Microsoft fixed the recently advised IE security bug today (the bug affects IE versions 6 through 11 and is pretty bad).
They decided to release the fix to XP as well, even though XP is officially no longer supported. Seems like a ‘good guy’ Microsoft approach to me.
But not according to Emil at The Next Web. Emil instead notes:
This is a poor move on Microsoft’s part. Just because the flaw was discovered soon after support ended, doesn’t mean the company should backtrack on its stance. The company be encouraging users off the ancient OS, which still has over 26 percent market share, not giving them a reason to stay on it.
Seems like a ruthless attitude – he’s suggesting they should be using this security exposure as a way to ‘encourage’ upgrades. I much prefer the Microsoft attitude of looking after their customers, especially these XP customers who are the very definition of ‘long term’ customers.
UPDATE: Ars Technica thinks Microsoft made a mistake as well (ie they agree with Emil). I still disagree. Their point seems to be that there will always be other security issues with XP, and they won’t be fixed, so fixing this one gives XP users a false sense of security. I can see that, but that’s a perception issue that can be (and is) being addressed by Microsoft via other means. This particular Zero day exploit of IE is being actively targeted, so fixing it is more important than some of the lesser exploited security issues. I still think Microsoft made a good choice here. Does it mean XP is still safe? No, of course not. But at least XP users who patch this will be safe from a widely publicised IE exploit, so it is a net improvement.