Critics of Microsoft’s XP patch decision fail to see the big picture

Punditry is a never ending race to distract and influence large audiences with antagonistic points of view put forward by quasi-intellectual iconoclasts. Often derided as irrelevant, the practice is alive and well in the IT space, where it benefits not from the captive audience of cable TV viewers but from the social media bump afforded any incendiary headline.

And so it is with the latest Internet Explorer vulnerability, uncovered less than a month after Microsoft officially cut off support for its ubiquitous operating system, Windows XP. The severity of the threat is such that computers running Internet Explorer versions 6-11 can be hijacked, potentially leaving over a quarter of the planet’s computers in the hands of criminals.

As Microsoft began working on a fix, it recommended a layered approach to securing systems. This past week, the company released a patch that fixed all affected Windows versions, including the venerable Windows XP.

And that’s where the pundits came out of the woodwork, shocked at the company’s apparent lack of backbone in failing to stand its ground after the end of life for its most successful product. To wit, the headlines came hard and fast:

Arstechnica’s Peter Bright wrote a piece called “Microsoft’s decision to patch Windows XP is a mistake” because “there will always be one more emergency.”

PC World’s Mark Hachman chimed in with “Microsoft backs down, will fix Internet Explorer vulnerability.”

But the clear winner in this game of one-upmanship is one Gordon Kelly for Forbes, whose piece entitled “Microsoft Saves Windows XP In An Act Of Utter Stupidity” demonstrates a clear failure to grasp the scale of the issue, contrary to his own assertion:

I can see the good intentions, really I can. I also understand that one of the simple fixes (use Chrome instead of Internet Explorer) doesn’t make for great marketing when a rival supports your platform which you’ve ditched. Damned if you do, damned if you don’t.

No, Gordon. You don’t. This isn’t about good intentions or making workable suggestions. It’s about the responsibility of a global organization to not only support the estimated 300-500 million PCs that are still running XP but to immunize the planet’s information systems against a problem that could rapidly grow to impact everyone.

It’s not about simply supporting the tens of millions of business PCs that are still running the software, but about protecting the users and potential victims of the malicious attacks that will immediately follow infection or system compromise.

This is not about Microsoft’s lack of dignity or shameful retreat. It’s about an organization’s responsibility to the world. As a global organization, Microsoft’s impact has been phenomenal and although the company has made aggressive moves to retain its competitive position in the marketplace, despite many public mistakes and failed products, its successful innovations have always had an impact on our lives.

Its software powers most of the world’s computers and up to half a billion of those are still running XP, including 95 per cent of all ATMs and many important systems like river dams, powerplants, airports, scientific laboratories, military installations and until recently, the International Space Station.

It’s not just about your grandma’s computer. Although she did pay for her copy of XP and deserves to have a product that is free of major issues, especially ones that could compromise her privacy and personal information.

No, it’s about the bigger picture. Microsoft is more than a service provider. It’s a critical piece of the global infrastructure and we should all applaud them for taking ownership of this issue in everyone’s interest.

And to skeptics and naysayers arguing that this is nothing but a random act of kindness and weak attempt at saving face, we need to put forward the oft-ignored evidence that the technology giant has a long track record of protecting the public even in the absence of accolades.

Despite the short delay in publishing a fix for this latest bug, the company insists on mature processes for its development lifecycle and continues to improve them to more rapidly address issues it can’t possibly predict.

Users of XP slowly migrate to newer operating systems.
Users of XP slowly migrate to newer operating systems.

As for the minor and puerile argument that this latest patch will further demotivate business and consumer users of XP from upgrading, the accelerating migratory trends show that this is not the case.

So take a look at the picture and imagine you’re a car dealer who has a relationship with and old client but hasn’t sold them a car in a while (not for a lack of friendly insistence on your part). As they pull out of your dealership and you notice that they have a flat tire, do you:

  • a) flag them down and simply pump up their tire before letting them go
  • b) go back inside and let them run the risk of an accident that would injure not only them but other motorists and pedestrians as well, because hey… you if you told them once, you told them a thousand times to switch to a safer, more modern vehicle.

I leave it to better writers to use big words like ‘compassion’, and you won’t catch me employing ‘selfless’ or ‘kind’ either, but Microsoft’s decision to patch its aging software is a show of integrity, not flip-flopping. The company wasn’t shamed into ‘backing down’ but it chose to act when it didn’t have to. Such acts deserve more praise and a lot less ridicule from industry professionals who should know better.

Claudiu Popa
Claudiu Popa
Claudiu Popa is a security and privacy advisor to Canadian enterprises, associations and agencies. He is an author, speaker and lecturer. Connect with him on Twitter @datarisk, Facebook, G+ or LinkedIn.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Latest Blogs

ITB in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.