Category Archives: Windows

Why Windows 8.1 Update 1 is ‘required’

We recently wrote about the release of Update 1 for Windows 8.1.

In that post, we noted that Microsoft was making this update mandatory for all subsequent security updates, and wondered why they would do that. Apparently we weren’t the only ones, and there was enough angry feedback that Microsoft extended the period during which Windows 8.1 systems without Update 1 could continue receiving security updates, from 30 days to 120.

But why add this kind of limitation at all?

Ars Technica may have the answer to that question. We previously wondered why Microsoft wasn’t simply labeling Update 1 as ‘Service Pack 1’, in keeping with their long-established practices. The answer is simple: Microsoft sees what Apple, Google, and other O/S developers are doing, and they want to do the same.

Anyone who owns a Mac knows that Apple’s support for previous versions of OS X is extremely limited. If you want to keep running that old version of OS X, you’re going to have problems, and you won’t have any recourse except to bite the bullet and upgrade. Often, that also means upgrading the hardware. While this is clearly a consumer-hostile stance, it’s easy to understand. Apple saves an enormous amount of money and effort that would otherwise be spent on supporting old versions, developing updates for multiple O/S versions, and so on.

It appears that Microsoft has finally started down the path away from backward-compatibility and support for old versions of Windows. This is both a good and a bad thing. Backward compatibility is why so many people still run Windows XP: why upgrade your O/S if it suits your purposes and can still be kept reasonably secure? But it’s also the source of many problems.

Moving to a more restricted update system in Windows 8.x looks like the first step in a general trend towards the less consumer-friendly model used by Apple and others. And if that’s true, we can expect more moves like this in Microsoft’s future. Which is sad, but probably inevitable.

No more updates for Windows XP – what now?

RIP Windows XP. At least from Microsoft’s point of view. In fact, use of the O/S continues, and will probably do so for years.

First, let’s get one thing out of the way: it’s not a good idea to keep running Windows XP. If your XP computer is never connected to the Internet, then you have much less to worry about, but continuing to use XP on a computer that is connected to the Internet is risky. Especially if you’re also still using Internet Explorer, in which case you will almost certainly end up with malware of some kind in the very near future.

Anyone who can’t or won’t upgrade from Windows XP should take certain precautions. Check out the Windows XP page on this site for some useful tips.

If you want to do the responsible thing and move away from Windows XP, what are your choices? The best option at this point is Windows 7. You can still buy Windows 7, but Microsoft says that they will stop selling it in February 2015. I’ll be updating the Windows 7 resources on this site to provide XP -> 7 migration tips in the near future.

Other possibilities – for the more adventurous – include Linux and Chrome OS. Linux comes in many flavours, but one in particular is designed to make Windows user feel at home: Zorin OS (free). Chromium OS from Google was designed to be used with its inexpensive and simple ChromeBook computers, but it can be installed on regular PC hardware. It’s free, but probably only useful for users with basic requirements. It runs on top of Linux.

There are loads of articles on the web about the ‘XPocalypse’ – as it’s come to be known. Ars Technica has this: ‘The XPocalypse is upon us: Windows XP support has ended‘.

Windows 8.1 Update 1 now available

The first update for Windows 8.1 is available for downloading from Windows Update. As previously discussed, this update consists mostly of changes to the user interface that should make keyboard/mouse (non-touch) users more comfortable with the O/S. There’s still no actual Start menu, although Microsoft is planning to return that much-missed feature in a future update.

Of particular note is the fact that this update is necessary for access to future updates, starting in May 2014.

Update 2014Apr09: Apparently Microsoft has pulled Windows 8.1 Update 1 from its servers, saying that the update is causing problems with the update system itself, in some cases preventing updated systems from checking for future updates.

Patch Tuesday for April 2014

It’s a very special Patch Tuesday: the last one for Windows XP and Office 2003. Security vulnerabilities in those products that appear after today will not be publicly patched by Microsoft. Also losing support today is the much-despised Internet Explorer version 6.

There are four bulletins and corresponding updates this month. Two are flagged as Critical. The updates address eleven security vulnerabilities (CVEs) in Office (including Office 2003), Windows (including Windows XP), and Internet Explorer (including IE 6).

As expected, one of the updates addresses the recently-discovered vulnerability in Word’s handling of RTF documents.

The MSRC blog has a good overview of this month’s updates.

British and Dutch governments paying for Windows XP updates after April 8

It’s long been understood that Microsoft would continue to produce updates for Windows XP after support officially ends on April 8, 2014 – for anyone willing to pay. What hasn’t been known for certain is whether anyone would actually pay.

Now, as reported by Ars Technica, the British and Dutch governments have apparently decided to delay upgrading thousands of Windows XP computers, and have contracted with Microsoft to continue supporting Windows XP.

This raises some interesting possibilities. It seems likely that at least one person who works in the British government will find a way to leak new Windows XP security updates to the rest of the world. Microsoft may have measures in place to prevent this, but people are inventive, and would probably find workarounds. Then again, would you trust a supposedly-official update that you obtained from a shady download site? One can imagine Microsoft relenting, and making the updates available to everyone, just to stop the spread of tainted updates.

Another possible scenario is that a flood of hacks, attacks and malware, all based on previously unknown Windows XP vulnerabilities, have such a huge impact on the Internet, that again Microsoft relents and makes updates available to everyone.

If Microsoft does give in and continue making updates available for everyone, what does that mean for the British and Dutch governments? Will they demand refunds from Microsoft? Each has apparently paid many millions of dollars for the updates, so it would be completely reasonable to want it back if the updates became available for free.

This is going to get interesting…

Update 2014Apr15: Add the US Internal Revenue Service to the list of organizations paying Microsoft for Windows XP support and patches.

Update 2014Apr21: Apparently Microsoft just reduced the price tag for Windows XP patches. Presumably they looked at the current Windows XP usage numbers and decided it’s less important to gouge corporate clients than it is to make sure Windows XP systems are patched.

Advance notification for April 2014 Patch Tuesday

Next Tuesday is much more significant than the usual Patch Tuesday, because this crop of updates will be the last one for both Windows XP and Office 2003.

After April 8, most of the IT-enlightened world will be holding its collective breath, waiting for a likely deluge of hacks, attacks and malware based on vulnerabilities in Windows XP and Office 2003.

According to the official advance warning bulletin from Microsoft, this month’s updates will include patches for Office, Windows and Internet Explorer. Two of the patches are flagged as Critical.

One of the patches addresses the recently-discovered vulnerability in Word’s handling of RTF documents.

As usual, there’s a somewhat less technical overview of the upcoming updates on the MSRC blog.

The SANS InfoSec Handlers Diary blog has its own take on the upcoming updates.

Windows 8.1 Update 1 available starting April 8

Microsoft recently announced the release date for Windows 8.1 Update 1: April 8, 2014, which is also Patch Tuesday for April. Windows 8.x users will be able to download the update via the Windows Update service.

This update brings back some of the mouse/keyboard and desktop features missing from the original version. Still missing, however, is the Start menu.

Ars Technica has more, as does The Verge.

Millions of computers still running Windows XP

With less than a week to go before Microsoft ends support for Windows XP, over 27% of Internet-connected computers are still running the venerable O/S, according to an Ars Technica report.

Microsoft has clearly been unable to convince XP users to switch to another O/S, and the days and weeks following April 8 will likely be filled with stories about new malware and attacks on XP-based systems.

MSRT will still be updated for Windows XP after April 8

Microsoft’s Malicious Software Removal Tool (MSRT) checks for and attempts to remove known malware from Windows computers during the Windows Update process.

Previously, it was assumed that MSRT would stop being updated for Windows XP once support for that O/S ends in April. A few weeks ago, Microsoft confirmed that it will continue to update MSRT on Windows XP computers until July 15, 2015.

This is good news for anyone who will still be running XP after April, but it’s important to note that MSRT is not a substitute for a full anti-malware solution, and should not be seen as protection against the flood of malware, targeted at Windows XP computers, expected to appear after April 8.