Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
United Kingdom Government Security Windows IT

Windows XP Support Deal Not Renewed By UK Government, Leaves PCs Open To Attack 137

girlmad writes: The government's one-year £5.5m Windows XP support deal with Microsoft has not been extended, sources have told V3, despite thousands of computers across Whitehall still running the ancient software, leaving them wide open to cyber attacks. It's still unclear when all government machines will be migrated to a newer OS.
This discussion has been archived. No new comments can be posted.

Windows XP Support Deal Not Renewed By UK Government, Leaves PCs Open To Attack

Comments Filter:
  • Maybe the UK consider to take Microsoft to court in case something happens and sue them under product responsibility laws or something.

    • Re: (Score:2, Insightful)

      by Anonymous Coward

      Maybe the UK consider to take Microsoft to court in case something happens and sue them under product responsibility laws or something.

      Take them to court over what? It's not like Microsoft hasn't been perfectly open about support ending last April.

      • It's Whitehall. They'll pass a law through Parliament to make sure they have grounds for the suit ;-)

        • by Luckyo ( 1726890 )

          Retroactive legislation like this would be likely contested up to the constitutional courts and then if necessary ICJ and declared illegal.

        • Re: (Score:2, Interesting)

          by hairyfeet ( 841228 )

          You want to know what is sad? When I'm sitting there bored at the shop I have installed Windows 7 on some pretty ancient pieces of crap I end up with on trade ins and ya know what? As long as its got a GB of RAM it'll run just fine, 10 minutes turning off any services they do not need and it'd run better than XP. I seriously doubt we are talking last PIIIs and first gen P4s in the British government, if my own local government (who had all theirs switched by cutoff, ended up with a mountain I needed to refu

          • I installed Windows 10 build 10061 x86 on an almost 12 year old computer. Athlon 64 3200+ Gigabyte KA-K8N Pro motherboard 1 ½ GB of DDR1 RAM (333 MHz) Sapphire Radeon 9600 Pro graphics card It boots up incredibly fast and uses... about 1% - 4% CPU at idle and 18ish % RAM at idle. I'm very impressed .:D
      • by johnw ( 3725 ) on Thursday April 30, 2015 @06:08AM (#49584127)

        Microsoft hasn't been perfectly open about support ending last April.

        Well, not quite open. They have consistently portrayed the situation as being one of support ending last April. The truth is, support for XP did not end last April, and was never planned to. What actually happened is that support went from being free (or at least included in the price of the product) to being a very expensive add-on.

    • Re: (Score:3, Insightful)

      by oodaloop ( 1229816 )
      XP is 14 years old, and they gave plenty of warning when support would end. MS is under no obligation to support anything indefinitely. Seriously, why is your first response to sue? Is personal responsibility that hard?
      • Re: (Score:2, Informative)

        by Anonymous Coward

        XP is 14 years old, and they gave plenty of warning when support would end. MS is under no obligation to support anything indefinitely. Seriously, why is your first response to sue? Is personal responsibility that hard?

        Because it should be the case. Those government agencies had contracts with Microsoft since 2002 where they paid 50 dollars a year extra per computer to Microsoft after Windows XP was released in exchange for a safe/free upgrade path to the next version of Windows. Microsoft's part in the contract was to provide them a new version of Windows by 2003 or free XP support till the hardware dies. But that did not happen. Instead, Microsoft screwed them over and kept releasing service packs for XP instead. They n

        • by Anonymous Coward

          XP is 14 years old, and they gave plenty of warning when support would end. MS is under no obligation to support anything indefinitely. Seriously, why is your first response to sue? Is personal responsibility that hard?

          Because it should be the case. Those government agencies had contracts with Microsoft since 2002 where they paid 50 dollars a year extra per computer to Microsoft after Windows XP was released in exchange for a safe/free upgrade path to the next version of Windows. Microsoft's part in the contract was to provide them a new version of Windows by 2003 or free XP support till the hardware dies. But that did not happen. Instead, Microsoft screwed them over and kept releasing service packs for XP instead. They never got a free upgrade to a new OS. Why should they pay for upgrades when Microsoft broke the contract? As much as "teh internet" hates to hear this, Microsoft should be legally forced to abide by the contacts they signed and keep supporting Windows XP till the last contracted government agency replaced their hardware even if till 2030.

          This sounds like a very strange contract clause if formulated this way -- any citations on this?

        • There is. It is called Windows 7 and by the way even that is over half a decade old!

          Why is it Microsofts fault that they bought software with IE 6 specific rendering probably purchased 6 or 7 years after IE 6 came out! Poor us we are the victims yada yada.

          No sympathy and someone or somebodies need to be fired. Talk about bad management.

        • Microsoft's part in the contract was to provide them a new version of Windows by 2003 or free XP support till the hardware dies. But that did not happen. Instead, Microsoft screwed them over and kept releasing service packs for XP instead. They never got a free upgrade to a new OS.

          You're shifting goalposts here. In lieu of a new OS in 2003, MS provided XP support (including service packs, which were free) long past the service life of the 2001-era hardware we're talking about. Sounds like they complied with the second part of the contract, which I bolded above.

          • Is the hardware dead/retired? Is the support still free? If you answered no to either question, then they *aren't* honoring the deal. Unless the contract specifically said "service life" AND gave a definite maximum duration for that term, then the life of the hardware is until its owners decide to retire it. Running 15 year old hardware that still gets the job done is hardly an unusual scenario.

            • Sorry, that should be "if you answered no to both questions"

              Perhaps Microsoft was counting on Moore's Law rendering the hardware unable to "get the job done" by now rather than performance improvements pretty much stalling out for the last decade, but that's their problem. If you want to bet on unstated "gotchas" crippling a contract in your favor, you've got to also be willing to have that bet turn sour.

      • No viable replacement was offered until mid 2009 (Win7). New PCs with XP were deployed (certainly in business) until then. That isn't 14 years.
        • by yuhong ( 1378501 )

          This reminds me that the reason Server 2003 got an extra year of support is that they waited until after Vista SP1 to release Server 2008, and Vista RTM had many well-known problems.

    • by Zocalo ( 252965 ) on Thursday April 30, 2015 @05:12AM (#49584023) Homepage
      No need. What the summary doesn't cover (it's in the the actual article) is that that this was always the plan. The UK Cabinet Office arranged a blanket agreement for the extended support coverage that applied to all departments that needed it for a lower overall cost, making it quite clear right from the start that this contract would not be renewed, and it hasn't been. It's now up to the individual departments to decide whether or not they wish to expend some of their own budget on further extending their specific support with Microsoft on a per-department basis. If there's a story here, it's the number of PCs still running XP that are now outside support and which departments those PCs are in, but that's something the article doesn't cover.
      • Re: (Score:3, Interesting)

        by Xest ( 935314 )

        Probably more worrying is the fact that much of our military are still using IE6.

        • by Lumpy ( 12016 )

          The Surface to Air missiles are programmed via a web interface using Active X controls written in Visual Basic 6.

          • by Xest ( 935314 )

            Based on launch trajectories calculated via a macro in an Excel 95 spreadsheet that is sent from personal Hotmail addresses?

    • Maybe the UK consider to take Microsoft to court in case something happens and sue them under product responsibility laws or something.

      Uhhh.. no one is forcing them to continue to use ancient software. They're quite welcomed and encouraged to upgrade to something newer and better. Certainly not Microsoft's problem. Microsoft and most of the rest of the world have long since moved on.

    • or maybe they've taken the time during extended support to replace all vulnerable PCs with Win7 and unplug the rest from the internet.

      • Many computers running Windows XP can not be upgraded to Windows 7 because Windows 7 has additional hardware requirements. I own one of these type of computers. There is no way for me to upgrade my Windows XP computer.

  • by Anonymous Coward on Thursday April 30, 2015 @04:52AM (#49583975)

    The Brits aren't dumb. They figured out that whether they throw 5.5M at MS or not, XP will run on regardless. Surely MS don't supply the anti-virus / firewall software? That must be 3rd party, and I'll bet, works out a heck less than 5.5M quid. The posting suggests that the second XP "support" vanishes, billions of malwares will converge on those computers. No. Unless MS pays someone to do it...

    • by Luckyo ( 1726890 ) on Thursday April 30, 2015 @09:25AM (#49585389)

      Pretty much this. Most likely someone with a clue finally realised that as long as you have a working firewall and anti-virus that will block outside executables, your XP machine is quite safe from "omg internet viruses". Especially if like most computers in major organisation, it's also sitting behind a NAT.

      • Problem is they also need to be very careful about any files with scripts, like office docs, PDFs, etc. Then anything that uses built in OS libraries, such as image files, SSL connections, etc.

        That gets hard, anti-virus is severely limited unless it does proper heuristics which seems to be rare, there are whiteboxing technologies but they are expensive and not foolproof. At some point you need to either isolate those legacy systems from the rest of the world or upgrade them.

  • by Anonymous Coward

    Simple answer is just too remove all the pc's from the internet. Do they need it to work out taxes, etc? Of course not.

  • by Anonymous Coward

    Hyperbole much? Systems don't suddenly develop security holes the day a support agreement is ended. If it was fine the day before support ended, it's fine the day after. Of course, the moment a new issue _is_ discovered, it's game over.

  • by mangobrain ( 877223 ) on Thursday April 30, 2015 @05:36AM (#49584065) Homepage

    TFA and the summary make it sound as if it is the lack of support contract which makes these systems insecure. This is complete and utter nonsense - it is the fact that they are running Windows XP which makes them insecure. It's not as if malicious hackers around the world were sitting there rubbing there hands in glee, waiting for the day the support contract expired to plunder the systems, having previously been completely and utterly thwarted in their evil plans by the exchange of funds between the UK government and Microsoft.

    But at least a support contract would get them fixes for any newly discovered vulnerabilities, right? Well, maybe. No software is perfect, but the world - and Microsoft's practices - have moved on, and realistically it would take a *lot* of money for MS to spend a meaningful fraction of their resources securing an OS past the end of its useful commercial life.

    • Not true (Score:3, Funny)

      by Anonymous Coward

      It's well understood that Windows is so flaky it needs constant patching and the minute you stop paying, it explodes into a fireball. The only thing keeping that POS software from chomping on your important data is a constant fee paid to Microsoft to tame it.

      What you need is to cloudify the lot, you don't see clouds explode into fireballs do ya! That's the power of the cloud, I learned that at MBA school.

      • Clouds don't explode into fireballs, but they do drift away, leaving them back at square one.

    • by DarkOx ( 621550 )

      True, but if you had a working exploit that was no patch to fix, and you knew that your target was about to go off support and loose the ability to submit issues and expect a fast fix turnaround, would you:

      A) Go for it the moment you have a working sploit grab all you can.

      B) Wait a little while before you take the big risk of using it widely and trying to ex-filtrate the loot to avoid discovery. Then after the support is up and you know the response will be hampered make your move. You know either it will

    • by rhazz ( 2853871 )
      Is there any alternative to Microsoft for getting XP support? If another company said, hey, we'll give you equivalent support at 1/10 the cost MS asks, would that be legal or would MS sue them into oblivion? My government agency is also paying these fees for some legacy systems running on 2003.
      • Is there any alternative to Microsoft for getting XP support? If another company said, hey, we'll give you equivalent support at 1/10 the cost MS asks, would that be legal or would MS sue them into oblivion?

        No, of course there isn't. Microsoft owns all the code, and they have never delivered all of it to any party. Further, even Microsoft doesn't really understand the code, which has bits and pieces from various legacy codebases grafted onto it, forced into it, et cetera. Some of that stuff went away in Vista, but XP is still crammed full of it.

        In order to support XP without making it worse you'd have to first a) secure licensing from Microsoft to permit you to do that and b) hire much of Microsoft to get the

        • by scsirob ( 246572 )

          Don't kid yourself. The personnel with knowledge to maintain the internals of XP are all axed years ago. There's only a few H1B workers applying band-aids if really necessary.

    • I don't know why they should be allowed to keep the patents and copyrights then.

  • Assuming that IT pros outside of Slashdot are about as smart as IT pros posting on Slashdot, it's quite likely that those PCs have been replaced, reconfigured (remove network card and USB ports, seal the PC case?) or placed in different areas in their networks to mitigate the risks of running XP. Adding extended support at that price needs to be part of the solution, not the only thing they've done. Hopefully they've used that time for deploying and testing new security measures.

    • by CaptainOfSpray ( 1229754 ) on Thursday April 30, 2015 @06:18AM (#49584153)
      Yes, but UK gov does not have any of those "smart as on Slashdot" IT pros. The UK gov outsourced all its IT to Big-Name-and-Big-Billing suppliers, and got rid of its own IT-literate employees. Now that the BNaBB suppliers have got UK gov over a barrel, the charges they invoice are extortionate. Remember the scandal over the lost CDs containing the entire Dept of Work and Pensions database (IIRC)? That was caused by the relevant dept being unable to write a simple SQL SELECT, and the supplier wanting £5000 for 20 minutes work.
    • Does anyone have any insights into what that extended support actually provides. How many security patches
      have there been released since ? To me it sound as a very expensive extra insurrance for when the house burns down and
      people above you start to look for someone to blame.
      • by bazorg ( 911295 )

        The standard rules are set out here: https://support.microsoft.com/... [microsoft.com]

        A special customer like .gov.uk may have had a special contract.

      • by bazorg ( 911295 )

        I forgot to add that yes, probably there is a strong element of CYA policy. My company is not as important as MS or .gov.uk and we still have "you must have the servers and workstations running supported versions" in exchange of our SLA for support.

    • Umm, no. The computers at my workplace (UK govt) are the same as they have been for the last seven years. USB ports were disabled at the time of installation, but they are connected to the internal network as well as the internet. Still run several legacy applications that need IE (we're still on IE7). Even worse, even new applications that have been brought in within the last year are still IE-only. With no new updates to IE on XP platforms it's an insane risk
      • At this late point in the game, no government department is going to waste time and money on migrating to Windows 7 - a 5 1/2 year old OS that hasn't received a service pack in 4 years, whose "mainstream support" already ended in January.

        With that in mind, you better hope your IT department has at least been following the Windows 10 beta program, in terms of testing on a few machines. It'll be released by October in time for the Christmas gift period - leaving a slim window of opportunity to be deployed at

  • Linux would be a refreshing change. And updates are free!
    • Running things without support agreements brings managers out in hives, particularly an arena as risk-averse as a health service.

      Something you paid for fucks up? It's the supplier's fault.

      Something you didn't pay for fucks up? It's YOUR fault.

      Therefore there's no real advantage, from the POV of licensing costs.

      The real reason they've not migrated from WinXP has to be considered. The NHS is a mire of vast depth full of crufty software. They have so many pieces of old software it's not true. It's really diver

      • Even if you have the source, you need a team of people who are capable of updating it. If they were running linux, they might well still be on a 2.4 kernel because of a custom made third party app that requires it that nobody could make sense of.

        • If you have the source, you have the option of hiring a team to update it. The NHS is large enough that they can afford to hire their own. Indeed, many hospital trusts do already have their own in-house teams of developers maintaining home-grown applications.

          OTOH I've seen in-use hospital systems where the source code has actually been lost and the last person who worked on it died some time ago. That should be illegal. On products I've worked on in the past, there have been source escrow agreements. These

      • by jez9999 ( 618189 )

        It's gone this way for as long as it has because like everything else in the NHS, the budget has been cut to the bone.

        How is this when NHS funding has been ring-fenced and gets increased every year? Are UKIP right about vast waste in middle management?

        • Firstly, the thing about NHS funding increasing every year is a lie, and our politicians have been told to stop lying about it [telegraph.co.uk] repeatedly (that link is to the Telegraph which is usually considered to be a Tory paper, so extra truthiness points).

          Secondly, we have a rate of about 4% inflation for healthcare costs. Even if they are increasing funding, are they doing it 4% year on year? No.

          Thirdly, a lot of the money is going on the stupid PFI contracts which bleed money away from clinical services and go to de

  • Exactly what kind of support are they getting? Just telephone type "my cup holder broke"? Seems like internal IT could handle most of that. Or are they actually fixing Windows XP bugs for them?
    • Just telephone type "my cup holder broke"?

      Look, those things are really flimsy, and while they may have barely held the Super Big Gulp in 2001, cups today are more robust. I daren't put my Double Gulp in there anymore, as it's barely hanging on. Heck, even the X-Treme Gulp came out in 2001! Microsoft should replace all the cup holders with ones not only capable of holding the Team Gulp, but also those Gulps anticipated to come out in the next 5 years.

    • Exactly what kind of support are they getting? Just telephone type "my cup holder broke"? Seems like internal IT could handle most of that. Or are they actually fixing Windows XP bugs for them?

      They were probably getting the same thing that my company is paying and getting which is security fixes. They are still being created and sent out to customers that pay. Windows update is not working, they'd have to be installed individually or via the domain management.

  • Now take that 5.5 million and replace your old machines and software.
    • Hahahahaha.

      £5.5M won't even scratch the surface.

      We're talking an enterprise with around a million computers, running a vast swathe of different, obscure, an

  • by RDW ( 41497 ) on Thursday April 30, 2015 @06:45AM (#49584255)

    Support for the current Government reaches EOL next week and currently seems unlikely to be renewed. However, it looks like an upgrade supported by multiple vendors for five years may be in place shortly after:
    http://www.telegraph.co.uk/new... [telegraph.co.uk]

  • Good tactic from the MS marketing guys to drop this in the news and get them to sign faster without negotiating too much!

  • risk is low (Score:2, Funny)

    by SkunkPussy ( 85271 )

    If these computers are within a secured network and particularly if they don't have access to the internet, then there isn't any great risk in continuing to use these XP machines.

    • ..Until the day one person brings in a infected USB drive. I've seen my share of viruses on XP that copy themselves via Autorun.inf files. Microsoft disabled it via a patch at some point post SP3, but most systems I ran across never had it.
  • Did you really just call XP 'ancient software'? Are you twelve? Calling an operating system that persists on a significant percentage of computers to this day 'ancient' is ridiculous, I don't think it even qualifies for the term 'legacy' yet.
    • Calling an operating system that persists on a significant percentage of computers to this day 'ancient' is ridiculous, I don't think it even qualifies for the term 'legacy' yet.

      There have been no less than three windows releases since, and a fourth is about to drop, it's safe to say that XP is 'legacy'. In Windows land, I like to use driver availability as my gauge. If you go into a store you're going to find that only a small subset of the available printers and scanners (and PSCs) even have XP drivers any more. Lots of new PC games now require Vista or later.

      In internet years, XP's release was in ancient times. We still use many ancient inventions.

    • Do you know anyone running Mac OS X 10.1, or Red Hat 6 with the 2.4.0 kernel? How about Solaris 8? Nope, they're ancient -- and the same age as XP.

      • In my world, a sun dial is ancient, clocks are old. A litter is ancient, a Model-T is legacy, a 88 Honda Civic is old. When using ancient to describe objections, to me it means no longer in use and no longer relevant. Legacy means, it still is functional and has use, but is far from current and is costly to keep running or maintain. Old means just that... not new. In the world of many younger people it's 'Oh crap, they released a new iPhone, the one in my hand is now ancient.'.
      • Do you know anyone running Mac OS X 10.1,...

        Mac OS 10.1? No. Especially since it was just a free bug fix for 10.0. and improved upon by later dot updates. I've still seen 10.4 in the wild and have my own 10.6 computer for older hardware or Rosetta support. Go out to some still running F5 firewalls, and people would probably be scarred as to what version of Linux is being run.

      • by imac.usr ( 58845 )

        I work at a company whose IVR system is still dependent on a pair of Solaris 8 systems. :(

    • It's Legacy. For me, it turned legacy as soon as .Net 4.5 wasn't supported. Our in house software started using 4.5 features and will no longer run on XP. The literally two systems with XP we have left, for Legacy reasons to run specialized manufacturing software made for Windows 95, have to remote into a terminal server to run our in house software.
    • by ledow ( 319597 )

      If he was twelve, XP was released before he was born.

      In IT terms "before you were born" is old. Very old. Ancient. Dead. Buried. Gone.

      I touched my last XP install two years ago when I migrated a school using it from XP to 8 (and all their servers a similar jump).

      The prime argument? It was a school, and the OS they were using to teach ICT to the kids was OLDER than the kids. All of them. And, as such, they did not know how to operate it because they were all used to Vista, 7 and 8 at home. We were t

  • by Anonymous Coward

    They could retrofit all of these XP machines with Linux and open source software that would meet 99% of their needs, at a cost of some re-training, and development / porting of custom software. Naturally, MS would fight this tooth-and-nail. Who said that bribery won't get you anywhere?

  • by rs79 ( 71822 )

    All XP gets regular updates. They have to or the net would break.

  • deserves the attacks they get. I do not see a reason why anyone should be running XP anymore.
  • ....and learn from their mistakes. It now takes me 20 minutes to load Linux Mint on an ex-XP machine, then back to work.

Save yourself! Reboot in 5 seconds!

Working...