The nonprofit Zeroday Emergency Response Team is offering VML security patches for out-of-support Windows OS versions. The volunteer group, which is made up of well-respected security professionals, has released updates for Windows 98, Windows 98 SE, Windows ME, Windows 2000 and Windows 2000 SP3.
…that they (Microsoft) should just out source their entire engineering team to the community and get back to what they do best – marketing.
When a comunity group can patch a closed source system, and implement other deaktop features (beagle, xgl, etc) faster than a multi billion company can – they must start asking questions – or alreast their shareholders should.
Kudos to the team – but in all honestly you can skip ME eh? Please!
ummm…it’s 2006. If I were a shareholder and microsoft were still offering free support for a product that is 8 years old then I would be asking questions.
Software has an unlimited lifetime. People only upgrade to get better feature and to continue to have support. If microsoft continued to offer support for windows 98 then less people would upgrade and microsoft won’t make money.
It’s basic commerical sense only to put money in to areas that will produce a return.
>> If microsoft continued to offer support for windows 98 then less people would upgrade and microsoft won’t make money. <<
It hardly matters, because most Wndws-money is made by selling preloaded Wndws on new machines.
>> It’s basic commerical sense only to put money in to areas that will produce a return. <<
..it is for those companies that only care about short term revenue, more than reputation, the environment, human rights, and the rights of workers.
Most people don’t know the difference between hardware and software, if Windows starts acting up badly enough, they’ll buy a new computer, seeing as computers are pretty cheap these days. For a long time I worked at an ISP, and we saw it all the time, computer gets worm, customer calls us and yells, we advise them to go to a shop, they go and salesperson sells them new PC, then refurbs the old one and sells it for even more money.
So by your logic, if most people get windows on new PCs, MS still makes money by not patching older OS’s, as people will trade in thier old ones to get the new OS
Since it reliably pays a dividend they could support pedophilic cannibalism for all the stockholders care, you don’t buy MSFT for the good kharma.
Two things…
Firstly, we’re assuming these patches actually work and are not creating more problems. The credibility without some exhaustive validation is definitely in question. Only an absolute fool would implement these patches in a corporate environment either way. Unless it comes from Microsoft, or given the OK by Microsoft, it’s a huge risk.
Secondly, software has a lifespan. Microsoft, recall, are a for-profit organization. It costs too much to keep supporting an older OS. Partially the non-release of patches in my mind is to encourage people to upgrade to a newer OS. There are probably cases of exception, but people would be much the wiser to go for say Windows XP over any of the Windows 9x/Me releases.
Secondly, software has a lifespan. Microsoft, recall, are a for-profit organization. It costs too much to keep supporting an older OS. Partially the non-release of patches in my mind is to encourage people to upgrade to a newer OS. There are probably cases of exception, but people would be much the wiser to go for say Windows XP over any of the Windows 9x/Me releases.
What does it mateter if they’re for profit or not?!
If they made a faulty product they’re obligated to fix it or recall it off the market.
If I have a 7 year old computer with Win98 on it and the hardware is still working fine and the software meets my needs, why should I be forced to replace it just so a company gets a cache injection?
However if I can’t use my Win98 because some flaw is causing my computer to be infected by a warm off the Internet without me doing anything at all (remember Blast, Sasser?) then the product is faulty from manufacture and Microsoft is obligated to fix it, whether it’s now or 100 years from now, as long as they’re in business.
Somewhat unequal analogy would be, if a dangerous design flaw is discovered in a car, they have a recall and it gets fixed.
But cars can’t be directly compared to software since they are products that wear out over time.
But the analogy still aplies, remember lawsuits agaist car manufacturers after people had bad accidents because of design flaws in some cars? And the car manufacturer had to pay up years later.
Well, with windows one will have “accidents” years later because of design flaws and Microsoft should pay just like any other company!
They are obligated to fix it maybe, but not for free.
> They are obligated to fix it maybe, but not for free.
I disagree. You have already paid for a flawless product. They did not deliver. It makes no sense that you have to pay again to finally get your flawless product (which you probably won’t get). In the end, paying for bugfixes results in the software’s label price being a farce and the actual price just to *buy* the software can be arbitrarily high, and the time to buy the software arbitrarily long.
Such things happen for cars too, but very very seldom, and car manufacturers usually deliver the “bugfixes” for free and instantly. Unlike software makers, they have to fear damage to their reputation.
“You have already paid for a flawless product. ”
.. What? Where?
If you have a VCR that is 10 years old and there was an issue all along but it didn’t crop up until 10 years later, the company would not be obligated to fix it for free. You got a reasonable lifetime of a working product.
> If you have a VCR that is 10 years old and there was an
> issue all along but it didn’t crop up until 10 years
> later, the company would not be obligated to fix it for
> free. You got a reasonable lifetime of a working product.
With Windows, the lifetime of a working product is close to zero, especially with the older versions like 98 (which is still better than 95 or ME). Most people had problems from the beginning, they just accepted it because any other OS was far worse.
However, the original argument was about patching Windows 98 *now*. Yes, I have to agree that 98 has its age and patching it is no longer an obligation of MS.
However if I can’t use my Win98 because some flaw is causing my computer to be infected by a warm off the Internet without me doing anything at all (remember Blast, Sasser?) then the product is faulty from manufacture and Microsoft is obligated to fix it, whether it’s now or 100 years from now, as long as they’re in business.
Well, if you are going to hold MS to this, you have to hold everybody to it, including Apple and all the Linux distro vendors. Are these guys still actively producing patches for operating systems they released 7-8 years ago? You can’t tell me that these don’t have security holes.
Also, as to your car analogy, I’ve never seen a record of anybody dying because of a software glitch on a personal computer, so I’m not sure this analogy applies.
Edited 2006-10-02 02:15
Also, as to your car analogy, I’ve never seen a record of anybody dying because of a software glitch on a personal computer, so I’m not sure this analogy applies.
Check this out:
http://courses.cs.vt.edu/~cs3604/lib/Therac_25/Therac_1.html
It talks about people killed by radiation due to faulty software.
Not all software can cause deaths, but some can.
True indeed…but if you were using a computer for something that could possibly cause damage or even death, would you really trust Windows as the OS? I don’t even think Windows zealots would go that far
Well, if you are going to hold MS to this, you have to hold everybody to it, including Apple and all the Linux distro vendors. Are these guys still actively producing patches for operating systems they released 7-8 years ago? You can’t tell me that these don’t have security holes.
Linux is a much different world altogether. They have free upgrades. You don’t have to pay for the latest and greatest software. You don’t even have to pay for commercial distros if you don’t want to. Take CentOS for example.
“What does it mateter if they’re for profit or not?!
If they made a faulty product they’re obligated to fix it or recall it off the market.
If I have a 7 year old computer with Win98 on it and the hardware is still working fine and the software meets my needs, why should I be forced to replace it just so a company gets a cache injection? “
If you had used the software as recommended you would not have any issues really. Microsft has always stated to connect from behind a firewall, to include dial-up connections. If you connected directly without a firewall, then and only then did you have the issues you speak of, therefore you have used your computer incorrectly. If you are using it correctly, it is not an issue. I had one virus on Windows 95, and that I did purposely to see the extent of what it could do, and it was disconnected from any networks when I did so. To be plagued you are not using the system as recommended. Security is not in the OS, but rather the user and if they can follow directions. Unfortunately we have seen that most of the world can not follow simple instructions, evidenced by blaster.
> If you had used the software as recommended you would
> not have any issues really. Microsft has always stated
> to connect from behind a firewall, to include dial-up
> connections. If you connected directly without a
> firewall, then and only then did you have the issues
> you speak of, therefore you have used your computer
> incorrectly.
Can you give a quote from the Windows 98 manual regarding this? I don’t think firewalls were popular back then.
> What does it mateter if they’re for profit or not?!
> If they made a faulty product they’re obligated to fix
> it or recall it off the market.
You are basically asking for fair treatment of the customer in a market that isn’t used to it. I agree fully with you, but this won’t become reality until flawless software becomes the norm and producers of buggy software suffer heavy image penalties.
A while back, a group released a patch for Win98, but it was actually adware.
but people would be much the wiser to go for say Windows XP over any of the Windows 9x/Me releases.
You are forced to move.But there are enough people for whom win 98 is sufficient enough.XP has little features to offer,much less the bloated vista.
Windows already comes from Microsoft and its a huge risk in a corporate environment. If it wasn’t than none of this would be necessary.
Skip ME?? That P.O.S. needs all the help it can get! We should encourage them (or someone) to rewrite the whole thing!
Seriously though, I pity anyone left using ME. I previously had a local computer repair biz, and I can confirm (what you know already) that ME is horrible. I replaced more than a few ME installations with 98SE, given that the customer possessed a 98 license.
It costs Microsoft money to keep patching these older versions. They can’t start asking money for it, if they don’t want to damage more of their reputation. So they just stop the patching. Well, they can’t be expected to continue to do so forever.
Other people, apparantly, can continue to do so, asking money for it or not. It makes sense this way, especially for older people that are not looking for the hassle and cost of a (legal) upgrade, and just want to keep their old Wndws 98 box running.
Maybe it would be a good idea to organise a competing non-profit volunteer “Emergency Response Team”, that backs up these people’s data and installs a shiny, fresh, up-to-date, secure, and easy to use open source operating system for them.
Edited 2006-10-01 21:09
Microsofts patch for XP and Windows 2000 SP4 came out 5 days ago.
http://www.microsoft.com/technet/security/bulletin/ms06-055.mspx
The products listed in this article comprise about 5% total of the web suring computers out there (if you don’t count Windows 2000 – which Microsoft did release a patch for if you are on SP4 – and there is no good reason to not be on SP4)
(Admittedly that is 12 times the Linux share, but still …)
If you are running Win98 still you have more serious issues than the VML vulnerability to worry about.
Edited 2006-10-02 02:29
My wife’s Win2k box does not boot cleanly if I apply SP4, so she isn’t running it. It blue-screens before it gets to the sign-on screen. Seriously.
That’s a good reason to “not be on SP4” in my book…