Win XP vulnerable to that TCP/IP hack, Microsoft doesn't care.

[thorfinn]

So, that TCP/IP issue I mentioned last time in " Computer Security - Anything But Windows. Seriously."?

Microsoft: No TCP/IP patches for you, XP

"We're talking about code that is 12 to 15 years old in its origin, so backporting that level of code is essentially not feasible," said security program manager Adrian Stone during Microsoft's monthly post-patch Webcast, referring to Windows 2000 and XP.

So, in other words, Microsoft has forgotten how to maintain the code for Win XP. Either they've dumped too much critical build infrastructure, or it's just "too difficult" to build a patch that goes that deep into the XP kernel.

Either way, it really doesn't speak well for toolchain maintenance, development process and their software architecture (or lack thereof).

Bear in mind, this is for a version of the OS that is not supposed to be end-of-life yet. I have no issue with inability to patch end-of-lifed OS versions - I wouldn't expect to see patches for Win98, for example.

Although the two bugs can be exploited on Windows 2000 and XP, Microsoft downplayed their impact. "A system would become unresponsive due to memory consumption ... [but] a successful attack requires a sustained flood of specially crafted TCP packets, and the system will recover once the flood ceases."

In short, Microsoft's other excuse for why they aren't bothering to patch XP is that your Windows XP machine will theoretically hang if it's being attacked, so you're obviously perfectly safe from being hacked. Ahahah. Very funny. At least to me, anyway.

So: Computer Security - Anything But Windows. Seriously. Really, Seriously. Run, don't walk. Try something else.

Comments

[tangent_woman]

Would it be overly cynical of me if I were to wonder whether the decision to prematurely reduce maintenance for XP was not influenced, in part, by the thought that an unaddressed security flaw in XP would "encourage" people to use Vista or Windows 7?

[thorfinn]

Not at all overly cynical. :-)

[tyggerjai]

Somewhat apropos, I have a Pressing Need to run a couple of windows apps, but BootCamp seems to defeat the purpose of owning a macbook somewhat. And I don't want to *own* a windows laptop, let alone *buy* one. So is there anything you recommend for running windows apps (I'm thinking specifically Autocad)on Mac?

[thorfinn]

Divides up into two main categories with a couple of options in each:

• Virtual Machines (You'll need windows media and a legit windows license still)
  • SUN's VirtualBox (free, not bad, no "transparent" mode).
  • Parallels - full virtual machine payware.
  • VMWare Fusion - full virtual machine payware.
• Wrap the App and Pretend To Be Windows (no windows required)
  • Wine - no binary Mac OS download, not sure if source will compile, I haven't tried it.
  • Codeweavers' Crossover Office (Wine as supported payware, there's a Mac version)

That's the options, as I recall. I can't vouch for the viability of any of them, except to say that I've worked a bit with Parallels and it seems fine.

[tyggerjai]

So caught between paying for the OS, or living with dubious "maybe it'll work" support. I'm not hugely impressed with Wine/Crossover, to be honest.

I shall think on't some more, thank you.

[thorfinn]

A quick Let Me Google That For You: Autocad Mac Replacement gets me:

http://forums.macrumors.com/showthread.php?t=594050
http://architosh.com/forums/showthread.php?t=1414

both forum threads seem to contain a lot of options for Mac native CAD programs, as well as a few people talking about running it under VMWare. :-)

I assume part of the issue is that you have a copy of AutoCAD, and/or you are working with files already in AutoCAD and/or need to share them with other people with AutoCAD?

[tyggerjai]

Actually, more that I assumed that the Mac autocad replacements were as dire as the Linux ones. That may have been a hasty assumption. The ability to read and produce .dwg files is pretty important though, ultimately, yeah.

[zey.livejournal.com]

Exactly what I'm thinking. They desperately need Windows 7 to succeed, and they may see this as a good opportunity to herd the cats.

I suspect it's going to backfire horribly on them when a frustrated third party supplies a fix, and Microsoft end up looking very foolish.

Wine

[ewen]

Wine started out in the "Dancing Bear" stage (the marvel was that it danced at all, not that it danced well). The developers have managed to get it to the point where it works pretty well for certain applications (and the more mainstream they are, the more likely it is to work), and I do use it almost every day for running certain Windows applications on Linux and more recently MacOS. But there are still plenty of Windows applications for which the Wine coverage is too incomplete. Crossover Office basically adds polish and support for some specific applications -- if your desired application is on that list, and you need a support option, it could be a good option; but if your desired application isn't on their list (yet) it may not help at all.

Parallels/VMWare Fusion (both of which require a windows license) are relatively cheap (compared with, eg, AutoCAD or Windows) and pretty polished. But at that point you're buying a Mac + virtualisation software (US$80 seems to be the price point) + Microsoft Windows + application. So if you absolutely depend on a complex application which only runs on Windows, you're a bit stuck with buying Windows, etc.

If your usage is simple enough that there's some work-alike compatible programme that will run natively and do what you want that can be a better migration option. DXF shapefiles are relatively widely supported in other applications, which may offer some scope if you just need basic read/write; I'm not sure about DWG but it'd be worth checking. (The biggest sticking point for my current day job is Microsoft Visio files, where Visio is also Windows only, it won't run under Wine at present, and there are few other programs able to understand the format.)

Ewen

Re: Wine

[zey.livejournal.com]

WINE's reached v1.0 recently. I'd give it another look. It certainly manages to run the Windows versions of my apps decently enough; though, admittedly, I've deliberately tweaked mine to handle a few of WINE and ReactOS's minor eccentricities on the odd occasion ;).

But, for anything serious like Autocad, virtualisation's probably going to be better for you.

[kitling]

Tehnically XP is at the end of its life and has been for some time now. Vista was supposed to be the end of the XP, unfortunately for M$ major flaws meant they had to keep supporting it, largely because consumers insisted. However, Win7RC is actually pretty stable and has fixed many of the flaws of Vista. XP will no longer be supported or sold for much longer. Software makers have had several years now to ensure their software will run on Vista/Win7.

Let me cut and paste an amusing email sent at work when the manager asked why people were wasting time on Win7. Please note: said email writer did an excellent job of not explaining to said manager why he was an idiot

"If you feel that it would be beneficial to give Windows 7 testing Project status, I'd be happy to make it so!

As for the reasoning behind Windows 7 testing, I'll list a few that rank quite high in my opinion:

* the Windows 7 Release Candidate had already shown a lot of promise as replacement of Windows XP, this is confirmed by the stability and compatibility seen so far by the Release To Manufacture version
* Windows XP, while still being supported by MS, will no longer suffice as OS of choice for our research community, mostly due to its RAM access limitation in 32bit, and its overall tendency to get noticeably slower over time. Win 7 has thus far not shown this in my experience
* One of our objectives has to be aware and knowledgeable of current technology trends, and foster understanding of emerging ones. Windows 7 is likely to be sold on DELL PCs from end of October onwards
* If compatibility testing bears out what I currently see as a worthwhile improvement over Windows XP, I foresee us using it instead of Windows Vista in our lab environments (when OS upgrades are to be undertaken), in the same way that some university departments have skipped Windows 2000 when considering upgrades from Win98"

I'm now running Win7 at home, I've been running it since beta, because its better than XP and Vista and haven't got around to updating parallels yet.

If you want to bitch about M$ vrs Apple, a better way to do that would be to compare cost. I'll upgrade to Snow Leopard because its cheap, I probably won't upgrade to Win7 Pro - because I have no inclination to give M$ money and no longer working for a university means I won't be covered by their site license.

Re: Wine

[tyggerjai]

Wine is great for WoW and a couple of other things I run, but if I go the autoCAD route, it's $4,000 for a license. The cost of VMware and Windows is trivial, and as you say, probably better. What I really object to is paying for windows :) Luckily, there are a couple of sweet looking Mac options to replace AutoCAD, for a fraction of the price.

[thorfinn]

Well, yes. Boxed set family pack, 5 licenses each of Snow Leopard, iLife09, iWork09 costs you less than 1 license of M$ Office for Mac. :-)

The thing is, Win7 is an improvement, yes. But I still don't trust Microsoft to code their way out of a paper bag. I still see zero evidence that they actually give a shit about spending serious effort on implementing well known software engineering processes that massively improve your quality of product output.

I see evidence of a bit better end-cycle polishing, and actually taking the time to go round a proper test cycle instead of just shoving a beta out the door, but that doesn't change the serious under the hood stuff that makes a real difference to things like security.

Windows 7 pre-release versions have already been demonstrated to have major security holes, one of them in the RC just this month.

Re: Wine

[thorfinn]

Heh, so true about Wine being a dancing bear. :-)

As far as virtual machines go, VirtualBox from SUN is quite good IME. They just recently introduced a 3D graphics driver beta feature, but I haven't tried it yet.

Also, hello by the way! :-) Do I know you from somewhere, or did you just randomly find this post?

[thorfinn]

Also, if XP is end-of-life, then they should say so. If it's not end of life, then it should get at least security patches. Anything else is just lying to your customers.

Re: Wine

[ewen]

I'm "edm" on LiveJournal (because someone else took my first name there); you have me friended there. (I saw the echo onto LJ, and popped over here to comment.)

We have actually met in person, once, about 9 years ago. In Melbourne. When you and various others were running Netizen. (I randomly turned up via ASR and "borrowed" some bandwidth.)

Ewen

Re: Wine

[thorfinn]

Ah, coolio. :-)