Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Security Windows Government Microsoft Operating Systems Privacy Software United Kingdom

London Metropolitan Police's 18,000 Windows XP PCs Is a Disaster Waiting To Happen (mspoweruser.com) 232

According to MSPoweruser, the London Metropolitan Police are still using around 18,000 PCs powered by Windows XP, an operating system Microsoft stopped supporting in 2014. What's more is that the police force is upgrading its PCs from Windows XP to Windows 8.1, instead of Windows 10. Only 8 PCs at the police force are reportedly powered by the "most secure version of Windows right now." From the report: From the looks of things, the London Metropolitan Police will continue to upgrade their systems to Windows 8.1 at the moment. Windows 8.1 is still being supported by Microsoft, although the mainstream support for the OS is set to end on the 9 January 2018. Microsoft will offer extended support for the OS until 2023, which means Windows 8.1 is still a much more secure alternative for the Metropolitan Police than Windows XP. Windows 10 still would have been the best option in terms of security, however. Microsoft is releasing security updates for the OS every month, and the new advanced security features like Windows Defender Advanced Threat Protection makes PCs running Windows a whole lot more secure. The spokesman of the 0Conservative London Assembly said in a statement: "The Met is working towards upgrading its software, but in its current state it's like a fish swimming in a pool of sharks. It is vital the Met is given the resources to step up its upgrade timeline before we see another cyber-attack with nationwide security implications."
This discussion has been archived. No new comments can be posted.

London Metropolitan Police's 18,000 Windows XP PCs Is a Disaster Waiting To Happen

Comments Filter:
  • I love this crap (Score:5, Insightful)

    by Snotnose ( 212196 ) on Wednesday June 28, 2017 @08:14PM (#54709243)
    Private companies upgrade regularly, realizing it improves security/productivity. Government agencies never upgrade, then bitch that their anti-terrorism agencies are using 10 year old HW/SW cuz they can't afford to upgrade.

    It's called managing your resources. Or maybe "scare the government into giving us more money than we need cuz look how outdated we are". Either way, the folks in charge need to be fired and the entire culture changed.

    / I used to get a new desktop every 3 years, whether I needed one or not
    // Got memory upgrades in between desktop upgrades
    /// Not so much nowdays, we seem to have hit "good enough": I'm not complaining, my work PC is plenty fast for what I do.
    • by beelsebob ( 529313 ) on Wednesday June 28, 2017 @08:34PM (#54709345)

      Private companies upgrade regularly, realizing it improves security/productivity. Government agencies never upgrade, then bitch that their anti-terrorism agencies are using 10 year old HW/SW cuz they can't afford to upgrade.

      The problem is that while the government fully recognises that upgrading is worthwhile, convincing tax payers that spending millions on upgrading computers is a valid thing to do is nigh on impossible.

      You and I can see that in the long run it'll cost less, but some conservative will always tell you that short term tax cuts are worth more than long term stability.

      • Re: (Score:2, Informative)

        by Anonymous Coward

        Why would they care about long term stability? A PM will last 1-2 terms tops, so their sole motivation is to be elected in the next cycle. They will always choose a saving now over a saving in 10 years time. That's why they do silly stuff like sell natural monopolies and fail to cover asset maintenance costs.

      • by guruevi ( 827432 ) on Wednesday June 28, 2017 @11:15PM (#54710013)

        How about using free software to begin with, the manpower argument is nil because you're spending more on keeping this old crap running.

        • by goose-incarnated ( 1145029 ) on Thursday June 29, 2017 @05:20AM (#54710971) Journal

          How about using free software to begin with, the manpower argument is nil because you're spending more on keeping this old crap running.

          Came here looking for this comment. Was not disappointed.

          You know, all through the years a bunch of us pointed out that anything your office worker is doing on Windows can be done on a Linux desktop. We had little effect on those whining "But, but, but ... training!!!!"

          Well, the jump from Win7, to Win8, to Win10 is a lot greater than the jump from WinXP to KDE and guess what - your users managed to do just fine.

          So now, to mitigate the security nightmare of literally unsupportable software you want to change to ... temporarily supportable software? You know that this game will play itself out, again, in a few years, right?

          At some point in the future you'll be sitting with security nightmare boxes all running Win10, and moaning about how you need more money to move off an unsupportable Win10 to the new temporarily supportable WinSwissCheese.

          Move to Linux. "Unsupportable" software becomes "support it ourselves if need be". You can't do that now, with MS, and you cannot do that in the future, with MS.

          Or, don't move - I'll still be around to say "I told you so", so at least I'll get to be all smug and stuff.

          (NOTE: "Unsupportable" is different from "unsupported". The former is literally "Impossible to support" while the latter is "Vendor doesn't support it, but we can hire people to support it if need be")

          • Yeah but support it ourselves requires paying someone to support it. This requires more tax money. Keeping an old version of windows and not paying for upgrades is still cheaper, until the bottom falls out anyway.

            • You're paying anyway. Your choice is either pay Microsoft millions each year to get the bugs that Microsoft thinks are important fixed, have an upgrade cycle defined by Microsoft, and have new features that Microsoft thinks that people will like forced on you, or pay a similar amount to a company to support an open source system with the bugs and features that you care about prioritised and major version upgrades on a schedule that you define. In the former case, if you're unhappy, then sucks to be you.
          • by Kiuas ( 1084567 ) on Thursday June 29, 2017 @06:28AM (#54711175)

            Move to Linux. "Unsupportable" software becomes "support it ourselves if need be". You can't do that now, with MS, and you cannot do that in the future, with MS.

            I fully agree with this as someone who works for IT side of the public health care sector of Finland. In fact the main project I'm currently in charge of which is an ERP overhaul project for hospital logistics is an Linux based project that saves us quite a lot money on the licensing costs alone. Most of the coding itself is done by a midsize Finnish software company.

            However let me illuminate to you the difficulties of doing this at a large scale. A recent list I saw which is not comprehensive probably included 66 active systems currently in use by the hospital district. 6 of those, mine included, are Linux based, the rest are running on Windows. Why is this?

            Well, the acquisition process itself is in its current shape such that it pretty much prevents small to midsize companies from bidding on major projects. The largest IT project going on at the moment is the replacement of the patient information system with a newer one that also unifies lab and imaging results systems and others directly to the patient files so that the treatment staff itself can access all relevant imaging lab and other data directly from the patient file itself without having to keep open several different systems at once like they still currently do.

            We're a large hospital district, the largest in northern Europe. On a yearly basis we treat over a million people and as the most populated district in Finland we're also in charge of all highly specialized care. So needless to say that updating systems critical for the health and safety of over a million people is not exactly something to be done lightly.

            Due to this projects of this size and scope are usually tendered out so that the tendering process itself contains a lot of terms and conditions limiting the size and type of companies that can even participate in the process. First of all they have to be on a stable enough basis monetarily, the financial/risk analysis by itself eliminates most smaller players directly from the game as they're deemed in too high risk of bankruptcy to be reliable.

            The second thing that really cuts out the companies like the ones I'm currently working with from participating in these large scale projects past experience. Because the margin for error with acquisitions of this kind is so small, it is required that the companies have experience with providing similar systems using similar tech in the past 5 years to a similarly sized hospital area.

            This pretty much narrows the options down a lot. And currently there are no open source players on the market that fill these conditions, as Linux based patient information systems are in their infancy at this point and have not been implemented at this scale yet.

            Due to this the project is currently being developed by Epic Systems [wikipedia.org], an american megacorp. It's intended to enter use in 2019 with a total price tag of 385 million for the system itself, with a yearly price tag of around 40 million afterwards. How reliable these estimates are I cannot say, because outside proving technical support in the integration between logistics and the system itself I'm not involved in the management of the patient information system project itself and thus am going purely based on publicly available information. [apotti.fi]

            The way forward here I think would be to set up a government owned IT company. Torvalds is Finnish after all so Linux is more widely used here than in many places so the expertise is there. The government could then pay for the development of large scale open source systems to be used by our public organizations. That's really the only feasible path to a more widespread adoption of open source systems in the public side, because the megacorporations currently in charge of this sphere - Epic included - are not going to be switching over to Linux and surrender their control of the product.

          • Move to Linux. "Unsupportable" software becomes "support it ourselves if need be". You can't do that now, with MS, and you cannot do that in the future, with MS.

            If they can't support their systems running Windows, which is much easier to maintain and have user's accept, then they definitely won't be able to support Linux on their shoestring budget. Supporting software themselves? Hah.

        • by AmiMoJo ( 196126 )

          Free software isn't free. Staff need re-training, incompatible equipment replacing, work-arounds for incompatible software need to be developed (if even possible)... Don't get me wrong, I think government should use free software for many reasons, but it isn't likely to save much, if any money.

          • Paid software isn't free either. And if you think moving from Windows XP to 7 to 8 to 10 comes at less of a training cost, as moving to a *nix based system, you're simply wrong. The real caveat is that *nix admins are not cheap, they're not widely available and they often don't fit into the stereotypical view of an IT Supporter/Admin/Manager. Also, there's a real software hurdle, but as with everything, someone has to go first. If not, the monopoly never changes and we're all stuck with less secure, less
        • How about using free software to begin with, the manpower argument is nil because you're spending more on keeping this old crap running.

          Unfortunately, most members of management are too ignorant, naive, and/or arrogant to recognize that, even when it is pointed out to them.

          They buy into the marketing hype of M$, Oracle, and SAP, and then expect their IT departments to implement the crapware that they just bought.

      • This "no longer supported" nonsense needs to stop too. Microsoft released a patch for XP regarding the Samba flaw just a couple weeks ago. They (allegedly, anyway) still support XP for embedded systems such as ATMs and Point of Sale systems. I'd bet they still support it for any industry still willing to pay a service contract, including the gov.

      • You should not be modded downwards, but then, you should have never been modded up either.

        You said:

        The problem is that while the government fully recognises (sic) that upgrading is worthwhile, convincing tax payers that spending millions on upgrading computers is a valid thing to do is nigh on impossible.

        The person above you said:

        It's called managing your resources. Or maybe "scare the government into giving us more money than we need cuz look how outdated we are". Either way, the folks in charge need to be fired and the entire culture changed.

        Let me re-target the discussion for you: An entity gets $x amount (through profits/taxes/whatever) to perform certain things. Management is supposed to manage $x in such a way as to ensure the proper performance of the entity.

        You seem to be under the impression that the normal operation of the entity should not include budgeting resources for upkeep of the software and hardware enviro

      • convincing tax payers

        Since when have politicians needed to convince taxpayers before throwing massive sums of money around?

        They havent in my lifetime.

    • by dbIII ( 701233 ) on Wednesday June 28, 2017 @09:08PM (#54709471)

      called managing your resources. Or maybe "scare the government into giving us more money than we need cuz look how outdated we are". Either way, the folks in charge need to be fired and the entire culture changed.

      Fired? The person who wouldn't give them a budget to upgrade is Prime Minister now.
      It was a deliberate "austerity" policy.

      • Fired? The person who wouldn't give them a budget to upgrade is Prime Minister now.
        It was a deliberate "austerity" policy.

        Um, if someone has the ability to allocate resources then they are part of management. The implication is obvious.

        I guess as long as The Met can claim that it was the politicians and the politicians can blame the Met, the situation never needs to get fixed. For myself, it is all government and it has become ineffective at what is is supposed to do and should be fired/removed from responsibility.

        I am going to build a guillotine. Hopefully I can put it to good use sooner rather than later. Vive la France!

    • I am surprised the government doesn't rotate out the PCs every 3-5 years. XP machines have no warranty, so spending money to find parts to fix stuff is likely more expensive than a replacement cycle, there are likely auditing issues (not sure what items they are under, but having backlevel machines and operating systems surely runs afoul of some regulation.)

      Of all the things that need to be updated/upgraded, it would be PCs. For example, AppLocker as a policy, disallowing admin access unless needed, enabl

      • by Bert64 ( 520050 )

        Disallowing admin access doesn't really help in a networked environment (and chances are at such organisations, users never had admin access to begin with).. In order to exploit the smb vulnerabilities you only need the ability to connect to port 445 on a target host. The initial infection may have run as an unprivileged user on 1 workstation, but if other hosts are unpatched it would easily be able to gain privileged access to those.
        Bitlocker only helps when machines are turned off, a machine thats booted

      • by Bongo ( 13261 )

        The public doesn't know how to think about IT -- the rapid change and the extensive spread into our lives and into critical infrastructure.

        On the one hand there is an eagerness to adopt and "put everything onto the computer" -- on the other there's no sense of time and pace and scale and change.

        And I guess for a lot of medium sized organisations (whatever that means) the IT "works" and continues to "work" and so doesn't need replacing until it "doesn't work" -- but to actually replace it you have to "start"

      • by rtb61 ( 674572 )

        Are you seriously talking about software warranties of being any import what so ever, you must be kidding, what planet do you live one, certainly not this one with totally craptastic warranties, hey the software can cause billions in damages and kill thousands of people and the warranty will cover the cost of the software, right in the warranty in all piece of shit windows software it states that it is unfit for purpose.

        What should happen is governments with their software budgets should directly locally f

    • by cruff ( 171569 )

      Private companies upgrade regularly, realizing it improves security/productivity.

      If only that were true. Where I'm working at the moment, we are still using Office 2007. Other tools for software development are nowhere near current. Instead, the IT department has rolled out some kind of USB connected display device for which the device drivers regularly break so that no one can actually display anything on the meeting room TVs. That solution undoubtedly cost more that a couple of types of video cable per room.

    • Private companies upgrade regularly, realizing it improves security/productivity. Government agencies never upgrade, then bitch that their anti-terrorism agencies are using 10 year old HW/SW cuz they can't afford to upgrade.

      It's called managing your resources. Or maybe "scare the government into giving us more money than we need cuz look how outdated we are". Either way, the folks in charge need to be fired and the entire culture changed.

      What are you talking about? I work for a private company and we still image Windows XP or 2000 machines when the hard drives die. In fact I just upgraded an XP SP2 computer to SP3 the other day. I needed to use a floppy disk just 6 months ago. My corporate laptop is Windows 7, at least, however the lack of a CD drive is a frequent frustration.

      It's no use complaining about it or insulting the entities using old software. It's expected. It will not change. The only option is external mitigation of atta

    • > Private companies upgrade regularly, realizing it improves security/productivity.

      BWAUAHA. That's funny.

      Who's going to pay for it?

      Small business don't "fix" what isn't broken.

    • Re: (Score:3, Insightful)

      by Anonymous Coward

      I wish idiotic people would stop equating upgrading with security. Windows 10 is the LEAST secure OS ever because it comes prepackaged with spyware, malware and back doors galore.

      There is absolutely nothing wrong with running Windows 8 or XP, so long as your administrator is competent. Any OS, aside from Windows 10, can be hardened. Those dinky Microsoft Tuesday patches don't secure shit compared to having a real admin around who understands firewalls, user permissions, network permissions, antivirus/antima

      • by Bert64 ( 520050 )

        Unfortunately that's just not true, while you can take steps to mitigate the risks by running old software you will end up running software which has known vulnerabilities that you can't fix. You'll end up having to disable so many features because they have unfixable flaws, that you might as well turn the systems off.
        A competent administrator is better off running an ancient linux distro, not only can you harden it to a greater degree due to being more modular, but you can also patch the software yourself

        • by thsths ( 31372 )

          You can mitigate risk, but it requires encapsulation of questionable software. Encapsulation in terms of local system access, but also encapsulation in terms of network access. Essentially, you need either a sandbox, or a virtual machine connected to a separate (heavily filtered) network.

          However, the support for either is very weak in Windows XP, which makes it a poor choice as your main OS. And that is what we are talking about here. (Once you virtualise it, the risk becomes much easier to manage.)

      • You can't get there from here ... if your administrator is competent he knows why XP can never be reasonably secured in 2017.
      • by AmiMoJo ( 196126 )

        Complete nonsense.

        For a start, XP has known unpatched vulnerabilities. But more importantly, you don't seem to understand how computer security works these days. When XP was new, one exploit would get you the keys to the kingdom, full access. Later versions introduced defence in depth, where its not just user/admin accounts any more, most stuff is virtualized or sandboxed to some degree and great effort is made to carefully separate data and executable code.

        Running XP these days is suicide. Even if you keep

    • Private companies upgrade regularly, realizing it improves security/productivity.

      You are not aware of the number of Windows Xp/Windows CE 5.0 systems sold to this day. Industrial machinery, HVAC control systems, medical equipment etc. are all using outdated, insecure operating systems.

    • I'm afraid that the idea that private companies upgrade regularly or reliably is not well founded in corporate experience.

      I'm up right now tuning and helping run disk backups to virtualize obsolete software on obsolete hardware because many private companies _do not_ upgrade. Getting proper backups of them before replacing or upgrading them can be quite tricky when the backup software is the policy mandated corporate licensed software, and it's old, buggy, and the upgrade version does not run on the out of

  • by CaptainDork ( 3678879 ) on Wednesday June 28, 2017 @08:18PM (#54709261)

    ... after a registry hack [zdnet.com] to tell it it's an ATM (or other embedded).

    To apply the hack, create a text file with a .reg extension and the contents below:

            Windows Registry Editor Version 5.00
            [HKEY_LOCAL_MACHINE\SYSTEM\WPA\PosReady]
            "Installed"=dword:00000001

    • by antdude ( 79039 )

      But is that supported in Home and Pro versions? IIRC, MS said no.

    • That article itself linked [zdnet.com] to a follow up from the same author, who doesn't recommend doing this hack for several reasons. He also says that updates for embedded XP was scheduled to end in April 2016.
  • How does the current support level of the XP-based POSReady version (the Windows version for bespoke embedded device use), which is still receiving patches until 2019, compare with the support level of Windows 8.1?

  • by Gravis Zero ( 934156 ) on Wednesday June 28, 2017 @08:25PM (#54709305)

    I'm sorry but if you are serious about security and long-term stability (decades) then Windows isn't the way. Sure, no OS is perfect but that doesn't means you should choose to drink raw sewage because filtered water isn't really pure water. Honestly, they should be using some minimal version of FreeBSD with an minimalistic or possibly text interface. Progress is good but only if you are heading in the right direction.

    • Re: (Score:2, Troll)

      by freeze128 ( 544774 )
      Are you kidding?

      Honestly, they should be using some minimal version of FreeBSD with an minimalistic or possibly text interface.

      Have you EVER met a government employee? Do you think they can handle an OS with a text-only interface?

    • by AHuxley ( 892839 )
      It is for the UK gov and mil to track its own staff.
      The UK cannot afford to create its own programming language, make its own police OS, code its own apps, have 24/7 support for its own UK OS and have perfect vetting for all its police.
      The educational efforts of the 1980's to educate a lot of computer ready workers failed. All the computer hardware used in schools all over the UK did not result in a huge uptake of computer education and create skilled experts.
      So the UK has generations of staff who know
      • >"The UK cannot afford to create its own programming language, make its own police OS, code its own apps, have 24/7 support for its own UK OS and have perfect vetting for all its police."

        Right. So install and use CentOS for free (and the myriad of apps, including LibreOffice) and contract one of the many places for support. Have your GUI and a hardened, reliable, world-class, long-term, regularly-updated OS. Take the money you save on licensing and unnecessary hardware updates and malware payments, an

        • by AHuxley ( 892839 )
          Staff would not then search for a term suggested by the press, criminals, their faith, cult on such an advanced new system.
          They would fear it and all the logs it keeps.
          Tracking of gov staff would become more difficult as gov staff stopped using interesting search terms that the security services could watch for.
          Staff could just search on XP and never faced any issues about results. New staff who might be loyal to other nations, be politically active, have to do tasks for their faith, be criminal or who
        • by jabuzz ( 182671 )

          For good measure a number of the lead CentOS developers are based in the UK.

      • All you do is claim what people cannot do. You greatly underestimate your common man.

        • by AHuxley ( 892839 )
          The problem is the "common people" are getting deeper access in the gov and secrets are walking out due to poor or no vetting.
          Interning people are getting more gov jobs and for some reason get police clearances.
          Staff keep on giving or selling information due to politics, faith, another nation they are more loyal to or the need for cash.
          Lawyers and activist human rights groups demand total access to security service methods in open courts via police reports.
          Interesting people then change their methods
          • holy shit dude, try to condense your thoughts into a small logical compact form. i'm not reading your stream of consciousness posts.

      • So the UK has generations of staff who know of a Windows GUI, how to use some Windows productive apps and played computer games on Windows or early consoles.

        So, the staff can handle the change from Windows classic interface to Windows 10, but they can't handle the change from Windows classic interface to KDE? Nor Gnome?

        I'm afraid that the "trained in Windows UI" argument is well and truly lost - the smartphone take-up demonstrated without a doubt that people can easily pick up a new interface and use it.

    • The typical IT desk mantra is to get the latest OS always. But that latest Windows OS is a major screwup. The users hate it and it's not actually providing extra security, although the word "security" does show up in the marketing more than others. But everyone knows IT is just a marketing arm of Microsoft due to the hiring practice of only hiring those with Microsoft certificates which trains you to be an expert at marketing Microsoft products.

      • by ls671 ( 1122017 )

        Of course it is more secure because it is new and closed source.
        hehe

        Just wait for while although...

    • Yes, and all that costs you is the ability to run and deploy the software that's critical to your infrastructure.

      I happen to know someone who works in a small city IT dept. As far as I understand it, they're a 100% Windows department, mostly because all the software the city uses is available on Windows. Unless that software the city depends upon actually runs and works on the OS you're advocating, there's precisely zero chance it will ever happen. There is some very specialized (and expensive) software

      • by ls671 ( 1122017 )

        Great! Basically, we have been pwned and there is nothing we can ever do about it. It is just the way it is, like the sun rising every morning.

        We may as well accept it. That's for our own good after all.

    • by trawg ( 308495 )

      I'm sorry but if you are serious about security and long-term stability (decades) then Windows isn't the way.

      Are there any Linux-based desktop-focused distributions that have the longevity of Windows?

      I am still running my 2004 version of SecureCRT and my 1999 version of Multiedit (less often). I just copy their directories between computers and have done since I bought these way back when.

      I tend to run my Windows OSs until literally the day they stop maintaining them (I liked to stress test the development teams I worked with by being the one person in the office that wasn't running the latest & greatest so c

      • by ls671 ( 1122017 )

        I'm not an MS fanboy by any means (almost everything I do outside of my desktop is on Linux) but I still think it's near I can SSH to one of my servers using a copy of SecureCRT I bought 13+ years ago.

        hmm... you sure seem to enjoy proprietary stuff and to be well trained in MS concepts although.

        I never had any problems logging into SSH servers without SecureCRT and I still run some servers with patched versions of slackware from 1997. Some running XVNC GUIs.

        • by trawg ( 308495 )

          hmm... you sure seem to enjoy proprietary stuff and to be well trained in MS concepts although.

          Hah! I mostly enjoy just doing what I want to do and not having to fight the OS every step of the way. FWIW I run almost exclusively open source software on my desktop wherever possible (looking at my list of applications open at the moment I have Firefox (my primary browser), VLC, Launchy and Notepad++ :)

          Don't get me wrong - I would love to see more en masse migration to Linux on the desktop. But every time I've tried (and I make a concerted effort every few years) I just run into a laundry list of proble

    • I'm sorry but if you are serious about security and long-term stability (decades) then Windows isn't the way. Sure, no OS is perfect but that doesn't means you should choose to drink raw sewage because filtered water isn't really pure water. Honestly, they should be using some minimal version of FreeBSD with an minimalistic or possibly text interface. Progress is good but only if you are heading in the right direction.

      Consumers are a considerable part of the problem with insecurity, because they will prefer functionality over security every time.

      Is it possible to make Microsoft OS secure? Sure. Remove the GUI, disable file sharing protocols, and reduce it to a powershell box.

      Is it possible to make a smartphone secure? Sure. Disable all app installs and cloud sync, remove unnecessary apps, and secure with 8-digit PIN.

      Will consumers find these products useful after securing them? No, not really. They want to have th

  • by jmccue ( 834797 ) on Wednesday June 28, 2017 @08:32PM (#54709337) Homepage

    Welcome to Public Spending, you see things like this everywhere. No money to fund Gov agencies. Makes one wonder if it is due to graft or incompetence or something else.

    I blame the public, the vast majority will talk about a celebrity's sex life or a bunch of millionaires running around on a playing field like the world depends upon it. But knowing or really caring about what an elected official does, no one cares. So we end up with a majority of officials who only cares about themselves and how much they can skim for themselves or family/friends.

  • by thogard ( 43403 ) on Wednesday June 28, 2017 @08:46PM (#54709381) Homepage

    Forms of XP are still being sent out on brand new systems and will be for years. These devices tend to be the all in one industrial computers or the ones that integrate with car systems like the ones used in police cars. Because no one is making a secure browsers for XP anymore (developers repeat the lie "it isn't supported by MS anymore"), their users may be leaking data about you.

    Free support for home XP users stopped but to many, it is still a current product. While it would be great to have it disappear, I expect its use will far outlive Windows 10 simply because of the old hardware the can't run anything newer that is often attached to even more expensive hardware in a way the prevents upgrades.

  • by Anonymous Coward on Wednesday June 28, 2017 @08:47PM (#54709391)

    ...but "18,000 PCs is?" We have this word, "are," for when you have more than one thing. You should look into that.

  • by Nexion ( 1064 ) on Wednesday June 28, 2017 @09:01PM (#54709453)

    Its called Windows Powered Off Edition. :P

  • "...a Disaster Waiting To Happen"

    I think that's putting it mildly. It may well be the understatement of the century.

  • XP may not be getting updates, but it is not getting targeted either.

    I am seeing most attacks targetting Windows 7.x - 10.x.

    Back up your data, if XP is hit with malware, scrub your system and reinstall.

    Windows systems newer than XP are not especially safe either.

    • China has hundreds of millions of XP systems still live and Internet exposed, even if only through home routers. It's still a very fertile ground for infection.

    • by Alioth ( 221270 )

      XP might not be targeted by generic botnet/ransomware/etc type of attacks, but targeted attacks (e.g. an attacker who specifically wants to steal data from a British police force) will find it much easier to develop an exploit to do so from a static target that's full of security weaknesses and is not being patched.

  • win8.1 vs win10 (Score:5, Insightful)

    by cas2000 ( 148703 ) on Wednesday June 28, 2017 @10:18PM (#54709829)

    What's more is that the police force is upgrading its PCs from Windows XP to Windows 8.1, instead of Windows 10

    given that:

    a) police computers hold private information on thousands of individuals - convicts, suspects, victims, informants, witnesses, and more

    and

    b) Windows 10 is spyware that routinely uploads data that it finds on PCs to microsoft servers

    It should be illegal for police computers (or those of any government department or any company holding personally identifiable information) to use Windows 10 to store, process, or interact with that data.

  • I remember reading (Score:5, Informative)

    by rsilvergun ( 571051 ) on Wednesday June 28, 2017 @10:30PM (#54709865)
    that Theresa May pulled about 18,000 police off the beat. It was one of the reasons her party got beat up in the last election. This is small potatoes compared to that. But either way it's pretty obvious the problem is a lack of funding...
    • But either way it's pretty obvious the problem is a lack of funding...

      And the continued use of the world's most insecure, and expensive, desktop operating system.

    • But either way it's pretty obvious the problem is a lack of funding...

      Eh? There are PLENTY of funds. It is the distribution of those funds that are an issue.

  • Comment removed based on user account deletion
  • "London Metropolitan Police's 18,000 Windows 10 PCs Is a Disaster In Progress "

  • When Linux first started to produce viable desktop products, the argument was the same as for Macs: we need to run just one O/S, and many of our users need Windows applications, so that's that, we all have to run Windows.

    But then IT themselves pushed every major software project towards web solutions, because they didn't want to install any .EXE files at all - they never really got over their beloved mainframe environment, you see; they wanted all the PCs to go back to being dumb terminals and leave them in

You know you've landed gear-up when it takes full power to taxi.

Working...