You cant say you werent warned. This July, years after it should have happened, Microsoft will end all meaningful support for Windows 98, Windows 98 Second Edition and Windows ME.
Here is the key quote from the announcement:
Egad! Surely this will result in vast numbers of vulnerable Win9x users getting exploited, right? Im not sure, but so what?
Expecting Microsoft to still patch Win9x (by which I mean Windows 98, Windows 98SE and Windows ME) is like expecting Chrysler to still make parts for a 65 Dodge Dart. Even if safety is at issue, enough is enough. Buy a new car or computer already.
(Actually, I asked my mechanic about this and he says that different auto companies have very different policies. The big American ones usually end part manufacturing after five or six years, at which point you have to go to the aftermarket and junkyards. For Toyotas and Nissans he can get dealer parts for 20-year-old models.)
Theres an obvious resemblance in this situation to the one in late 2004 when support for Windows NT 4 was retired. There is also a big difference: The users Microsoft was potentially antagonizing in that case were businesses, including many large businesses. Microsoft listens to these businesses and tries to keep them happy.
The situation is different with Win9x. Id be surprised if there are any large businesses relying on Win9x systems for anything, and if they are they should be embarrassed to say so.
Its hard even to buy third-party security products for it anymore. For instance, Norton 2006 no longer supports Win9x, but comes with Norton 2005 in the box for older systems. And in a year or two you can bet Symantec will stop issuing signatures for Norton 2005.
There are, Im sure, plenty of consumers with old PCs still running Win9x, and they have a problem. No matter how careful and conscientious they are, there will come a time when they wont be able to protect themselves adequately. Its been getting to this point slowly for years.
Microsoft long ago stopped issuing non-critical patches for Win9x. This last round of patches the week of April 10 included one such update: Cumulative Security Update for Outlook Express (911567), only deemed to be “Important.”
Three other updates issued in April, rated critical, were patched for Win9x, although Microsoft no longer provides downloadable patches, just updates through the Windows Update site.
This is interesting—why do they do it this way? Perhaps to make it easier for them to take the updates away. Its much harder to make an alternative patch site or include Win9x patches in a third-party patch management program when the individual patches are not available.
Windows ME was always a mistake. It was a terrible product and pushed out the door to give Microsoft some breathing space to get XP ready, but everyone I knew who had it hated it. Windows 98 and especially Windows 98SE were good products for their era.
But that era was long ago. As with cars that have no seat belts or use leaded gas, if you use really old PCs on the modern Internet youre not only taking risks, youre imposing them on the rest of us. Its time to move on.
Security Center Editor Larry Seltzer has worked in and written about the computer industry since 1983. He can be reached at [email protected]