back to article Japan's XP migration solution: Remove network cable

A Japanese local government has come up with a rather unusual solution to the problem of Windows XP migration – keep the venerable OS but disconnect the remaining PCs running it from the internet. In around a year’s time, April 8 2014 to be precise, Microsoft will end free support for the operating system which is still …

COMMENTS

This topic is closed for new posts.
  1. Khaptain Silver badge

    No network = No Work

    What kind of work is someone doing in a company that no longer requries shared drives or printing ?. Or will they also be issued with 32Gb USB 2.0 keys which they will use to transport documents.

    I can understand standalone machines on a factory workshop but it is difficult to imagine in a government office.

    1. LarsG
      Meh

      Re: No network = No Work

      So how did people do their work before the advent of a network?

      There were a lot less excuses such as 'I can't do that, the computer is down' and less use of social media during the working daymso maybe they will get more productivity out of the work force.

      An example is here on El Reg, most posts occur during the working day.

      Also, it is safe to say that if you post an insult to the least productive of the working population, namely Government employees and Civil Servants, you can say what you want about them after 1:30pm on a Friday without fear of being downvotes. They're all on their way home by then.

      1. Anonymous Coward
        Anonymous Coward

        Re: No network = No Work

        That would be terribly unprofessional.

        - Posting from work.

      2. Great Bu
        Coffee/keyboard

        Re: No network = No Work

        "most posts occur during the working day"

        Wait - people go on here from home ? Really ? Wow.

        1. John H Woods Silver badge

          Re: No network = No Work

          Great Bu: "Wait - people go on here from home ? Really ? Wow."

          Erm, this is 2013. We *work* from home :-)

          1. Anonymous Coward
            Anonymous Coward

            Re: No network = No Work

            Sorry, I guess I should have read to the end of the thread first...

            For the rest of you that work from home, do you have a chiller for your laptop? Or do you work inside, at a desk?

        2. Anonymous Coward
          Pint

          Re: No network = No Work

          Well yes, some of us work from home....well, /a/ home.

      3. Captain Scarlet Silver badge
        Pint

        Re: No network = No Work

        "most posts occur during the working day"

        Come on Lunch Break, why won't this day end >_<

      4. Anonymous Coward
        Anonymous Coward

        Re: No network = No Work

        "Also, it is safe to say that if you post an insult to the least productive of the working population, namely Government employees and Civil Servants, you can say what you want about them after 1:30pm on a Friday without fear of being downvotes. They're all on their way home by then."

        hmmm I think you'll find most civil servants won't be accessing El Reg during the working day.... you, on the other hand are clearly being very productive.

        Tosser...

    2. keithpeter
      Linux

      Re: No network = No Work

      "No network = No Work"

      The artcile states that it is 800 out of 8000+ computers that are to be kept on XP minus Internet. Perhaps there are use cases for 10% of the computers that do not need network?

      Laptop + data projector springs to mind to me as I'm a teacher. Desktop PC with dedicated printer for printing out filled in forms for signature is something I have seen in local authourity offices and libraries a few years ago.

      Penguin icon: obvious solution but probably too expensive for business apps to be converted.

      1. Khaptain Silver badge

        Re: No network = No Work

        Keith I can agree with one or two pcs kicking about with their own dedicated printers but 800 pcs !!!!

        1. keithpeter

          Re: No network = No Work

          I take your point. But I've seen 50 with dedicated printers: just 50 different neighbourhood centres.

        2. Jordan Davenport

          Re: No network = No Work

          "Keith I can agree with one or two pcs kicking about with their own dedicated printers but 800 pcs !!!!"

          Don't think of it as 800 PCs. Think instead 1 PC out of 10 in an entire prefecture's governmental offices.

          1. Khaptain Silver badge

            Re: No network = No Work

            Yes I suppose that put like that it does make a little more sense.

        3. Anonymous Coward
          Anonymous Coward

          Re: No network = No Work

          You'll be surprised how many financial conglomerates still have ancient systems around. And they don't necessarily have to be connected to the Internet to do their work. I remember an old Windows 98 box over at a certain bank near Warren Street, which was *not* Internet connected. It was connected to a modem, and that was its sole purpose... to manage that modem.

      2. Wize

        Re: No network = No Work

        @keithpeter

        trouble with using it for a projector or a form printer is the info will have to be updated at some point. A change in a logo or policy means they have to be altered. Sure, you could do it on the machine only, but then you have no backup.

        So you do it on another machine, or copy the files off that machine to save to the network. USB is still a vector for infection. The hackers might find another little glitch in USB that hasn't been discovered and affect your machine that way.

        No network does not mean safe.

        1. MrZoolook
          Stop

          Re: No network = No Work

          "trouble with using it for a projector or a form printer is the info will have to be updated at some point."

          You mean a firmware update?

      3. Kubla Cant Silver badge

        Re: No network = No Work

        @keithpeter No Internet != no network

        1. Kubla Cant Silver badge
          FAIL

          Re: Re: No network = No Work

          I'm wrong. Just re-read and seen that the network ports are taped up.

          So it's back to sneakernet.

        2. kain preacher Silver badge

          Re: No network = No Work

          They said they were going to tape over the NIC. That would seem to imply no network. But hey what do I know I'm just a stupid yank.

    3. gmathol
      Happy

      Re: No network = No Work

      Now we know why Japan can't fix its little radiation problem in Fukushima.

      This people seem not to smart - there are other ways to prevent updates of company computers.

      By the way one should consider to use virtual machines/boxes, so you can always keep the original state and you do not have to fight with drivers or printers which are all the sudden no longer supported by your OS provider. Think APPLIANCE! Software/Operationssystem encapsulated in an virtual environment.

  2. Steven Roper

    "Ethernet ports will apparently be taped up in case users forget that their machine is no longer allowed to reach a network."

    Only taped up? Fat lot of good that'll do, as if that'll do anything to stop the office idiots ripping the tape off and plugging in cables.

    They should do to the Ethernet ports what I do to the USB ports on the office machines to stop people from plugging (malware-infested) USB sticks into them - fill the fucking things with superglue.

    1. Anonymous Coward
      Anonymous Coward

      Taping up of ports is just treating the symptom and not the disease. For proper security and software stability it is the users who should be taped. To a telephone pole.

      1. DougS Silver badge

        Taped up

        They say taped up, but unless someone here speaks fluent Japanese and can translate the original article, who knows what it actually said. Maybe they intend to fill the jacks with epoxy. Not that this stops someone from using a USB NIC.

        On the other hand, the article also says the PCs will be prevented from accessing the "interwebs". Maybe they'll still be on a network, but the subnet they're on will be firewalled off from the internet? Perhaps that was what someone translated (probably with Google Translate or something similarly useless) to "taped up".

        That seems like a more reasonable solution to be able to actually do productive work on these machines, while still making it very hard for any malware that might find their way onto them to leak information back onto the internet. Attackers would have to content themselves with destroying data, etc. which would probably only serve to hasten the migration off these artifacts running an OS more recent (I was going to say "from this decade" until I remembered Windows 7 is from the previous decade)

        1. Daniel Palmer

          Re: Taped up

          >unless someone here speaks fluent Japanese and can translate the original article,

          I would have a go at reading the original article.. but guess what? The link doesn't actually work. You have to wonder if Phil actually checks all the articles he reposts from RocketNews24.

          From the source that RocketNews24 "translated" which is a digest of the original article that doesn't seem to exist;

          ネット接続口をテープで覆うなど

          This reads "Cover the network connection with tape *etc*".

        2. This post has been deleted by its author

      2. Dan 55 Silver badge
        Joke

        Make sure they're not too close to the lines or they'll short them them together and transmit malware via a series of 0s and 1s.

    2. Hellcat

      Sounds like someone has not implemented suitable network protection.

      USB storage devices are blocked here apart from company provided encrypted devices, and if your PC is not up-to-date on AV and security patches it doesn't get access to the network.

    3. Anonymous Coward
      Anonymous Coward

      It's probably a cultural thing, in Japan office workers just don't do things like plugging in Ethernet cables when they've been told not to. You don't get people who "know better" and just go ahead and do something because they can.

      Working in system support over there must be nice. You tell someone what the problem is and not to do X again and unlike in the UK they don't do X again, rather than making it the first thing they do.

    4. kain preacher Silver badge

      GPO

      You can use GPO to lock down the USB p... Oh that's write you need a network for that.

  3. frank ly Silver badge

    Fixes and stuff ....

    "This will mean an end to free security patches and fixes for knackered code – exposing organisations to a host of potential info-security risks."

    The end to fixes, in itself, will not expose organisations to security risks, because they are already exposed and have been exposed for the past ten years. Fixes are used to, er .....fix things.

    There is lots of office/admin work that does not need internet connectivity so why don't they organise their internal structure so that all the XP machines are on a network devoted to internal work? I used to work for a company that had two networks - one was totally internal and was used for product develoment, documentation, internal e-mail, no possibility of connection to the outside world ..............

    I'll stop there - you all know this. Somebody needs to tell the Japanese prefecture about all this.

    1. Paul Crawford Silver badge

      Re: Fixes and stuff ....

      Ah the old red / blue network arrangement :)

      Just add someone with a rubber truncheon to deal briskly with anyone plugging in to the "wrong" network and you have pretty good security even with a leaky OS.

      1. rh587
        Devil

        Re: Fixes and stuff ....

        Rubber truncheon? Modified cattleprod surely *krrzzzzzt*

      2. sw5guilherme

        Re: Fixes and stuff ....

        They can "forget" to tell which cable is the right one, for amusement purposes.

        Then all the action can be filmed and aired in local TV as a game show.

  4. Anonymous Coward
    Anonymous Coward

    A good solution in the right situation.

    I work (hence posting anonymously) for a large UK charity that had a small group of legacy computers running disconnected from the Internet. This was because we could not afford to upgrade them. They were running a mix of W98 & W2K. They were on their own network with shared drives and printers and dealt with physical correspondence including invoicing etc. They were administering contracts worth about £800,000+ a year at the time.

    Our other machines where the workers actually needed the internet were running XP which was the current system at the time.

    Needless to say the old machines were much more reliable and never once went down, unlike their more modern counterparts. The only external interaction they had was with the encrypted USB sticks used to take back-up off site each night.

    Eventually, when we had more money, the administration computers were upgraded and connected to the internet so their reliability and productivity was soon reduced to the abysmal level we had come to expect from the rest of our systems.

    1. N2 Silver badge
      Thumb Up

      Re: A good solution in the right situation.

      Sounds like it went well, until you 'upgraded' Ive also noticed how frail some new hardware is despite the price not exactly being bottom book. My preferred OS was Windows 2000 which absolutely flew even on hardware 10 years old. With later versions I often think the computer has halted when I remote it as simple stuff takes so long. & yesterday I had the misfortune of having to use Access 2010, what a mess they made of that.

  5. mark l 2 Silver badge

    Surely taping up Ethernet ports is going a bit far, they could still be given local network access for file and print sharing and just not have a default gateway to get out on the interwebs, thats got to be a better solution surely?

    1. Brewster's Angle Grinder Silver badge
      Joke

      If they were that bright, they would already have migrated the machines off XP.

      1. Paul Crawford Silver badge

        "already have migrated"

        There are lots of reasons why you may want/need to keep an old OS going, the most obvious is you simply don't have the money to buy a new PC but that is probably not the biggest issue here (though report suggested so).

        Legacy software, or special hardware, are both reasons why an 'upgrade' can be very expensive and time consuming because you find that the software won't work right on the new OS and/or is not supported or licensable on a new machine, and newer versions of said software is not 100% backward compatible and/or needs something else and so on...

        My own solution for my dying w2k box was to convert it into a VM and run it on a Linux machine, more or less the best of both worlds (can run special software that is Windows-only, has better network security Linux-style). Even so, that takes IT skill to implement and user training to make it workable, both of which also cost money one way or another.

        Certainly w2k and XP had nothing in the license about virtulisation, but AFAIK Windows 7 (probably also the abomination that was Vista) only permit it on the expensive enterprise version, not OEM/standard.

        1. System 10 from Navarone
          Pint

          Re: "already have migrated"

          Yep, my first thought was similar - install VirtualBox on XP then install a proper OS like Fedora on that for network stuff. Then all you need to do is disable network access, etc, in the XP settings and away you go...

  6. Marcp

    choujou Adama san

    Of course - the Battlestar Galactica solution

  7. Gordon Pryra

    Tape or Group Policy?

    No offense, but tape?

    1. ansi.sys
      FAIL

      Re: Tape or Group Policy?

      No Offense, but Group Policy tends not to work very well without network connections.

  8. This post has been deleted by a moderator

    1. This post has been deleted by a moderator

    2. ansi.sys
      WTF?

      Re: Windows FULLSTOP is not ready for the INTERNET

      Really? Again?

      How long does full retard training take these days, Eadon?

    3. Anonymous Coward
      Anonymous Coward

      Re: Windows FULLSTOP is not ready for the INTERNET

      "MS VIRUSES INTERNET FAIL"

      Of course, how could my decades of experience blind me to the fact that only MS is vulnerable?

      D U R R R!

      Really?

      ALL OSes/architectures have their failings. MS's failing being that it’s so pervasive; it’s the platform for choice for attackers. Or should attackers concentrate on MAC and ignore the largest installed base? W O W. My faith in human kind is tested to the limits every day.

      You’ve made your point (incessantly , time to stop making yourself look foolish perhaps?

      1. t.est

        Re: Windows FULLSTOP is not ready for the INTERNET

        Attackers did concentrate on Apple computers before 1992. Macs did have more viruses than PC's back then. And no contrary to what many believe Apple did not have a larger market share back then.

        If you don't believe me, believe in one of the spokesmen for F-Secure, who is my source. There are many factors that contribute to what platform is preferred by crackers. Market-share is one of them but just one of many. And history proves that it's not the primary motivator.

        In fact history shows us that, the easier it is to make malware for a platform the more is made. No platform is immune, but it's only with more secure Windows as Win7 that other platforms have gotten more interest. Everyone want's go take the easy way our, also criminals.

        1. Anonymous Coward
          Anonymous Coward

          Re: Windows FULLSTOP is not ready for the INTERNET

          @T.est - It's worth mentioning though that in 1992 viruses were not a commercial criminal money making operation and that actually distributing for a smaller group of machines is more effective when it's carried out by disk swapping. This is because you get quicker penetration to the %age of the userbase.

          For example - If there are two users of a system and one gives the other an infected disk, you've got 100% infection, whereas if there are 100 users you have 2% infection. You also have a culture of disk swapping to get new software, which adds to distribution.

          With modern criminal virus creation and distribution, they don't care about the %age of a userbase running the virus, but the overall amount of machines which could run the virus. You therefore go for the system with the largest userbase.

        2. Lyndon Hills 1
          Unhappy

          Re: Windows FULLSTOP is not ready for the INTERNET

          First virus i ever encountered was for Macs. The first worm I know of affected Unix boxes and took out a reasonable chunk of the `internet. Robert Morris built it IIRC.

    4. Anonymous Coward
      Anonymous Coward

      Re: Windows FULLSTOP is not ready for the INTERNET

      I've never sworn at anyone on the Internet, you make me come very close.

      Oh and your knowledge of Windows, it's operation, history and development as demonstrated many times over is basically non-existent.

      1. AlbertH
        Mushroom

        Re: Windows FULLSTOP is not ready for the INTERNET

        Speaking as one who was there: - Dave Cutler offered Bill Gates proper user and file permissions, "like UNIX". Gates said that it wasn't necessary and would make operation more difficult for the "average user".

        This one flawed decision has spawned the malware and anti-malware industries, and ensured that every subsequent version of Windows was insecure BY DESIGN!

        Windows networking was an afterthought, and "security" came very low on the "wants" list. In fact, security was seen as a disadvantage as the NT line of Windows was supposed to be the "ultimate" in ease of use (Yes - Bill actually said that!).

        Incidentally, I'm an ex-Microsoftie who hasn't used even one of their products since 1995.

      2. tracyanne

        Re: Windows FULLSTOP is not ready for the INTERNET

        He might not know much about Windows, but I do. I can tell you, after 34 years in the fireld (including Masinframe, Unix, Linux and Windows Systems), with 20 years as a Windows programmer, System Administrator and Network Administrator (yes that's right going back to pre Windows 95 days, up to and including Windows 7 and Server 2008 - I'm now retired), that your man has the right idea, his view is a bit extreme, but essentially he is correct.

        Any Unix like (including BSD and Linux) system is inherently more secure than Windows, and is easier to secure even further. Yes Windows can be brought up to a secure level that is close to a Unix like System, but it can never quite reach the level possible with a Unix like system. And to do so requires much more work and monitoring.

        As a consequence of this, and Unix like desktop system, Mac OSX, Ubuntu, Fedora and etc is going to be, by default, sunstantially more secure than any default Windows sytem. Yes those Windows desktops can be made substantially more secure, but so too can the Unix like systems.

        In practice, however Windows desktops are raely secured as strongly as they can be or even as strongly as Unix like systems are by default, and certainly not as stronly as unix like systems can be. Ther reason for this is that doing so usually inconveniences users too greatly. This is why, in practice unix like systems, such as MacOSX and Ubuntu, Fedora, Mandriva, Slackware, and etc, desktop systems are more secure,

        That fact that currently there is a Windows mono culture on the desktop does not help either, as businesses and general users are subject to the double whammy of a system that is inherently less suecure, and a system that is easier to create malware for.

        It is primarily because of these facts that i have chosen to use Linux based systems for my personal use, in my retirement, as I cannot be bothered spending the time adequately securing Windows systems in what should be MY time.

    5. Cave Dweller
      Trollface

      Re: Windows FULLSTOP is not ready for the INTERNET

      I don't know what's more entertaining: Eadon's anti MS posts, or the enraged responses.

    6. Gray
      Facepalm

      Re: Windows FULLSTOP is not ready for the INTERNET

      From Wikipedia: "First released to computer manufacturers on August 24, 2001, it is the second most popular version of Windows, based on installed user base. "

      Hmmmm ... in August 2014 it will be 13 years that mouldering pile of shite called Windows XP has run loose amongst us, with three major service packs and many hundreds of service patches ... and it is still too dangerous to let run without further patching? It still harbours great gaping holes of insecurity? Really?! Is that the message, Charlie? WinXP is too dangerously fragile and riddled with undiscovered weaknesses that it dare not run beyond the protective oversight of the team that cannot be trusted to have found and fixed its thousands of weaknesses?

      Really? And I can be confident that the Win7 that came on my ThinkPad is vastly superior?

      Really? And it is massively "uneconomical" to switch over to Linux?

      At the risk of an avalanche of down-votes, I'll side with Eadon on this one.

  9. John Tserkezis

    I don't see XP as a big enough problem to upgrade anyway.

    Firstly, yes, you lose updates, but on that size network, you're going to be running via a central router/firewall/filter whatever, enough that *direct* attacks aren't possible or at least minimised.

    Indirect attacks (downloaded malware) is a serious risk in almost any environment, but there's no reason you can't lock down XP pretty much like later OSs, not to mention virus/malware scanners and such.

    You lose support. Or at least free support. Big whoop. I have a real problem with the "support" supporters, (excuse the pun), namely because I've never seen anyone call support and received a *useful* answer. Not talking about stupid non-problems you can google, but real problems. Maybe I've led a sheltered life, but anyone I know who's called for real problems has hit a brick wall with Microsoft. In other words, you've lost nothing, because you didn't have it in the first place.

    Software requirements. Believe it or not, sometimes *YOU* have no control over what software someone else has picked. You know the one, it ONLY works with IE v6, you're in charge of keeping it working, the Powers That Be won't let you replace it and you can't argue with the idiot who bought it - usually because he's your boss.

  10. Tank boy
    Trollface

    More than one way to skin a cat I guess...

    In the US Army we'd call that "a technique". Not that it's the best fix in the world (tape? c'mon now), but if it's stupid and it works, it's not stupid.

  11. Anonymous Coward
    Anonymous Coward

    "Firstly, yes, you lose updates, but on that size network, you're going to be running via a central router/firewall/filter whatever, enough that *direct* attacks aren't possible or at least minimised."

    I suppose that level of security is fine for my bank?

  12. FuzzyTheBear
    Devil

    Got to ask

    Is there anywhere in the license an article that says there is a time limit to support and they can render the operating system useless at a time of their choosing ? Because imho , that creates a precedent where a company could arbitrarily choose to end product life in say , 2 years if they so choosed . Terminating XP's usefull life seems to bring us on a dangerous slope. Imagine if next year they said .. ok win 7 is 5 yo , we stop supporting it to force you to buy another newer operating system ? See what im saying ? Terminating XP support means same will happen to Win7 at a time of their choosing. The more i think about it , the scarier it gets.

    1. Glenn Booth

      Re: Got to ask

      @FuzzyTheBear

      You started with a 'what if?' then went to a 'just supposin'' and ended with a completely unjustified 'if X happens then Y will happen and that scares me lots'.

      There comes a time when all old technology products come to the end of their useful life. XP is old. Live with it. Or do you think that MS should keep supporting it in perpetuity?

      If you don't want a product that will have an 'end of support' notice at some point, I'm sure you could find some obscure open source OS that doesn't have any support in the first place. At least you'll know where you stand, eh?

    2. El Andy

      Re: Got to ask

      Microsoft have very clear published support roadmaps, which form a contractual obligation for many of their clients. They don't just obsolete things on a whim, that's more a Google thing.

    3. Hardwareguy

      Re: Got to ask

      They already do.

      Its called the Microsoft Product Lifecycle Policy.

      http://support.microsoft.com/lifecycle/default.aspx?LN=en-gb&c2=14019&x=9&y=17

      Win 7 Support ends in Jan 2015.

  13. W. Anderson

    While the Japanese as a whole have generally been conservative in regards technology adoption and use, this recommendation by prefectural government of Aichi is asinine in the most descriptive sense.

    If exorbitant costs of upgrading to newer Windows OS, which would most certainly required newer hardware purchases is not possible, why can't these people consider a wholesale move to Linux as was done very successfully by the cities of Munich, Germany, Vienna, Austria and several other municipalities and even large countries' governments.

    After all, very careful evaluations and studies by those migrating to Linux have shown that Windows 7/8 upgrade is not only ridiculously costly without any appreciable productivity gains, but also provide very little additional security functionality over that which Aich has presently.

    Not jumping into the latest technology trends is one thing, but mired mentally in the nineteenth century in regard lack of common sense and innovative thinking is something else all together.

    1. El Andy

      Probably because the costs involved in migrating to Linux are many times greater than simply upgrading to the latest version of Windows. Just because the software is free, doesn't mean you can simply swap to it without incurring massive costs.

      The general idea that you can simply disconnect from the network and all the problems of old OS's go away is epically naive, though. The potential security issues is but one very small component in the reasons why sticking on an obsolete and unsupported platform is a terrible idea.

  14. Irony Deficient

    OS-ocalypse in Japan

    Osaka-lypse, surely?

  15. Hardwareguy

    Nothing new here.

    There is a certain UK government workplace that has over 3500 Win XP machines, and they are not going to be upgraded. But then again, there is no need. There is no Internet access, outside of the secure LAN.

    Also, I was at Heathrow the other day, and walked past a Delta check-in Kiosk that was going around in an endless Boot Sequence. Windows 98SE !.

    And just a few months ago in Atlanta airport USA, walked past a BA Kiosk that was being opened and worked on. Windows NT4 Workstation. I kid you not !.

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2019