The Perils of Running Antiquated Operating Systems (I’m looking at you, XP users!)

It is easy to forget that Windows XP will turn a decade old this fall. That is long run for an OS, and technology has continued to march on, yet many people still cling to XP. It is easy to see why. It was one of the more nimble and stable desktop OS releases that Microsoft has ever had. Being based upon the NT kernal, rather than DOS, it stood heads and shoulders above the old Windows 95, 98, and ME releases. Basically Windows 2000 Workstation with added MaxOS X inspired eye-candy, XP was a solid OS. When its successor, Windows Vista, was released in the fall of 2006, it was less than a resounding success. Sure, it was shiny and modern, but it was a resource hog with steep hardware requirements, and less stable than its predecessors. (To be fair, the latter issue was resolved with subsequent Service Pack releases.) Microsoft’s current desktop OS is Windows 7, which is essentially a souped-up Vista Service Pack, tuned to address many of the performance issues associated with Vista. It is a very nice OS, and Windows folk really should be using it, but a lot still aren’t.

I mention all of this because I ran into an issue last week caused by people clinging to XP. A user of my Exchange system (a Mac user running Outlook:mac 2011 – and yes, I have plenty of criticisms for that product as well) had found that some of the recipients of his digitally-signed messages could not read those messages. It turned out that the common factor amongst those recipients was that they were XP users. By default, when someone digitally signs a message using a personal cert on Outlook 2011, it uses SHA512 (a subset of SHA2) for its signing algorithm. But, as it turns out, the signing and encryption libraries in XP SP2 or earlier can only deal with messages signed using the SHA1 signing algorithm. XP SP3 added SOME SHA2 support, but it is quite limited.

http://blogs.technet.com/b/pki/archive/2010/09/30/sha2-and-windows.aspx

So, if you are an XP user and can’t read a signed message, you’ll have to ask the sender resend the message either unsigned or signed with SHA1. And consider upgrading. Please.

Leave a Reply