China Has a Massive Windows XP Problem

An anonymous reader writes "The Chinese are going to have a very, very hard time kicking the Windows XP habit. The deadline for the retirement of Microsoft's most successful operating system ever is eight months from tomorrow: April 8, 2014. That's the day when the Redmond, Wash. company is to deliver the last XP security update. According to analytics company Net Applications, 37.2% of the globe's personal computers ran Windows XP last month. If Microsoft's estimate of 1.4 billion Windows PCs worldwide is accurate, XP's share translates into nearly 570 million machines. In the U.S., 16.4% of all personal computers ran Windows XP in July, or about one in six, Net Applications' data showed. But in China, 72.1% of the country's computers relied on the soon-to-retire operating system last month, or nearly three out of every four systems."

I think M$ will extend XP support

[bobthesungeek76036]

My wife works for a hospital system and they are still on XP and have no migration plans as of yet. I think there are enough companies like that out there that will force M$ to continue patch support past the 4/8/14 deadline...

Re:xp still works

[Billly Gates]

You mean the all so horrible instant search where I can start word and view files by subject in 1\9 of a second without a mouse?

You couldn't pay me to go back to XP style start menu! Yuck.

Some people are so stuburn and hate change so much they refuse to learn anything new including Windows 7 features as I am not referingto 8 at all.

Re:To eat or to upgrade?

[shadowofwind]

Correct me if I am wrong, but I thought people were starving in China and a very few (1%) can actually afford an iPhone or a new computer.

You're wrong.

http://www.zdnet.com/chinas-internet-population-surges-to-564-million-75-percent-on-mobile-7000009813/ [zdnet.com]
http://www.minyanville.com/sectors/global-markets/articles/Apple-Inc-Doubles-iPhone-4-Sales/6/21/2013/id/50472 [minyanville.com]
http://www.bloomberg.com/news/2013-07-26/apple-iphone-share-shrinks-as-china-s-huawei-to-zte-lure-users.html [bloomberg.com]

The market is huge, closer to 50% than 1%, and Apple's sales, while growing rapidly, aren't as large as Samsung's or growing as fast as those of Huawei or ZTE.

It should be obvious that there are a lot of reasons besides poverty to prefer other smart phones over Apple phones.

We need to understand what "retire" means

[roc97007]

I'll let you in on a little secret -- a lot of embedded control systems are still running Windows 98. Test by: Stick around when a bottle return machine is rebooted.

In other words. What is China going to do when XP is "retired"? You're kidding, right?

Taxes

[ebonum]

China's whole tax system works on a printed documents called a fapiao (fa-piao).
Every company in China has at least one dedicated machine with a special dot matrix printer to print fapiaos.
The software to print fapiaos only runs on Windows XP.

It can not be understated how critical fapiaos are to China's tax system. Big companies use them to pay the 17% VAT (some services and logistics companies pay less than 17%). If you lose the fapiao you get from your supplier, you might as we have lost actual cash. You must have it to offset the VAT you owe. During your annual tax review, you must have fapiaos to keep your taxes low. These are so important, there is a booming business in faking fapiaos. This is mostly done through fake transactions. Faking the actual fapiao is not so easy these days. Each fapiao carries a unique number and can the traced.

If you go out to eat, you can demand a fapiao. For westerners, this can be submitted to reduce your taxes. The top tax rate is 45%, so fapiaos are very valuable. For local Chinese, they submit them as a business/company expense. For people working in restaurants, this is a source of extra cash. If a customer doesn't ask for a fapiao, the employees can print one anyway. On the black market, these can be sold for 5-10 cents on the dollar. The same applies to cab drivers. Many passengers don't take their receipt. The receipt is a valid fapiao that can be used to reduce taxes. The cab drivers will sell them for extra cash. Just ask. :)

Re:xp still works

[Billly Gates]

Windows 95 used to do that and I forgot about that.

When I am on a Windows 7 if I am thinking of something I wrote 3 years ago I just hit th windows key and type acme sales 2010 and enter to find the documents. Beagle under Linux tried similiar functionalty.

I show all die hard XP users this and within 10 minutes they are hooked. I do not care about the menus as I am so hooked on instant search now that I cant live without it. Jumplists and aero snap make me a windows 7 diehard.

Sorry I lost faith in Linux after gnome 3. Windoes 8 might make me reconsider though :-)

Windows 7 for a crappy Windows OS really was the best version and to me even eclipsed XP.

Re:xp still works

[TheRaven64]

Linux malware is hard to write, although the SCTP vulnerability last year would have allowed a worm that ran in kernelspace and didn't depend on any installed software. Ubuntu malware, or Android malware, however, are quite easy. That 0.1% figure for Android malware in comparison to Windows malware is probably just about true if you're counting all malware written for both platforms since they were introduced, irrespective of whether it works on recent versions, but it's nowhere near close if you're counting new malware. Take a look at this list [nist.gov] and tell me that a widely deployed Linux distribution is hard to write malware for. For example, the CURL CVE-2013-2174 allows a remote attacker with a crafted URL to run arbitrary code, and CVE-2013-1697 in Mozilla allows HTML emails displayed with Thunderbird or web pages displayed with FireFox to execute JavaScript with a privilege level that allows it to make calls to native libraries, effectively meaning arbitrary code execution with ambient privilege. CVE-2013-1052 would allow either of these attacks to upgrade privilege and then install a rootkit.

Re:xp still works

[Dcnjoe60]

While what you say has some truth, the part you leave out is that the attacks against Android were not against the linux kernel used by Android, but the Android specific parts. So, while while your numbers may be accurate as they quote Trendmicro, they misrepresent the reality. Just as a vulnerability in Firefox is not a linux vulnerability, even though Firefox ships with most linux distributions, likewise, a vulnerability found in the Google specific Android pieces does not make it a linux kernel vulnerability. If those pieces were tied directly into the kernel by the kernel developers, that would be different. But just like if I raise my Jeep and it becomes unstable when cornering, that doesn't mean it is a problem with all Jeeps, Google, modifying specific pieces of "linux" does not mean that the vulnerability is a problem with linux.

Re:xp still works

[WuphonsReach]

The main reason why Linux is more secure is history. Linux is descended from Unix, and Unix spent its formative years in University labs where students would routinely prank each other. Of necessity, Unix grew up with security being an issue almost from Day 1.

That's a bit revisionist. Early unix was horribly insecure at multi-user stuff. It took a long while before security became something important in design.

Easiest example to name is the storage of passwords in /etc/passwd. Since the file was readable by everyone, it was easy to grab the hashes and perform offline attacks. I'm not even sure that early password hashes were salted in unix, which meant that if you could crack one account you could easily see that your password would match accounts X, Y and Z.

Re:xp still works

[Bert64]

And categorise by vendor rather than what the application does, because trying to promote your company brand is more important than letting users easily find the applications they need.

Re:xp still works

[Imagix]

That's a bit revisionist. Early unix was horribly insecure at multi-user stuff. It took a long while before security became something important in design. Easiest example to name is the storage of passwords in /etc/passwd. Since the file was readable by everyone, it was easy to grab the hashes and perform offline attacks. I'm not even sure that early password hashes were salted in unix, which meant that if you could crack one account you could easily see that your password would match accounts X, Y and Z.

Speaking of revisionist... those attack methods did not exist (more accurately, had not been conceived of) at the time. Which is why salting came in (trying to counter both the "same password on two machines" and making it harder to create a rainbow table), and then afterwards the shadow password file (so that normal mortals can't get a hold of even the encrypted password). For the longest time MD5 and DES were both considered secure, was it an error to rely on them 20 years ago?

Re:xp still works

[KingMotley]

Only the Windows 3.1 line grew out of MS-DOS, and the last in that line was Windows ME. The NT line grew out of VMS, which became Windows 95.