Should OS makers, like Microsoft, be legally required to provide 15 years of security updates?
15 is an arbitrarily long time. I think forcing it to be open sourced upon the companies end of life is the better option
Submitted 2 weeks ago by SleafordMod@feddit.uk to technology@lemmy.world
https://www.theregister.com/2025/09/16/campaigners_urge_eu_to_mandate
Should OS makers, like Microsoft, be legally required to provide 15 years of security updates?
15 is an arbitrarily long time. I think forcing it to be open sourced upon the companies end of life is the better option
Then you can have a company that acquires the original failed company and provides “support” in the form of one bugfix per year.
All of these solutions are gamable except for requiring that the solution be open source from the get-go.
Or legislate that unsupported software becomes public domain or is open for development and the public can try and make the updates themselves.
Forcing people to upgrade entirely depends on the nature of the upgrades and the motive of the company. What we need is competition so there are alternatives for people to use if they don’t want to upgrade. But somehow Microsoft is not considered the monopoly of the PC OS market, despite being a monopoly, and uses that position to force changes nobody wants but them, like turning window into an AI data farming scheme that violates user privacy.
Mandatory open source public domain release at EOS.
At Win10 EOS, people would make Windows distros, and ReactOS would no longer have to be a clean room implementation.
Also this would be a success for Stop Killing Games.
Or legislate that unsupported software becomes public domain
Solves a lot of issues.
This is stupid.
15 years is a massive time to just update your OS.
15 years ago instagram didn’t exist, the iPad was new, and people were just updating from Vista to Windows 7. I think Hadoop was just created then.
That is a massive amount of time to support software that would have almost no architectural protection against things like heartbleed.
"Microsoft’s decision to end support for Windows 10 could make 400 million computers obsolete
This is more stupid, and I absolutely agree it shouldn’t be legal, mind you this is not update to a new OS, like is common on phones, but mostly security updates.
I think I’d prefer if there was a minimum updates guarantee that OS sellers would have to disclose, but even then I’m more in favour of other companies being able to pick up the work by making sure devices have their bootloader unlockable after they don’t get any more updates for X amount of time, rather than add burden to OS makers, because forcing people to support a project for Y amount of years would really harm indie developers releasing Linux distros and the like
Instagram has existed for 14 years and 11 months. I think you might be pushing it on the not 15 years.
But more importantly though, Windows XP was supported for 18 years…
So it’s not like it can’t be done.
My ThinkPad x230 will soon turn 13 (since it was manufactured, I picked it up second hand from a business that went bankrupt). It’s still alive and kicking, just not with Windows. The hardware is dated, but for what I do it’s good enough. I only replaced the battery and the screen. I don’t care for instagram or any of that crap, this machine chugged along for 13 years, it will chug at least for another 5. Don’t let hardware manufacturers normalize dunking perfectly capable good hardware into a landfill because it hurts their profits. If you need any further proof just look into the old Apple hardware modding and some of the stuff they pulled off.
Windows used to support really old hardware, I believe more than 15 years old until they introduced the new requirements for particular CPU models and TPM 2.0 chips. If anything, I feel that 15 years is too short. iPads and Hadoop have nothing to do with PC hardware.
15 years is a massive time to just update your OS.
The last version of Windows 10 (22H2) is nothing like the RTM release from 2015 (1507). 1507 still has Cortana and their failed “Continuum” concept.
Essentially we are asking Microsoft to support Windows 10 22H2 for another ~5 years, which is reasonable considering 22H2 is a just under 3 years old.
And yet people are bitching because Windows 10 is getting cut off after 10 years of support. Raise it to 15 and people will just bitch at the 15 year mark.
I think major factors in people bitching about the Windows 10 EOL is that a) Windows 10 was explicitly marketed as the final version of Windows and b) Windows 11 is so unappealing that even companies are reluctant to upgrade.
Normally, that wouldn’t be a big problem. We had dud releases before. Windows Vista had few friends due to compatibility issues but was workable. Besides, 7 was launched shortly after Vista’s EOL. Likewise, Windows 8’s absurd UI choices made it deeply unpopular but it was quickly followed by 8.1, which fixed that. And Windows 10 again followed shortly after 8’s EOL (and well before 8.1’s).
Windows 11, however, combines a hard to justify spec hike with a complete absence of appealing new features. The notable new features that are there are raising concerns about data safety. In certain industries (e.g. medical, legal, and finance), Recall/Copilot Vision is seen as dangerous as it might access protected information and is not under the same control that the company has over its document stores. That increases the vector for a data breach that could lead to severe legal and reputational penalties.
Microsoft failed to satisfyingly address these concerns. And there’s not even hope of a new version of Windows releasing a few months after 10’s EOL; Windows 12 hasn’t even been announced yet.
It’s no wonder that companies are now complaining about Windows 10’s support window being too short.
Better laws would be:
That sounds like an insane duration, even LTS distros are not usually anything like 15 years
this isn’t about the age of the OS, it’s the age of the device. I can install linux on a device from 20 years ago if not more.
Ahh, so the win11 arbitrary hardware requirements bullshit
I don’t know. just the other day somebody on lemmy was asking about installing a 32bit distro on an old netbook and the majority of comments were discussing whether there was any practical reason for distros to continue 32-bit support.
yeah but you don’t pay 150euros for it + all the ads and stuffs
but yeah, I don’t see the point of this, it’s clearly aimed at Microsoft, and at this point alternative solutions exist
I almost feel like the compromise we will eventually land on is that if an OS maker like Microsoft wants to continue advertising on your OS they have to take some liability for its security.
These multi-billion dollar corporations have more than enough resources to provide updates for 15 years.
There’s nothing insane about it, unless you’ve been conditioned to live vicariously through business owners.
Pretty sure postmarketOS isn’t made by a multi-billion dollar corporation. Such a requirement would mean ONLY multi-billion dollar corporations can release an operating system. You do not want to give them that power.
There are companies still running XP.
They didn’t say you could do version upgrade…
What we REALLY need is to curb microsoft’s market dominance. If more alternatives for OS and usable replacements for MS office em would exist, this would not be a problem and would not need to hamper innovation for the sake of back porting (the main counter-argument as a dev).
Linux and all its flavors?
What’s wrong with libreoffice or anyoffice? For a large percentage of users, Linux is fine, especially as many applications have an online option. For the stuff I do, in Linux, online Office is more than sufficient.
An org I work with provides me with a 365 license, but I I’m more comfortable in Libreoffice.
Office is used bythe majority, but majority doesn’t mean they are right, they are simply more.
The jank oh my god the jank
LibreOffice is okay for some stuff, but shows its limitations pretty quickly once you use it for more serious tasks.
The only things LibreOffice has going for it, is the price and that the UI doesn’t change. LibreOffice has no good mobile apps.
Better alternatives to Microsoft Office are Google Docs etc. and Apple’s iWork suite. Both have good compatibility with Microsoft’s files and run great on mobile.
Google has ease of use, easy sharing and collaboration. Apple’s iWork has great usability and features and produces beautiful results by default. The suite comes free with every Apple device. Google Docs is free to use as well.
That’s of course ignoring the workhorse called Outlook. You can kind of approach its features with a handful of other applications, but won’t reach the same functionality.
LibreOffice has one unique application in its suite: Base local database. Microsoft Access and FileMaker used to very popular, but faded into the background over the last decade.
Hmmm, I don’t agree. The trend is in the opposite direction. Microsoft Windows used to have a larger market share and supported hardware indefinitely. Now that their market share has shrunk, they are also limiting support for older hardware. This only shows correlation, not causation, but it does show that more competition has not improved the issue and that we need laws to do that instead. MacOS, the primary competitor to Microsoft Windows which also has Microsoft Office available, only supports their hardware for 6-8 years as well.
I didn’t go into the specifics but I was thinking more in line with prosumer friendly linux distributions that can be dropped in to replace win 10. I know stuff like linux mint exists for that case.
Please mandate open bootloaders on devices, that’s what we truly need.
15 years is too long, it doesn’t match the state of the industry or technological progress.
If anything this slows down innovation which leads me to suspect the 15 year idea was though of by someone who dislikes any technical changes.
15 years is actually reasonable.
I have a ten year old laptop with an i7 processor, 16 GB RAM, and 1 TB SSD. It still does most things, I bought it for initially just fine. Granted this was one of the best laptops you could buy at the time.
Apple stopped supporting it with a current version of macOS a couple of years ago sadly. It’s still possible to patch newer versions to install and run on the old machine, but it’s a bit of a hassle.
Are we talking OpenCore Patcher? I was actually planning on trying that for my Early 2013 MBP, but I’m leaning more towards some Linux distro now, for the longevity of it, though I haven’t yet figured out which distro supports my MBP the best. Got any recommendations to share on some of this?
But unlike server aided services an OS still keeps working. You can use that PC for 10 more years, if you like.
I think there’s a discrepancy in the understanding of ‘support’ and what it entails in different technology fields. Demanding to receive NEW features for decades is not feasible in the current economic environment.
Before Microsoft demanded TPM 2.0, you could install the latest version of Windows on extremely old hardware. Easily reaching that 15 years. We had this already. And Windows 11 can easily run without TPM 2.0. Microsoft just has business reasons to demand it. So I don’t see how innovation is slowed down by this.
Or an established player in the market that wants to keep competitors out (but I guess in a way that is someone who dislikes change). While legislation like this can sometimes be great (e.g. the recent changes forcing longer support for mobile phones) there comes a point where it cuts the other way and it becomes an entry barrier.
Imo the better solution would be to legislate what happens after support ends. Like forcing the disclosure of at least some documentation that allows others to continue servicing the product or at least transfer out data and install other software on the device.
15 years is too long, it doesn’t match the state of the industry or technological progress.
How is this too long? I would consider it a reasonable amount of time to receive security updates on a computer.
I have a notebook that I bought in 2012. It can run Ubuntu LTS 24.04, which is supported until 2034, without issue. There is no indication that the next release will stop supporting this hardware. I don’t see why Microsoft couldn’t provide this.
Outside of aero and financial where it’s not uncommon for this to use 20+ year old tech.
If something isn’t hyper critical 15 is way too long
Pretty sure Rocky Linux provides updates for 10 years.
It’s not asking too much for multi-billion dollar corporations to provide 15 years of updates.
They have more than enough resources.
IBM providing 10 years for RHEL is doing most of the heavy lifting in the case of rocky linux
Fair like imagine if Microsoft was forced to support windows 8 for 15 years, a operating system people barely use, also some OSs arnt ran by huge companys
Dude, I’m so ready. Linux supports processors that old, by enthusiasts for free.
This would almost certainly rule out Linux as an option. What Linux vendor feels comfortable committing to something for 10 years?
Because Linux is free software, we can implement the fixes ourselves.
Doing so with Windows or Crapple would literally be illegal.
Just require any new operating systems to support 15 year old hardware. We should require manufacturers to provide 15 years of UEFI and firmware updates too.
That is way more sensible, than the other way around.
No, OS makers should just not make their OS bloated with useless shit, stealing your data and have arbitrary system requirements. I think 15 years of OS updates is excessive unless we’re talking about servers or very specific workflows. IMO 5-10 years is enough.
I agree with most of that, but there are loads of embedded systems still running the equivalent of Windows XP and they’re chugging along just fine. That OS still receives updates and ending that would break a lot of backend stuff. Mostly banking.
Boeing just started making planes which don’t rely on floppy disks for updates. That will continue on the older part of the fleet until it’s no longer feasible to procure the disks or the planes are no longer airworthy. I mean, why not? If you only need to store a few mbs for something critical, it’s not a bad choice of medium.
If a system is reliable and works for decades without complaint, there’s no need to fix that.
5 years for basic and 10 for lts seems fine. 10 years is a fucking long ass time.
Nothing says ‘circular economy’ like Microsoft stranding 400 million PCs
This might be a silly question but would this not be a good idea for a start up company that recycle computer parts?
I have no sympathy for anyone using microsoft products.
They made their bed, now they get to sleep in it.
This seems backwards. Let’s just assume we’re always going to be willingly beholden to tech giants, and so we’re going to pass a law to make our masters treat us well.
Maybe instead campaign for a law that says all publicly funded computer resources must be reliably usable for 15 years. So you either go FOSS and save money too, or you get guarantees in writing before you hand over your hand over money to the people who won’t even let you see what their code is doing on your hardware.
This is a prime example of legislators not understanding technology.
Of course. Make another regulation only big corps can follow. To punish them, of course. This is punishment.
Microsoft’s plan to end Windows 10 support next month — which may make an estimated 400 million PCs obsolete
I don’t get this. Can’t those PCs update to the new version? Yes, I am very aware that win11 is a shit show and win10 was better.
But Ubuntu also has a similar support policy for updates:
Ubuntu LTS versions get five years of updates, while non-LTS only gets nine months.
Would all the Linux versions out there going to be subjected the same 15 years of updates??
What would that mean for Linux distros? It seems like it could be a law that cuts off the competition. Like amazon who is very selectively for better working conditions when the know that no competitior can fulfull them.
I think Microsoft should be punished with forcing to release the Windows kernel source code.
If the EU is going to pay for the developers, sure. I’d even go higher and say make it 50 years. Otherwise make your own OS or use Linux.
European e-waste campaigners are calling on EU leadership to force tech vendors to provide 15 years of software updates, using Microsoft's plan to end Windows 10 support next month — which may make an estimated 400 million PCs obsolete — as a textbook case of avoidable e-waste.
Windows 10 has already had 10 years of support. ESU extends this one extra year. If you have hardware that cannot meet Windows 11's requirements, there are other OSes available that will happily run on that hardware. Which is what brings us to the real issue.
Microsoft's near monopoly on consumer grade PCs and Apple's vendor lock in. This is the core issue.
Companies can do this because there are no regulations to stop them. We call on European Commissioner Jessika Roswall to introduce EU Ecodesign requirements for laptops, guaranteeing at least 15 years of software updates. No more devices designed to break or become obsolete before their time
Ten years is a very long time for support. If you need support past that length, you need a different OS. Apple does good to keep Macs made in the last five to seven years still able to run their newest OS. They are some of the worse offenders on this. But even with a different OS, there's still a limit to how far you can take hardware. You could put the best optimized software on really old hardware and that won't change that the underlying CPU is old.
The older hardware gets the harder it is to keep supporting it. Case in point, there reason you can't get TLS 1.2 that pretty much every site now requires onto Windows 95 era machine is the underlying hardware cannot keep up with the required computational needs to support that encryption. And if you happened to install Windows 95 onto modern hardware, the number of changes to the OS to get access to the underlying hardware is pretty much an upgrade to Windows 7.
Ten year old machines are doing alright for the time being, but we have to move on. TLS 1.3 is here, has been here since 2018. The stricter requirements for security, require more advanced hardware.
And I just mention TLS as a single example of what we're talking about here. Modern hardware advances and attackers and users get those at the same time. While software security schemes do ensure security long after the hardware has become dated, there's a point where it won't matter anymore what software you toss onto the machine. It's just so out dated it doesn't matter, no software is securing it. Now that's usually a lot longer than ten years, but it's not much longer.
You can take a very lightweight Linux distro and pop it onto a Pentium 3 machine. It will technically run. But you are lacking SSE2 and even if you recompiled to remove SSE2 optimizations and strictly held to 586 ISA, you're not going to enjoy the performance on the machine. For even the most simple tasks like unpacking a 7-zip. You will fare very unwell to some attacker who has a modern Threadripper machine.
I love old machines but the rest of the world is moving forward. Yes, software could technically cover for more than ten years, but not much more. But it's silly to think that a Athlon 64 (2003), the oldest CPU you can technically get working on Windows 10 because of the NX bit requirement, would be able to keep pace on today's multi megabyte sized website. Hell even the X2 models that were the first to be "dual core" would have issues with how modern web browsers handle things because Athlon 64 X2's model for multiple processors is vastly different than how modern CPUs do it. It wouldn't take anything for someone to feed it a website that would bring the system to it's knees.
The thing is 15 years a very long time in the world of technology that's ever evolving. Software can only go so far. 15 years is absolutely you need a different OS if that's your requirement territory. But when you start hitting 20 years, your going to see breakage no matter what software you throw at it. It might be very slight at the 20 year mark. but each year after that it's going to become more pronounced.
This will kill small firms developing new OSes.
This comes after e-waste watchers revealed that 75 million iPhones could be rendered obsolete – tipping the scales at around 1.2 million kilograms of e-waste – following the release of iOS 26.
Not strictly true because the phones they counted here will still get security updates for 2-3 years AFAIK. 7 year old phones, mind you. But yeah, no more feature updates. Which are so meaningless these days anyway.
No. Maintain your own OS. Any country or group of countries should be doing so.
15 years. 15 years. She got one of your kids got you for 15 years
People have had plenty of time to upgrade. 15 years is an incredibly long time to be supporting an OS. Even RHEL doesn’t do that.
Lifetime for security. Other features (new drivers...) you can pay for, but security is lifetime. You need to escrow enough money to provide this service or prove that nobody is using the OS.
All services required for use of the device are also lifetime - though they may charge a subscription price so long as that price is clear to the customer before the first sale and prices go up by inflation only. After 15 years they can drop the service if it is easy for a "normal user" to switch to a different subscription provider; and all source code required for someone "skilled in the art" to create and maintain their own service provider is publicly released under terms that allow modification and redistribution was released at least 5 years before killing their own service.
You are allowed to drop support for any protocol that is not latest recommended state of the art so long as you maintain what was recommended at time of release. If a newer protocol comes out you need not support it. (Which is to say you can be IPv6 only today, and if the internet switches to IPv12 in the future you don't have to support that)
The above applies to anything network connected. OS, web browser, Security camera, thermostat....
Why only 15?
Petter1@discuss.tchncs.de 2 weeks ago
I would prefer if they force the companies to unlock root and boot-loader, when they not ship new OS anymore for a device.
WhatAmLemmy@lemmy.world 2 weeks ago
Fuck it. Force them from release sate. There’s no reason for them to dictate what you can and cannot run on the hardware you purchase. If they can’t compete by providing a better OS or software, and must rely on anti-competitive models to profit, then they don’t deserve to waste the planets resources.
Petter1@discuss.tchncs.de 2 weeks ago
Fair enough, just thought proposal above would have higher chances to get approved 😇
interdimensionalmeme@lemmy.ml 2 weeks ago
Abandonware must be open sourced, publishing a new version doesn’t count as a exception.