While I've no doubt that Microsoft's decision to release an emergency WannaCrypt malware patch for unsupported systems such as Windows XP earned the company some precious PR love, it sends consumers and enterprise customers a confusing double message.
Is Windows XP dead or not?
Well, it now seems that although extended support officially ended April 8, 2014, Microsoft is willing to release patches as long as the screams are loud enough.
And let's not forget that Microsoft itself played a part in turning Windows XP into the zombie that it now is, by taking cash from big corporations to provide custom support agreements, allowing organizations to put off having to upgrade away from Windows XP and other relics such as Windows Server 2003.
"Seeing businesses and individuals affected by cyberattacks. . .was painful," explains Phillip Misner, a security group manager at Microsoft. "Given the potential impact to customers and their businesses, we made the decision to make the Security Update for platforms in custom support only broadly available for download."
"This decision was made based on an assessment of this situation," Misner goes on to say, "with the principle of protecting our customer ecosystem overall, firmly in mind."
While I think that Microsoft took this action in good faith, it's a worrying move for a number of reasons:
This patch fixes just one out of dozens, if not hundreds, of other vulnerabilities that Windows XP has accumulated since extended support came to an end. Unless Microsoft bundles all the other fixes that it's been pushing out to organizations that took out custom support into a service pack, this one patch is simply a band-aid on a blown-off limb.
There will now be an expectation on Microsoft to patch other future vulnerabilities, thereby giving those who continue to run Windows XP a false sense of security.
It means Microsoft's word can no longer be trusted. End of support no longer means end of support if people scream loud enough.
Yes, it was "nice" of Microsoft to release this patch, and it may, on the surface at least, have seemed like the right thing to do. But the best thing that Microsoft could be doing right now is working to eradicate Windows XP.
Computer repair toolkit essentials for IT technicians
Microsoft should have left Windows XP to rot and die. Yes, it's painful, but it eventually has to happen, and all Microsoft is doing is pushing the problem out to another day. And bear in mind that Microsoft didn't really need to release this patch, because it wouldn't have taken security firms long to push out detection signatures to antivirus and endpoint security products.
"...if you are an IT professional who serves in a decision-making capacity with an organization that continues to use XP or Windows Server 2003 and SQL Server 2005, you should be fired. You should never be allowed to work in the computer industry again.
"You should not be allowed to touch a computer again either because you too are a menace. You are perpetuating the computer software equivalent of polio and smallpox."
Amen, brother. It's harsh, but I agree. Old software can be just as dangerous as blocked fire exits or overloaded power outlets. If you're condoning this sort of dangerous behavior, you're part of the problem.
If you're in the IT business, then you need to be acutely aware of product lifecycles, and that things have a finite life, and that beyond that lifespan that old code that you're attached to quickly festers and becomes a toxic hellstew.
I know that there's always pressure from "up top" to save money and fix everything with twine, duct tape, and some old bubblegum. But as the IT person who knows better, if you're not making the consequences crystal clear, you're part of the problem.
If you're a home user still using Windows XP, well, I dunno what to say. I can only hope malware or a meteor strike wipes your PC off the planet soon, because you too are part of the problem.