Wednesday, March 19, 2014

WINXP - Updates to Continue for Big Business For a Fee

More proof that Microdunce does not care about peon customers.  They are just another greedy company who cares only about profits and not serving customers who bought their product.  I would be willing to pay $50/year for continued WinXP Updates.

This strategy is recently confirmed by several banks making the Updates For Fee deal with Microdunce to protect their ATMs running WinXP.

"Microsoft will still patch Windows XP for a select group" by Gregg Keizer, PCWorld 9/1/2013


Just because Microsoft doesn't plan on giving Windows XP patches to the public after April 8, 2014, doesn't mean it's going to stop making those patches.

In fact, Microsoft will be creating security updates for Windows XP for months—years, even—after it halts their delivery to the general public.

Some will pay big for support

Those patches will come from a program called "Custom Support," an after-retirement contract designed for very large customers who have not, for whatever reason, moved on from an older OS.

As part of Custom Support—which according to analysts, costs about $200 per PC for the first year and more each succeeding year—participants receive patches for vulnerabilities rated "critical" by Microsoft.  Bugs ranked as "important," the next step down in Microsoft's four-level threat scoring system, are not automatically patched.  Instead, Custom Support contract holders must pay extra for those.  Flaws pegged as "moderate" or "low" are not patched at all.

"Legacy products or out-of-support service packs covered under Custom Support will continue to receive security hotfixes for vulnerabilities labeled as 'Critical' by the MSRC [Microsoft Security Response Center]," Microsoft said in a Custom Support data sheet.  "Customers with Custom Support that need security patches defined as 'Important' by MSRC can purchase these for an additional fee.

"These security hotfixes will be issued through a secure process that makes the information available only to customers with Custom Support," the data sheet promised.

Because Microsoft sells Custom Support agreements, it's obligated to come up with patches for critical and important vulnerabilities.  And it may be required to do so for years: The company sells Custom Support for up to three years after it retires an operating system.

Custom Support and the XP security updates that result have been one reason why some experts have held out hope that Microsoft will backtrack from retiring XP next April.  Their reasoning is straightforward: Microsoft will have patches available—its engineers won't have to do any more work than they already committed to doing—so handing them out to all would be a simple matter.

Or not.  Most experts have said that the chance Microsoft will prolong Windows XP's life run between slim and none.  And giving away patches to everyone risks a revolt by those big customers who have paid millions for Custom Support.

But Microsoft does have options.  Here are our suggestions:

Continue patching for free

If Windows XP remains a major presence, as it appears likely, with projections as high as 33.5 percent of all personal computers at the end of April 2014, Microsoft could decide to continue patching the aged OS with free fixes for critical vulnerabilities, maybe even those rated important.

Such a move would be unpalatable to Custom Support customers, but Microsoft could renegotiate the fees—unlikely—or remind those companies of the program's other benefits, which include access to support representatives, as well as to prior patches and hotfixes.

Patch critical vulnerabilities under attack

Microsoft could selectively patch only the critical bugs that are being exploited by hackers.  Presumably, that would be a subset of the complete XP patch collection assembled each month.

Some analysts have picked this option as a possibility.  Last December, Michael Cherry of Directions on Microsoft posed just such a situation.

"Suppose ... a security problem with XP suddenly causes massive problems on the Internet, such as a massive [denial-of-service] problem?" asked Cherry at the time.  "It is not just harming Windows XP users, it is bringing the entire Internet to its knees.  At this time there are still significant numbers of Windows XP in use, and the problem is definitely due to a problem in Windows XP.  In this scenario, I believe Microsoft would have to do the right thing and issue a fix ... without regard to where it is in the support lifecycle."

Charge users for XP patches

Although Microsoft would much rather book revenue from the sale of a newer OS, it may realize that some will refuse to upgrade, and try to make money rather than give away fixes.

It's unlikely that Microsoft would be able to charge $200 annually for post-retirement patches, as it does with Custom Support customers, but it may be able to get away with $50 a year for individuals and small businesses, perhaps with a maximum machine cap at, say, five PCs per customer.

Traditionally, Microsoft's not charged for support, but it could cast this as a special situation caused by the longevity of XP, which was due to the delay of Vista and secondarily, that OS's subsequent flop.  In late 2007, when Microsoft extended XP availability to OEMs by several months, it cited Vista's delayed launch for the unusual move.  (It added another extension in 2008 that kept XP alive on new "netbook" PCs, the then-popular class of cheap laptops, until mid-2010.)

And Microsoft has talked up a transformation to a "devices-and-services" company; a pay-for-support plan would mesh nicely with the latter half of that strategy.

No comments: