Remember it'll cost ya to keep the lights on for Windows 10 Microsoft has quietly updated a support document on how the Extended Security Updates (ESU) program for Windows 10 will work and how much it will cost - and for some it might cause their stomach to churn. Administrators and accountants alike will be looking glumly at the prices that Microsoft announced in 2024 if their …
If anyone can point me to a How-to guide for keeping my Windows Mixed Reality (I know, the clue's in the name right?) VR headset going with Linux, than I'm there. Otherwise my Win10 gaming box will find itself firewalled from the rest of the network and anything sensitive removed
Us normies can keep win10 going secure via ESU until oct 2026 for30$.
beyond that 0path can tidy you up until oct 2027, 2028 if you feel adventorous.
Also, your headsetis supported on win11 23H2 while that is supported. And on steam on win1124H2 a while longer.
Your choice.
Average US salary is about $80k. Fully loaded with IT, facilities, HR and payroll costs you can add 50% or more to that. If it's costing $120k a year, then even the yr 3 costs of ESU are 0.2% per oik. Compared to other "loss of efficiency" such as me gassing over a coffee for a few minutes that's nothing. Businesses have far bigger concerns. Probably a good way for big companies to buy time to finish upgrading the desktop estate and move to Win 11 before ESU ends.
And how do those costs stack up against simply not doing anything, keep running Win10 sans any further updates and just squirreling that cash away to cover the cost of impact of a future incident caused by lack of updates? Individual use cases and risk profile would of course influence how much of an "if" versus a "when" such an incident could be.
Many manufacturing operations follow copy exact, which is exactly the opposite. I remember 20+ years ago having to strip Windows 2000 of all the PC's running equipment we sold to a major (then) chip manufacturer and putting Windows NT on in it's place so the new machines were identical to the ones we sold them years earlier. Same for some medical equipment manufacturers. Often the regulatory requirements are that you need to recertify if you change anything, which is a direct incentive to update nothing,
Well, that's an option, and for a smaller business it's probably valid. For any larger business, I'm guessing that there's very few CIOs would recommend to their board that they don't patch, and face the consequences. As much as anything, when the company's been breached, are the board going to say "that's OK, we can pay the fines!", or are they going to squeal "it wasn't us" before hanging the CIO out to dry? Moreover, in circumstances I can think of where businesses were caught out ignoring the rules because they planned that fines would be cheaper, it's not worked out so well for them.
But let's do the maths, using the Talktalk 2015 breach as our model. AFAIA not a Windows security problem, but it's a good example where we know the costs. They had 2,100 employees, the breach had costs they later put at £77m, so £36,700 per employee. The three year cost of W10 ESU is about £425.......
The average UK salary is £35k, and this translates to $42k, so the US average wage is a lot higher than the UK. This may be true for many other countries having a lower average wage.
Microsoft is forcing people to Windows 11, which means an upgrade in hardware that they just DO NOT need.
The impact on the "other than the US" poorest is far more severe than the US average person.
"The average UK salary is £35k"
And at yr 3 rate of $240, the ESU bill is STILL only 0.4% of fully loaded labour cost. Do you think any business is going to worry about that when they're seeing minimum wage do this:
https://www.statista.com/statistics/280483/national-minimum-wage-in-the-uk/
Not forgetting big increases in payroll taxes and business rates, and the highest energy costs in the developed world?
My response was about those who need a computer (everyone as everything is online - banking, government information etc), and the poorest such as minimum wage, pensioners etc., are struggling a lot right now due to the cost of living.
A needless upgrade costing a lot of money (relatively) is just not needed, if their current PC is all they can afford, and works as required for their usage.
That may be a valid point, but it is off topic with respect to both the article and my post, which relate to the cost of ESU, which is only offered to business.
EDIT: See Chris Evans post further down. Don't know if MS will honour it, but the Reg were reporting ESU is offered for retail customers, but not at the prices for business.
It's going to be fun watching this battle between M$ & commercial users play out. Large enterprises will, I expect, force some concessions from them but it's the small businesses I suspect will suffer the most.
Single traders may well shift to Linux if they are, or have a family member who is, technically savvy.
I'm just a bystander having retired from work & been M$ free @ home for about 20 years (Red Hat->Mandrake->Ubuntu->Mint)
This is a new and interesting tactic for attempting to extract ever increasing amounts of cash from their customers. Presumably if Windows 12 is the first OS you buy, you'll have to pay for Windows 11, 10, 8, 7, Vista, XP, NT (all versions), 3, 2, and 1 too. Because OS upgrades are "cumulative" too.
They know they can get away with pretty well any level of customer abuse by now. Perhaps other countries should take a twist on Trump's Fentanyl policy, impose tariffs on the US until they stop shipping Microsoft products.
> Year 4 the heavies visit to break your kneecaps.
All they need to do is supply updates that make the computers slower and slower. If you pay for the updates, you'll also pay for them to slowly break the machine more and more.
That's been standard practise for Solidworks for years.
If you let the yearly support subscription lapse (which stops you getting updates) then want to renew it later to upgrade to the latest version. You have to pay for the cost of the support subscription of intervening years you missed (up to a maximum of three years) PLUS the cost of the following year which the new subscription covers.
The ESU program money is a drop in the sea for microsof.
The ESU pricing scheme has always been designed to (cattle-)prod orgs to move to the nextversion of windows (in this case win11) ASAP, not lo let orgs live confortably in the non-supported version.
If you use common sense and a good anti-virus / anti-malware package, you shouldn't to worry about the support costs. Common sense technique such as not clicking on every URL that appears on your screen. Checking the real address of email senders (decent email clients will show the sender's address when you hover the cursor over the sender name) not opening every email attachment, et cetera. Following these common sense steps has protected our network since the mid 1990s when it was set up. The only time it didn't was when my six year old daughter forgot. We lost AOL access for a day so no big loss.
What makes anyone think that W11 will be any more secure than W10?
Whenever M$ have released a new version of Windows it's always come with a whole new set of security issues, never mind updates being incompatible with existing hardware.
In addition, the majority of cyber attacks that I've seen have been due to uneducated users downloading emails containing malware or else clicking on fake websites thus opening the door for the hackers.
SWMBO worked for our local council and their computers went down for a week following someone opening an email which was allegedly an invoice but in fact contained a link to a malicious website.
"In addition, the majority of cyber attacks that I've seen have been due to uneducated users downloading emails containing malware or else clicking on fake websites thus opening the door for the hackers. SWMBO worked for our local council and their computers went down for a week following someone opening an email which was allegedly an invoice but in fact contained a link to a malicious website."
Well that's STILL Microsoft's fault in enabling that to happen, not the users. People would routinely expect to open attachments containing invoices - or orders, or anything relevant to the organisation. What sort of shitbag OS allows itself and the whole network to be compromised by an end user doing something they have to do as part of their job? Rhetorical question, we know the answer. And before anybody tries "users need to be educated..." I'll just say that's a losing strategy, we'll never reliably train Alice in accounts payable to read URL's carefully. Even the IT pros are at risk of look-alike domain names.
The defence should be a secure OS and a secure browser. Instead we end up with crap like Copilot, a steady drift towards cloud delivered apps, forced upgrades to both hardware and OS, and yet still the same shonky, poor quality, insecure code, and even for the mediocre extended "support" that MS offers, rip off pricing.
Let me rephrase your question:
What makes anyone think that WinXP SP2 will be any more secure than Vanilla WinXP?
What makes anyone think that WinVista will be any more secure than WinXP?
What makes anyone think that W10 will be any more secure than W7?
Having said that, in theory Win11 has more defenses turned on by default, and security improvements under the hood
In practice, the only benefit is that Win11 vulns will be patched as discovered, while Win10's will not, as many of tyhe security features of Win11 are already present in Win10 (just sometimes turned off)... EXCEPT that, thanks to the mandatory use of HVCI and MVEC in the driver stack, "bring your own vulnerable driver" type of attacks will be much less devastating.
So, they sued Google for monopolizing search but they have zero problems with a company that behaves as if it is a virus when it is turning off what the user (and OWNER OF THE MACHINE) has turned on, introducing "feature updates" that allow it to take yet MORE of your information, and decide to change your desktop wallpaper to an advertisement? This is done while any user with common sense realizes they are only doing this crap because they are ALLOWED TO DO So by the stupid people in government who do not put privacy protections in place for citizens like the UK has done.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
