Ha! Maybe the gods are just happy that Steve Ballmer’s desk no longer resides on the Microsoft campus. Then again, maybe the boys from Redmond are merely up to their old tricks and are manufacturing a coincidence that serves their needs. Now that I think about it, with all of the cooperating that Microsoft’s done with the NSA, might we assume that Homeland Security might owe Redmond a favor or three?
Here’s the deal. On Saturday we learned from Microsoft that its Internet Explorer browser has a serious security vulnerability affecting versions six through eleven, which will come as no surprise to those who understand Microsoft’s history with security issues. The vulnerability makes all users of IE vulnerable to drive-by attacks, meaning all users are just one link click away from a malware download. Worse, since the majority of Windows users ignore best practices and run their computers as admin, any malware downloaded would pretty much have universal rights on an infected computer.
Also last weekend, security firm FireEye announced it’s already found an in-the-wild exploitation of the vulnerability, which uses a known issue in Flash to gain access to a computer’s memory. Rest assured, the boys and girls in Redmond are frantically working to come up with a fix, but that isn’t going to help XP users, since the Microsoft police quit supporting that OS three weeks ago.
While I don’t see any pluses with people having their data at risk, especially folks with little to no computer savvy, my jaded self can’t help but wonder if some of the folks at Microsoft don’t see a sliver of a silver lining to this dark cloud. Will this help them convince a few people to march down to Best Buy or login to Amazon to purchase a new Windows 8.1 machine? No doubt, that’s what Microsoft is hoping, just as Mark Shuttleworth has his fingers crossed for more than a few to call friends to ask them to download and install Ubuntu for them.
Let’s face it, anyone still running XP who’s also still using Internet Explorer as a default browser isn’t the most computer knowledgeable person in the universe or even on the block. Forget the fact that Internet Explorer has never been a secure browser, XP users haven’t even been able to upgrade the browser since version 8, released five years ago. These would be the prime people to convince that the time has finally come to make the switch from XP to something else. They’re also in that part of the market that’s least likely to consider any alternative to Microsoft — such as Linux.
However, upon closer examination, that assumption disappears.
These are the people who’re still using an operating system that’s nearly thirteen years old with a browser that’s five years out of date. They’re the people who’re still running an operating system, from a company with a known spotty history when it comes to security, three weeks after its maker ended support. The thought that many of these people will change their ways and move on is ludicrous. Most home users using XP combined with Internet Explorer will make no changes until the black hats bring down their systems, giving them no other choice.
Here at FOSS Force, we had one old Lenovo IBM desktop running XP, our only Windows machine — which hasn’t run IE since we’ve owned it. On April 8, the last day MS supported XP, we let Redmond patch the system one last time and shut it down. It hasn’t been started since. Most of what we need from the box we’d already moved to our Linux machines in preparation for the end-of-support day. At some point in the next couple of weeks we’ll fire it up again and take it back online one last time to move some stuff up to the cloud.
That won’t be the end of that box, however. We’ll be upgrading memory, putting in a new hard drive and putting the old box back in service with the Xfce version of Linux Mint 13, an LTS that’ll be supported until 2017.
Anyone still using XP needs to know the time is now to say goodbye and give it up. And any Windows user of any version shouldn’t even consider using any version of Internet Explorer, ever. Remember, your browser is on the front lines in your ongoing war with the black hats who would like nothing more than to steal your banking information. It can be a way in…or not.
Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux
I took my remaining XP unit offline, wiped the drive, reinstalled XP to SP2 (circa 2005), shut off all network services, and replaced the Explorer shell with a lighter alternate. Windows XP now boots faster than the Lubuntu install that shares its drive.