Is Microsoft’s Decision to Patch Windows XP a Mistake?

Well known Microsoft observer Dr. Pizza (Peter Bright) has written an editorial criticizing Microsoft’s decision to patch IE on Windows XP.

The decision to release this patch is a mistake, and the rationale for doing so is inadequate.

A one-off patch of this kind makes no meaningful difference to the security of a platform. Internet Explorer received security patches in 11 of the last 12 Patch Tuesdays. Other browsers such as Chrome and Firefox receive security updates on a comparable frequency.

The security of a browser is not contingent on any one bugfix; it’s dependent on a continuous delivery of patches, fixes, and improvements. One-off “exceptions” do not make Internet Explorer on Windows XP “safe.” There’s no sense in which this patch means that all of a sudden it’s now “OK” to use Internet Explorer on Windows XP.

And yet it seems inevitable that this is precisely how it will be received. The job of migrating away from Windows XP just got a whole lot harder. I’m sure there are IT people around the world who are now having to argue with their purse-string-controlling bosses about this very issue. IT people who have had to impress on their superiors that they need the budget to upgrade from Windows XP because Microsoft won’t ship patches for it any longer. Microsoft has made these IT people into liars. “You said we had to spend all this money because XP wasn’t going to get patched any more. But it is!”

Bosses who were convinced that they could stick with Windows XP because Microsoft would blink are now vindicated.

……

Although I often disagree with Dr. Pizza I absolutely agree with him in this case. Microsoft “blinking” is not limited to this situation either. It is a company wide problem. We have seen them to do it with Windows 8, Xbox, email policies and much more. Microsoft has a fundamental problem in thinking through a problem and sticking with it. The company is also oversensitive to media criticism and often reverses decisions for more favorable press coverage. This creates a never ending loop where a small minority, but vocal group, can make enough noise to get Microsoft to change a decision they had made. Microsoft needs to show they can make decisions and stick with them and the noise will dissipate over time.

Read Peter Bright’s full analysis at ArsTechnica

Comments