[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On Thu, Feb 13, 2014 at 01:28:48PM -0000, Simon Waters wrote: > See some on the list haven't managed to get their employers to migrate > away from XP yet. > > Microsoft are plugging malware as the reason to upgrade, but I never > realised features of IE SSL support depends entirely on OS, not browser > version. Not everything that uses SSL happens inside the browser. Software updates, Windows update (see: Flame) etc. Being able to forge these certificates could cause a lot of damage, possibly (even) more than you could do inside the browser. > Okay they can mitigate this with changes to a better browser, but > did wonder if pressure on IPv4 addresses might create a different > incentive to ditch XP - when all the websites start going with SNI. > > Aside from security, the web, are there other compelling forces that will > make folk migrate? Not sure. The success of XP doesn't exactly help Microsoft. Behind the scenes things are pretty broken (or at least outdated), but I'm always surprised by how much it still looks and feels like a modern OS. > The good news is any vulnerabilities found in the next few months will > almost certainly be held back by the discover's till Microsoft stops > fixing them, when they become even more valuable. Sure. But when it's a really serious vulnerability (think remote code execution without user interaction), I kind of expect Microsoft to bow to pressure from the security community and roll out a one-off patch. They already announced that Security Essentials for XP will continue to be supported for another year or so, despite initially saying that it wouldn't. Martijn. -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq