Well, as to what I “do,” I actually made a post about that to another commenter here:
http://forums.theregister.co.uk/post/776699 . My apologies for not rewriting the information in this comment, but it will be of sufficient length as it is.
As to what trigged my comment…your “opinion” was expressed not as an opinion, but as though it was solid, irrefutable, undeniable FACT. Two statements in particular that, if taken seriously, could lead junior systems administrators to make critical mistakes.
“Fact” number 1: “Undeniably there are apps galore available for XP that rely on the user being Admin, but there are very few that are irreplaceable, and still a good chunk of the remainder can be brought into line with a couple of crafty hacks easily found via a quick google.”
“Fact” number 2: “XP *can* be made just as secure with only the same level of commitment as most of the suggestions in the article.”
These are statements that aren’t merely opinion. They can be verified. You can measure it, test it, there are quantative and qualitative ways to determine the validity of these statements.
I will address “Fact” number 2. It is false. When I say this statement is false, I am not going to claim to be expressing an opinion. I state outright that it is a provable fact that Windows XP can not be made as secure as Windows 7. (The sole exception being if you were to remove both the power supply and network card from the computer.)
If you do not believe I have the relevant experience to make that claim, I would respectfully point you at the many and varied security companies around the world. There are whitepapers galore, as well as scientific papers published in IT security and cryptographic journals. NT6 is simply more secure than NT5. In fact, configured properly, (and if you stay the hell away from IE,) then NT6 compares favourably with both Linux and OSX for security.
If you choose to disbelieve the scientific evidence available to you, then I would strongly recommend you read this article http://arstechnica.com/science/news/2010/05/when-science-clashes-with-belief-make-science-impotent.ars at Ars Technica on the topic of Scientific Impotence. Even if you do believe the evidence, read the article anyway. It is both a completely excellent article, and relevant to the conversation.
Please don’t get me wrong; I am not a Windows 7 evangelist. In fact, I hate the blessed thing. I find the interface unbelievably irritating; like the ribbon bar, I prefer things “the way they were.” I resist the idea of “change for the sake of change (or new for the sake of new.)” I require a strong business case before I alter my ways. That said, there are an increasing number of reasons to upgrade to Windows 7, enough that unfortunately this year even I have to make the jump on my networks.
You have your personal experience with Bespoke and Industry-Specific Software (BISS), I of course cannot speak to that. If you have not had to deal with them much, then in my opinion, you are an exceptionally lucking individual.
As to “Fact” number 1, I must also claim it to be false. Given that I have not the resources to perform proper scientific studies with appropriate employed staticians, I must rely on the information provided me by those systems administrators with whom I maintain contact. While I recognise that my polling methodology is not completely randomised, (like individuals do have a tendency to congregate,) I have taken the time to collect my information such that I am comfortable relying on it, despite the partial lack of scientific rigour.
Here is the information on the BISS poll I conducted informally amongst the groups of systems administrators which whom I maintain contact. (This poll was conducted ten days ago as part of the research I did before writing this article.)
Group of sysadmins polled:
312 unique systems administrators responded to my inquiries.
These administrators are responsible for 542 unique networks.
Network size varies from 2 nodes to an estimated 15,000 nodes.
Respondents represent 12 different countries*
Respondents represent a wide cross section of industries**
Results of poll:
Of 542 networks, 218 ran BISS.
316 unique BISS applications were identified.
292 were identified as requiring administrative privilege.
93 were under active redevelopment or upgrade.
53 were from developers that could no longer be contacted.
All 316 BISS apps were considered critical.
All 316 BISS apps had no known alternative application.
275 were considered a threat to network stability.
*There is a disproportionate weighting towards the following countries: The USA, Canada, Sweden. (These three countries represent 48% of respondents.)
**There is a disproportionate weighting towards the private sector. (83% of respondents.)
This poll was run informally; I maintain contact with individual primarily through IRC, e-mail and instant messaging networks. There is a bias towards small and medium enterprise systems administrators. To get a proper poll and more importantly a truly proper analysis of the information provided, you would need to have it run by someone like freeform dynamics. This poll was conducted merely as an information gathering exercise so that I would not feel like I was talking out of my ass when I was writing my article.
So sir, if my perspective is skewed; there is all the information I can present to you about exactly how skewed, and what factors are skewing it.
I apologise if you felt that I was attacking you personally...I have no reason to attack you personal as I don’t know you. I do however have reason to attempt to correct false statements like that, as the articles I write, (and the comments I leave in my articles sections) are written with the hope that the information, ideas and opinions provided will help other systems administrators build better networks.
Normally an opinion expressed would not matter much; it’s just an opinion. In this case however two factors combined to cause me to respond, (admittedly perhaps too harshly.) The first being that your statements were made as statements of irrefutable fact. The second being that if anyone took your advice, (Windows XP is as secure as Windows 7, you can replace almost any BISS application with newer alternative,) then based on all the information I can obtain on the topic those systems administrators would very likely be sacrificing either a great deal of time looking for a BISS replacement that statistically isn’t likely to exist, or compromising their network security believing that Windows 7 offers no security advantages over XP.
For the record, I don’t work for Microsoft, or a company that makes any money selling Microsoft products to others. I am a freelancer for El Reg, not a full blown regular. To my knowledge have received zero information from my contact there about treating any topic lightly, talking up any product, company or organisation. I haven’t even been yelled at yet for running around the comment section taking the piss out of everyone and everything I encounter. (Somethign which I have been doing for years around here.)
So there you have it; this is every stitch of information I have available on the topic; you, and anyone else reading this article and comments thread can make your own decisions.
And just in case you forgot, you really should read this: