Submitted by With Windows XP SP2 support ending in three weeks, a new report highlights the security risks that come with running an unsupported service pack.
With Windows XP SP2 support ending in three weeks, a new report highlights the security risks that come with running an unsupported service pack.
It’s cloudy, rainy, sunny, hummid, dry, cold and hot. Next we will talk possibility that sun might raise from east and go down on west. Shocking isn’t it.
Windows XP is a 9 year old OS, and compared to todays latest OS’s even with the security mechanisms added into SP2 or SP3, it isn’t nearly as secure as Windows 7.
At this point of time, businesses which require good security should probably upgrade their systems anyway.
Easier said than done, especially if they rely on older proprietary software that is no longer being maintained at all and don’t have the hardware to run a virtualized XP instance very well. Compatibility mode doesn’t always work either. I agree that upgrading would be best, however company managers have this problematic tendency to wait on upgrades until they absolutely need to. Of course, this usually results in higher costs for the upgrade in the end, but most of them don’t seemed to have learned this. Add an ever tightening budget into the mix and… well, you get the idea.
I don’t really think the real risk, when it comes to XP security, has ever come from the corporate world though. The good majority (though not all) of businesses have staff that properly lock their computers down. The real security risk when it comes to XP has, and will continue to be, the pirated copies of XP that cannot receive security updates (idiotic decision from Microsoft on that one). It is those copies of XP, often run by home users and installed for them by wannabe geeks who think they’re awesome because they can use p2p, that have caused the real malware problem for XP. They run the malware, it spreads to those non-pirated home users that don’t know how or are afraid of updating, and it spirals out of control from there. This situation could result in any proprietary os if the vendor withholds security updates from pirated copies. Fortunately, Microsoft seems to have learned their lesson, as they’ve stated that they won’t withhold essential security updates from any copies of Windows be they genuine or not. That, plus most home users buying a new PC every few years and thus upgrading to a new version of Windows, should at least lessen the security risk for those running a properly maintained XP system.
At this point in time, businesses which are upgrading their systems for security reasons should probably consider a massive-cost-saving move to Linux at the same time. Just as many other businesses and organisations have already done:
http://blogs.techrepublic.com.com/security/?p=3872
http://www.linux.com/news/featured-blogs/185-jennifer-cloer/321006-…
http://www.focus.com/fyi/information-technology/50-places-linux-run…
http://www.linuxlearningzone.com/ubuntu-linux-is-prime-time-for-you…
Seriously. An ever-increasing number of businesses and orgainsations, across a broad range of business types, are moving wholesale to Linux. It is kind of an open secret that certain interests don’t want people in general to know about. Some whole countries are moving to Linux.
Save serious money on prevention of losses through avoidance of security threats that only target Windows, avoidance of costs of provision of additional security measures, software acquisition costs, software license complaince costs, software maintenance and upgrade costs and increased software reliability.
Linux is already dominant in several behind-the-scene roles, including embedded systems (such as TVs and media players), mobile devices (phones, tablets etc), network infrastructure, servers and supercomputers, and now the whole market (including desktops and notebooks) is starting to open up.
For example, this looks like it might be a nice portable device to give out to your mobile staffers, an ultraslim dual-core ARM smartbook. 8 hours continuously on. Up to 7 days standby:
http://www.handlewithlinux.com/toshiba-android-netbook
Android OS. “The Linux netbooks are coming”.
Edited 2010-06-23 00:22 UTC
What about the massive costs of retraining your entire staff on how to use their computers, as well as the increased costs due to increases in helpdesk and IT usage? I’d say that would be just as much, if not more, than new hardware.
Linux is not a magic elixir that magically saves money, it has costs associated with it, it just moves them from the OS and hardware(somewhat) side of the equation and moves them to the support and staff side.
Not an argument / False argument.
Either you pay for training on how to use the ever changing appearances of microsoft products. Or you pay for training on how to use a certain linux flavour. So what?
Next: You can get commercial grade linuxes at no monetary cost. What you save there you can invest at another point, e.g. commercial linux support (just look at some computer magazines, where a lot of consulting and support is offered), or training. Or some pinches of beer the day after upgrade.
“Linux is not a magic elixir that magically saves money, it has costs associated with it, it just moves them from the OS and hardware(somewhat) side of the equation and moves them to the support and staff side.”
It is indeed new to me that windows servers run out of the box, without the need for maintaining and support, and staff and upgrades.
Edited 2010-06-24 08:36 UTC
Computer magazines? Yeah, ok, whatever.
I’m not talking about the IT staff, I’m talking about the users. They need to be retrained. or are you one of those IT guys that don’t care about your users? Training is not cheap, and a one day training session isn’t going to cut it. They would have to be trained on not only the OS, but whatever apps they use. Oh, and what about all those access DBs, small VB apps and what have you kicking around any medium/large business? They’ll have to be rewritten too, or run in a vm, which further increases support costs (A vm is still a computer, and can catch viruses, have configuration issues, whatever)
IT helpdesk costs would increase because calls to the help desk would increase, at least in the short term, as users figure out how to do their jobs. Add in the cost of the time lost due to the retraining, and you have a situation where at best you save enough money to break even.
I didn’t say it wouldn’t work, or couldn’t be done, I said it isn’t free, and doesn’t magically save money.
Edited 2010-06-24 09:56 UTC
Of course the whole linux thing is not applicable to every established company structure.
The thing made of paper or available online that covers topics related to computers and IT. Often contains advertisements. You are posting in one-of-many right now.
Reviewing your post, you neither explicitly talked about users, nor explicitly about IT staff.
When one of my most non-nerd friends (i.e. a prototypical end user) switched to a GNOME based Linux OS, transition was easy. Basically, it was a move from [Start-Menu]->[Programs]->[Vendor]->[Vendor’s application] to [GNOME-Menu]->[Topic]->[Application]. For most end-users, the differences between OOCalc and Excel are subtle at max. Not to talk about the situation where they are already used to Open Office.
Apart from that, many large enterprise applications are running on multiple operating systems. And a lot of applications are already running on some Unix, IBM, or Linux, and just the terminal-windows run on windows (this is e.g. the case in many german department stores). So, often, windows is just the host.
Users also have to be retrained when switching to yet another anti-value-added version of MS Office. Nobody says they must the damn switch right now. But maybe a tip before the next office revision.
And didn’t Lemur2 state
, which is btw exactly the quote that you are basing your lamentation on, with (*) == upgrading Windows XP to a newer OS? -> Now if you insist that moving users from Windows XP to 7 is less difficult then from Windows XP to some Linux, then I must question your integrity.
Users don’t have to know about filesystems, symbolic links, backups, makefiles, package management, et cetera.
So the gross of the (short term) transition cost will be in infrastructure, not users.
I think you are one of those IT guys who think they are infallable, as in
Not any, but some.
That’s horrible. I wonder why those so-called “virtual machines” have a big market … if they still can catch viruses. … Possibly because they allow for smooth transition? Possibly because they reduce hardware maintaining support (spare parts)? Possibly because hardware is not in danger anymore? Too many reasons to see how any of those is a good one?
Fascinating.
As you seem to be very informed, you prolly know
* http://www.dwheeler.com/oss_fs_why.html
* http://opensource.org/files/OSS-2010.pdf (very recent report)
Also, may I re-iterate the words “short” and “term” you stated, and express my dissapointment about the missing “long term” perspective in your rather informal reply.
And nobody claimed the opposite.
Edited 2010-06-24 13:40 UTC
First off, I did talk about users, when I said “What about the massive costs of retraining your entire staff on how to use their computers”
Is your staff not your users? They are the ones who have to use the computers to do their work. Sorry if that was not clear, but it seems clear to me.
What???? They do need to know how to use the damn thing, and if they can’t, then no work gets done. My users do need to know about network shares, accessing and mapping printers, remote desktops, using Excel, using Word, Brio, Access, Visual Studio, Dreamweaver, the list of apps that they use is very long, and they would have to be retrained in ALL OF THE EQUIVALENT APPS.
There isn’t even a good replacement for Access. If some or all your data is kept in Access/SQL Server DBs, then the cost of converting your data, has to be included, that includes technician time, testing alternatives, and rewriting in house apps.
First of all, we aren’t moving users to Windows 7 at this time, don’t make assumptions please. Second of all, we have been upgrading the hardware slowly in our department, as they are replaced through normal attrition, so now, we are at the point that when we do go to Windows 7, Our computers are up to the task. We have a hundred users, and we have a hundred computers capable of running Windows 7. Our locally installed apps, are capable of running in Windows 7, and the interface is pretty similar to XP, compared to Gnome or KDE.
It is less work to move from XP to 7, as most apps will work just fine, and the retraining is minimal. It also doesn’t hurt that most of them now have Vista or 7 at home at this point.
Trying to make the differences between XP and 7 sound bigger than they are make me doubt YOUR integrity, or your intelligence.
You want long term, the users themselves may have many years, sometime decades experience with Windows and Office. Only a fool upgrades apps with no business case. Only a fool changes the entire OS and apps for their organization and doesn’t take their users into account.
We use Office 2003 here. Before that we used Office XP, and just finished upgrading a few years ago. Our users did not need retraining, as the versions are almost identical from a UI standpoint. Same with most of the other apps we use, we do not buy new versions because they are new, We buy new versions when their is a solid reason too.
The parent poster did.
I am a software developer and programmer, not system integrator / -admin / -operator, and we don’t have users around. And when you say “our entire staff” then that’s not unambiguous: Entire IT staff, or entire company staff, if any?
It depends. E.g. in small logistics companies, where there exist a few thousand in germany, so small that not even SAP Business one is small enough, you basically have to either use Excell or OOCalc, Softmaker based apps (available for Linux, too), or often enough a custom app written in “portable” Java. And with my open eyes, I’ve seen often enough the department store and windows-is-just-the-host thingy.
So really, we should both not lump together things. Sorry if I did.
See above. Sticking with my above example, users in logistics companies have to access network shares, too, they also have to save and copy files and so on. But this works vey similar on most Linux flavours.
And they still don’t have to know about the innards of installing file systems, the differences between ReiserFS and XFS. They don’t need to know the technique of hooking into network. If it is properly configured (isn’t it in your company? [serious question]), they just click their way through.
Possibly because Access isn’t really good in itself. And I don’t know many companies that use Access. Actually, the last time I’ve seen Access was in a school 5 years ago, for training Access usage. The school itself didn’t use Access for anything, but IBM based Linux machinery.
If.
Okay. So we have something in common.
Not wrong. So companies have to analyze whether Linux or any other system will improve their volumes.
Wait until most companies switched to Office 2007 +, everyone using Office Open XML. Then you are forced to switch (except when there are proper add ons), and you’ll see your users complaining about how shitty the new ribbon things are (“shitty” as in “I am not used to it”). Then you’ll have to retrain. Combined with having to upgrade from an no longer supported version of Windows to a new one, with large licensing volumes and immense hardware assumptions, the dreaded situation where a non-Windows-OS is worth a look comes nearer.
Wrong. He stated “cost-saving”, not “liberation of any cost”, and linked to some articles, of which none mentioned that a buzz linux installation is completely free.
Edited 2010-06-25 08:42 UTC
quasi-edit:
One thing that struggles me is that archivists over the world who used to use MS Office or other closed products (or still do) have severe problems conserving data over the longer term, for several reasons, including licensing issues, software no longer being available, data not importable into current versions, etc.
* http://larchivista.blogspot.com/2010/06/nyacartny-open-source.html
And when I think about how many companies archive their business data and fall into the trap of using proprietary formats, …
And OOXML won’t come to the rescue here, as it is impossible to implement for most software vendors, proprietary or not.
Microsoft Is providing support i.e. security updates etc. for Windows XP for almost 13 years an eternity in the IT world. That is from 31/12/2001 to 08/04/2014.
Windows Vista extended support to 11/04/2017, Windows 7 extended support 14/01/2020.
In Comparison .. Ubuntu LTS, you have 3 years support on a desktop.
I pay a little more and get 10+ years or pay nothing have to retrain everyone and get 3 years …
Ubuntu is only the tip of the iceberg (as seen by windows usrs) of available commercial distros.
A tabular overview for SUSE: http://support.novell.com/lifecycle/lcSearchResults.jsp?sl=suse
They offer 10 years of so called self-support as of product release. And here is what “self support” means:
* http://support.novell.com/support_options.html?tab=1
And there exist more commercial distros.
Edited 2010-06-25 09:15 UTC
Sidenote: For a more founded analysis, here are some links:
* http://www.dwheeler.com/oss_fs_why.html
* http://opensource.org/files/OSS-2010.pdf (very recent report)
Using one of your own articles:
“There is not much more room for Linux, as it already occupies a hefty share of the operating systems running in our data centers.”
Hmm… that is pretty interesting. Does this mean Virgin America are not, in fact, replacing all their desktops with Linux?
Servers are great, but servers are comparatively easy to manage because (A) only administrators have access to them and (B) there are fewer of them than clients.
It is very hard to manage 10,000 Linux desktops centrally vs. the same number of Windows ones.
NIS is not a substitute for Active Directory.
If I wanted to ban a certain executable across the entire network, it takes a few clicks. Restrict access to apparently silly things, like the clock, so they can’t accidentally break tokens and certs that require proper time? Done. Set a company-wide desktop image? Homepage? Ban access to USB drives right now because of some specific threat (knowing I’ll also need to allow it again later). Require IPSec encrypted communications between certain hosts, auto-issuing the certificates so the user never knows the difference? Install and remove software on all my desktops remotely, at-once? Enforce particular firewall rules? Adjust password complexity, expiration and retention requirements for every one and every device? Set auditing rules across the whole organization for regulatory compliance?
I like Linux as much as the average person that works with it every single day, but replacing Windows on the desktop isn’t going to happen for a while yet in the corporate world just on management costs alone, not even addressing compatibility with existing software.
Google, despite being large, is ideally suited for things like dumping Windows. Their entire staff (including non-technical roles) will be in the top 1% of computer users. They always needed to test compatibility with a zillion devices and operating systems, and have hired people from many tech companies with long habits and skills with certain platforms, both of which would make it unlikely to have standardized on any one client OS (despite the cost advantages that other businesses get from doing that). They probably don’t rely on much proprietary software that they didn’t write themselves. They also likely have always viewed MS as a competitor rather than a vendor, and intentionally avoided reliance on MS products or services. With all that, they still aren’t standardizing on some version of Linux instead, because they aren’t standardizing. They forgo the benefits of that, but they also know what they are doing in the context of their requirements. Not everyone has the same ones.
Edited 2010-06-23 18:10 UTC
All reasons why I think embedded Linux in technologies such as Splashtop and HyperSpace could show some real potential in the near future. Projects requiring “heavy lifting” and that tend to be client-side anyways can be handled by an existing OS, and a good amount of office communications can stay within the embedded OS– a vertiable sandbox, as it were. I’ve worked in an office environment; I actually used Windows 2000 at the time and it suited most of my needs. There aren’t many offices that really need the latest Windows anyways.
Have you already tried Puppet ( http://en.wikipedia.org/wiki/Puppet_%28tool%29 ) or any of those: http://en.wikipedia.org/wiki/Comparison_of_open_source_configuratio… ?
And what part of the network infrastrukture runs on linux?
Do you realize the logistics and cost involved in this? As long as XP SP3 is getting security fixes there’s not much to be gained from upgrading for many (if not most) companies.
The Windows XP SP2 support doesn’t end. In fact, there is a service pack available for it.
Why would someone run SP2 anyway?
I’m actually surprised that Microsoft didn’t force the upgrade to SP3, by shortening the support period for SP2.