Microsoft has basically adopted the ransomware model widely used by criminal hacking groups and increasingly popular with some allegedly legitimate cloud storage firms.
Microsoft will continue to provide support for governments and large institutions willing to pay huge sums to keep large numbers of XP systems safe for the next few years.
So Microsoft will continue to write the necessary patches and provide them to those who can afford to pay their extortion, but it will not provide them to the rest of us, even though it would cost them next to nothing to make them available for download by everyone.
That doing so endangers everyone on the Internet matters not one whit to them.
I have had a number of phones calls today from worried customers when they got the "scareware" = "extortion" pop up on their screen.
MS have effectively infected their XP systems with malware deliberately!!
Does anyone know if there is an easy way to turn it off? I found two scheduled processes to keep the popup going but deleting those processes doesn't stop the popup - I suspect the dregs of Windows Update (from now on I'll call it Windows Infect on XP systems). Does turning off Windows update stop them?
Personally I think many people may be better off without MS updates - they often caused more grief than they cured!
My approach to customers is make sure you have a good AV running and buy a copy of Malwarebytes Antimalware and install it to run in the background all the time. Download Google Chrome or Firefox and never use IE.
This was all good advice in the past anyway so nothing has really changed.
The question that doesn't have a clear answer is will MS be bribing vendors to remove driver support and software support (esp. AV) for XP ? Or are security suites in to make a killing?