RedHat will do the same.
But still, 3.6 seems to have been that special spot where Firefox was much better, I’ve slowly had more issues the more they jump their version numbers.
I believe that Red Hat has moved RHEL to Firefox ESR.
IMHO, if you A/B test 3.6 vs 8+, the newer versions of Firefox are dramatically better. Memory use and speed improvements are particularly impressive.
I second that. I recently had the occasion to do this test when refurbishing an old eMac for work : if you switch from Firefox 3.6 to TenFourFox* 10, the performance increase is quite stunning. And so far, the only crashes which I’ve had are out of memory issues (the machine had 384 MB at the time, which is a bit low for running OS X Tiger and using a modern web browser).
* A fork of Firefox that still supports PowerPC computers.
Edited 2012-03-25 10:04 UTC
What are the issues that have been increasing with each version?
Edited 2012-03-25 14:21 UTC
Anybody running Squeeze is more than capable of updating their web browser, There is a repository at debian.net that follows release, so it is easy to keep iceweasel on debian up to date.
As far as RHEL, if you are running it as a server, you shouldn’t be surfing the web on it anyway, and if you are using it as a desktop, I am sure there are repositories available to you to keep firefox up to date.
No, Debian Squeeze has Iceweasel 3.5, which is Firefox 3.5.x sans the name, logo and with loads of security patches from any of the newer Firefoxes that came out afterwards and that concern the code of 3.5.
Debian additionally also has quite a few of the popular extensions in its repositories which also get security updates, so you needn’t worry about them working with your 3.5 browser. Of course, it sucks for people using rather exotic add ons, but most of those will upgrade to the latest FF anyway. There are at least 3 ways of updating your Firefox to the latest version as well, even if you are running Debian Stable.
Firefox 3.6’s end of life does not matter, as Iceweasel is pretty much catered to by a lot of Debian devs, as it is the primary used browser by most Debian users. It will receive updates well after Wheezy comes out (typically the old release gets updates at least 1 year after the new release comes).
3.6 is Mozilla’s own long term release, and that is typically what Ubuntu uses in its own long term releases, but now they, too, have changed to updating the LTS versions to always teh latest Firefox (as they recently have done with 10.04 where they gave it Firefox 9, the then stable one).
Oops, you are correct. The latest Iceweasel package in squeeze is 3.5.16-13.
By saying that the 3.x branch is better than 4+ is because they changed the user interface, and I personally don’t think it’s for the better.
Either way, yeah I don’t know who would actually use RHEL for a desktop, but there are cases where you’d use it to host virtual machines with a graphical management program (I do love virt-manager).
Personally I use Arch Linux as my desktop, because I like to live on the edge. But there are some places where (even as a ‘server’) a GUI is required due to some badly written Java applications. Fortunately none of these are public facing!
I wasn’t aware that debian.net had newer versions of Iceweasel. I had gone looking for some at one point, but hadn’t ran into that repository. Then again, most of the ‘desktop’ versions of Debian I have are already upgraded to Wheezy.
I’ve been holding off getting rid of Windows Xp for a long time now, it’s useful for many legacy apps that I run, but now seems to be as good an excuse as any to totally eradicate all Windows stuff from my hard drive. I suppose I just find Linux far more superior to Windows XP/7/8 etc and it’ll be getting a usage boost in a couple years when Xp users find they no longer get support.