bit-tech.net

Windows XP lives again via registry hack

Windows XP lives again via registry hack

Microsoft's end-of-life Windows XP operating system may have just received a five-year reprieve, thanks to a registry hack that disguises it as a still-supported Windows Embedded product.

Those who are, for one reason or another, still unwilling or unable to upgrade from the now officially end-of-life (EOL) Windows XP operating system may have a reprieve, following the publication of a hack that enables continued security updates for the platform.

Known semi-affectionately as the operating system that just won't die, Windows XP has long outlived its originally planned lifespan. Poor uptake of Windows Vista led to an extended support agreement for the platform, and those who didn't upgrade to Vista have also largely ignored its successors. The result: nearly a third of all client computers connected to the web are using Windows XP, and on the 8th of April Microsoft officially pulled the plug by refusing to supply any more security updates - apart from that one it supplied post-EOL, which it promised was a one-off.

Now, hackers keen to see Windows XP live on have discovered a means of tapping into the continued security patches previously only available to enterprise users paying a considerable fee for extended support contracts. Modifying the Windows XP registry, it has been discovered, can cause it to identify itself as Windows Embedded POSReady 2009 - a product designed for point-of-sale systems and based on the Windows XP kernel.

By identifying as Windows Embedded POSReady 2009, Windows XP users can continue to receive security updates for as long as the software is supported - which is until 2019, according to Microsoft's published support schedule. Available on both 32-bit and 64-bit versions of the OS, the hack - published in full by BetaNews - could prove a lifeline for those who refuse to upgrade.

Microsoft has not yet responded to the hack, but may seek to exclude non-Windows Embedded builds from future updates by modifying how Windows Update verifies the status of the host operating system.

28 Comments

Discuss in the forums Reply
rollo 27th May 2014, 11:16 Quote
The OS that will never die it seems.
Corky42 27th May 2014, 12:06 Quote
The only way to kill a zombie is with a head shot ya know :)
kosch 27th May 2014, 12:22 Quote
Kill the head vampire!
Dave Lister 27th May 2014, 12:41 Quote
I had a little chuckle at this "Windows Embedded POSReady 2009"
Is POS not an american abbreviation for - Piece Of Sh*t ?
Flibblebot 27th May 2014, 12:58 Quote
I know one person who refuses to upgrade because they are used to the software they'be been using for the last 10 years. They're still using Photoshop Elements 4 and Nero FFS! I keep trying to persuade them that there are newer versions of PSE and that modern versions of Windows don't need Nero, but they just won't listen - even when I tell them that their OS isn't supported any more.

Thankfully, I don't think they're tech-savvy enough to find this workaround.

I'm not surprised to see XP still being used in POS systems - it wasn't that long ago that I saw a crashed cashpoint machine showing the OS/2 logo :D
Phil Rhodes 27th May 2014, 13:09 Quote
Well, of course. Everyone should immediately buy Windows 8, for all the features it has over XP - including the...

...um...

...the er...

...oh.
nakchak 27th May 2014, 13:15 Quote
POS 2009 is pretty cutting edge in the POS world, there is a Win 7 version available but the license costs 4x the amount of POS 2009, and seeing as all POS/Gaming devices effectively put a full screen overlay over the desktop its a bit of a moot point..., especially as multi touch-touch screens is one of the win 7 version selling point, most (dis)service droids put in front of a modern till struggle to handle nested menu's i.e. like trying to find the correct fruit in a self service checkout, plus the till control software sucks and is stuck in the world of 800x600....

Its also worth noting that USB is hardly used in pos its still mainly 9pin serial, receipt printers serial, cash drawers serial, chip and pin devices serial. which is one of the reasons you still find COMM port headers on bottom of range small mother boards...

That said i think people will have a hard time with driver support and some of the more "consumer" sub systems are crippled in pos ready
KidMod-Southpaw 27th May 2014, 13:16 Quote
I'm at the point where I almost think it'll actually be fun to see how long XP properly lives for before MS really take action on it.
edzieba 27th May 2014, 13:42 Quote
Quote:
Originally Posted by Phil Rhodes
Well, of course. Everyone should immediately buy Windows 8, for all the features it has over XP - including the...

...um...

...the er...

...oh.
- Actually sane security (i.e. no more ADMIN FOR EVERYONE)
- Less bloat (once you add all the extra crap XP needs installed to be functional in the modern day
- Modern hardware support (have fun buying a new GPU when WDDM is the only game in town)
theshadow2001 27th May 2014, 13:55 Quote
Quote:
Originally Posted by nakchak

Its also worth noting that USB is hardly used in pos its still mainly 9pin serial, receipt printers serial, cash drawers serial, chip and pin devices serial. which is one of the reasons you still find COMM port headers on bottom of range small mother boards...
Serial devices are much easier to integrate into a custom piece of code. All you need to do is set up the connection and read or write commands. No drivers required.
Nexxo 27th May 2014, 14:37 Quote
Quote:
Originally Posted by Phil Rhodes
Well, of course. Everyone should immediately buy Windows 8, for all the features it has over XP - including the...

...um...

...the er...

...oh.
Quote:
Originally Posted by edzieba
- Actually sane security (i.e. no more ADMIN FOR EVERYONE)
- Less bloat (once you add all the extra crap XP needs installed to be functional in the modern day
- Modern hardware support (have fun buying a new GPU when WDDM is the only game in town)

Add to that:
- remove USB devices on the fly without the OS having a nervous breakdown
- run .ISO's without an extra utility
- better memory management
- better support for multiple CPU cores
- GUI through DirectX = better performance
- when an application fails, it doesn't take the whole OS down with it
- you can actually use SSDs
- WAY faster boot times on old hardware: all the goodness of Win7 with the boot times of WinXP or better.
Corky42 27th May 2014, 14:38 Quote
Microsoft have released a statement on the hack..
http://www.zdnet.com/registry-hack-enables-continued-updates-for-windows-xp-7000029851/
Quote:
We recently became aware of a hack that purportedly aims to provide security updates to Windows XP customers. The security updates that could be installed are intended for Windows Embedded and Windows Server 2003 customers and do not fully protect Windows XP customers. Windows XP customers also run a significant risk of functionality issues with their machines if they install these updates, as they are not tested against Windows XP. The best way for Windows XP customers to protect their systems is to upgrade to a more modern operating system, like Windows 7 or Windows 8.1.
dyzophoria 27th May 2014, 15:14 Quote
For ffs if you are judging windows 8 hands down atleast go with 7 than xp
LordPyrinc 27th May 2014, 15:36 Quote
Quote:
Originally Posted by Dave Lister
I had a little chuckle at this "Windows Embedded POSReady 2009"
Is POS not an american abbreviation for - Piece Of Sh*t ?

You are correct. I laugh every time I see that abbreviation too. :D I can only think of it as the derogatory term that has been around for many years now anytime I see it. It's hard to take something seriously when it's referred to as a POS anything.

I can understand why many corporate users are on XP systems due to legacy software, but from a home user perspective it doesn't make sense. Not unless you have a really old computer for basic use and don't want to spend the cash to upgrade. I haven't upgraded to Windows 8 because I haven't needed to. I'm more or less on the same build I put together 4 years ago. A lot of the hardware has changed, but I'm still on the same physical OS drives and haven't had to re-image because Windows 7 is actually pretty darn stable in the long run so long as you don't install a bunch of crap on it. That being said, the next time I build or reimage I will almost certainly install Windows 8 (or some stable successor to it).
samkiller42 27th May 2014, 17:15 Quote
We use WindowsPOS at work, god it's horrible, the Hardware it runs on is even worse, Celeron Mobile and a GB of ram if i'm not mistaken, takes upwards of 5 mins from cold start/reboot to usable. How the Verifone Contactless/Chip & Pin readers work with the tills i will never know.

Sam
GoodBytes 27th May 2014, 17:35 Quote
This is the stupidest thing I ever read.
Security updates don't appear from thin air. Microsoft has no longer anyone working on fixing security updates for XP.

The OS is also different. you may get some updates that apply at the core level, but anything else is different.
Corky42 27th May 2014, 18:21 Quote
Quote:
Originally Posted by GoodBytes
Microsoft has no longer anyone working on fixing security updates for XP.

The OS is also different. you may get some updates that apply at the core level, but anything else is different.

Well actually WindowsPOS 2009 is based on XP SP3, the only difference AFAIK is that it can't run office due to licensing reasons.
theshadow2001 27th May 2014, 19:12 Quote
Quote:
Originally Posted by GoodBytes
This is the stupidest thing I ever read.
Security updates don't appear from thin air. Microsoft has no longer anyone working on fixing security updates for XP.
ORLY??

Better tell the UK government to get its £5.5m pounds back then

http://www.theguardian.com/technology/2014/apr/07/uk-government-microsoft-windows-xp-public-sector
will_123 27th May 2014, 21:27 Quote
Quote:
Originally Posted by GoodBytes
This is the stupidest thing I ever read.
Security updates don't appear from thin air. Microsoft has no longer anyone working on fixing security updates for XP.

The OS is also different. you may get some updates that apply at the core level, but anything else is different.

Well thats wrong. You can pay for security updates, a large premium as far as im aware. And they will continue to support the OS until you are ready to migrate to 7 or 8.
GoodBytes 27th May 2014, 21:34 Quote
Quote:
Originally Posted by will_123
Well thats wrong. You can pay for security updates, a large premium as far as im aware. And they will continue to support the OS until you are ready to migrate to 7 or 8.
From my understanding is that they go by IP. Hence why the service is available for companies not individuals.

But, what the registry does is change the name of the OS. In this case, it changes XP to XP for POS system. While some update may work (or fail, but acts like it worked, via a bug on the OS check), but XP POS system are a stripped down version of XP. You can have security issues somewhere else, and not be fixed. So it gives you a sense of false security. You think are protected against discovered exploits, but you are not, because they are holes somewhere else.

Imagine you are in a leaky house, and you are at the basement and you fixing all the leaks, but you have leaks on other rooms in the above floors, that you are ignoring, and think everything is fine.

But yea,. I guess you can say it is better than nothing, but saying "Hey! now you are good! Keep on staying on XP" is wrong.
mi1ez 27th May 2014, 22:29 Quote
Quote:
Originally Posted by Flibblebot
I'm not surprised to see XP still being used in POS systems - it wasn't that long ago that I saw a crashed cashpoint machine showing the OS/2 logo :D

The screens in the lifts at our office run on Win98!
Zurechial 28th May 2014, 01:59 Quote
This isn't actually a good thing for anyone. The more machines still running XP the worse off we all are.
brave758 28th May 2014, 03:38 Quote
Won't it just DIE!!!!!!!!!
Cthippo 28th May 2014, 04:19 Quote
It makes me think there is a market for an OS, probably a custom linux distro, that is as XP like as possible and comes with the promise that the UI will never, ever change. The backend will get updated, but the UI will always be the same.

What we're seeing here IMHO, is that people don't want to learn to use a new OS and once they've found something that works for them, they're sticking with it.

It also occours to me that the people who are still happily using XP are not going to be the most tech savvy folks and so they're likely already running infected computers. The end of support may well not make much difference.
Flibblebot 28th May 2014, 09:26 Quote
Quote:
Originally Posted by Cthippo
It makes me think there is a market for an OS, probably a custom linux distro, that is as XP like as possible and comes with the promise that the UI will never, ever change. The backend will get updated, but the UI will always be the same.
Wasn't that already tried with Lindows/Linspire and was quickly shot down in flames by Microsoft?
nakchak 28th May 2014, 11:44 Quote
Quote:
Originally Posted by theshadow2001

Serial devices are much easier to integrate into a custom piece of code. All you need to do is set up the connection and read or write commands. No drivers required.

Yup pretty much, you even find that the majority of USB enabled POS devices with USB (MEI Coin Readers, im looking at you) just have a cheapo USB to serial adapter connected, but dont get me started on the problems that the vendor Devs have getting their head around synchronous comms... hint i have had to reimpliment their drivers as they were trying to ignore the fact that the USB controller they were using was configured to read write not read then write as was the old serial way of doing it, gotta love fixing other people's bugs....
kenco_uk 28th May 2014, 13:16 Quote
Quote:
Originally Posted by
I think this is a really good idea.

But it could be much better.

The startup sound changes to the Asda 'pat your bottom' jingle.
When shutting down, you get reminded to take all your bags and thanked for shopping.
And a receipt pops out of the floppy drive.
Alecto 28th May 2014, 18:29 Quote
Quote:
Originally Posted by Dave Lister
I had a little chuckle at this "Windows Embedded POSReady 2009"
Is POS not an american abbreviation for - Piece Of Sh*t ?

Yes, but it is also used for "Point of Sale":

http://en.wikipedia.org/wiki/Point_of_sale
Log in

You are not logged in, please login with your forum account below. If you don't already have an account please register to start contributing.



Discuss in the forums