back to article THOUSANDS of UK.gov Win XP PCs to face April hacker storm... including boxes at TAXMAN, NHS

Thousands of PCs at Britain’s biggest public sector bodies will miss Microsoft’s April deadline to abandon Windows XP before open season for hackers begins. HMRC and the NHS in England and Scotland will still be running thousands of systems using Windows XP after Microsoft turns off the support lifeline on 8 April. HMRC has 85, …

COMMENTS

This topic is closed for new posts.

Page:

Silver badge

More time needed?

It's not as if they didn't know -- but planning more than a couple of months ahead would never get the budget as it's not a politicians knee-trembler of instant gratification.

In the meantime, while little work is done, huge teams of people generating excuses and finding ways to blame others are hard at work (and expecting bonuses)

5
3
Anonymous Coward

IE8?

Migrating from XP to 7 makes sense when you are a MS-shop, but why IE8?

Why not use the chance to at least go to IE9 or later?

10
0
Gold badge
Unhappy

Re: IE8?

"Migrating from XP to 7 makes sense when you are a MS-shop, but why IE8?

Why not use the chance to at least go to IE9 or later?"

Because you've probably bought the whole MS package and run all you server systems on IIS and your developers coded lots of MS specific stuff and now you can't get rid of the crap.

11
0
Anonymous Coward

Re: IE8?

IE8 would be a dream - recently I was working with "certain government departments" who refused to move off IE6 as it was too much of a headache to run an update program and get it CESG approved.

Ultimately it's not that big a deal if the PC's are never allowed on the internet (and restricted environments generally are not), and the multiple layers of firewalls are all configured properly.

8
0
Gold badge
Unhappy

AC@10:49

"Ultimately it's not that big a deal if the PC's are never allowed on the internet (and restricted environments generally are not), and the multiple layers of firewalls are all configured properly."

Wasn't the "multiple layers of firewalls" not being configured properly that let McKinnon into the DoD?

And that was an organisation that make annoying people it's business.

3
1
Anonymous Coward

Re: AC@10:49

I couldn't possibly comment on that particular event - but (and this is purely conjecture) if some bunch of idle slackers had done the job that they are paid very well for then it would not have happened.

1
0
Anonymous Coward

Re: IE8?

except that a big thing in HMRC a year or two back was the roll out of internet access at all desktops on the standard network.

Try a lunchtime browsing session with IE6 though and you'll soon give up, or resort to trying m. as a prefix rather than www.

3
0
Bronze badge

Re: IE8?

"Ultimately it's not that big a deal if the PC's are never allowed on the internet (and restricted environments generally are not), and the multiple layers of firewalls are all configured properly."

Except a dodgy USB stick can render all of this moot.

1
0
Silver badge

Re: IE8?

Except a dodgy USB stick can render all of this moot.

In theory you can disable such things. Obviously someone didn't, or at least not properly.

1
0
Silver badge

The XP cut off date has been known for *years*. Windows 7 has been replaced since, and is very stable (and was even 2 years ago).

So, why are these agencies all scrabbling around now, likely to miss the date?

2
2

Because IT departments are lazy and rely too much on the "If it ain't broke, don't fix it" mantra.

1
9
Silver badge

"So, why are these agencies all scrabbling around now, likely to miss the date?"

Because regardless what happens, nobody will be held to account. No sackings, no demotions, no personal fines or liability. If the local hospital get fined (eg, as they often do for DPA) what does that matter? It's only a budget transfer from one public sector body to another.

This attitude is to be expected in the NHS, given that the politicians and civil servants demonstrate leadership like appointing as NHS chief executive David Nicholson, one of those overseeing the criminal shambles at Stafford Hospital. Indeed, the c**t got a knighthood after his culpability for that was known. This demonstrates that the NHS does not discriminate on the grounds of ability, and if that's the sahdow of the leader, you can be fairly sure the rest of the organisation is run on a similar basis.

10
2
Silver badge

@Neil Alexander

"Because IT departments are lazy and rely too much on the "If it ain't broke, don't fix it" mantra"

I don't think that's true, it's more often the case that the clients think they know better. Or as is happening in my organisation, a complete lack of upgrading key systems because the cost is quite staggering. It's cheaper to pay for a few more desktop technicians who can hold the hands of users as they reboot their PC.

10
0
Anonymous Coward

@ Neil Alexander

That's a very big brush you're using there. Whilst it maybe true in some cases, as someone working in NHS IT and seeing this first hand, it's more likely to be a case of legacy applications that have been sourced by individual departments within trusts, without consultation with the IT Departments, that the IT Department are then expected to support after the fact, coupled with ridiculously tight budgets and cost cutting that mean that IT Departments are running with approximately 50% of the staffing levels needed to properly deal with day to day running, roll out, and projects.

Migrating approx 4.5k PC's (in my trust's case) from XP to Win7 takes time and recourse that, simply put, hasn't been made available to us because the trust board don't see it as a priority, despite continued and ongoing warnings from our department of the risks involved.

AC for obvious reasons.

15
0

Recently saw an example. OH was getting hearing aids and the app to set these up was on a windows xp machine.

Now, I'd assume the NHS is at the whim of the supplier and new software for something like that isn't going to be cheap. It certainly wasn't a very simple piece of software either.

And the pc it was running on, didn't look like it would run win7 anyway,so probably would have needed replacing as well.

3
0
Bronze badge
FAIL

@Neil Alexander

"Because beancounters are lazy and rely too much on the "If it ain't broke, we ain't paying for it." mantra."

FTFY

7
1

they're also too busy answering stupid FOI requests from people wanting to write exclusive news stories.

5
5
Anonymous Coward

Having recently worked in several large banks I can say that it is the same story there. To be fair they were also running XP installations which hadn't been patched for several years and so were relying on fire walls and anti-virus software to protect them.... which it seemed to be doing as none of them had had any problems they were admitting to.

I suspect that the chant of "upgrade by April or you'll all die" may be an example of a boy crying "wolf".

5
1
Bronze badge
Boffin

Re: @Neil Alexander

It's not just the beancounters though - "I'm sorry Mrs Smith, you can't have your pacemaker because we are paying for an upgrade to the computer system"

Imagine what that would do when Mrs Smith goes to the press - the trusts have difficult desicions to make, especially when their budgets are getting cut.

4
0
Bronze badge

Re: So, why are these agencies all scrabbling around now...

From the article no evidence is presented to indicate that these agencies are "scrabbling around".

Desktop upgrade/refresh outside of the single user/home environment are non-trivial - unless you like living by the seat of your pants and don't really care about your reputation or the reputation of the organisation you work for...

Remember it is highly unlikely that either HMRC or NHS Scotland are using vanilla Windows; doing the leg work necessary to securely lock windows down and to prove that it is secure and to test that all enterprise applications and systems work and are accessible takes time, particularly if you are also having to wait on vendors to upgrade their products...

In either case it is unlikely that the systems being referred are not locked down and have: unrestricted internet access, unfiltered email etc. and reside on unmanaged networks, hence "missing the date" isn't the big issue many headless chickens make it out to be.

1
0
Silver badge

Because IT departments are lazy and rely too much on the "If it ain't broke, don't fix it" mantra.

Or (b) the IT department highlighted this a couple of years ago but no one gave them the budget to actually do anything about it.

6
0

Because IT departments put inthe budget for the upgrade each year for the past 4 years. Each time it was declined because of lackof funding, driven by central government spending cuts.

IT do what has to be done. But even they can't just do it for free.

Edit: Oops. What he said above me :)

4
0

"upgrade by April or you'll all die"

From the same people who made millions from the "Millenium Bug" scare about planes dropping from the sky, trains crashing and world disorder

3
6
Bronze badge

Re: "upgrade by April or you'll all die"

I can't help thinking that some of those responsible for (not) funding the migration think it'll be the same as Y2K - lots of hype and a damp squib of an event. Only time will tell if they're right ...

0
2

Re: "upgrade by April or you'll all die"

Your absolutely right, nothing will happen in April.

The circle jerk people are down voting but come April they will say they thought nothing would happen all along.

1
0

Re: "upgrade by April or you'll all die"

"I can't help thinking that some of those responsible for (not) funding the migration think it'll be the same as Y2K - lots of hype and a damp squib of an event. Only time will tell if they're right ..."

Not true, at least not in our organisation, where we audited every single PC for Y2K compliance, updated the BIOS of those that we could, scrapped and replaced what we couldn't. We were then accused of hype because nothing happened. But nothing happened because we had fixed it. Y2K was a Lose-Lose for IT Departments, so let's hope April 2014 won't be another.

It won't be at our place, because we've completed our 2-year migration to W7. But then we're funded by HEFCE so we could afford it.

4
0
Anonymous Coward

Re: "upgrade by April or you'll all die"

"From the same people who made millions from the "Millenium Bug" scare about planes dropping from the sky, trains crashing and world disorder"

I think you'll find the people who made money from scaring people about Y2K were the media. Those of us in IT didn't have time for that - we were too busy patching software to fix it. But if you want to believe Y2K didn't exist, I won't waste my breath on you.

And as for "upgrade by April or you'll all die", that's your hyperbole. There will be issues, you can be sure of that.

6
0
Anonymous Coward

"If it ain't broke, don't fix it"

It's not likely to have run out of money. Or did you mean 'broken'?

1
1
FAIL

"NHS Scotland has 3,603 PCs with 3,537 on Windows XP and the same number on IE6."

"NHS Scotland beginning its shift relatively late, in July 2013."

So that's 66 PCs updated in 6 months, or 11 per month on average. (IF the 66 PCs were running XP and not another OS.) They want to be over and done with it in the third quarter? Right, not at that pace. Or they meant Q3 sometime in the 22nd century.

They might want to check out CyberStreet (see other El Reg article). Seems they can learn a few bits and pieces there.

1
1
Anonymous Coward

So that's 66 PCs updated in 6 months, or 11 per month on average. (IF the 66 PCs were running XP and not another OS.) They want to be over and done with it in the third quarter? Right, not at that pace. Or they meant Q3 sometime in the 22nd century.

Or as is a more likely case, that's 1 or 2 computers in each critical department so that applications can be tested ready for a mass migration once that is complete.

or even better NHS local gov all $hit bunch of idle fekkers don't know what they are doing etc etc etc

1
0
Bronze badge

Or alternately, "the NHS" (which is btw not one organisation, the NHS is best through of as a billing structure as every county and a lot of hospitals has it's own NHS trust/organisation with it's own CEO making it's own decisions) has a wide range of suppliers for various bits of equipment. Like pacemakers, AED's and all sorts of things that occasionally needs interaction with a PC for diagnostics or the like.

Unfortunately, some of those companies have had the temerity to dare to go out of business without the NHS's permission since their extremely reliable equipment which lasts a lifetime (sometimes all to literally) relies on the software which came with it, which is no longer produced or updated.

The approaches to problem detection advocated by some kids based on "I just install it at home and see what doesn't work" is excessively dangerous when dealing with things that absolutely have to work or somebody dies. "The installer ran..." is not good enough. You have to document ever facet of the program as working correctly. Do you have any idea how expensive that is for high hundreds to low thousands of programs?

This added to the fact that the cost of replacing some equipment needing the PC interface is actually roughly equivalent to the salary costs of the staff using the equipment over the course of their entire career may go some way to explaining why there are still XP/9x boxes around.

2
0
Anonymous Coward

FUD

"yet users will continue to be allowed to access the internet from their vulnerable Windows XP machines and using IE6.

That means users could come under attack with no defence from Microsoft."

This is just FUD-ing. All those machines are almost certainly behind a firewall that implements layer 7 filtering, which means that the chances of an actual threat reaching the XP machine itself is negligible.

And there's a reason why things are set up that way - directly exposed Windows machines cannot be trusted to not be exploitable even when fully patched, so other counter-measures are put in - which in turn make the patch level of the Windows machines themselves rather less relevant, other than for panic-mongering headlines.

9
6
Anonymous Coward

The Elephant in the Firewall

That is assuming that staff with laptops aren't allowed to take them off-site - a situation that is far too common.

One infected laptop brought back on a network and all your external firewalls come to naught.

Anonymous because ... well, let's just say I'm one of those who'll be holding the dustpan.

4
1
Anonymous Coward

Re: The Elephant in the Firewall @AC 11:24

"That is assuming that staff with laptops aren't allowed to take them off-site - a situation that is far too common."

Generally the point of a laptop as far as I'm aware. I remember someone bemoaning getting a laptop years back. While most saw them as symbols of their importance, he twigged that he'd be expected to do a load of work off the clock at home ...

"One infected laptop brought back on a network and all your external firewalls come to naught."

That's more of a cultural failing in the organisation than anything else, though.

4
0
Bronze badge

Re: The Elephant in the Firewall @AC 11:24

I haven't worked anywhere for years where the laptops weren't protected with various things such as anti-virus software, firewalls etc; so that they could be safe while off-site.

Thinking about it the last time I saw a problem caused by an infected work laptop was almost ten years ago.

1
4
Bronze badge

Re: FUD

"This is just FUD-ing. All those machines are almost certainly behind a firewall that implements layer 7 filtering, which means that the chances of an actual threat reaching the XP machine itself is negligible."

Actually, THIS is FUD-ing, as a dodgy USB stick/external HDD/whatever can still render the machine unusable (and it has happened).

Anti-virus software isn't going to help if it's a vulnerability that the software doesn't know how to catch yet (which has happened too!).

2
2
Bronze badge

Re: FUD

...but all of those are issues (or not) which apply equally to any version of Windows or any other OS.

3
1
Silver badge

Re: The Elephant in the Firewall @AC 11:24

I've been given a laptop at my new job. It's lived on my desk apart from a couple of visits to the lab. I see no need to bring it home.

2
0
Anonymous Coward

Re: FUD

@Test Man:

"Anti-virus software isn't going to help if it's a vulnerability that the software doesn't know how to catch yet (which has happened too!)."

Those are generally known as 0-day exploits, and as such they will equally penetrate a fully patched OS, so the example is completely bogus. More FUD.

4
1
Anonymous Coward

M$ is sure to blink first...

...and extend the XP support deadline for another year, at least.

It's in their best interest unless they want to be responsible for generating the largest botnet known to man come April.

3
2
Bronze badge

Re: M$ is sure to blink first...

I am not a lover of Microsoft, but on this occasion I would have to say, why the F$%# should they even care, they have given more than enough notice and if you want support they are happy to offer it, you just have to pay.

Not to mention if I was an MS shareholder I would be pissed off with them giving away another year of support, when they could and should be making money out the people who could not get their act together in time.

6
2
Anonymous Coward

Re: M$ is sure to blink first...

Perhaps businesses would be more willing to spend money on something worth upgrading to, as opposed to the abomination that is Windows 8?

1
0
Silver badge

Re: M$ is sure to blink first...

I assume by "M dollar" you mean "Microsoft", so then, I'll start by disagreeing with you.

I hope horrible things happen to all these internet connected XP machines.

0
0
Silver badge

Management drag their heels on keeping tools up to date.

And then blame everyone but themselves years later when those tools fail.

4
0
Anonymous Coward

What's the problem?

I mean they can't be locked in to proprietary systems as they've had policies to protect against that since 2002 ...

5
0
Linux

Run Kryten Smug-Mode

No such problems here.

4
3
Anonymous Coward

Re: Run Kryten Smug-Mode

Look, I'm a big Linux user and linux fan, but you're not comparing apples with apples: Do Red Hat still support RHEL from 13 years ago? No. What you mean is that you can update for a while, then upgrade to the latest version, but I strongly suspect you don't have any formalised support.

2
3
Anonymous Coward

Re: Run Kryten Smug-Mode @rm -rf / 11:34

"Run Kryten Smug-Mode

No such problems here."

Good for you. Have a lollipop.

2
0
Anonymous Coward

Re: Run Kryten Smug-Mode

I share your smugness, though I'm somewhat confused. This is the same government that forced us local authorities, via Government Connect and so forth, to sort ourselves out, kill off our XP and so forth, yet now we hear that the central folk aren't practising what the preach!

AC because... well... I still need to work, you know!

2
0
Bronze badge

Re: Run Kryten Smug-Mode

Mooot point, is XP pre-Sp1 still supported by Microsoft ? No. You have no ff'ing clue!

1. If you have Linux, you have server interfaces with software standards in place. If you have software standards, you can upgrade Linux, like any other client - yes even windows- without a problem whenever you want. Ideally, you want browser-based or Java-based clients anyway, as it is less pain to go platform-independent.

2. Linux does not require shitloads of resources to run, so any Pentium 4 will do perfectly fine, provided you put in 1Gb of RAM, which should at least be the case for the XP boxen as with less, they grind to a halt.

3. Linux has not changed the ui much over the last 15 years

Alternatives Window cleaners choose:

1. Put Windows 7 on the boxen, WakeOnLan to boot every PC every weekday morning at 6 o'clock to make sure the the login screen is there when the lusers come in at 7:30.

2. Pay shitloads for new PC's ... so they can have aero to boost productivity - fancy screensavers and shit ;-)

2
2

Page:

This topic is closed for new posts.

Forums