Microsoft's 'custom' Windows XP patches: Not a panacea

Microsoft's 'custom' Windows XP patches: Not a panacea

Summary: Who is still running Windows XP and why? If you're not a large customer with a Premier Support contract, don't count on custom security patches after April 2014.

SHARE:
211

I've been seeing a few posts over the past week that may be giving some Windows XP users false hope that they will still be able to get patches for the operating system after April 8, 2014.

windowsxplogo

I think it was this statement from a Microsoft spokesperson that may have raised some expectations.

"After April 8, 2014, Windows XP users will no longer receive new security updates, non-security hotfixes, free or paid assisted support options, or online technical content updates from Microsoft. Third parties may provide ongoing support, but it’s important to recognize that support will not address fixes and security patches in the core Windows kernel. If an organization continues to use Windows XP and purchases Custom Support, they will receive critical security updates as new threats are discovered, along with technical support through their Premier contract." (Emphasis mine.)

It's worth repeating these patches aren't for everyone, or, in fact, almost anyone. To get these custom patches, users need an active Premier Support agreement, a Microsoft spokesperson reiterated. On top of that, you need to purchase Custom Support. The combo is costly. For many, other than those in Fortune 500 companies, who are still running Windows XP, it's probably outside the realm of possibility.

In case you were wondering, this kind of custom support option isn't new. Microsoft also made custom patches for XP SP2 available to those with Premier Support contracts when SP2 was moved to end of support (EOS) in 2010.

Why are users still running Windows XP?

But back to the kinds of customers who are holding onto Windows XP in spite of potential new vulnerabilities which may arise after Microsoft stops making all patches -- including security patches -- available after April 8 , 2014. Who are those in the 35-plus percent group plus running XP as their desktop OS?

I asked readers recently to explain why they aren't willing and/or able to get off XP. I heard back from a number of individuals via email, in addition to the answers sprinkled through the hundreds of (sadly, mostly off-topic) comments on this post.

As has been noted numerous times before, a number of those still running Windows XP in their organizations are doing so because they have written custom, internal-facing applications that are dependent on IE 6. Some of these shops also are running custom-built apps that don't use IE, but which they have not had time/money to rebuild to run on newer versions of Windows.

There are others who say they do not have the money to buy new software and hardware. This includes retirees; some government users, noting their organizations and agencies haven't got funds to upgrade; and others who are just going to keep running XP machines until they die.

I heard from one user who said his XP PC is not connected to the Internet, so he feels no need to upgrade. I heard from a couple of folks who said they are counting on their firewall and security software, coupled with common sense, to protect them once Microsoft stops issuing security patches. And I heard from more than a few users who cited their dislike of Windows 8 as a reason to avoid moving off XP -- despite the fact users still can find PCs running Windows 7.

Microsoft has made it clear to its reseller partners that one of their biggest priorities in fiscal 2014 should be to get XP users to migrate to a more recent version of Windows. Microsoft recently warned XP users they'd risk being in a "zero day forever" state after April 8, 2014.

All this said, there won't be any kind of global meltdown happening on April 9, 2014. PCs running XP won't just stop working or burst into balls of flame. However, it's still worth noting, things will likely get worse for XP users over time, as ZDNet's Larry Seltzer noted. With no more security patches for XP, one important layer of defense will be weakened. Windows XP users will put more stress on antivirus software and firewalls as long as they continue to remain on the OS.

Topics: Security, Microsoft, Windows

About

Mary Jo has covered the tech industry for 30 years for a variety of publications and Web sites, and is a frequent guest on radio, TV and podcasts, speaking about all things Microsoft-related. She is the author of Microsoft 2.0: How Microsoft plans to stay relevant in the post-Gates era (John Wiley & Sons, 2008).

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

211 comments
Log in or register to join the discussion
  • typo

    near the end : " defense will be weaked"
    Jean-Pierre-
    • "defense will be weaked"

      Should read: "any defense will be a wicked one (as perceived in Redmond, WA)" ?
      eulampius
  • Everyone I see seems to have XP

    Looking around in Offices, Stores, Hospitals, Clinics, they all are running XP. I have yet to see anyone running Windows 7 or 8.

    I am suprised that an independant company has not said that it will take over the XP sitution. There must be money to be made out of it, and a lot of businesses are happy with XP as it is and do not want to upgrade.

    KJR
    kjrider@...
    • Proprietary code...

      is not going to be handed over to some third party company. XP runs on 39% of the world's desktops. If you have not seen ANY instances of 7 or 8 in the wild, I'm not sure where you've been looking.
      kstap
      • I agree

        I've been in 4 doctors offices in the past month, PC's in the exam rooms, and everyone of them are still running XP.
        cHarley1200
        • Yup

          I've been in a number of doctor's offices and other professional places recently and I think I saw ONE of them running Win7. The rest were on XP. These aren't small operations either.
          Max Peck
      • ReactOS

        ReactOS is a FREE XP clone. It still has a few kinks, but with greater use they will be worked out. I've run it in a VM on my desktop.
        bobc4012@...
    • That's sad

      XP is an antique. I thought HP was slow, but they are at least on 7 and gradually moving to 8. If hospitals in particular are still running XP, they should be ashamed of themselves.
      tkejlboom
      • HP slow? has been selling Win8 machines since day one.

        Not sure what this comment is supposed to mean, because HP has been selling Win8 machines since day one.
        trybble1
        • I suspect he's talking about internally and not the systems they're...

          ...selling.
          ye
        • @trybble1

          He was referring to internal use!
          dookus
        • HP?

          Maybe he meant "HP" to mean the "Home Premium" version of XP?
          Astyanax
      • XP

        Unfortunately, if you work both at and in the industry I do - funds can be hard to come by. Sadly I cannot speak positively of the desire to be cutting edge in regard to IT, but we are however phasing out all XP machines by the end of the year.
        sammysamcore
      • That's sad

        if the tools works why change it?
        Quazee137
      • XP is cool

        XP might be a "antique". But a lot of people love it. After all, it's number 2 on the most used systems. And glitzy, overrated 7 is slow and takes too many clicks. My XP computer is fast.
        jackie33
      • Hospitals can not be hasty.

        Hospitals MUST get it right even if it takes time. Bad software could be disastrous to your life and death. With all the Brouhaha over going forward with Obamacare or repealing ACA, how does a hospital know what software to more to right now just to upgrade their computers? One of my doctors how has two computer systems in parallel, and enters a lot of data twice because he got in a hurry and bought the wrong computer system.
        kuehn
      • Office 2013 support will end in 2014

        I work at a hospital and we will be migrating to Windows 7 next year. Hospitals run multiple applications, so a lot of time and resources are needed to ensure compatibility. Also It is not just Windows XP that is ending support Office 2003 will also end in 2014.
        dwightr@...
        • Will your XP

          PC's with Office 2003 self destruct in 2014?

          IMHO Office 2003 was the best version of Office. It only lacks native support for the newer file formats. Its light, fast, no stupid ribbon, and it has way more features than 99% of MS Office users actually use.
          paebin2s
        • LibreOffice

          There are a few free office packages out there. LibreOffice is quite good and can handle MS Office formats. Another feature is the ability to save (export) a file to the PDF format directly (vs having to use an on-line service).
          bobc4012@...
      • Sad?

        Why? Their systems still work. Based on what standard do you think they should be "ashamed" eh?
        Max Peck