Windows 98/ME Too Creaky to Patch

Don’t expect tomorrow’s raft of patches from Microsoft to include a fix for a critical flaw in Windows 98 or ME.

The software giant said it is no longer feasible to patch security flaws for users of the aging operating systems.

“After extensive investigation, Microsoft has found that it is not feasible to make the extensive changes necessary to Windows Explorer” on 98 and ME, according to updated security bulletin MS06-015 .

“We have found that these architectures will not support a fix for this issue now or in the future,” the update said.

Microsoft said 98 and ME were much weaker than newer versions of the operating system. To eliminate the security flaw fundamental changes would need to be made and afterwards there would be no assurance applications would operate on an updated system.

In April, Microsoft announced it would end support for 98 and ME on July 11.

Although the flaw in Windows Explorer was deemed critical in the original April 11 bulletin, the hole was patched only for Windows XP, 2000 and Windows Server. Windows 98 and ME users were told a patch would be available as soon as possible.

Instead, Microsoft now urges users of 98 and ME to upgrade to a newer operating system or use a perimeter firewall.

The affect of such a decision varies, according to analysts. While only a slim number of companies still use 98 or ME, up to 10 percent of consumer households rely on the operating systems.

A survey of U.S. online households found six percent of homes still use ME or 98 SE, according to Joe Wilcox of JupiterResearch. Another 10 percent of households report using the original Windows 98, according to the survey. The most likely use of the two operating systems was on a second computer. For a lot of folks in the consumer market, Windows 98 is still good enough, Wilcox noted.

For companies, the impact of Microsoft not releasing a security patch for ME or 98 is less. Only between 2 and 3 percent of computers installed in corporate settings still employ the older versions, according to Michael Silver of Gartner.

For years, application developers have stopped supporting the two operating systems. For some companies wedded to certain applications, they may need to stick with 98 or ME, Mark Nicolette, a Gartner analyst said.

Silver recommends companies rid themselves of the older operating systems. But how old is old? Silver suspects Microsoft may not support any OS older than Windows 2000. “Even that is getting less attention from Microsoft.”

Microsoft plans to stop supporting Windows 2000 in June 30, according to Microsoft’s Support Lifecycle Web site. It lists the date when each version of Windows is set to retire. Support for Windows XP Service Pack 1 is expected to end in October.

The software company always needs customers upgrading. After all, Silver said, a customer running XP would be less likely to look at a competitor.

But let’s not forget the ultimate reason for ending support, added Andrew Jaiquith, senior analyst with Yankee Group. Patches cost $1 million each to develop, test and release. Fewer “operating systems to support means less headcount devoted to non-strategic operating systems.”