By Brian Krebs
Special to The Washington Post
Saturday, July 1, 2006
More than 70 million Windows users will no longer be eligible for software security updates under a Microsoft Corp. policy to take effect July 11, hastening the demise of several older versions of the computer operating system.
Microsoft will end support for Windows 98, Windows 98 Special Edition (SE) and Windows Millennium Edition (ME). That means users of those versions will no longer have the protection of software fixes issued by Microsoft, potentially leaving them exposed to attack when hackers exploit previously unknown flaws in the operating systems.
Microsoft had planned to stop supporting the older versions in January 2004, but it extended support to give customers and businesses more time to upgrade to newer versions of Windows.
At the end of 2005, licensed installations of Windows 98 and Windows ME made up more than 13 percent of Microsoft's user base, according to Al Gillen, an analyst with IDC, a Framingham, Mass., market-research firm. IDC estimates that about 48 million computers were still running licensed versions of Windows 98 at the end of last year, and 25 million were running Windows ME.
Gillen said he expects machines running Windows 98 and ME to account for just 6 percent of all Windows installations by the end of this year, and that the loss of security patches for those operating systems will probably not be a major concern for users.
"The laggards are those users who are going to keep these systems around until [the machines] either catch fire or simply don't turn on one day," Gillen said. "Generally speaking, these people who run old operating systems are probably not waiting on the edge of their seat for the next new Windows operating system to arrive."
Johannes Ullrich, chief technology officer for the SANS Internet Storm Center, which monitors hacking trends, said Windows 98 and ME users already have a measure of security through obscurity, because most malicious code created today will not run properly on those systems.
Still, Ullrich said, many companies that make anti-spyware, anti-virus and software firewall programs are phasing out support for Windows 98 and ME, although some older versions of those products will still run on them. Ullrich said he would advise users of those systems to either upgrade to a newer version of Windows such as Windows XP, or consider switching to a Mac.
"These systems are already unsafe to run, and while not having patches doesn't necessarily mean people will all of a sudden write more malware for them, I don't think there is a real safe way" for people to continue using older versions of Windows, he said.
Krebs is a staff writer for washingtonpost.com.