Pay special attention to Patch Tuesday this month. It’s the end of mainstream support for Windows XP and Office 2003.
Obviously Microsoft would always want us all to move to new products quickly, but that doesn’t often happen, and they don’t make us do it. In fact, Office 2003 will be getting security updates for five more years, through April 8, 2014, the same date security fixes for Windows XP end. (Five years! You wonder how big a deal it will be at the time.)
But after this month a lot of support for Office 2003 and Windows XP does end: Non-security hotfix support will now require an extended hotfix agreement, purchased within 90 days of April 14. Also no-charge incident support, warranty claims and design changes and feature requests all end. It’s hard to believe they’ve been taking design changes and feature requests for these products seriously for a while though.
We will enter these products’ “Extended support phases” in which only online support and security updates come for free. Versions of Windows Server 2003 with old service packs will also lose some support on that date.
Nobody has support lifecycles like Microsoft’s. All their major competitors toss you out on your butt years before Microsoft does. Consider the fact that Office 2000 with Internet Explorer 5.01 running on Windows 2000 is still a supported configuration for Microsoft. “Supported” in this case means that they still get security updates and contract support, including hotfix support, is available. This period for Windows 2000 will end on July 13, 2010, more than 10 years after the product was released. Don’t say you weren’t warned. Finally, for those of you still running Office 2000, Extended Support, and with it security updates, ends on July 14 of 2009, just about 10 years after release.
They don’t offer such long support periods because it’s a good idea for them or for, as they like to put it, the “ecosystem.” It’s because they try not to push their customers around.
Actually, in some cases, Sun has support lifecycles on par with Microsoft’s. Solaris versions have extremely long support lives. Just last week Solaris 8, released in February 2000, reached “End of Service Life Phase 2,” meaning that customers have to buy the “Solaris 8 Vintage Patch Service” if they want to receive any updates, including security updates. The complete support shut-off is scheduled for March, 2012.
Support lifecycle for StarOffice is harder to determine, and I think they may not have a formal policy. In any event, I can’t find an on-point statement on their Website. They do offer “3 free warranty support calls (in retail)” for StarOffice 9. On the other hand, there hasn’t been a patch for StarOffice 8 for almost two years (May 2007) and it was released in September 2005, according to Wikipedia.
Wikipedia also has a handy chart of Fedora and Fedora Core versions showing which are still supported, and it shows that Fedora 8, released in November 2007, is no longer supported. That’s a pretty short cycle.
Long cycles such as Microsoft’s are rare in the industry. Focusing only on security I would argue that they should shorten them, since it’s easy to demonstrate (and a Microsoft study released this week will show this) that the more recent versions are uniformly less exploitable. But they give you all that extra time, so take it and use it to update.
Security Center Editor Larry Seltzer has worked in and written about the computer industry since 1983.
For insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzer’s blog Cheap Hack.