Criticism of Windows XP

Last updated
Part of a series of articles on
Windows XP

Criticism of Windows XP deals with issues with security, performance and the presence of product activation errors that are specific to the Microsoft operating system Windows XP.

Contents

Security issues

Windows XP has been criticized for its vulnerabilities due to buffer overflows and its susceptibility to malware such as viruses, trojan horses, and worms. Nicholas Petreley for The Register notes that "Windows XP was the first version of Windows to reflect a serious effort to isolate users from the system, so that users each have their own private files and limited system privileges." [1] However, users by default receive an administrator account that provides unrestricted access to the underpinnings of the system. If the administrator's account is compromised, there is no limit to the control that can be asserted over the PC. Windows XP Home Edition also lacks the ability to administer security policies and denies access to the Local Users and Groups utility.

Microsoft stated that the release of security patches is often what causes the spread of exploits against those very same flaws, as crackers figure out what problems the patches fix and then launch attacks against unpatched systems. For example, in August 2003 the Blaster worm exploited a vulnerability present in every unpatched installation of Windows XP, and was capable of compromising a system even without user action. In May 2004 the Sasser worm spread by using a buffer overflow in a remote service present on every installation. Patches to prevent both of these well-known worms had already been released by Microsoft. Increasingly widespread use of Service Pack 2 and greater use of personal firewalls may also contribute to making worms like these less common. [2]

Many attacks against Windows XP systems come in the form of trojan horse e-mail attachments which contain worms. A user who opens the attachment can unknowingly infect his or her own computer, which may then e-mail the worm to more people. Notable worms of this sort that have infected Windows XP systems include Mydoom, Netsky and Bagle. To discourage users from running such programs, Service Pack 2 includes the Attachment Execution Service which records the origin of files downloaded with Internet Explorer or received as an attachment in Outlook Express. If a user tries to run a program downloaded from an untrusted security zone, Windows XP with Service Pack 2 will prompt the user with a warning.

Spyware and adware are a continuing problem on Windows XP and other versions of Windows. Spyware is also a concern for Microsoft with regard to service pack updates; Barry Goff, a group product manager at Microsoft, said some spyware could cause computers to freeze up upon installation of Service Pack 2. [3] In January 2005, Microsoft released a free beta version of Windows Defender which removes some spyware and adware from computers.

Windows XP offers some useful security benefits, such as Windows Update, which can be set to install security patches automatically, and a built-in firewall. If a user doesn't install the updates for a long time after the Windows Update icon is displayed in the toolbar, Windows will automatically install them and restart the computer on its own. This can lead to the loss of unsaved data if the user is away from the computer when the updates are installed. Service Pack 2 enables the firewall by default. It also adds increased memory protection to let the operating system take advantage of new No eXecute technology built into CPUs such as the AMD64. This allows Windows XP to prevent some buffer overflow exploits.

On April 8, 2014, extended support of Windows XP ended. As this means that security vulnerabilities are no longer patched, the general advice given by both Microsoft and security specialists is to no longer use Windows XP.

Antitrust concerns

In light of the United States v. Microsoft Corp. case which resulted in Microsoft being convicted for illegally abusing its operating system monopoly to overwhelm competition in other markets, Windows XP has drawn fire for integrating user applications such as Windows Media Player and Windows Messenger into the operating system, as well as for its close ties to the Windows Live ID (now Microsoft account) service.[ citation needed ]

In 2001, ProComp – a group including several of Microsoft's rivals, including Oracle, Sun, and Netscape  – claimed that the bundling and distribution of Windows Media Player in Windows XP was a continuance of Microsoft's anticompetitive behavior [4] and that the integration of Windows Live ID (at the time Microsoft Passport) into Windows XP was a further example of Microsoft attempting to gain a monopoly in web services. [5] Both of these claims were rebutted by the Association for Competitive Technology (ACT) and the Computing Technology Industry Association (CompTIA), both partially funded by Microsoft. [6] [7] The battle being fought by fronts for each side was the subject of a heated exchange between Oracle's Larry Ellison and Microsoft's Bill Gates. [8]

Microsoft responded on its "Freedom to Innovate" web site, [9] pointing out that in earlier versions of Windows, Microsoft had integrated tools such as disk defragmenters, graphical file managers, and TCP/IP stacks, and there had been no protest that Microsoft was being anti-competitive. Microsoft asserted that these tools had moved from special to general usage and therefore belonged in its operating system.

To avoid the possibility of an injunction, which might have delayed the release of Windows XP, Microsoft changed its licensing terms to allow PC manufacturers to hide access to Internet Explorer (but not remove it). Competitors dismissed this as a trivial gesture. [10] Later, Microsoft released a utility as part of Service Pack 1 (SP1) which allows icons and other links to bundled software such as Internet Explorer, Windows Media Player, and Windows Messenger (not to be confused with the similar-named Windows Live Messenger, formerly MSN Messenger) to be removed. The components themselves remain in the system; Microsoft maintains that they are necessary for key Windows functionality (such as the HTML Help system and Windows desktop), and that removing them completely may result in unwanted consequences. One critic, Shane Brooks, has argued that Internet Explorer could be removed without adverse effects, as demonstrated with his product XPLite. [11] Dino Nuhagic created his nLite software to remove many components from XP prior to installation of the product. [12]

In addition, in the first release of Windows XP, the "Buy Music Online" feature always used Microsoft's Internet Explorer rather than any other web browser that the user may have set as their default. Under pressure from the United States Department of Justice, Microsoft released a patch in early 2004, which corrected the problem. [13]

Backward compatibility

Migrating from Windows 9x to XP can be an issue for users dependent upon MS-DOS. Although XP comes with the ability to run DOS programs in a virtual DOS machine, it still has trouble running many old DOS programs. This is largely because it is a Windows NT system and does not use DOS as a base OS, and because the Windows NT architecture is different from Windows 9x. [14] Some DOS programs that cannot run natively on XP, notably programs that rely on direct access to hardware, can be run in emulators, such as DOSBox or virtual machines, like VMware, Virtual PC, or VirtualBox. This also applies to programs that only require direct access to certain common emulated hardware components, like memory, keyboard, graphics cards, and serial ports. With DOS emulators, 32-bit versions of Windows XP can run almost any program designed for any previous Microsoft operating system. Only 64-bit versions of XP have major backward-compatibility issues. This is because old 16-bit Windows programs require a tool called NTVDM, which is only present in the 32-bit version of the OS. However, this is true of every version of Windows that comes in both 32-bit and 64-bit versions, and it is not specific to XP; additionally, virtual machine software such as VirtualBox can run 16-bit DOS and Windows programs even on 64-bit versions of Windows.

Product activation and verification

Product activation

In an attempt to reduce piracy, Microsoft introduced product activation in Windows XP. Activation required the computer or the user to activate with Microsoft (either online or over the phone) within a certain amount of time in order to continue using the operating system. If the user's computer system ever changes — for example, if two or more relevant components of the computer itself are upgraded — Windows will return to the unactivated state and will need to be activated again within a defined grace period. If a user tried to reactivate too frequently, the system will refuse to activate online. The user must then contact Microsoft by telephone to obtain a new activation code.

However, activation only applied to retail and "system builder" (intended for use by small local PC builders) copies of Windows. "Royalty OEM" (used by large PC vendors) copies are instead locked to a special signature in the machine's BIOS (and will demand activation if moved to a system whose motherboard does not have the signature) and volume license copies do not require activation at all. This led to pirates simply using volume license copies with volume license keys that were widely distributed on the Internet.

Product key testing

In addition to activation, Windows XP service packs will refuse to install on Windows XP systems with product keys known to be widely used in unauthorized installations. These product keys are either intended for use with one copy (for retail and system builder), for one OEM (for BIOS locked copies) or to one company (for volume license copies) and are included with the product. However a number of volume license product keys (which as mentioned above avoid the need for activation) were posted on the Internet and were then used for a large number of unauthorized installations. The service packs contain a list of these keys and will not update copies of Windows XP that use them.

Microsoft developed a new key verification engine for Windows XP Service Pack 2 that could detect illicit keys, even those that had never been used before. After an outcry from security consultants who feared that denying security updates to illegal installations of Windows XP would have wide-ranging consequences even for legal owners, Microsoft elected to disable the new key verification engine. Service Pack 2 only checks for the same small list of commonly used keys as Service Pack 1. This means that while Service Pack 2 will not install on copies of Windows XP which use the older set of copied keys, those who use keys which have been posted more recently may be able to update their systems.

Windows Genuine Advantage

To try to curb piracy based on leaked or generated volume license keys, Microsoft introduced Windows Genuine Advantage (WGA). WGA comprises two parts, a verification tool which must be used to get certain downloads from Microsoft and a user notification system. WGA for Windows was followed by verification systems for Internet Explorer 7, Windows Media Player 11, Windows Defender, Microsoft Office 2007 and certain updates. In late 2007, Microsoft removed the WGA verification from the installer for Internet Explorer 7 saying that the purpose of the change was to make IE7 available to all Windows users. [15] [16]

If the license key is judged not genuine, it displays a nag screen at regular intervals asking the user to buy a license from Microsoft. [17] In addition, the user's access to Microsoft Update is restricted to critical security updates, and as such, new versions of enhancements and other Microsoft products will no longer be able to be downloaded or installed.

On August 26, 2008, Microsoft released a new WGA activation program that displays a plain black desktop background for computers failing validation. The background can be changed, but reverts after 1 hour. [18]

Common criticisms of WGA have included its description as a "Critical Security Update", causing Automatic Updates to download it without user intervention on default settings, its behavior compared to spyware of "phoning home" to Microsoft every time the computer is connected to the Internet, the failure to inform end users what exactly WGA would do once installed (rectified by a 2006 update), [19] the failure to provide a proper uninstallation method during beta testing (users were given manual removal instructions that did not work with the final build [17] ), and its sensitivity to hardware changes which cause repeated need for reactivation in the hands of some developers. Also if the user has no connection to the Internet or a phone, it will be difficult to activate it normally.

Strictly speaking, neither the download nor the install of the Notifications is mandatory; the user can change their Automatic Update settings to allow them to choose what updates may be downloaded for installation. If the update is already downloaded, the user can choose not to accept the supplemental EULA provided for the Notifications. In both cases, the user can also request that the update not be presented again. Newer Critical Security Updates may still be installed with the update hidden. However this setting will only have effect on the existing version of Notifications, so it can appear again as a new version. In 2006, California resident Brian Johnson attempted to bring a class action lawsuit against Microsoft, on grounds that Windows Genuine Advantage Notifications violated the spyware laws in the state; [20] the lawsuit was dismissed in 2010. [21]

Default theme

Windows XP's default theme, Luna, was criticized by some users for its childish look. [22] [23]

See also

Related Research Articles

Spyware is any software with malicious behavior that aims to gather information about a person or organization and send it to another entity in a way that harms the user by violating their privacy, endangering their device's security, or other means. This behavior may be present in malware and in legitimate software. Websites may engage in spyware behaviors like web tracking. Hardware devices may also be affected.

<span class="mw-page-title-main">Windows XP</span> Sixth major release of Windows NT, released in 2001

Windows XP is a major release of Microsoft's Windows NT operating system. It was released to manufacturing on August 24, 2001, and later to retail on October 25, 2001. It is a direct upgrade to its predecessors, Windows 2000 for high-end and business users and Windows Me for home users, and is available for any devices running Windows NT 4.0, Windows 98, Windows 2000, or Windows Me that meet the new Windows XP system requirements.

<span class="mw-page-title-main">Windows 2000</span> Fifth major release of Windows NT, released in 2000

Windows 2000 is a major release of the Windows NT operating system developed by Microsoft and designed for businesses. It was the direct successor to Windows NT 4.0, and was released to manufacturing on December 15, 1999, and was officially released to retail on February 17, 2000 and September 26, 2000 for Windows 2000 Datacenter Server. It was Microsoft's business operating system until the introduction of Windows XP Professional in 2001.

<span class="mw-page-title-main">Windows 95</span> Microsoft computer operating system released in 1995

Windows 95 is a consumer-oriented operating system developed by Microsoft as part of its Windows 9x family of operating systems. The first operating system in the 9x family, it is the successor to Windows 3.1x, and was released to manufacturing on July 14, 1995, and generally to retail on August 24, 1995, almost three months after the release of Windows NT 3.51. Windows 95 is the first version of Microsoft Windows to include the start button. Windows 95 merged Microsoft's formerly separate MS-DOS and Microsoft Windows products, and featured significant improvements over its predecessor, most notably in the graphical user interface (GUI) and in its simplified "plug-and-play" features. There were also major changes made to the core components of the operating system, such as moving from a mainly cooperatively multitasked 16-bit architecture to a 32-bit preemptive multitasking architecture, at least when running only 32-bit protected mode applications.

<span class="mw-page-title-main">Windows Update</span> Software update distribution service for Microsoft Windows

Windows Update is a Microsoft service for the Windows 9x and Windows NT families of the Microsoft Windows operating system, which automates downloading and installing Microsoft Windows software updates over the Internet. The service delivers software updates for Windows, as well as the various Microsoft antivirus products, including Windows Defender and Microsoft Security Essentials. Since its inception, Microsoft has introduced two extensions of the service: Microsoft Update and Windows Update for Business. The former expands the core service to include other Microsoft products, such as Microsoft Office and Microsoft Expression Studio. The latter is available to business editions of Windows 10 and permits postponing updates or receiving updates only after they have undergone rigorous testing.

Product activation is a license validation procedure required by some proprietary software programs. Product activation prevents unlimited free use of copied or replicated software. Unactivated software refuses to fully function until it determines whether it is authorized to fully function. Activation allows the software to stop blocking its use. An activation can last "forever", or it can have a time limit, requiring a renewal or re-activation for continued use.

In computing, Download.ject is a malware program for Microsoft Windows servers. When installed on an insecure website running on Microsoft Internet Information Services (IIS), it appends malicious JavaScript to all pages served by the site.

<span class="mw-page-title-main">Browser Helper Object</span> Plug-in module for Internet Explorer

A Browser Helper Object (BHO) is a DLL module designed as a plugin for the Microsoft Internet Explorer web browser to provide added functionality. BHOs were introduced in October 1997 with the release of version 4 of Internet Explorer. Most BHOs are loaded once by each new instance of Internet Explorer. However, in the case of Windows Explorer, a new instance is launched for each window.

Norton AntiVirus is an anti-virus or anti-malware software product founded by Peter Norton, developed and distributed by Symantec since 1990 as part of its Norton family of computer security products. It uses signatures and heuristics to identify viruses. Other features included in it are e-mail spam filtering and phishing protection.

Norton Internet Security, developed by Symantec Corporation, is a discontinued computer program that provides malware protection and removal during a subscription period. It uses signatures and heuristics to identify viruses. Other features include a personal firewall, email spam filtering, and phishing protection. With the release of the 2015 line in summer 2014, Symantec officially retired Norton Internet Security after 14 years as the chief Norton product. It was superseded by Norton Security, a rechristened adaptation of the Norton 360 security suite.

<span class="mw-page-title-main">Windows Vista</span> Seventh major release of Windows NT

Windows Vista is a major release of Microsoft's Windows NT operating system. It was released to manufacturing on November 8, 2006, and became generally available on January 30, 2007, on the Windows Marketplace, the first release of Windows to be made available through a digital distribution platform. Vista succeeded Windows XP (2001); at the time, the five-year gap between the two was the longest time span between successive Windows releases.

<span class="mw-page-title-main">Windows Genuine Advantage</span> Anti-infringement system by Microsoft

Windows Genuine Advantage (WGA) is an anti-infringement system created by Microsoft that enforces online validation of the licensing of several Microsoft Windows operating systems when accessing several services, such as Windows Update, and downloading Windows components from the Microsoft Download Center. WGA consists of two components: an installable component called WGA Notifications that hooks into Winlogon and validates the Windows license upon each logon and an ActiveX control that checks the validity of the Windows license when downloading certain updates from the Microsoft Download Center or Windows Update. WGA Notifications covers Windows XP and later, with the exception of Windows Server 2003 and Windows XP Professional x64 Edition. The ActiveX control checks Windows 2000 Professional licenses as well.

In software licensing, volume licensing is the practice of using one license to authorize software on a large number of computers and/or for a large number of users. Customers of such licensing schemes are typically business, governmental or educational institutions, with prices for volume licensing varying depending on the type, quantity and applicable subscription-term. For example, Microsoft software available through volume-licensing programs includes Microsoft Windows and Microsoft Office.

<span class="mw-page-title-main">Windows Firewall</span> Firewall software for Windows

Windows Firewall is a firewall component of Microsoft Windows. It was first included in Windows XP SP2 and Windows Server 2003 SP1. Before the release of Windows XP Service Pack 2, it was known as the "Internet Connection Firewall."

Google Pack was a collection of software tools offered by Google to download in a single archive. It was announced at the 2006 Consumer Electronics Show, on January 6. Google Pack was only available for Windows XP, Windows Vista, and Windows 7.

<span class="mw-page-title-main">Security and Maintenance</span> Microsoft Windows software

Security and Maintenance is a component of the Windows NT family of operating systems that monitors the security and maintenance status of the computer. Its monitoring criteria includes optimal operation of antivirus software, personal firewall, as well as the working status of Backup and Restore, Network Access Protection (NAP), User Account Control (UAC), Windows Error Reporting (WER), and Windows Update. It notifies the user of any problem with the monitored criteria, such as when an antivirus program is not up-to-date or is offline.

<span class="mw-page-title-main">Software remastering</span>

Software remastering is software development that recreates system software and applications while incorporating customizations, with the intent that it is copied and run elsewhere for "off-label" usage. The term comes from remastering in media production, where it is similarly distinguished from mere copying.

Windows XP, which is the next version of Windows NT after Windows 2000 and the successor to the consumer-oriented Windows Me, has been released in several editions since its original release in 2001.

Windows 7, a major release of the Microsoft Windows operating system, has been released in several editions since its original release in 2009. Only Home Premium, Professional, and Ultimate were widely available at retailers. The other editions focus on other markets, such as the software development world or enterprise use. All editions support 32-bit IA-32 CPUs and all editions except Starter support 64-bit x64 CPUs. 64-bit installation media are not included in Home-Basic edition packages, but can be obtained separately from Windows.

<span class="mw-page-title-main">Microsoft Product Activation</span> DRM mechanism used by Microsoft

Microsoft Product Activation is a DRM technology used by Microsoft Corporation in several of its computer software programs, most notably its Windows operating system and its Office productivity suite. The procedure enforces compliance with the program's end-user license agreement by transmitting information about both the product key used to install the program and the user's computer hardware to Microsoft, inhibiting or completely preventing the use of the program until the validity of its license is confirmed.

References

  1. Petreley, Nicholas (2004-10-22). "Security Report: Windows vs Linux | The Register". The Register. Retrieved 2010-01-31.
  2. Leyden, John. "The strange decline of computer worms | Channel Register". Channel Register.
  3. "Microsoft: Spyware could bungle SP2 update". USA Today. 2 September 2004. Retrieved 10 November 2013.
  4. "Archived copy" (PDF). www.procompetition.org. Archived from the original (PDF) on 5 June 2001. Retrieved 13 January 2022.{{cite web}}: CS1 maint: archived copy as title (link)
  5. "Archived copy" (PDF). www.procompetition.org. Archived from the original (PDF) on 3 October 2003. Retrieved 13 January 2022.{{cite web}}: CS1 maint: archived copy as title (link)
  6. "News Briefs: May 26–31, 2001". Techlawjournal.com. May 31, 2001. Retrieved 2010-01-31.
  7. Declan McCullagh (May 31, 2001). "MS Launches Counter PR Attack". Wired.com. Retrieved 2010-01-31.
  8. David Kleinbard (June 28, 2000). "Oracle's Ellison rips into Bill Gates". money.cnn.com. CNN. Retrieved 2010-01-31.
  9. Newsletter - June 5, 2001 Archived October 15, 2008, at the Wayback Machine Freedom To Innovate Network; Microsoft. June 5, 2001. Retrieved 2010-05-31.
  10. Wilcox, Joe (July 11, 2001). "Microsoft changes Windows license terms | CNET News.com". News.com.com. Retrieved 2010-01-31.
  11. "XPlite and 2000lite Uninstall Windows Components". Product info. Litepc.com. Retrieved 2010-01-31.
  12. "nLite — Deployment Tool for the bootable Unattended Windows installation". Product info. Nliteos.com. Retrieved 2010-01-31.
  13. "The "Shop for music online" link starts Internet Explorer instead of your default Web browser in Windows XP". Support.microsoft.com. Microsoft Inc. October 26, 2006. Retrieved 2010-01-31.
  14. "Troubleshooting MS-DOS-based programs in Windows XP". Knowledge Base. Microsoft Product Support. Archived from the original on 2004-10-16. This means that Windows does not support 16-bit programs that require unrestricted access to hardware. If your program requires this, your program will not work in Windows NT, Windows 2000, or Windows XP.
  15. Mary Jo Foley (2007-10-04). "Internet Explorer 7 update: Now WGA-free". ZDNet. Archived from the original on October 11, 2007. Retrieved 2007-12-16.
  16. Steve Reynolds (2007-10-04). "Internet Explorer 7 Update". Microsoft . Retrieved 2007-12-16.
  17. 1 2 "Description of the Windows Genuine Advantage Notifications application" . Retrieved 2006-10-31.
  18. "Description of the Windows Genuine Advantage Notifications application". Support.microsoft.com. 2010-07-02. Retrieved 2010-08-26.
  19. "New WGA Notifications Released". MSDN Blogs . 2006-09-29. Retrieved 2006-12-03.
  20. "Lawsuit Labels Windows Genuine Advantage as Spyware". eWeek . 2006-07-29. Retrieved 2010-08-19.
  21. "Microsoft wins Windows XP WGA lawsuit". Ars Technica . 2010-02-09. Retrieved 2010-08-19.
  22. Manes, Stephen (2004-08-26). "Full Disclosure: Your Take on Windows' Worst Irritations". PCWorld . IDG. Archived from the original on 2009-10-08.
  23. Bright, Peter (2014-04-10). "Memory lane: Before everyone loved Windows XP, they hated it". Ars Technica . Condé Nast. Archived from the original on 2014-04-24. Retrieved 2014-06-20.
External videos
Nuvola apps kaboodle.svg Is Windows XP Good Enough?, Microsoft
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.