Ask Slashdot: Preparing For Windows XP EOL? 423
An anonymous reader writes "As most of us working in IT may know, Microsoft will stop supporting Windows XP on April 8th, 2014. Although this fact has been known for quite some time, XP is still relatively popular in companies and also enjoys noticeable marketshare for home users. Even ATMs are running XP and will continue to do so for some time. A lot of companies/users don't want to change because they see no additional benefit to do a costly upgrade, no reason to change a running system, and they may in some cases be right with their assumptions. So what is the best way to secure this remaining Windows XP systems? Installing the latest security patches, checking firewall status and user permissions etc. should be fairly obvious, as Microsoft Security Essentials may also not receive updates anymore, changing antivirus programs seems a sensible thing to do."
Errrrrr (Score:2)
Must keep running XP (Score:4, Interesting)
Re:Must keep running XP (Score:5, Insightful)
So what's your plan going forward? Will you use XP ten or twenty years from now? If not then you should start a migration now rather than later.
Re: (Score:2)
So what's your plan going forward? Will you use XP ten or twenty years from now?
They probably will, if there are motherboards that still support it.
Re: (Score:3)
But chances are, there won't be. The Intel rep said that they will no longer be developing drivers for it, and their new chipsets do not support it.
Re: (Score:2)
So what's your plan going forward? Will you use XP ten or twenty years from now?
Why not? We've still got mission critical systems that use fortran and cobol in use.
Re: (Score:2)
There are still tons of software being *written* in FORTRAN. COBOL I don't know, I don't work for a bank... But when I (2-3 years ago) where digging into the depths of the website of our local equivalent of IRS to try and figure out some piece of tax law, I found a link named "program for calculating tax" or somesuch. Clicked it - and got my screen filled with what I eventually identified as COBOL code!
Re: Must keep running XP (Score:2)
No but the systems are backward compatible for this reason.
Re: (Score:3)
And sometimes this actually gives new companies an advantage, because they can afford (with the help of naive investors) to buy brand new equipment whereas the older companies are stuck with capital equipment that they can not discard or replace without massive investments. This is where idiocy like outsourcing or renting services or cloud services will start taking off big time, because companies will realize that they can not afford to ever buy anything because it will become obsolete by fiat before the
Re: (Score:3)
If it was me, my plan for the future would be to never again buy equipment that requires a closed source operating system to run, or even never buy equipment that requires a computer, stick with analog or mechanical devices. Also instill heavy doses of cynicism, and realize that if you buy the least available OS that the next day they will announce the end of life data for it.
Or just go with a whole startup mentality and pretend that your business will never last more than 5 years anyway and never plan on
Re: (Score:3)
That's why the stuff at my workplace that requires SunOS 5.6 or Win98 is steadily getting rewritten in python. Don't like linux/Win7 ? Run it on whatever you do like. A nice side effect is being able to run it on dirt cheap tablets standing right next to the gear it's testing.
Re:Must keep running XP (Score:5, Insightful)
The other option is allow something to break irreparably at some point, and everyone will go into meltdown crisis mode. *Then* it'll get fixed.
You have to weigh the cost of doing it now vs. doing it then. If your company thinks "then" will be in 10 years, then don't bother now. But be prepared for the meltdown. Either way you have perfectly stated the case that you do not have to "Must keep running XP". You have made a risk-based assessment that it will be cheaper to continue running XP.
Re: (Score:2)
Re: Must keep running XP (Score:2)
IT departments also have other things to do as well as doing a major upgrade to core systems that takes several months to do. Stuff that actually makes money for firms and therefore is far easier to justify.
Re: (Score:2)
That is some "bleeped up "software
Re: (Score:2)
You better hope that either a) no remote exploits for XP get discovered after april 8th, or b) your systems do not need any kind of connection to the internet.
Certain types of infected computers which have an impact on network usage (zombies, in particular) can be detected by the ISP and disconnected from their network (and it is usually in their best interests to do so)
Re: (Score:2)
Test it on ReactOS or WINE?
If the software vendor does not support Win7, hire a hacker to hack the dongle.
Do the words like "mission critical" or "breach of contract" have any meaning to you?
MSE (Score:5, Informative)
Re: (Score:2)
MSE will have definitions for a year after the EOL: http://blogs.technet.com/b/mmp... [technet.com]
I think that is a grave mistake on Microsoft's part. It makes people think that they can still run Windows XP securely, just intercepting viruses that match the signatures, instead of patching the underlying vulnerabilities.
I also think continuing to let OEMs install Windows XP until Windows 7 was also a grave mistake. In the short term, it slowed people from fleeing to Linux, especially for the early-model netbooks. In the long term, it has delayed the end of Windows XP by years, making it more painful whe
Is it really that costly? (Score:3)
I realize there is more than hardware costs, but did you really expect your software to work for more than 10-15 years without needing an upgrade? Most people in this situation are there because they have deferred the (most likely needed) updates until now. And now they have an unusual number of computers to upgrade. My employer is squarely in this position.
Bite the bullet and upgrade. If you really want to stand firm against M$ or something, simply install any number of old-hardware-friendly linux distros. Knoppix is my current favorite.
Re:Is it really that costly? (Score:4, Insightful)
Did you know that my paper cup from my morning coffee is already soaked through and unusable? Why can't they make paper cups to last 20 years like a car?
My dog died last year. He was only 13. Why can't dogs simply live as long as humans?
Do you have any more stupid propositions?
Re: (Score:3)
It is true that software will continue to work for thousands of years, theoretically. If the hardware, the items they interface with (including humans) don't change. Sure the software is good. But to plan for software that has that level of
Re: (Score:3)
Of course it will continue to work, it just won't be supported.
Microsoft isn't being greedy, they are in business to make money, not provide free support for decades for software that you paid for a LONG time ago.
Comment removed (Score:3)
Re:See no benefit? (Score:4, Insightful)
How about this one. All of your software options are better on 7 than XP. Firefox and Chrome are moving away from supporting it. Microsoft is moving away from supporting it too. You know what that means, Mr. Super Conservative Executive/IT guy? It means your threat vectors are now starting to approach "everything installed on this workstation" instead of just the OS.
You've never worked with specialized equipment that costs hundreds of thousands or millions of dollars have you? Either that or you work for a DoE lab with deep pockets. Businesses, universities and private research labs usually don't get to replace equipment costing that much on a four to five year cycle. They get the equipment and use it until it just flat out doesn't work anymore then they spend the money to get something new. If the machine that interfaces with the equipment requires a 16-bit DOS or older version of Windows and has a proprietary dongle or need for some 16-bit ISA card then that's what stays. You buy replacement computers that will support the equipment at auction or on eBay and you keep the thing running. If the equipment can still be used, you use it. Like was said above, the computer's only job is to interface with the equipment. It's not networked, doesn't need to be. Modern malware can't effect it because it won't run on it, dummies! You can't run 32-/64-bit malware on a 16-bit machine! XP maybe, but there are very good ways around the security issues. You don't obsolete $250,000 plus machine that still gets used because the OS needed to interface with it is "old". Why is this so hard for some people to understand? You just don't treat capital expenses like that unless you have a ridiculous amount of money to burn. There really isn't a good analogy for this. It is what it is. I am sure you know the common euphemism, "If it ain't broke, don't fix it." That saying isn't just a saying, just like stereotypes exist because there are people that fit them.
Re: (Score:3)
Seriously, why don't I have mod points when a comment like this comes up. Seriously, +5 Insightful
I work at a university. Around here, lots of investigators have aging but perfectly serviceable equipment of all flavors. Some of it is tied to XP (or Win9x, or DOS) because the software to run the equipment hasn't been updated to run under a newer OS. Some of the equipment is one off or made by a company that's been out of business for years, or there is a newer and fancier instrument so they won't upgrade sof
One solution: Migrate (Score:2)
Re: (Score:2)
CloneZilla (Score:3)
I plan to clone my hard drive on April 8th and just restore from that backup whenever I get hacked. No fail in this plan!
In all seriousness, I've been gradually transitioning to Linux Mint as my primary OS, with XP as a dual-boot option (basically for games). I also have a XP VM running under Mint that I'll be able to use if I need XP and don't want to reboot. Everything's installed on a single 1TB platter drive so I really do have 2 cloned backups (on- and off-site) available.
I hadn't planned on getting a Windows OS after XP due to draconian DRM, although I haven't had a problem with XP licensing since I bought it retail in '04; I'm considering getting Win7+SSD since that's what I have at work and it's actually quite nice. That being said, most of the programs I use are cross-platform FOSS, so it's not a strong need (notable exceptions are rFactor and Visual Studio).
Re:CloneZilla (Score:5, Interesting)
Install "common sense antivirus" (Score:5, Informative)
It's largely just a matter of (A) don't do obviously dumb things and (B) don't run everything as an administrator in the first place. Remember that antivirus and security software is a final line of defense; everything else is basically a problem with the user's behavior or knowledge, and if you are careful and follow good security practices in the first place, you aren't at any significantly greater risk than you are now.
One more thing: if someone really wants to break in, they will. XP or 7 or 8 or 8.1 and all the updates in the world won't matter in such a case, so my final piece of advice: don't piss anyone off that might want to come after you.
you can do better than that (Score:5, Interesting)
don't use firefox. don't use any browser at all. if you need a browser, you need windows 7. sorry to burst your bubble, but anything else is going to be dangerous. you should be getting rid of any potential vector for badness (any software, particularly software that is known to touch the internet) altogether.
Re: (Score:3)
Re: (Score:2)
I've done my part (Score:2)
10 year old laptop now runs Lubuntu and 5 year old desktop "server" is going in the trash, replaced by an ARM SBC running debian.
Take 'em offline (Score:5, Insightful)
Relatively safe (Score:5, Informative)
There hasn't been a root exploit in XP for a couple of years now, which means if you are running as a user and not root, and you know what you are doing, XP should be fairly safe.
1. Run as a regular user and only elevate permissions when you need to
2. Make sure your directory permissions are locked down properly (there are guides to help you do this)
3. Turn off all unnecessary services
4. Run a 3rd party antivirus app - BitDefender Free is excellent
5. Regularly run rootkit detectors and a second on-demand scanner (I use Trend Micro)
6. Don't use IE, use Firefox with NoScript turned on
7. Don't use Flash, Adobe Reader or Java. Use Sumatra PDF for PDF viewing.
I keep a VM of XP around for running some old apps and reading my junk email account. I've been sent virii and all sorts of junkware, and running the above config is pretty impervious to anything thrown at me. I can revert the image to it's original state if something bad happens, and I've yet to have to do that.
Embedded XP is going to be here for a long time (Score:2)
Windows SteadyState (Score:5, Informative)
Windows SteadyState [cnet.com] from Microsoft is available for Windows XP.
SteadyState virtualizes the OS directories transparently on the disk. File writes/updates are directed to a secluded area. You can set it to simply delete those journaled updates upon restart/signoff. Any malware will be effectively gone. Windows Update would still be possible when signing in as the SteadyState administrator (creating an updated image), but that's kind of moot at this point.
Re: (Score:2)
File writes/updates are directed to a secluded area.
But what if the malware directly modifies disk sectors? Is there malware that can attack in this way?
Re: (Score:2)
From Steve Gibson and Leo Laporte [grc.com]:
Now, it's not quite as onerous in my experience as Jim's letter indicates because it does not
make an entire copy of your system partition and/or drive. Instead you set aside a block of
hard drive space. And using a feature, basically it's file system filtering, this is able to capture
any changes which are made to the system drive. And essentially it caches the changes. So, for
example, when any application, installer, literally anything you do, I mean, this thing is global.
You cannot turn it off without restarting Windows. So it's not something that just sort of easily
comes and goes. I mean, this is meant to be bulletproof.
And I discovered the hard way that it even protects the partition table, and that first track of
the drive which we were talking about recently could be prone to preboot kernel rootkits. I was
using something else that did deliberately change that first track, very much in a kernel rootkit
fashion. And that'll be the subject of an upcoming podcast because it involves performing whole
drive encryption. And it turns out that SteadyState uninstalled this thing, even though I had
SteadyState sort of in a mode where it was supposed to allow changes to be saved. So, I
mean...
Simple fix: Air gap. (Score:2)
That's what's going to happen to all the XP machines (that haven't been air gapped already) where I work.
Most of the XP holdouts are lab equipment. (Oscilloscopes, Arbitrary Waveform Generators and the like.) They were already air gapped, anyway.
There are a few machines that run old development tools needed for production. (As in factory, not web services.) They will be left connected long enough to catch the last batch of updates, then relegated to USB storage and optical media for data dransfer. (With sen
Re: (Score:2)
Oh, crap. That must be why there's a camera crudely duct taped to every oscilloscope we've ever ordered. We were given strict instructions to NEVER EVER EVER remove them for ANY REASON EVER because the were EXTRMELY CRITICAL to the operation!
Zero budget. You can't be helped .. yet. (Score:3)
Don't. Don't secure it. Just let the chips fall where they may. Failure is an option, and you've presented things such that it's the best option.
Before you reply with "that's crazy" (or "that's lazy") let me remind you, that you there's "no .. benefit" to being more secure, and "no reason" to worry about the consequences. The submission has already stated that solving the security problem has zero value. So why are you working on it? Just let it go. Security is a don't-care condition. Every hour spent on it, is an hour wasted for no benefit.
If you change your mind about it being a don't-care condition, then you open the door to upgrading to a maintainable OS. But you can't do that, until you decide that upgrading does have benefits, and there is reason to change a running system.
So .. have you changed your mind? Are you still sure there's no benefit to an upgrade and no reason to change a running system? Or have you realized that's TOTALLY FUCKING ABSURD yet? Because I think once you realize that it's TOTALLY FUCKING ABSURD then you're going to see some options appear.
Anyone else just a bit slightly worried? (Score:2)
Not a problem at all (Score:2)
Running an Ubuntu Installfest at the local library (Score:3)
I'll trying to get an Installfest setup at the local library to help XP users migrate to Ubuntu.
Preparing for Windows XP EOL? (Score:2)
That's easy:
fromdos *.txt
"Captain, Iceberg dead-ahead!" (Score:2)
Banned, as of today. (Score:3)
Word came down today that running any XP images is a security violation.
Security violations are potentially an immediate termination offense.
They will have to extend it... (Score:5, Funny)
It runs on XP.
Happy privacy!
Re: (Score:2)
Anti virus is sort of an incomplete term. Trojans are much more popular these days, and despite its name an anti virus program can protect against them too. It's just software when it comes down to it.
Re: (Score:2)
AV programs are useful for two things:
1: Make the legal eagles happy.
2: Scan an offline volume (a VM's disk image) for potential infections.
For real time threats that attack the Web browser and the add-ons, the only real protection is blocking ads via AdBlock, utilities that block by IP address, denying plugins the ability to run unless explicitly clicked on, sandboxing the whole mess so any changes to the filesystem can be easily dumped, and running the browser that you use for banking in a different bro
Re: (Score:2)
Aren't actual viruses pretty rare nowadays? Most malware attacks the browser and plugins.
The term "virus" has evolved to include all forms of malware and anti-virus programs now detect more than just the traditional "virus".
Re: (Score:3)
Even without admin rights, malware can do a lot of harm with just user profile data.
XP is very lightweight (runs well in 512MB of RAM), so it makes for a great OS to run in a VM for Web browsing. Have the user that the Web browser is running in be a non-admin, use the above add-ons, and use a sandboxing program like sandboxie, and one can have decent protection. Every few weeks or so, roll back the snapshot so if something did get past the sandbox, it would be gone. Of course, bookmarks would have to be
Re:No problem (Score:5, Insightful)
stupid AC. I'll tell you why: some people have expensive hardware that only works with xp and its NOT practical to rebuy working hardware just to run a more modern os. the os only exists to run apps and if the value of the apps and hardware are high enough, you will stay with the older os.
of course, AC's think that only linux matters. they can't see that in the real world, you need TOOLS to do your job and if those tools are only running on an older os, you keep that older os!
this should not have to be explained. maybe I got trolled, but figured if he was serious, I'll at least explain WHY you need to continue to run older systems.
Re:No problem (Score:5, Interesting)
Really. One of my customers has a Win98 box, because it controls a $50,000 device. Another one runs NT Server, because porting 100,000+ part numbers to a new database isn't worth the upgrade.
People forget these contraptions we are typing on are simply tools, especially to businesses that focus on their own products, not what OS is on their computer.
Re:No problem (Score:5, Informative)
At my company we have dozens of $500K+ machines that are controlled by NT 4.0 boxes, and dozens of somewhat newere $2M machines contolled by XP boxes.
The vendor has no incentive to upgrade their software to work with a new OS, they'd rather we spend several hundred million on new equipment. And the software that controls the machines is closed and proprietary to the vendor.
We'll still be using NT and XP in 2020.
Re: (Score:2)
The older "must haves" don't get plugged into the network.
Re: (Score:3)
Forever? (Score:5, Interesting)
I see this response a lot, and I completely understand it. Business needs what it needs, and so if it doesn't see a need to update, it won't. Got it. Perfectly. Crystal Clear.
But an honest question: What happens to that 100k database (maybe 200k in the future?) 5,10,20 years from now, when the computer it runs on breaks and you can't get replacement parts for that old motherboard. When Windows 98 does not have drivers for the hardware being made. When the database grows so large that the HDD in your Windows 98 box can't even handle it. When Windows 98 can't keep up with the network speeds and standards of the future that are required to stay competitive. When the install medium itself gets scratched too many types and stops reading.
I don't feel like I've EVER seen any contingency plan for this. The excuse is always "You're out of touch, business needs to run older systems". Again, I agree and understand. But at some point, maybe not soon, but at some point it WILL stop working, or at the very least, it's age hampers the budget more than helps.
Is there a plan to at least move to VMs to try to preserve the software a little more? (Maybe you are already using the VMs). Are there good backups for the VMs? Can the VMs access the USB ports and what not for your devices? How many of your devices use old ports that don't even come on any computer sold in the past 10 years?
While I understand the reasons for not upgrading immediately (or not even quickly), 15-20 years seems excessive, and I start to think this is a failure of business leaders more so than a misunderstanding of technical people.
Re: (Score:3)
Re: (Score:2)
I got you beat - I know of a company that's still running OS/2 Warp on two production systems. They track the entire backup tape library.
Re:No problem (Score:5, Insightful)
Depends on the device and the support you get for the device. Just think about it: Microsoft never did give any real "support" to you, most of the time they told you to go to your manufacturer for that. If the manufacturer of the $50,000 device still gives you support in the sense that he will fix any problems that occur with the device, including replacing the hardware that still runs Win98, that is more support that you have ever gotten and will ever get from Microsoft.
Re: (Score:3)
True. There is no support from Microsoft, *especially* with something like Windows 98 which didn't even come with automatic patches. If you need a bug fixed or a problem solved, you have to call someone other than microsoft.
The problem here is that there are capital purchases that last longer than Microsoft supports their operating systems. Support by MS, non-existent as it is, has never lasted more than 5 years past the time that they last sold the OS. But capital purchases may last several decades. G
Re: (Score:3)
I used to do consulting for Xerox, it was fairly typical for hospitals to depreciate hardware (such as beds, autoclaves, photocopiers) over 20 years. You can't even get parts for copiers after that amount of time, you are generally relying on 3rd party refill kits for toner and other consumables. From memory 10 years was pretty standard for printers.
Re: (Score:3)
DOS is also very easy to run on arbitrary hardware. Boot it ; done. That was easy! You don't even need a hard drive or floppy anymore as it will run from flash, USB and other options.
On latest hardware you probably have to turn BIOS emulation on in the UEFI setup.
Re:No problem (Score:5, Insightful)
It's not stupid. It's quite common for specialised equipment to rely on drivers written for a particular OS. We have a 3 year old transmission dynamometer that cost us $180,000 that is controlled by redundant commodity x86 hardware running XP. There is no need to keep the OS up to date as it serves only one purpose.
Stupid lusers these days think all "PCs" are to be connected to the Internet and used for browsing file sharing sites.
Re:No problem (Score:5, Insightful)
And there is nothing wrong with using XP for that machine for the next 20 years...
So long as it isn't online, isn't used for anything else, etc...
It doesn't even have to know what decade it is in, just run the transmission dynaometer and that's it...
Your only real issue is that at some point, spare parts for the computer itself may become hard to get, I personally would invest in 1 or 2 spare computers, clone the current one, set them in storage, and have them for backups. It shouldn't cost much, a few hundred dollars, and you'll have backups to the one part that is least likely to get support.
Re: (Score:3)
If you do that, also be sure to find the drivers and installation packages for them and store them along with the computers. If you want to get a fresh Windows
Re: (Score:3, Insightful)
The logical counter to that is:
YOU HAVE SOMEONE RUNNING A $50,000 ON Win98? Holy crap that is stupid.
Why? These types of systems are in a lot of industries. None of those systems are on the internet. And probably not even on a network at all. It may cost $10K to upgrade the controlling computer. And for what? So you can play a game on it? Or iTunes, or surf the web? No one in thier right fucking mind is going to do this. These are very specific use systems. They don't' need to do anything more than what they are doing and spending a pile of money to upgrade them to a modern OS will gain nothing.
Here's a
Re: (Score:3)
There are better car analogies.
There are lots of farms that use trucks that were new in the 1950s to haul stuff to and from the fields. I once had a summer job at a seed cleaning plant that used a 2 ton 1938 Ford flatbed truck to move pallets of grass seed from the cleaning operation to the warehouse, a quarter mile away. That truck had not been on a paved road in decades, first and third gear were shot, it was always parked on a hill at overnight because the starting motor was too weak to turn crank the c
Re: (Score:3)
Nice story, but frankly that old truck is an example of extreme life extension. :)
I'm all for getting your use out of equipment, but I think that one is past its prime, past its extended life, and past its dead by date. :)
Re: (Score:3)
Is it? What is the labor cost of having a truck that only goes 5 mph? What is the labor cost of having to screw around with something so old, you have to park it on a hill to start it?
What is the business risk that it just doesn't start one day, a critical day, and it takes time to fix or get a replacement, yet the crops are ready to go?
It is called stepping over dollars to pickup pennies.
I'm all for being frugal, but at some point you're just being foolish.
Re: (Score:3)
Re: (Score:2)
We have a spare glove box here at work that handles overflow from our main glovebox. It used to be our main glovebox until we bought a much larger, more modern box. It has two Pentium 3 computers running Windows 98 but they boot straight to DOS and run the control software. One PC runs the glove box environmental controls and vacuum airlocks/ovens. The second PC runs an ancient DOS based motion control system.
Here is the problem: Replacing the glovebox is at least 100,000 USD. And that does not include upgr
Re: (Score:2)
Or, more likely, they have a stack of old computers with a win98 install, ready to swap out. The biggest issue is probably to keep all the driver disks around as well - installing old windows on old hardware is "a bit" more work than installing Linux, as you have to install a bunch of software after installing the OS, and the drivers are often hard to find via google...
To be honest, I've seen much, much older than that. I remember using a old IBM PS/2 (looked ~ like this: http://en.wikipedia.org/wiki/F... [wikipedia.org] )
Re:No problem (Score:4, Interesting)
FWIW there are print shops with $2mil+ printing presses that still run Windows NT 4.0 on Dec Alpha-based controller PCs (AT motherboard no less - not even ATX!), with no upgrade path offered other than being told by the manufacturer to "buy a new press." WHY buy a new press just because the OS and motherboard are outdated, when it otherwise runs flawlessly?
There are perfectly valid reasons to stick with an EOL OS.
Re: (Score:2)
So just remove all computing from industry then? Because it's impossible to buy a $100,000 manufacturing machine that will last more than the 5 year IT upgrade cycle?
And XP is most definitely not 13 years old, Microsoft still sold it NEW five years ago. May as well say that Windows in its entirety is 25 years old, and that only a fool would buy Windows 8 today because it's a quarter of a century old.
Re: (Score:2)
This may not necessarily apply to every use case, but I'd suggest that any reason why one might need to run an older system is probably trumped by the distinct possibility of being cut off from the Internet entirely.
Because if or when any previpously unknown exploits for XP get discovered after April 8th, they will probably not be patched, Virus detection can only go so far to stopping vulnerabilities in the underlying OS.
Alert ISP's that can detect the presence of zombie computers on their network an
Re:No problem (Score:5, Interesting)
Where I work a good number of the surface mount assembly lines are run by windows 2000 and XP.
The screen printers still run DOS. Many of the electrical testers and chip programmer rigs need XP or lower as well.
As most of these setups require custom PCI IO cards, visualization isn't an option either.
(Though I am happy to have found an ISA to USB adapter that works well under visualization)
When "a pc upgrade" involves replacing a quarter million dollars in hardware and finding the time to eat the cost of downtime over three running shifts, even I couldn't justify the cost of doing so just to get a newer OS (that will still be windows and still go EOL at some future point!)
My solution is to segment older OSes on the network. They can reach the SQL server and occasionally the file server as needed.
NO email, NO internet, NO intranet, no random transfers between there and other networks.
Everyone has Win7 desktops for office, outlook, and firefox. There is no need to even treat the XP systems as computers anymore. They are now appliances.
With the SMT line PCs not even showing a desktop or letting the operators exit the controller GUI, and the test hardware being locked to a list of approved executables (More for QA actually), the likelyhood of an infection requiring a reinstall is next to nill.
That leaves hardware failures. I have full drive images to restore once the HDs fail. On a more serious failure, the entire rig is considered failed. Either time to pony up the $25k for a new system, or we do without.
As long as you get your desktops upgraded, there is a lot less you need to use XP for, and most attack vectors can actually be completely blocked without effecting any work flow what so ever.
No applications ... (Score:3)
Counter to what some people seem to think, running XP isn't an end in itself. In the real world you run XP in order to run certain applications, right? Applications that typically won't run on Linux (closed-source Windows-only stuff) and may not even run on Windows-7.
Besides upgrading would be really expensive. Ripping out several million boxes, reformatting they d
Re: (Score:2)
If XP is behind a corporate firewall - no problem.
Everyone should have a separate non-Windows firewall.
It really is all very simple and never requires the running of ridiculous anti-virus products.
A corporate firewall does little to ensure safety of a Windows installation. I've seen users behind a malware scanning firewall, running antivirus software on Win7 *still* manage to get infected by malware.
If a remote exploite is found in WinXP, a single infected XP machine on a corporate network can hop around to other WinXP machines in that network.
Re: (Score:3)
Firewall and AV products will not catch 0-day exploits of the Web browser and add-ons. If they are pulled via SSL, even the best SPI firewall will be bested, unless one goes with a MITM system and forces all inside machines to trust the MITM appliance's key as a root one.
Browser exploits are the biggest vector of infection these days, and XP has little to no resistance innately against those, other than running as a non-admin user... and even then, malware can do a lot with a regular user's context.
Re: (Score:2)
Re: (Score:3)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
They also eat a shitton of disk space.
Windows 7 SP1, set of windows updates, is nearly 1 gb.
Re: (Score:2)
for
All update uninstallers deleted. Once XP EOL happens, you can also permanently delete \Windows\$hf_mig$ and then turn off automatic updates entirely.
Re: (Score:2)
1GB of space is a lot in 2014?
We have different definitions of "shitton of disk space" then...
Re: (Score:3)
If it's the same problem I had, installing IE8 fixes it. For some reason.
Re: (Score:3)
If you think that newer versions of windows don't have anything to offer you shouldn't have to do anything at all
First, the only newer version of Windows that "has anything to offer" is Windows 7. Vista isn't as bad as some people have tried to claim, but once Windows 7 became available, Vista became meaningless and there is absolutely no reason to even consider it. Windows 8 is a mess. One of the all time worst.
But the real problem isn't that newer version of Windows don't have anything to offer. The problem is the expense of switching.. Whether it's an individual with one computer or a business with a few thou
Re: Check you premise (Score:2)
It's not a well kept secret.
Re: (Score:3)
Yes, XP is good enough, and all later versions really offer nothing new that the average consumer needs. This is all just forced upgrades to guarantee that you keep buying new microsoft products. They could have added a support option and keep XP around; say $5/year gets you continued updates. This would be popular I think for businesses which have many legitimate reasons to keep around old turnkey systems or the like, many of which aren't even on the network. Alternatively MS could provide better XP co
Re: (Score:2)
I don't understand what all the fuss is about. Windows XP has been infested with malware for years in spite of attempts to patch it up. I don't think the patches did much to improve security since the malware is winning. The lack of new patches shouldn't make much difference. It will still be infested with malware.
If you're concerned about security, you would have moved to something else a long time ago.
Re: (Score:2)
And what's the worst that happens to a computer that's on and not connected to the network? Microsoft loses some profits.
Re: (Score:3)