back to article Brit healthcare system inks Windows 10 install pact with Microsoft

The UK government's Department of Health and Social Care has inked a deal with Microsoft to upgrade all NHS machines to Windows 10 – in a supposed attempt to boost resilience following the WannaCry incident last year. Woman in hospital (in hospital gown) covers face with hands On the NHS tech team? Weep at ugly WannaCry post …

Page:

  1. macjules Silver badge

    How Long?

    The Microsoft deal will also allow NHS trusts to update systems with the latest Windows 10 security features.

    How long will this take?

    What about the x thousand of Windows XP or Vista machines that have to be upgraded and will they be able to support Windows 10?

    Would it not be simpler (and cheaper) to standardise all IT equipment across all NHS trusts directly from Whitehall? Think how Maersk dealt with NotPetya, by replacing all servers and desktops/laptops.

    1. Doctor Syntax Silver badge

      Re: How Long?

      "Would it not be simpler (and cheaper) to standardise all IT equipment across all NHS trusts directly from Whitehall? Think how Maersk dealt with NotPetya, by replacing all servers and desktops/laptops."

      Either (a) Maersk had a very small variety of tasks for their IT estate or (b) they didn't update anything with a very specialised control function.

      If you look at the NHS you'll find a lot of machines that could be updated to a current version of W10 and a lot running lab and other diagnostic kit that depend on specific drivers that either aren't going to be available for W10 or possibly not for the H/W on which W10 will run. Identifying those that couldn't be handled like that will not be a trivial project.

      But take it a step further. If a lot of PCs are simply running office suites, email and browser why not introduce extra resilience? A monoculture of Windows PCs of any single version could be taken out by an exploit of some zero-day*. So for such tasks add a mixture of Mac, Linux and xBSD, say 25% of each, to minimise that risk. And Linux and BSD for servers.

      * This also applies to Maersk of course. They may be protected against the last variant of NotPetya. But what about the next?

      1. TRT Silver badge

        Re: How Long?

        Indeed, I think the NHS has a number of epidemiologists who would be well placed to advise on spread of infection.

        1. macjules Silver badge

          Re: How Long?

          Not forgetting a large number of proctologists, always handy when you need to tell a trust bureaucrat where to stick it.

      2. Anonymous Coward
        Holmes

        Would it not be simpler (and cheaper) to standardise all IT equipment?

        "Would it not be simpler (and cheaper) to standardise all IT equipment across all NHS trusts directly from Whitehall?", macjules

        It would but then where would all those ex-minsters go for their high-paying no-show directorships?

    2. Fred West
      FAIL

      Re: How Long?

      Let's not forget Windows 10 was MORE susceptible to Wannacry than XP was, as XP fell over and blue screened but Windows 10 would carry on and happily infect any other network computer it could find...

      Let's not pretend for a moment this makes the NHS secure, it doesn't for 2 very big reasons:

      1/ it's Windows, which is still a steaming pile of vulnerability hell.

      2/ the people that were responsible for patching NHS systems in a timely manner are still in charge...

      1. F0rdPrefect
        FAIL

        Re: How Long?

        "2/ the people that were responsible for patching NHS systems in a timely manner are still in charge..."

        Talking to friends on the front line, the problem was that nobody was in charge. Or even available to do the patching.

        And if they were available, they were told that "this machine is to busy to be patched at this time" all the time.

    3. Anonymous Coward
      Anonymous Coward

      Re: How Long?

      Maersk are ever so slightly smaller than the NHS. 88,000 employees compared to 1,400,000 employees. Bit of a difference in the number of servers/desktops/laptops that would need updating and standardising.

    4. sanmigueelbeer Silver badge

      Re: How Long?

      How long will this take?

      About the same time when Windows 14 comes out.

      We budgeted before this announcement and a standard image has been in development for a while.

      I thought the catch-cry for not getting into contract with Microsoft was "no budget". Suddenly, £150m was found. My question is: Where did this money come from? Who did the government "steal" to pay MS?

      Guess what, I've got a good idea how the British government can get some quick cash. Remember there's this big fancy wedding happening? What if they sell tickets? Say £15/adult? And parking? Another £10. (Parking fines will be £150, thank you very much.) This should amount to something, right?

    5. Anonymous Coward
      Anonymous Coward

      Re: How Long?

      > "Think how Maersk dealt with NotPetya, by replacing all servers and desktops/laptops."

      About 5 years ago, one of our support guys was called out to look at a failed PC, which was used to control a microscope used for medical research. It was a 386, and couldn't be replaced due to the requirements of the hardware it was connected to - basically, the manufacturer only supported the hardware/software that was supplied, and to upgrade meant buying a new microscope (which couldn't be done due to lack of budget - it was a significant sum).

      Replacing all the PCs/servers with new ones is something that likely can be done for the "frontline administrative" stuff, but possibly not the specialised stuff used for controlling things.

      1. John H Woods Silver badge

        "the specialised stuff used for controlling things"

        There's always a network (or no-network) solution for this kind of stuff.

      2. Prst. V.Jeltz Silver badge

        Re: How Long?

        " It was a 386, and couldn't be replaced due to the requirements of the hardware it was connected to"

        So someone spent a "significant sum" on a microscope that would only run for as long as the current iteration of PC motherboards and OS were available?

        about 4 years then?

        I'd like to think the NHS is forcing suppliers to do better than that these days. I doubt it though

    6. GruntyMcPugh Silver badge

      Re: How Long?

      I had in interview for an NHS Trust in November 2015,.... they were talking about their migration to Windows 7 at that point. I wonder if they completed that already? Seems pretty soon to be migrating again, and unless they manage to hammer LTSB to fit their apps somehow, they've got to embrace the infrastructure changes that are required to support the semi annual updates. This is going to be a culture shock.

    7. Christian Berger Silver badge

      Re: How Long?

      Well wouldn't it be simpler (and cheaper) to just develop a dedicated platform for the NHS?

      I mean much of modern IT is there to support legacy systems. Think of the Service Mode on modern CPUs which is mostly just there to allow Windows use USB devices without having to install an USB stack. An extreme example are web applications which require a whole browser on the client end which is by itself larger than the Linux kernel. Having a simple "graphical terminal" instead would greatly decrease the complexity on both ends.

      Developing a computer system is not very hard, after all in the 1980s there were lots of small companies doing just that.

  2. Anonymous Coward
    Anonymous Coward

    The Trust I work for didn't fail...

    In fairness, we didn't pass first time. The assessor didn't actually understand what InfoSec were telling them. Once we provided additional clarity we passed. AFAIK, the only XP we now have is Embedded.

    Windows 10 from Windows 7 is this year. We budgeted before this announcement and a standard image has been in development for a while.

    1. Doctor Syntax Silver badge

      Re: The Trust I work for didn't fail...

      "The assessor didn't actually understand what InfoSec were telling them."

      Been there! The assessor had been drafted in from perimeter security.

      1. Flywheel Silver badge

        Re: The Trust I work for didn't fail...

        The assessor had been drafted in from perimeter security

        You mean he was a car-park security guard?

    2. Anonymous Coward
      Anonymous Coward

      Re: The Trust I work for didn't fail...

      The problem with XP Embedded, in that people don't understand it, and make HUGE and FLAWED assumptions. It can be built to be very similar to XP, with XP's weaknesses, but it can also be as small as a 50Mb OS that can run from a Read-Only drive and have a write filter driver to direct all writes to a fake sink.

      It can basically be both ends of that spectrum, or anything in between, usually somewhere in the middle, and with most networking and non-core services not present, MASSIVELY reducing vulnerability vector.

      In many cases, XP Embedded is more secure than Windows 10. This is why I laugh my head off at cretins pushing clickbait about cash machines and X-Ray scanners running XP Embedded.. It's a really badly flawed story.

  3. el kabong

    Just throw more money at it.

    It works.

    Every time!

    Someone will be there to collect it.

    And they will be so glad for you and your money being so easily parted.

    1. Anonymous Coward
      Anonymous Coward

      Re: Just throw more money at it.

      It's easy to throw away money when it's not yours. When you didn't sweat and toil to earn it.

      1. Usermane

        Re: Just throw more money at it.

        Do that and the "good friend" Donald will become angry.

  4. Blockchain commentard
    Trollface

    For a laugh

    'upgrade' the PC's to run ChromeOS -problem solved :-)

    1. el kabong

      Half solved, you mean

      If you manage to get windoze out of the way you'll be well on the right path to a proper solution. I'd wager you'll be at least halfway to a proper solution.

      No less!

      1. JDX Gold badge

        Re: Half solved, you mean

        Don't forget the several billion you'd have to spend retraining everyone including your IT departments.

        1. el kabong

          Retrain people so they can learn to think effectively?

          Very hard indeed, hard and costly. Just think how much the status quo stands to lose if they allow the masses to be provided with an opportunity to learn to think effectively.

          Allow the masses to think effectively???

          Dangerous, very dangerous! Cannot happen, it could be terrible, it absolutely could!

          Better stick with the safe option, just keep sending easy money to Nanny micro$oft and keep people stupid. That's the safe way!

        2. Doctor Syntax Silver badge

          Re: Half solved, you mean

          "Don't forget the several billion you'd have to spend retraining everyone"

          What do you mean retraining?

      2. Prst. V.Jeltz Silver badge

        Re: Half solved, you mean

        "If you manage to get windoze out of the way you'll be well on the right path to a proper solution."

        um , yeah but you'd have a fuckload of software to re-write. and drivers. and reverse engineering of obscure medical hardware.

        sounds like a breeze

    2. Steve Davies 3 Silver badge
      Facepalm

      Re: upgrade' the PC's to run ChromeOS

      So.... where are all the myriad of VB6/VB-Net applications going to run then?

      1. Doctor Syntax Silver badge

        Re: upgrade' the PC's to run ChromeOS

        "So.... where are all the myriad of VB6/VB-Net applications going to run then?"

        I see you've spotted the advantage.

    3. Roland6 Silver badge

      Re: For a laugh

      Given previous performance, I'm a little surprised the UK went with a MS Windows solution, perhaps someone was awake, as it would not have been a surprise if they had announced that they were going to deploy NeoKylin through some deal with the Chinese, but involving some French or other EU company - just as they did with Hinkley Point C...

    4. Rich 2

      Re: For a laugh

      Brilliant idea! It would certainly make passing patient data on to Google easier - the functionality is probably built-in :)

  5. lsces

    M$ should be paying us!

    So who fixes all the machines bricked because W10 updates don't recognise the increasing number of machines that are simply unable to run the 'latest and greatest' junk? I've lost days trying to get laptops stable again because anything after V1608 simply bricks them. And I do mean bricks them as they are unusable until one plugs in a suitable disk to get BACK to the last stable version. You can't do it any other way !!!

    1. Sandtitz Silver badge
      Stop

      Re: M$ should be paying us!

      "I've lost days trying to get laptops stable again because anything after V1608 simply bricks them."

      Very intriguing. Which laptop models are those?

      Perhaps your failures could be attributed to either to your usage of Classic Shell or some other customization?

      1. el kabong

        The kind that worked before the update but stopped working after

        I'm sure you know the kind, you must have met them before, they are everywhere.

        Here's your laptop, now it works then it doesn't. What happened? you applied to it the greatest and latest shit from micro$oft.

        Very intriguing indeed.

        Nah, not all, sobering but not intriguing.

        (this is a reply to a comment above from user Sandtitz)

      2. david bates

        Re: M$ should be paying us!

        One could very well argue that if something as widely used on Windows 10 as Classic Shell is running then Windows 10 should be aware that instability could ensue and not do the upgrade.

        An upgrade breaking some slightly esoteric piece of software Im running I can accept...an upgrade causing a popular third party piece of software to make the system unstable is just unacceptable.

        1. Doctor Syntax Silver badge

          Re: M$ should be paying us!

          "An upgrade breaking some slightly esoteric piece of software Im running I can accept"

          Why? Surely the whole purpose of the system is to enable you to run your choice of software, whether it be common, slightly esoteric or full-on left field. That's what you bought the kit for. Surely you didn't buy it because you wanted a Windows paperweight.

        2. Sandtitz Silver badge
          Holmes

          Re: M$ should be paying us!

          "One could very well argue that if something as widely used on Windows 10 as Classic Shell

          Well, how widely used is it? Last I heard it was discontinued.

          is running then Windows 10 should be aware that instability could ensue and not do the upgrade.

          I agree. Windows 10 (at least) has an internal black list that denies upgrades if there is some offending software installed. (e.g. some disk encryption s/w)

          Since I'm not seeing the symptoms that Isces wrote about, I am inclined to believe that the update problems he faces are down to laptop models (drivers) or some esoteric configuration. I'm working with a sample set of perhaps a few thousand laptops from the usual providers so perhaps it's just me since my first reply has already garnered a lot of downvotes in short time? (="how dares he suggest the error is not Microsoft's")

          One show stopper I found out the hard way was if the EFI partition (nearly) full. For example the HP Diagnostics are installed there and since the default partition size is a paltry 100MB, the diags eat up more than half of the space. The upgrade to newer Windows builds will just fail and the error message wasn't informative at all using Windows Update. Manual update gave a better error code which actually helped to figure things out and let the upgrade to continue.

          1. Doctor Syntax Silver badge

            Re: M$ should be paying us!

            "Since I'm not seeing the symptoms that Isces wrote about, I am inclined to believe that the update problems he faces are down to laptop models (drivers) or some esoteric configuration."

            It's quite likely that in the NHS there are plenty of machines running what would be esoteric configurations to you and, indeed, to Microsoft but that esoterica is the core application for them. It explains, for instance, why some of them are still on XP.

        3. Anonymous Coward
          Anonymous Coward

          Re: M$ should be paying us!

          Classic Shell's performance became wonky in later updates to Win 10 as the devs of Classic Shell had discontinued updating the program.

          I'm using StartIsBack - feature-rich, lightweight and buttery smooth. It is exactly what freshly installed Win 10's Start Menu should have been.

          It's up to you if you wish to pirate StartIsBack or pay money to purchase it and support the excellent work done.

        4. handleoclast Silver badge

          Re: M$ should be paying us!

          an upgrade causing a popular third party piece of software to make the system unstable is just unacceptable.

          No, it's standard practise for Microsoft. Any popular third-party s/w magically breaks after an OS upgrade. To persuade you to use Microsoft's alternative (if they have one) or to force down the share price of that third party so Microsoft can buy it on the cheap and then offer that s/w themselves (an update after the takeover magically unbreaks the s/w).

          This is what Microsoft does. They steal (if they can) or buy (if they must) any popular third-party s/w. They strategically upgrade the OS to make the competition fall over or run slowly.

          And, in every instance of them doing this, the Microsoft offering is shite compared with the competition. Even if they stole the s/w in the first place, they tinker with it and bork it. See stacker for an example.

          And before the fanboys complain, they ought to remember the Netscape wars. Netscape complained about unfair competition from Internet Exploder being bundled with the OS installation media. Microsoft responded by making IE an integral part of the OS in the next major release of the OS. Couldn't be removed. Except somebody did manage to remove it, and found the OS then ran 10% faster.

          Fuckers.

      3. lsces

        Re: M$ should be paying us!

        MSI CR630 is the one on the desk here currently ... ONLY W10 clean install from the W1608 disk ... nothing else installed again as yet. First thing it does is try to apply W1709 build ... and we are stuck in a loop of try - fail - restore old version.

        YES I use classic shell ... it's the only way to make W10 productive again, but it's not that which is the problem! Number of AMD powered machines have been a problem ...

        1. Sandtitz Silver badge

          Re: M$ should be paying us!

          "MSI CR630 is the one on the desk here currently ... ONLY W10 clean install from the W1608 disk ... nothing else installed again as yet. First thing it does is try to apply W1709 build ... and we are stuck in a loop of try - fail - restore old version."

          What can I say - while AMD laptops are a minority I haven't heard or seen any other problems with Athlon II family except of the Meltdown/Spectre updates that caused failures last winter.

          Have you asked at e.g. MSI forums? Have you installed from 1709 media? (or the 1804 just released). Basic diagnostics like Memtest86+ and such would be the very first thing to run, but this wouldn't explain why you have hordes of computers failing to update - unless they're all MSI CR630 laptops...

          1. lsces
            Unhappy

            Re: M$ should be paying us!

            But why should I have to? The laptop has been working fine doing the job it was doing. UPDATE AND WIRELESS PORT WERE SWITCHED OFF ... and yet still M$ managed to force an unwanted update through. Given the time wasted on his it would have been cheaper to buy a new laptop ... but why should I need to pay for a ne M$ license when I already have one on the existing machine!

            Hence M$ should be paying us!

    2. Ledswinger Silver badge

      Re: M$ should be paying us!

      M$ should be paying us!

      Why? Much as I loathe Microsoft, and their update program for W10, I don't think they ever promised perpetual support for every permutation of hardware, nor should any customer with common sense conclude that such an expectation was reasonable.

      When you take a step back and look at the VAST variety of hardware W10 does run on, I think that for all their other failings, Microsoft are doing a whole lot better than (for example) Google with Android.

      1. Anonymous Coward
        Anonymous Coward

        Re: M$ should be paying us!

        Nobody expects every permutation being covered, and the problematic machines aren't even set up in some rare and exotic configurations.

        The lack of effort and/or competence on the part of Microsoft is quite obvious. OS updates with mostly cumulative minor changes shouldn't cause that much problems. It's been quite some time since Win 10 went RTM, it's natural to expect more stability in the code.

      2. Doctor Syntax Silver badge

        Re: M$ should be paying us!

        "nor should any customer with common sense conclude that such an expectation was reasonable."

        If a customer has a version of a system running and a vendor does their utmost, sneaky utmost in this case, to push a new version on it it's very reasonable to expect that the new version (a) continues to work on the hardware onto which it was pushed and (b) continues to support the application that the system was purchased to run.

        Perhaps it's time to step back and remember that an operating system is not an end in itself, it's a platform to support the application on owner's hardware.

        1. Anonymous Coward
          Anonymous Coward

          Re: M$ should be paying us!

          @Doctor Syntax.

          The OS is an end unto itself for Microsoft. Microsoft needs Windows to keep reminding users why they are using Windows. With Win 10, it is also a platform to mine user data, and embed cloud hooks into the OS. It's also about the 'ecosystem', which requires a Microsoft account to partake in.

          It's not due to an economic or technical reason why Win 10 is the way it is now. It's due to a political reason: a response to Apple and Google's encroachment with their mobile duopoly, and paranoia brought on by years of declining PC sales.

  6. alain williams Silver badge

    All the easier for the USA to grab by health records ...

    via the spy-ware, errm I mean, telemetry nailed into the W10 machines.

    How much of NHS specialist IT application could be delivered via a web browser so that they could run a secure Linux on those machines. LibreOffice would provide a good enough word processor for appointment letters, test result reports, ... ?

    1. Halfmad

      Re: All the easier for the USA to grab by health records ...

      Many clinical systems are moving to browser and have been for a while but there are big ones which will need a lot of work for that to happen - or potentially the NHS developing it's own if the private sector refuses to. Additionally moving to Libre office etc sound easy but discharge letters etc all have to be automated and Libre etc would have to be able to facilitate this.

      Additionally Linux would have to up it's game in terms of managing permissions across thousands of PCs, shares etc. There's is no getting away from there and of course arguably the biggest problem - most ICT staff aren't trained in Linux as their entire careers have been spent learning MS OSes of various flavours.

  7. Anonymous Coward
    Anonymous Coward

    Will Windows 10 slurp medical data from the records?

    What are the safeguards?

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019