Thread: How does he know it's XP?
View Single Post
  #6  
Old September 3rd 16, 03:22 AM posted to microsoft.public.windowsxp.general
VanguardLH[_2_]
external usenet poster
  
Posts: 10,881
Default How does he know it's XP?
Ammammata wrote:

VanguardLH:

"Information stored on a computer running Windows XP is potentially
at risk and the security community pretty universally regards
Windows XP as unsafe at this point."

you should explain this to the banks, whose POS you can find worldwide
are still running XP (or NT or OS/2) Probably the doctor is paying
the fee to MS to get the most recent patches and updates

I've seen some grocery stores that still run Windows 98. Of course, it
isn't the standard install with all the non-OS bloatware, like MS Paint.
It is a customized setup specifically designed for use with POS hardware
(their cash registers). When I worked at a software development company
that dealt with seat (licenses) costing over $60K, there were still
customers running 20-year old IBM VSE. There is lots of hardware that
still runs ancient operating systems. If it works, there's nothing to
fix by replacing it with a newer version. General-purpose operating
systems can be vulnerable but they can also be locked down even further
than the embedded version to perform only the functions required by the
vertical-market software installed to run under them. The embedded OS
doesn't need a web browser, lots of services, all the bundleware, or
lots of the multi-technology fluff so if it is not allowed to load,
disabled, or removed then the OS is not vulnerable to the exploits in
all that blocked, disabled, or removed fluff.

While Embedded Windows XP has a longer support lifecycle than the
general release version, its support lifecycle has also ended. See
https://support.microsoft.com/en-us/gp/lifewinembed. That the author
drops support does not preclude anyone else from providing support.
When you buy hardware with an embedded OS, you don't bother with support
from the OS author. You get it from the hardware vendor. For example,
when you buy various controllers or electronics, they have an OS but you
don't care which one or try to contact the OS author about problems with
the hardware. You call the hardware vendor.

For an embedded OS as part of a total hardware solution, they shouldn't
be waiting until Microsoft gets around to releasing a patch, if any or
if every, for some known vulnerability. Locking down the OS to
eliminate unnecessary functionality gets rids of many vulnerabilities.
They can employ their own code or 3rd party security software to further
secure the OS. An old OS, especially one that is throttled, is *not*
necessarily more vulnerable and can actually be less vulnerable than
newer versions of the OS: newer code introduces newer bugs and newer
vulnerabilities whereas if the old code is no longer support and no
longer changing then your own management remains effective. In fact,
for embedded OSes, they don't go polling for new updates from Microsoft
or any OS vendor. That would mean the state of the OS will change which
can screw up the embedded setup.

If you contracted for OS support after Microsoft (or whomever) dropped
support, you contact the contracted support vendor for help. That's
what they are paid for. You can always find someone willing to support
any OS long after its author has dropped support or abandoned it. Not
everyone is as cheap as typical end users that think they can do their
own admin and support functions. They bitch about loss of support but
they'll unwilling to pay for it. Alas, I've also seen lots of examples
of contractors professing to have the expertise to their customer(s) who
come here asking for help so their customer(s) won't know they are
ignorant. But then the customer is paying for support and doesn't
really care how the tech gets their expertise or from where.

The article's author obviously is just a blogger, not a journalist, that
wants to consume some bytes to qualify his presence there. He is not
dispensing any validated information.
Ads