Sluggish corporates ill-prepared for death of Win XP SP2 support
It's been months coming but many organisations are ill-prepared for the end of security support for Windows XP SP2, potentially leaving a huge population of vulnerable machines for hackers to exploit. July's Patch Tuesday marked the closure of patching support for both Win 2000 and Windows XP Service Pack 2. From now on there'll …
I work for a very large corporate in the UK (poosibly the largest employer in the UK) and we've already instigated the upgrade to SP3. So your artical is partically incorrect, however you didn't say all corps so I'll refrain from flaming.
You mentioned that many large corps involved 3rd party companies to help with support and this can both muddy the water, and create longer gaps between roll outs. However this can also be affected by the IT staff ensuring that everything still works after the update (in the test enviroment) and not just rolling out a patch and waiting to see what breaks. Many corps don't go for the suck it and see approach. We tend to test shit before we break it!
It's worth noting though that the last major IT related headache we had ONLY affected SP3 machines and SP2 machines carried on regardless.
http://www.theregister.co.uk/2010/04/22/mcafee_false_positive_analysis/
So much for SP3 being progress?
I thought it was a little unfair to say we're "ill-prepared". Had you concidered that we might have more complex systems to test and work through compared to your average 10-20 employ company?
Paris cos Sp3 as secure as her underwear
Service Pack 3 has been out since 2008 so if your only testing now then, yes, you're ill prepared. I used to work for a large corporate too and I know how it can be with all the different software that needs testing.
But if you did not start testing until recently then you are ill prepared as you have not even planned to migrate.
From what I read of your your rant is that hey were doing this last minute give us time to test. In reality you have had the time you just have not done it or it took a back seat.
re-read my post...
"only testing now" i didn't say that. You assumed that.
The testing was done months ago..waiting for the 3rd parties input took time however we still moved on and my orginal point about the artical stands.
.
I don't believe them.
I've never heard of anything that was compatible with SP2 but not SP3. As far as I'm concerned, this compatibility thing is just a lie lazy sysadmins use to avoid working. Like when they claim solar winds erased the backups they never bothered making.
If you claim you can't upgrade to SP3 please resign and let me have your job so that I can do it for you. It's not even difficult.
<quote>
I've never heard of anything that was compatible with SP2 but not SP3. As far as I'm concerned, this compatibility thing is just a lie lazy sysadmins use to avoid working.
<\quote>
Well you have heard of something now. The wireless card in an Acer laptop I had, Inprocomm IPN2200, would not connect to WPA protected WiFi after upgrading to XP SP3, open or WEP and it would work fine, but not WPA. It needed a driver update to fix, plenty of info about it on web searches, and that driver update was not available from Acer, I had to find it through 3rd parties as Inprocomm no longer exists. I rebuilt the laptop recently and after updating the driver, then updating to SP3, on doing the Windows Update I was offered the old driver, so the fix was not even something MS or Acer knew about, I was just lucky there was one.
Now I appreciate that is just one laptop for one personal user, (well 2 as my father had the same model of laptop), so not much grief, well not now that I know the problem, the wailing and gnashing of teeth when I first updated was different, though it does show the risk of any problems is negligible. However if you are running say 100 machines for a big company, do you take that negligible risk that they will all work without problems and be happy to take 100 users, including the owner, banging down your door wanting it fixed yesterday and there is no known fix ?
I do agree that in the time frame they have that any needed fixes should be found and upstream suppliers harassed to get one as necessary.
I've a Gateway laptop that would not load its video driver under XP SP3. I had the latest drivers and the latest BIOS, but even with clean installs, SP2 was fine and then SP3 gave a black screen. I finally gave up and installed XP Service Pack 4, a.k.a Ubuntu 10.04.
I can understand consumer PCs being way out of date - but for companies to be so far behind seems unforgivable. Now, don't get me wrong, our main back-end system is based on a 30-year-old piece of software and THIS was updated with a new interface - in 1999. But these are back-end. The OS, the firewall, the anti-virus, the network etc etc are all up to date and fully patched.
The later operating systems require modern hardware to run them, whereas XP & 2000 will run on pretty well anything this century & for some businesses during the last few years, changing hardware has definitely been 'on the back burner', unless you really wanted to be 'let go'.
The other issue is 'will it fuck my third party hardware/software' & in a lot of instances the answer is yes.
So the option to keep what works for some commercial environments makes sense.
it seems amazing that any company would spend 200quid/machine upgrading to Vista and then another 200quid upgrading to Windows7, buying new apps and peripherals to replace ones with that worked on Windows XP. Replacing older PCs that can't upgrade, retraining staff etc.
All so that they can fill in their expenses spreadsheet with an Aero theme?
From a business case - exactly what can the majority of your users do on Win7 that they couldn't do on W2K ?
"From a business case - exactly what can the majority of your users do on Win7 that they couldn't do on W2K ?"
2 identical new laptops one XP, the other with 7, both quite high spec - guess which one ran like a slug?
it seems amazing that any company would spend 200quid/machine upgrading to DOS and then another 200quid upgrading to Windows3.1, buying new apps and peripherals to replace ones with that worked on Their old mainframe. Replacing older PCs that can't upgrade, retraining staff etc.
All so that they can fill in their expenses spreadsheet with a theme?
From a business case - exactly what can the majority of your users do on 3.1 that they couldn't do on the mainframe app ?
i had xp sp2 once yea it was great at the time then i moved to sp3 which was i guess a huge jump but now im no longer on xp it doesnt bother me if they kill the support for it. cause eventually everyone who has xp machines will have to make the jump some time. now i know why alot of companys are refusing to make the jump is due to the cost which isnt a suprise cause upgrading a os is alot of money to keep updating nevermind the hardware.
My previous employer only finished upgrading from NT to XP in 2008. It was a massive, expensive and time-consuming project because of the huge number of legacy applications that had to go through co-existence testing. Many business managers were less than impressed when told their working applications were not compatible with XP and they would have to foot the bill for upgrades. It will be a brave IT manager that proposes they upgrade from XP, incurring the cost of new hardware and software, for the dubious benefit of maybe being able to do exactly what they can do now.
of software perhaps they could consider moving to Redhat/Centos or FreeBSD/PC-BSD. Of course, for many businesses a thin client would work very well and older hardware could be then be re-used instead of the expense of new computers all around to run a power hungry OS. OSs need to be small, fast, and unobtrusive.
So what do companies that feel they can't move away from XP plan to do in the long term? Stay with it forever, all the time being overtaken by the new latest competition?
I really don't understand this fear of and resistance to change. It's unavoidable so why get stuck in your ways?
N2: After the installation of all the required programs and a month of use by a novice user my money is on the XP one.
you arent thinking of corporates tho.
i have to manage my tight as a ducks arse budget here. due to the recession money isnt thrown around any more (the boss hasnt even bought a new astin martin this year! poor sod ;))
how can i justify to him to spend ~£100 or so per machine that he will see no benefit from.
i like win7 - i use it at home, and its actually the only ever OS i have bought. but what does it offer a corporate? some better file handling? looks better? a round start button? none of that is of any interest to him. we will be on winxp until these shitty HP machines all die (and no, HP was specced by the guy before me. i wouldnt buy HP if you paid me - well, maybe if you paid me :))
So you think the switch from XP to Win7 is equivalent to the switch from VT100 -> PC ?
Perhaps sir should take a little water with sir's head cleaner?
The statement that "their systems will start to accumulate attackable vulnerabilities" is nonsense. The vulnerabilities have been present for the last 10 years and were attackable during the entire time. It would be more accurate to say that they "will be running systems with an increasing number of vulnerabilities which are widely known to hackers."
In the real world of work if systems are connected to the net at all then its behind some serious firewall equipment. You just won't rely on an individual's desktop system to be inherently secure -- no matter how much crap you put on it the mere fact it has a user is going to be a serious weakness.
So in the real world we discover things like NT4.0 still trundling along (I know someone who's using it). Software doesn't wear out, you see - if it does a job now then it will continue to that job for ever.
As for SP3, its not a very nice solution to a problem that doesn't bother a lot of people. Its a typical MSFT kludge.
"Moving to XP SP3 is simpler but still poses application capability problems that means many corporates have been slow to move on, especially in the previous absence of any compelling reason to upgrade."
Are there really app-compat problems going from SP2->SP3?
SP2 made quite a few breaking changes and was probably about as big a step as the move from 2K to XP in the first place. SP3 merely rolled up stuff that had been offered through Windows Update anyway. So its been two years now, it wasn't even new then, and it contains no architectural changes. What's the problem?
I agree with many people here many companies do not see the reason or value to upgrade to Windows 7 or even XP SP 3 for that matter. IT investment is not considered a high priority but when the end user is complaining that there system is too slow or constant network shutdowns due to virus, who gets blame; The IT Department.
Microsoft left Windows XP out to long and rushed Windows Vista out to soon, so now they are stuck with a legacy system that is not secure.
In the perfect world it would nice to just upgrade to Windows 7 but licencing costs downtime etc just does not make sense at this time.
If you haven't upgraded your PCs to SP3 yet 15 months after release then chances are you don't have a program for patching your computers either so not getting support isn't going to affect you because you weren't using the support in the first place.
All computers I manage were upgraded automatically by WSUS around 3 months after release of the service pack.
As others have pointed out, SP3 is mostly just rolling up of updates. I think I remember there being some epos software that had a problem with SP3 when it was released but this was subsequently dealt with.
Some companies have rules around releasing OS changes and having done full testing beforehand, especially for service packs. Large company, lots of apps/variants = lots of testing. SP3 came out in May 2008 and, given some of these companies may well have been attending to Office 2007 testing at this time, it's not really that surprising they haven't updated. It's really only getting an end-of-life because MS have released 2 OSes in 3 years and they want to cut down the support overheads and push 7.
This is going to be a disaster for many all because one company gets to decide what all the other companies have to pay and do. Linux and open source have many flaws as pointed out by the M$ apologists but these are slowly going away and hey if you have to run a 2.2 kernel due to app compatibility at least no one can tell you can't (unlike M$ who certainly would make it very difficult for you to procure a new server with win 2k on it). Both models have pro/cons but I am just glad both are ultimately choices for everyone.
When does Windows XP Embedded support finish? They've taken XP Embedded off the Windows Embedded front page and hidden the info somewhere, but I reckon it's got a few more years of support left yet. So the work to develop the security fixes for XP is continuing at least until XPe support finishes.
And why can't the non-embedded support continue that long?
Oh, that's right, because it doesn't suit MS's historic continuously-upgrading revenue protection model.
Well Bill, I got news for you and your successors: in 2010, the world doesn't upgrade Windows (and the underlying tin) just because you and your channel partners tell them to. The more sensible parts of the corporate world in particular want to see proper cost benefit analysis these days, and in general the MS-dependent ecosystem is no longer able to show that the benefits of upgrading routinely exceed the costs. Whoops. You can thank Vista for a good part of that urge to get off the continuous upgrade cycle, but it's been on the way for a while.
The MS channel needs to start thinking about the business value they can provide for their customers, and that no longer just means "massive discounts" on MS upgrade licences, MS-specific PC rollout services, and the like.
There be interesting times ahead for IT channel companies whose business plan is solely dependent on MS. There's a light at the end of the tunnel...
Download and rule!
http://www.microsoft.com/downloads/details.aspx?familyid=5b33b5a8-5e76-401f-be08-1e1555d4f3d4&displaylang=en
I work for an extremely well known telecomms company. The powers that be sent me the CD a week ago, insisting that the 50 machines here are patched by this Friday.
Of course, there have been no issues with any of the updates. Really don't know why they've left it so long.
I've yet to come across any compelling reason to change from XP to Win 7 at home or at work. Then again, I use Linux on my own machines.
There are a number of SP3 issues which Microsoft haven't yet corrected.
One is when a user with a mandatory profile logs onto the network for the first time and is forced to change their password. It changes it but doesn't load the rest of the group policy and the profile doesn't get deleted from the client and gets corrupted, preventing further logons.
XP64 doesn't have an SP3, what are we supposed to do?
