Just because Microsoft doesn't plan on giving Windows XP patches to the public after April 8, 2014, doesn't mean it's going to stop making those patches. In fact, Microsoft will be creating security updates for Windows XP for months -- years, even -- after it halts their delivery to the general public.
Those patches will come from a program called "Custom Support," an after-retirement contract designed for very large customers who have not, for whatever reason, moved on from an older OS. As part of Custom Support -- which according to analysts, costs about $200 per PC for the first year and more each succeeding year -- participants receive patches for vulnerabilities rated "critical" by Microsoft. Bugs ranked as "important," the next step down in Microsoft's four-level threat scoring system, are not automatically patched. Instead, Custom Support contract holders must pay extra for those. Flaws pegged as "moderate" or "low" are not patched at all.
[ Get all the details you need on deploying and using Windows 7 in the InfoWorld editors' 21-page Windows 7 Deep Dive PDF special report. | Stay abreast of key Microsoft technologies in our Technology: Microsoft newsletter. ]
"Legacy products or out-of-support service packs covered under Custom Support will continue to receive security hotfixes for vulnerabilities labeled as 'Critical' by the MSRC [Microsoft Security Response Center]," Microsoft said in a Custom Support data sheet. "Customers with Custom Support that need security patches defined as 'Important' by MSRC can purchase these for an additional fee.
"These security hotfixes will be issued through a secure process that makes the information available only to customers with Custom Support," the data sheet promised.
Because Microsoft sells Custom Support agreements, it's obligated to come up with patches for critical and important vulnerabilities. And it may be required to do so for years: The company sells Custom Support for up to three years after it retires an operating system.
Custom Support and the XP security updates that result have been one reason why some experts have held out hope that Microsoft will backtrack from retiring XP next April. Their reasoning is straight-forward: Microsoft will have patches available -- its engineers won't have to do any more work than they already committed to doing -- so handing them out to all would be a simple matter.
Or not. Most experts have said that the chance Microsoft will prolong Windows XP's life run between slim and none. And giving away patches to everyone risks a revolt by those big customers who have paid millions for Custom Support.
But Microsoft does have options. Computerworld sees six.
1. Continue patching for free
If Windows XP remains a major presence, as it appears likely, with projections as high as 33.5 percent of all personal computers at the end of April 2014, Microsoft could decide to continue patching the aged OS with free fixes for critical vulnerabilities, maybe even those rated important.
Such a move would be unpalatable to Custom Support customers, but Microsoft could renegotiate the fees -- unlikely -- or remind those companies of the program's other benefits, which include access to support representatives, as well as to prior patches and hotfixes.
No comments:
Post a Comment