Slashdot Mirror
Microsoft Refuses To Fix NT 4.0 Exploit
shmigget writes "The Register is reporting that Microsoft is throwing in the towel as far as NT 4 is concerned on the latest security flaw to affect Windows 2000, XP, and NT 4. They quote Microsoft as saying 'The architectural limitations of Windows NT 4.0 do not support the changes that would be required to remove this vulnerability.'" There still is a workaround for NT 4.0. Instead of patching the problem, it's advised to firewall off port 135 on an affected machine.
So in effect, ZoneAlarm could be considered as a patch for this problem??
I like the Bill "Borg" icon better than this icon
No, I don't like it... but support for NT4 is dropped at 30 june 2003 and that's not really far away.
Ahhh...the great dumpster continuum. Many a free computer will be found there. -- sowth (748135)
is NT really used these days? I remember some of our management applications (browser based) had to be NT tested a year or two ago.
These days it's all Windows 2000 and XP, and people are considering dropping the 2000 support sometime in the near future.
--------
Free your mind.
Kinda makes you wonder what other fundamental flaws are there in NT4.0 that will prevent fixes from happening. ...And Microsoft wants to be known as a company you can trust with security. This should throw them back a couple of eons.
Don't they promise to support products for a given amount of years for some enterprise customers? What will happen in these cases?
It seems strange on the surface for them to admit that their product is 'unfixable,' but really, doesn't it make sense as an upgrade-inducer? Granted that in a more competitive market people would be put off by this, but some people don't regard the other choices with which we are so familiar as acceptable options, leaving them sending their checks to Redmond no matter.
Then again, people still buy new models of cars which have had huge saftey problems in the past, even though other choices are availble; perhaps the real phenomenon is that marketing is sometimes more powerful than good judgement.
All Microsoft-bashing aside, does anyone else see something majorly wrong when it's impossible to fix a fairly serious exploit due to architecture limitations in the OS??
They're basically saying that they can't fix it because the OS makes it impossible to do so. Not because it's inherent in some protocol, or because it is a natural effect of some kind of desired behavior or something, but because the OS DOESN'T SUPPORT IT?????
That's just wrong.
A Minesweeper clone that doesn't suck
You have to wonder how long a company can support an operating system. You have to remember that NT was released in the the mid-90s so its 7+ years old. Microsoft is beginning to put NT4 to end of life and that the people who will really know the code may of left Microsoft or moved on.
I'm mean we all go on about how bad MS is but you can expect them to support everything forever can you?
Rus
Cheap UK and US VPS
An architecture that doesn't allow a bug/vulnerability to be fixed??? Come on, that clearly shows that its flawed by design. ;-)
I was going to say they had stopped supporting NT4 anyway so were within their rights, but I looked it up and it appears they are providing NT4 hotfixes until the end of 2004. Either way, a service pack or something equally dramatic for one flaw I think is overkill and blocking port 135 on a firewall is a better option.
It's their right to do so. I don't see a reason how they are doing something "wrong". It's their product, and they have said they have discontinued it. It's up to the users to find a suitable fix for the system.
Kinda makes one think of benefits of open source; if something like this happens, you can always hire some hacker to fix the hole, wherever it is, for the right amount of money.
Save your wrists today - switch to Dvorak
M$ Programmers - "But its a product that is still in use, we have a responsibility to our customers."
M$ Exec's - "Wats this respongeability you say?"
If you are still running NT4, you probably are too busy (or lazy) to update security patches anyway.
NT4 needs to DIE. If you prefer the Windows platform, you've had ample time to move to 2K, or else another platform.
What other operating systems from back then are still "supported" now ?
Solaris 2.6 maybe ? (Rapidly approaching EOL/EOS)
What else ?
Point is: NT4 is so old (and so BS), I can see why they want it to die (apart from the reason that they want to sell the new OSs)
Windows 2000 - from the guys who brought us edlin
... open source it.
So maybe they just figure why bother when the end is near for NT4 anyway. Not that that is a good excuse, but it makes sense in the big business world.
And no, I am not sticking up for M$.
MicroSoft uses every dirty trick in the book to escalate their sales. This new exploit now gives NT4 shops an urgent need to upgrade.
Because of the closed source, there is no way to patch a MicroSoft product without MicroSoft. If someone figures out a way to fix it; MS will undoubtably sue the shirt off their backs.
This seems to be an underlying plan for the MS scheme to make money. Two - three years from now they will be pulling the same thing with windows 2000 just to keep a purpetual upgrade going on even though the older systems work perfectly fine.
There are still systems that are 20+ years old that still work and do their purpose, yet the lifespan for anything running MS is only 3-5 years.
Imagine if the stock market was running windows NT!
"Microsoft Refuses To Fix NT 4.0 Bxploit". I think you mean exploit :)
Rus
Cheap UK and US VPS
Why are we not seeing the Bill Gates Borg? Do we need another topic just for windows? If so, it should be a window through which we see the Gates-Borg.
http://www.naildrivin5.com/davec
say in 97/98/whatever they would of just looked at it and said "well darn...an NT4 bug that just can not be fixed"?
What's sad is that there is a 2k/XP fix...and I bet an NT fix would not be that hard considering they are quite similar OS's.
They're not saying (publicly, anyway), "hah, we're not supporting this ancient operating system any more, go away."
The article quotes them saying they can't fix it, there's too much stuff to do.
Using your firewall to block port 135 is fine, unless you actually need RPC for something useful. In that case, I'd say that a firewall that discards all malformed packets (more complicated) is in order. Or an upgrade to Win2K. After all, it's been out for, what, 4 years now?
Get off my launchpad!
not sure what a Bxploit is, but it sounds a lot like an exploit.
The security flaw mentioned is a Denial of Service vulnerability. This flaw does NOT allow exploit of the system.
After running this through the honesty filter, we come out with:
"Windows is fundamentally insecure. Suck it up."
Gotta love the honesty.
-Waldo Jaquith
Is that like some sort of exploit of the x86 processor's BX register?
If so, pretty creative name, I must say.
Ve haf ways of making you upgrade, ya!?!
- - -
"The sixth sick shiek's sixth sheep's sick."
"Windows XP Professional is built upon the rock-solid reliability of Windows NT technology, the architechture that is so fundamentally limited that it does not support the changes required to remove significant vulnerabilities."
Doesn't have quite the same ring to it.
- JoeShmoe
.
-- I wonder which will go down in history as the bigger failure: the War on Drugs or the War on Filesharing
Is this shorthand for Bad exploit?
You are being MICROattacked, from various angles, in a SOFT manner.
Just as there are over 20 million users of Windows 95, there are numerous (I don't know the estimate) users of Windows NT 4... nuff said.
I think events such as this will be another nail in the coffin of MS simply because if they are so unsure of the current capability of NT and its problems due to a complete lack of engineering and proper design then I am betting that many will rightly ask, "has MS really improved with 2000 and the impending 2003 .NET server?"
Then again, I feel no pity for the fools that chose pretty buzz words and software boxes over stable, secure and extensible solutions. That is the price of business. If you choose to pay more for less then don't come crying to the government or anyone else when your infrastructure begins to collapse from its own bloat.
The other day I read an article that said NT might be a bigger threat to Microsoft sales than Linux, now suddenlt there is this unfixable bug. Hmmmmmmmm.
Insert pithy comment here.
M$ Exec's - "Wats this respongeability you say?"
The kind of product support you would expect from a comercial Unix killer rather than the kind of "support" you got from windoze 3.1. Oh my, the difference was only a matter of time. Pthththfit! That's some kind of incentive to "upgrade" to w2k, I mean XP.
DMCA, Hollings, Palladium. What might have sounded like paranoia is now common sense.
Plus, why are people so irksome in not upgrading to ever newer and more expensive operating systems like they're supposed to? Constantly forcing Microsoft to keep looking back over legacy code. It's ugly, dirty and scary back there, not like in candy XP land.
See above.
You think that I'm crazy, you should see this guy!
If you click on the 'topics' link on the left, you'll see that slashdot has one icon for Microsoft (the borg) and another for Windows (this shitty one.) If you click on the Windows icon, you'll find that this is the only story ever posted with it. So we can probably rule out Bill using his mind control ray to control Taco's mind, and chalk it up to the usual slashdot incompetance.
Microsoft has learned that features alone haven't been enough to persuade its users to move to newer OS versions, so they are giving the vulnerability angle a try:
"Hey, buy our newest product, we still fix those vulnerabilities. You do still care about the security of your data, don't you?"
I can't see why MS would choose to not support a product that many customers are willing to continue to pay for support for. The support charges should be gaged to cover support costs.
That said, I wonder if it would make sense for them to SELL a patch for older software like that. Just a small fee that effectively says "Oh, ALL RIGHT, if you insist, here. Pay up, you're wasting our time." Maybe something they should try?
i'm amazed that i survived - an airbag saved my life.
OK guys, now's your chance to set up a Linux firewall to protect those poor, insecure little NT boxen. Get to work. It's what I'm going to do.
If Bill of Borg would only release the source to his stuff, these bugs would be fixed real quick like.
This sig no verb.
Why not microsoft ?
Those Eastards!
Oh what a glorious day that will be. Though, I'll have to find some other pasttime than smashing linux newbie zealots.
scott
They use things like this to force customers to upgrade.
They did something similar with Windows 95 to force EDS (a huge customer) to upgrade.
Microsoft wants people to stop using NT 4, so by refusing to apply security fixes they can tell customers "you need to upgrade to fix this" and thus keep revenue coming in.
NT4: I'm not dead yet.
..and on and on.
Microsoft: Yes you are, you just don't know it.
NT4: Really, I'm very much alive.
Microsoft: No, you're very sick and could give over any minute now.
(I'm so ashamed I can't recall that conversation verbatum...
Getting old, I suppose.)
Have you read the moderator guidelines? Well, have you, PUNK? (and I want a Karma: Gnarly option)
The official reason of this decision according to windowsupdate is, NT 4 needed more parts to be recompiled than rest platforms, therefore - as I logically assume - more trouble for them, more trouble for people that download critical updates with slow connections and old hardware.
This is of course unacceptable in the unix world of stability.
In the Windows world of features, this sounds like a normal decision.
Not surprised.
They are contractually obligated to support NT 4.0 until June 30, 2003. Not forever. Just until then. "It's old and boring and we don't understand it" isn't an acceptable excuse.
...when you can claim it is unfixable and encourage an "upgrade"?
Murphy was an optimist.
at least in terms of PR.
Microsoft: "Um, we don't want to fix this. But here's the kernel source, so why don't you fix it for us?"
Beady-eyed kernel hacker: "OK!"
It's not such a silly idea with a practically end-of-life'd product; bugs and exploits would get found and fixed and since Microsoft doesn't seem to want to support certain OS changes, we'd do it for them. And it would be a great PR boost. "Microsoft supports freedom to innovate!". Hm.
We recently had heard in the office over one of the Yellow Machine that's made by Anthology Solutions.
>blocking port 135 on a firewall is a better option.
I can't help but wonder how many brainwashed MSCE's will "solve" the problem by setting up a firewall running Win2K.
Microsoft's explanation of why they will not fix the bug, in the security report, uses so many 5-dollar words like "rearchitecting" that I prefer to think it is just a way for them to avoid the effort of making a patch.
:)
Perhaps they don't employ any rearchitects that can do the rearchitecting needed to fix it.
BTW, how does one pronounce "Bxploit?"... I submitted the same story, but spelled correctly
"Alcohol, Tobacco, Firearms, and Explosives" should be a convenience store, not a government agency.
NT4 came out in September 1996, just three months after Linux 2.0. The last 2.0 version is 2.0.39, which was released January 2001, over two years ago. Both groups have moved on, and aren't willing to spend much effort on the old versions. It's true there are more recent 2.0 pre-patches, but if you're willing to use one of those, simply adding a port to your firewall block list should be cake.
And yes, with Linux, you have the source, so you could fix this yourself, right? Microsoft says this requires a large architectural changes. I think any person or group willing to re-architect NT4 or the 2.0 kernel would better spend their time and effort upgrading to a newer OS version.
I bet their not going to batch NT 3.51 either. So what? If you're still using NT 4.0, you knew LONG ago this would happen.
This is just another example of Microsoft displaying it's new philosophy of "Trustworthy Computing".
Ever since they announced their Trustworthy Computing initiative they have been going out of their way to build the publics trust in them...
Oh wait...
We are going to do something unacceptable by the end of June^H^H^H^H March. See there? We told you that we were going to do it, that makes it right. Be greatful, very greatful and send more money.
DMCA, Hollings, Palladium. What might have sounded like paranoia is now common sense.
Instead of patching the problem, format the hard drive and use someone's OS who actually fixes security problems next time.
RedHat doesn't support RedHat 5.2 anymore...sigh...
Why not just tell them to upgrade to windows XP? Then they have solved the problem, and made microsoft money... I don't get it. Why tell them to use a firewall... how does microsoft make money that way???
---
Programming is like sex... Make one mistake and support it the rest of your life.
So, here it is from both angles, the way I see it.
Microsoft do have a point, NT 4.0 *is* 7 years old now (released 1996) and supporting it is probably a major headache for them, at least until June when it reaches end of life (bear in mind that end of life for most software is 5 years). How long can you keep patching software? I guarantee that if they did take the time to patch it many other things would break resulting in the need for more patching and more headaches.
On the other hand, they are still going to get a nasty backlash from the millions (billions?) of people still using NT 4.0. Yes, you can laugh at businesses who haven't moved to 2000 or XP yet but if you are a multinational company who depends on NT facing the huge costs of moving to 2000 it's a big deal.
Microsoft recommends we firewal port 135 - which every network administrator with a brain should already be doing! Unfortunately, good network administrators are in very short supply.
Way to go MS. Take the port used by the DCE endpoint mapper, use it in your own broken, buggy, and insecure version of DCE RPC (also known as DCOM), then refuse to fix it.
My University uses DCE all over the place, from a financial application to the distributed filesystem. Now people are going to start blocking this port (135) to protect against then start complaining when some of the applications they use and their file system access stops working.
Finkployd
BTW, a fix is available for a charge, it's called: Upgrading to Win2k.
..it isn't Microsoft's fault that people refuse to redesign their company, buy a new licencing scheme, and further Microsoft's evil cause just to ensure the safety of their data.
Job? I don't have time to get a job! Who will sit around and bitch about being broke and unemployed then?
Kind of like how they threw in the towel at Visual Studio.NET! Its a brand new product and they have only released a minor patch for a very specific problem in it. It still crashes several times a day and we are all going to be forced to upgrade to Visual Studio.NET 2003 instead.
http://www.askthevoid.com
So much for their "you get what you pay for" argument for commercial software...
Liberal (adj.): Free from bigotry; open to progress; tolerant of others.
What seems odd to me is that they can't make a patch for NT4, because the system was changed so much between NT4 and 2000 (for improvements, no less), yet they all happen to have the same vulnerability. Hmm. That sounds like the systems might be sharing something in common...
I know it's possible that the rewrite reimplemented the same bug, but it doesn't seem likely.
...is that professional system administrators and network designers still make de desicion to use Microsoft's products. We see it over and over again; huge security flaws in their closed source software while the admins have to wait and wait until someone with cvs access has the time to write a fix and release it.
As long as it would be only their security, I could not care less. However, the recent 1434/udp worm showed us that there are enough clueless admins out there that it is possible for 376 bytes to have networks go down completely because of Microsofts complete irresponsable behaviour.
What would happen if Boeing would stop patching security issues in their airplanes? It's just too sick for words. Everyone using Microsoft products should be asking themselves one question: what if...
Note: this is not a flamebait, it just my observation.
I'm not a complete idiot... Some parts are missing.
You make a good point. If it is infact unreasonable effort for MS to support one of their better products, then maybe, just maybe, the could consider releasing the source code for it, so we could support it for ourselves?? Huh?
Yeah, I know, wishful thinking. Makes no sense if most people would rather just pay for an upgrade.
The REAL jabber has the user id: 13196
What you do today will cost you a day of your life
"The architectural limitations of Windows NT 4.0 do not support the changes that would be required to remove this vulnerability."
Marketing Engineer:
Uhh, guys, you can't say that - we said this!
Bullshit Engineer?
Microsoft - who would you like to believe today...
The Mothership
But NT 4.0 is technically still supported right?
Depending on who you ask in this thread, until June 1993 or the end of 1994. But there is nor argument that it is still supposed to be supported by Billy and his gang.
Now, if the random car company makes a car that sometimes ejects you from the passenger side for no real reason, then they have to call the automobile back and either fix it or provide you with a new car. So shouldn't Bill have to call back all copies of Win NT 4.0 and either fix it or send them a nice shiny new server?
Just curious...
Instead of patching the problem, it's advised to... ...run linux instead. While it may not be more secure inherently, at least you run less risk of being EOLed.
GF.
Lots of petrified grits
If you use windows NT, your choice is now pay for the next version of windows or live with the hole. Some companies still use NT because they have custom mission critical software that will not work on a newer OS, and some companies still find (found?) that NT 4 met their needs and there was no need to undergo the expense and re-training effort to upgrade.
If the average user had half a brain, they'd see why this is proof that using MS software is too dangerous for their company. I refuse to use XP because of the activation, but I have to use win2k to get along with my clients. What happens when MS says it's time to force everyone off win2k?
Jason
ProfQuotes
You got BASH up on windoze? Cool!
They're basically saying that they can't fix it because the OS makes it impossible to do so.
We all know that nothings less changeable than SOFTWARE. That's why we have such stollid windoze 2000, based on NT Technology or New Technology Technology. That strain of sollid stuff is what makes XP rock too. So you see, we can't change the softwer because we already changed it and changing it twice to support our customers would be like a double negative in the bank. Unix killer, ha ha ha.
DMCA, Hollings, Palladium. What might have sounded like paranoia is now common sense.
Funny first the Microsoft Hacker Proof ad gets pulled by the ASA and now they refuse to fix an exploit in an OS that is still in a majority of the organizations out there. When you look around most people are slowly making the move toward 2k AD setup but most organizations still stand by their NT4 domain setups. Most folks can block the port but the solution isn't coming from Microsoft and when you pay the amount that you do for the licensing you expect the company to actually back you (I know, I know it is M$).
This is actually helping me work linux into our organization. An insurance agency even. And I thought that this task was going to be impossible.
-Eod
What about an attack launched from behind the firewall. The way the article reads to me if port 135 is blocked then anything the depends on RPC, like print services for one, will break. So its not really feasible to block that port off from your local intranet. However if one of your employees decides that they want to make it so that no one can print they could launch an attack using this vulnerability against the print server.
Microsoft said they would be providing security hot fixes through January 1, 2005. They also said that general hotfixes would be available through January 1, 2004. There is an obligation to live up to what you have promised. If you buy a car and there is a 10 year, 100,000 mile warranty on it, the manufacturer can't change things after the fact. This would be like the manufacturer saying that if someone bangs on your hood your car won't start. The design of your car doesn't allow us to fix this, so we recomend that you always park your car in a locked garage.
"You can't fight in here! This is the war room" --Dr. Stra
Step 1. rawrite.exe cdrom.img
Step 2. reboot insert Linux CD-ROM
Step 3. ???
Karma: The shiznight, mostly because I am the Drizzle.
If you have a sun, you will be provided with software with all the fixes free of charge. A friend of mine bought a nice ultraspark on Ebay a while back and he was provided with all that he needed.
If you simply have a 486, all the BSD and Linux distro you want, with all the fixes, are available under the same terms from way back.
DMCA, Hollings, Palladium. What might have sounded like paranoia is now common sense.
Time to roll out the old Microsoft standby: "It's not a bug, it's a limitation".
You should never have port 135 open on a windows system, anyways. Get over it and either upgrade to Win2K server or put together a decent firewall.
i think this is good. people still using nt4 systems will be influenced to upgrade.
say what you want about windows but 2k+ is a lot better than nt4.
anyways, apple is doing the same thing with osx. im all for it
The real issue with Windows is not that they don't patch these bugs - it's that they didn't foresee these bugs. The fact that a pooly implemented, and impossible to understand, DCE-RPC stack is built so heavily into the NT architecture is Window's inherent security weakness compared with Unix, in my opinion.
Don't think I don't have more bugs waiting in the wings...:>
That's what is great about the United States - if you don't like windows DON'T BUY IT and shut up about it.
if you don't like the war in Iraq, and the way it's covered on Fox, DON'T WATCH IT, and shut up about it.
Seriously though.
If nobody were working to provide alternatives, people wouldn't get away from using it.
And if nobody were speaking up against it, all those violations of the law would just be swept under the carpet quietly. It is still being swept under the carpet, but not as quietly.
Irene KHAAAAAAN!
You'd think Microsoft would stop trying to force people to upgrade to the "Next Great Thing"tm , instead, they hold off on a security patch claiming that it's too hard (insert whine here). Just wait, there'll be enough of an uproar that they'll come out with the patch. In the meantime... why not consider upgrading... to Linux?
Visualize Whirled Peas
I'm tired of the MS bashing / karma whoring. Get over it. When was the last time Redhat released a security patch for Redhat 6? Is Redhat expected to patch a security flaw in 6 today, or is it allowed to say "work around it or upgrade to 8 (9, now, I guess)"?
This is an early branch in the software. If you want a flaw fixed, get a later version.
"Times have not become more violent. They have just become more televised."
-Marilyn Manson
Dave Aitel
I'm the head of IT at a somewhat late-adopting company. We are preparing a company wide migration from NT 3.51 to NT4. We have a lot of client machines on Win95 that we hope to have to 98 by Fall and Me by this time next year. I thought that by moving to NT4 and Me that we'd be caught up on all this security hullaballoo. What am I going to tell the CIO?
How are you going to keep them down on the farm once they've seen Karl Hungus?
In all fairness, NT is beyond its life expectancy, its time to retire it.
While i agree its expensive to retire a product that 'still works' and move on, you really cant expect any company to support products this old.. Regardless of who they are, not in this day and age....
---- Booth was a patriot ----
Microsoft strikes another blow for the benefits of closed systems!
(sarcasm)
Isn't is a better idea to firewall ALL ports on ALL machines where a compromise could cause problems (and open up those you need to, when you need to)? This seems to be common sense to me.
This is not the greatest sig in the world, this is just a tribute.
Actually, that's only true if you're running the Win2K PDC in Native-Only mode which is NOT the default. The default is to run in Compatability Mode which works great with WinNT 3.5/4 and Win9x clients.
As for software that will only run with 9x and NT, could you perhaps tell us which software that is? The only reason I ask is because I have a lot of stuff that was built for Win 3.11 and DOS (My father's business accounting software, old HP Scanner software, etc.) that runs great on Win2K.
Windows: Telling Linux to try to keep up since 1991.
Is available for free download here for anyone who wants it.
You can't judge a book by the way it wears its hair.
Consider this like Red Hat refusing to patch up Red Hat 3.0 with the latest security fixes.
Two differences here. First of all, while Red Hat Linux 8 can be slimmed down to run on the machines that Red Hat Linux 3 ran on, Microsoft Windows Server 2003 apparently cannot be slimmed down to run on the machines that Microsoft Windows NT Server 4.0 ran on. Please correct me if I'm wrong.
Second, as dhovis mentioned, Red Hat Linux is free software. Unlike the license on Microsoft Windows operating systems, the license on Red Hat Linux lets anybody provide security patches; if there's still enough demand, some third party will offer maintenance contracts and backport the security patches.
Will I retire or break 10K?
I'm glad it's getting a high profile because people should always realise the consequences of their decisions.
a lot depends on whether you trust your internal networks or not
TROGDOR!!!!!!!
There goes Unix, being more efficient than Windows again!
And MS wonders why people get upset with them!
Anyone with a nice working NT 4 based shop have no choice but to believe MS' explanation, since no one else has access to the source code to verify the story.
It's possible they're being truthful in their explanation, but since there's no conflict-of-interest-free source of independent verification, the paranoid among us will suspect it's all just a plot to get us spending time and money on an otherwise needless upgrade path to XP.
"Provided by the management for your protection."
"The architectural limitations of Windows NT 4.0 do not support the changes that would be required to remove this vulnerability," Microsoft says."
So, Microsoft admits finally, that Windows NT (a "SECURE" OS) is fatally flawed from the ground up and there is no way to fix this basic vulnerability.
Ever need an online dictionary?
Of course, Red Hat is also phasing out earlier versions of Red Hat Linux, but due to its open source nature you could get security updates from another source (apt-rpm repositories for instance) or make your own patches. Windows users are forced to rely on Microsoft for timely security updates, which they frequently fail to provide even in recent versions of Windows.
Seriously, how many people are running RH 5.0 or HP-UX 9.x??? Those aren't supported anymore, but they were around (and supported) when NT4 came out
I, like most people on this site, have an intense dislike for Microsoft
See, every cloud can have a silver lining!
HallmarkOrnaments.Com
"The architectural limitations of Windows NT 4.0 do not support the changes that would be required to remove this vulnerability."
If proper design practice was followed, this should not happen. The issue is, under proper design practice, all expected features must be designed in from the get-go. If a new feature is thought of later, it usually gets "tacked on" to the existing infrastructure. This is what happens when one constantly adds functionality to the same product, as MS does. You get the benefit of being able to put a feature in with little development time, but every time this happens, you lose some extensibility.
This is essentially the problem with the constantly-evolving upgrade business model Microsoft has used from the get-go. If it's different enough to be a new OS, PLEASE, make it a new OS!
-Amalcon
"it is infeasible to rebuild the software for Windows NT 4.0 to eliminate the vulnerability"
M$ has billions of dollars and rebuilding software is infeasible? Why didn't they just say it would be a pain in the ass?
Unsupported OSes;
1. Solaris pre 2.6
2. Linux 2.0 kernels
3. Red Hat pre 7
4. OpenBSD 3.0
All of these are a hell of a lot newer than Windows NT 4! Microsoft isn't obligated to support old software forever. Anyone complaining -- tell your execs to start making a real commitment to IT.
Sounds like they're saying NT4 is "Broken by design".
--
"Outlook not so good." That magic 8-ball knows everything! I'll ask about Exchange Server next.
It appears the Microsoft is going the way of so many other vendors in saying that they will no longer support "legacy" software and equipment. I agree that NT4 is at the end of its life cycle but Microsoft isn't. Microsoft should support its products as long as support is requested regardless of how old they are. This is only fuel for the fire. Now the IT directors of the world will think, "Hmm... save the money and not upgrade or save the headache and upgrade." Either way there will be headaches but there is only one way Microsoft gets more money.
I think 'Refuses' is a little different than 'architectural limitation'. They aren't refusing to fix it - they claim that they cannot. The title of this item is a little mis-leading.
The1Genius - Littera Scripta Manet
How stupid are people? If you'd bothered to pay attention the past couple years, your firewall would already be blocking this. Your firewall should already be blocking port 135 -- and every other port that you don't explicitly need. Your outbound connections should be limited to basically HTTP, HTTPS, SMTP, FTP, SSH, POP/IMAP, and perhaps a few others.
Software sucks. Open Source sucks less.
I find Microsoft's explaination for not fixing this RPC problem unconvincing. I suspect that if they wanted to they could add a check for malformed packets in wahtever bit of code listens on port 135. It might not be pretty or high performance but I think it would work. Any experts on windows architecture reading?
NT4 is my favorite version of windows. I keep a sacrficial install around to test new software. By being carefull about what gets installed I'v had uptimes of 100+ days from NT machines and reboots are usually hardware related. It is possible to run NT4 without IE4/5/6 so you don't have IE intergrated into all the system dll's bogging it down.
NT4 workstation is available cheaply. At large computer shows there is usually a trader with a few cd+license packs for about E25 each.
I hope to use NT4 for another five years or so, until I can't buy hardware with NT support.
Hang on a sec, we could really do with more work for geeks at the moment. If a load of corporations are pushed into upgrading their fleets of NT4 machines, with all the attendant problems that go with buggering about with computers, that means more work for geeks. Yah microsoft! Where's that alpha copy of windows longhorn...
MS should just offer all remaining NT 4.0 users a free upgrade to their choice of 2000 or XP server. They would engender much good will and finally be done with the platform they don't want to support.
Of course, this might be sending the wrong message to customers for the next upgrade cycle (just wait until we're tired of supporting it, and you get the upgrade for free), but it seems like the current message is "if you don't like us leaving you stranded, don't use Windows anymore".
So what does this mean for those who use Windows NT4 on their firewall/router box?
"The most sucessful operating system is not one who can eliminate its competitors, but live with them."
Nice... Another MS basher. I am really sure that was what they *really* meant to say. When you don't know much about business it is easier to just slag it huh?
NT 4.0 is over 7 years old...
NT is still supposed to be supported through June. Arguments that "hey, it's old" are bullshit. My family's business uses NT 4.0 as their primary file and fax server. The machine, while whizzy at the time that NT 4.0 came out, cannot possibly support Win2K. We expect to switch to Linux for our file server by the end of the SLA, and have figured for years that Microsoft would, as per their support agreement, patch security holes until that end of life date. Turns out that they were lying.
"MS basher"? Only because they're a horrible company. What's your excuse for being an apologist?
-Waldo Jaqutih
It seems to me Microsoft has a couple of options here:
1. Open source NT4
2. Free upgrades to Win2k Advanced Server
3. Fix the problem
The man who trades freedom for security does not deserve nor will he ever receive either. - Benjamin Franklin
I wonder how Saddam didn't thought of it. "Architectural limitations do not support destroying my illegal al-Samud missiles".
-- Repeat with me: "There is no right to profits".
The age of NT 4.0 is not relevant. What is relevant is that Microsft said that they would provide security fixes until a certain date and they aren't. As an IT manager, this tells me that this company is not reliable. If you promise me service, I expect to get that service.
Note that is not possible to verify Microsoft's claims as why they can't fix it, nor is it possible to get anyone else to fix it since the code is not available. This situation is a perfect example of why a business is better off with open source.
i believe ibm still has support contracts out (2004 i believe) for os/2 warp. i had a friend who worked at tivoli and he mentioned it to me. here is ibm's strategy for 2003. i believe os/2 warp 4 has been out since 1996.
-- john
By not fixing it, they're trying to force people to upgrade to Win2k. "If they won't upgrade, let's force them to!"
Nah, I'm just being cynical, but I'm confused about something. I thought Win2k was based on WinNT? So how much of the NT internals were re-designed for Win2k? What I'm saying is, if it's not possible to fix it in NT, why is it possible to fix in Win2k if Win2k is the son of NT?
DCE on z/OS didn't seem to fail :)
Finkployd
Microsoft is obviously under breach of contract here since it is suppose to fix all security holes till the end of the year for workstation and a year more for server, but lets consider when NT 4.0 came out, I beleive it was the fall of 1996. Around the same time redhat released version 4.0 (colgate). Is redhat still supporting 4.0 or even 6.2? If I decided to buy a Linux distro in 1996 or even 1997 was there anyone who agreed to provide security updates and paid support for eigth years?
That's what it comes down to, really. That is why this whole website is here. A group of folks decided that open and free is better than closed and wildly profitable. Then they set out to prove it. Along the way, community sites like slashdot sprang up. Some communities focus on improving the product and helping the users. This particular one focuses on bashing the competition.
This is a limitation of Microsoft's business model: stay in business and stay profitable.Linux doesn't have these requirements, so it wins by your standards. Unless you actually use or
develop linux or linux apps then you are a baffoon for speaking out like you do. And the majority of readers of this site are just this; impotent whiners who don't actually support "the cause". I don't think Microsoft is wrong for doing this; I DO think this validates our way of doing things at the OS level.
I write this knowing it will be ignored because I am posting as an AC, but I must say SOMETHING. All this miserable site does is foster zealots.
That being said, see you tomorrow!
Why don't y'all make your own patch :D
Exactly right my man, it deserves whatever support MS says it should get, which at this point is none.
And it's too much fun to make all the Linux zealots upset when I say something pro-MS, so *NO* I won't stopAll you have to do is upgrade to XP. It's as simple as that.
Anita Coney
"Now that's sarcasm." Homer Jay Simpson
If someone says he and his monkey have nothing to hide, they almost certainly do.
Wow!
DoD systems are not allowed to run Windows 2000 on the servers. (Well you can, but you can't use AD, just as a stand-alone)
I think that MS just wants one of it's biggist customers to upgrade!
hmm... for fun I enjoy launching DDoS attacks against 127.87.42.5
Hey, what happened to the nifty little Bill Gates borg picture?
---- "Excuse me. Where's the children's gun section?"
sorry but due to the design limitations of our cars we DO NOT support the brake system required to stop the car! please improve ur driving skills
only people using NT are businesses that are reluctant or unable to upgrade.
Je, I remember too when I was a student and thought that to upgrade software all you needed was to buy the thing and then run a wizard.
Unfortunately, this is not the case for most systems. Upgrading takes much time and puts strain on IT staff to get the monster running on schedule. Last time I upgraded the CEO of the company walked in on me during a sunday to see if the systems would be ready to run on Monday. Must I say more?
My other OS is the MCP!
I read it as this from Microsoft.
Yes we have a security fix! Its called Windows2k3 or w2k. If you want to be secure give us money and upgrade.
They want corporate customers to upgrade to satisfy their shareholders. Also I am very skeptical of their 40 billion dollars in the bank claim and think Microsoft may be having financial difficulties. Why?
Notice they never list how much profits are made from sales during quarterly briefs? Only units sold. I smell some RIAA and Enron style math.
http://saveie6.com/
Microsoft cannot be trusted. They steal technologies and innovation from other organizations like Xerox, Sun, and the WC3, and use their financial power and lawyers to stomp out competitors. Sometimes, they make modifications to the innovations others have come up with, and modify them so they will not interoperate with the originals. Furthermore, Microsoft has been known to be untrustworthy by employing technologies that are anti-competitive. They also use patent warfare as a way to make themselves money and supress the technological community. Linux is free to use, modify, and distribute, so long as you give authors credit. That is not much to ask. Moreover, there are thousands of great programs and utilities for use with Linux. These are free as well.
If you use Windows, you are doing yourself and the world a major disservice. If your reason for using Windows is because of the application support, you should change your applications or write to vendors encouraging them to port there software. There is no excuse.
If you use Windows because it is user friendly, that may be true in the short term. It is not true in the long term because your dll's will overwrite one another when you install a new program causing binary incompatibitly. Also, programs are free to modify the registry resulting in slower load times and system corruption.
I urge everyone to stop using this Operating system in favor of a *nix OS. Please stop supporting Microsoft and start supporting more viable OSes. Reasons you can't refute have been stated above, and the software is readily available. Now go to www.linuxiso.org and get started.
i have no idea
All Troll + "offtopic" mods are meta moderated as "Unfair", because you abused the system.
You may have a point:
click me
As yet, no-one's posted a variation on Microsoft's favourite slogan to suit this story.
I'm shocked.
Environmentalism is the new Victorianism. Everyone ties on a green corset and pretends we're virtuous.
If you want to quickly turn an old box into a dedicated and very secure firewall, then Smoothwall and a fork of it, IPCop are fine GPL examples. Smoothwall also sells a non-GPL version of their firewall with extra custom functions, but the basic Smoothwall is still GPL.
Both of the above support a load of network cards, and even USB-based ADSL (like the Speedtouch) right out of the box and are an absolute cinch to get running, even if you only have limited networking knowledge. They also provide a simple but powerful browser interface for administration (port forwarding, dyndns registration, squid caching web proxy, etc.).
If you want to add a firewall to an exising Linux box, then a good recommendation is ShoreWall which I've just recently set up on a Mandrake box and been very pleased with. It uses the kernel's Netfilter (iptables) support to do its thing, and is the best option if you want a multi-function firewall/router, etc., since both smoothwall/ipcop are designed to be more restrictive 'all in one' firewall distros where it can get tricky to do things like recompile the kernel without it breaking. Smoothwall and IPCop do provide regular security patches which are very easy to install via the browser admin interface (which even warns you when new ones have become available).
Smoothwall are usually a little quicker than IPCop at getting new patches out. Shorewall is a standalone firewall so it's up to you to keep the other apps updated.
rm -rf / is the evil of all root
I noticed on another site today (I forgot which one) how MS is selling OS products for installation in cars.
How long will they support those operating systems. Will I be forced to upgrade buy a new Honda after only seven years because MS refuses to support my old one?
I've heard that car manufacturers must support their products with spare parts, etc. for seven years after selling it.
BMW 7 series owners are already sorta bumping up against this issue. They have a MS OS in the newest vehicles and it seems things are very whacky on those cars and the dealer cannot do squat about it.
I think all of this brings up some very serious issues...
Caution: Contents under pressure
Let me get this straight, you have port 135 open to the world and want a software fix? hmmm....
The Windows NT 4.0 architecture is much less robust than the more recent Windows 2000 architecture, Due to these fundamental differences between Windows NT 4.0 and Windows 2000 and its successors, it is infeasible to rebuild the software for Windows NT 4.0 to eliminate the vulnerability. To do so would require rearchitecting a very significant amount of the Windows NT 4.0 operating system, and not just the RPC component affected. The product of such a rearchitecture effort would be sufficiently incompatible with Windows NT 4.0 that there would be no assurance that applications designed to run on Windows NT 4.0 would continue to operate on the patched system.
Sure it's idiotic that their system couldn't handle a patch. But if that's how it is, then it's a good thing they made their more recent versions dynamic enough to be fixable!
Any sufficiently simple magic can be passed off as mere advanced technology.
Or more ominously, what if the bug is just as unfixable in 2000/XP/2003? And they just don't want to admit it?
I suspect there will be more trouble in the future. This isn't the last you've heard of this problem.
Knowledge is power. Knowledge shared is power multiplied.
*nix RPC runs on port 111. If I don't intend to have outside computers log in and run apps on my linux machine remotely, I shut down RPC, and uninstall it too, as well as blocking *ALL* privileged ports (0..1023) with iptables. It's bad enough that Windows comes with unnecessary stuff enabled. But when *YOU CAN'T TURN IT OFF*, something is drastically wrong.
I'm not repeating myself
I'm an X window user; I'm an ex-Windows user
My question is WRT to many of the Network Accessible/Attached Storage devices like some the Iomega NASes which are essentially windows 2000 server machines what would need to be patched against some of these issues.
In some cases it is not possible to simply do a windows update since the devices are "uber-tweaked" as you say.....
--
Time is on my side
Suppose just one of those companies cant account for each and every one of their Windows or Office licences? Can you say MASSACRE? The cost of the audit (mandated by Discovery laws) would be enough for most to take a pass. The cost of fees, penalties, royalties, etc, for so much as a single violation, would wipe out any gains to be made in litigation.
In case you havent noticed, GOVERNMENTS have not been able to hurt Microsoft. Suing Microsoft almost killed Apple, WILL eventually kill Sun Microsystems, and pretty much anyone else who tries. Oracle? Bring it on. That is some nice Bayside property they've got there. Might be nice to see some flying Windows flags north of Mountain View.
Jeez, an explicit block on port 135 was the first rule that goes into any firewall I touch. I always ALWAYS put in explicit blocks for in / out on port 135, 137-139 even when they are redundant Oh right...the noninitiated home users are screwed because they don't even have zonealarm. Well...yeah. They don't install service patches either so what's one more security flaw matter? "You been playin da foosball??"
Actually NT was named for a different reason - MS was targeting NT to the Intel i860 (code-named 'N-Ten)', a RISC processor that was oft delayed. That's why it was called NT, because it worked on the 'N-Ten. Marketing later said it stood for "New Technology" . . .(post dev). You can read about it here:
http://www.winsupersite.com/reviews/winserver2k3_g old1.asp
.though I do not know the way.
(Enter Frodo) I will deliver the patch for this exploit to Redmond . .
This is just part of their plan to force people make costly upgrades.
social sciences can never use experience to verify their statemen
(Another) security bug is discovered on Microsoft software, which affects Windows NT 4. It also affectes Windows 2000 and Windows XP, which clearly means that the later two are direct derivates of NT 4 (which we all already know).
So now Microsoft is refusing to issue a fix for NT 4, arguing that there is no way they could make it so that no other existing apps stop working. But a fix for 2k and XP has already been done. That's because of the great differences between NT 4 and 2k/xp, nonetheless they are based on the same product.
So how come that, being 2k and xp SO different from NT, that they can still run the same apps without needing any modification? How come there is no way to patch a NT4 system so that it can still run the same apps but they can surely do it over 2k and XP, and the same applications will still run without a problem over the same system.
This is clearly a move from Microsoft to force their customers to either upgrade their NT 4 installations, or else they are left to their own luck. Many people WON'T upgrade their NT 4 because that just works for them, because their hardware is not powerful enough for a 2k/xp system, or because any other reason they can think of.
Windows NT 4 has been in the market for about seven or eight years now (if my memory isn't failing it was released almos alongside with Win95). This recently discovered vulnerability has always been there since then. What would have happened if someone discovered before w2k was released? Would still Microsoft be unable to release a patch for it because it would break the whole system down?
I've seen many posts saying that noone should have port 135 open to the world. That port shouldn't be listening for request from the whole world, in the first place. There is no way you can know which ports that (for some obscure reason, valid for Microsoft of course) are listening represents a threat to the security of the system. Sure, the same could be said (no) about Linux and other systems, but there's always a way to shut them off and not let the system in a non working state.
And that's all I have to say about it.
Articulos para gente geek: Poleras, linux, libros y mas
With Linux, we have practically unlimited resources. As soon as we jump a kernel version, the last version can be handed off to a new volunteer who will maintain it indefinately. For Microsoft, they have limited engineering resources and, as large as they are, can't afford to expand indefinately to maintain older versions of their OS. Particularly as they feel more and more the pressure from the Free Software movement bearing down on them, they're going to have to devote more and more of their resources to newer versions of their OS and other products, and as FS developers get ever more organized, we're going to get ever harder to compete with. Microsoft is doing the best thing for themselves and for the rest of us, because, frankly, we need the competition to keep us motivated.
I'm not so sure they can fix it.
In the beginning, NT was written on something else (for obvious reasons). Since the first version, Microsoft has probably been rebuilding their toolchains to be hosted on previous NT versions, if not completely self-hosted. This process would have been repeated at least twice since NT 4.0. The current tools might not be able to build low-level NT 4.0 code.
The Hallowe'en documents suggest that building low-level pieces of NT is not a trivial or common endeavor, and supposedly not something that the compiler toolchain usable by typical MS customers is capable of doing. It's very possible that there are only a handful of machines in Microsoft which are set up for building NT 4, and those are probably getting old, crotchety, and fragile, if they haven't broken already...
Try building a working 1.0 or 1.2 Linux kernel on modern binutils and gcc 3.2, or build 2.4.20 on gcc 2.6.3. If you somehow manage to get it to compile and link without patches, it probably still won't work properly without deep understanding of the toolchain and its bugs.
Now consider the same problem, but you only get to use the tools that came with Minix (or worse, SCO). That's probably Microsoft's current situation.
I've seen shops where coders get new computers on their desks after a product release--the old computer, with all the software, source code, development tools, etc, gets locked in a vault. If the company needs to do support work on the product years down the road, they pull the computer out of the vault, do the work, then put it back again. No worries about software rot (although hardware rot is a very real problem), although admittedly it's hard to find someone in 2003 who is fluent in Windows 3.0...
-- I avoid spam by accepting only OpenPGP encrypted or signed email at this address. Clear-signed, RFC2015, heck, even
dont forget 445....
--
Time is on my side
We all feel sooo sorry for you. Primarily because you're not all that bright.
MS isn't going to fix ONE security problem that wont' even affect your File or Fax server's unless you have them on the Internet like an a$$ (you probably do don't you?) and you're going to switch to Linux.
We expect to switch to Linux for our file server by the end of the SLA...I would wait until you get a bigger brain to attempt that. If you haven't gotten NT to work as a simple File and Fax server by now, then you won't be able to do anything with Linux. It requires reading. Furthermore, if it does work why are you switching at all??
I will say though, wonderful troll! I applaude your efforts! Your post was on topic and sprinkled with just enough "fact" for people to really believe you and you only used the word Linux one time.
I say again, excellent job!
Good riddance you piece of shit with your stompable system32 DLLs and your weak device driver signing requirements. Windows 2000 + is so much better than this relic. I know, I know, ginne a break
Sadly, the glacial pace of the financial service industry's adoption of new technology has left many with this outdated OS. Poor programming techniques (mfc42.dll stomp DLL hell make me wanna pull out my short hairs) combined with upper-mangement risk aversion has led to upgrade paralysis at some companies.
I'm not advocating that everyone immediatley accepts everything comming out of Microsoft's pipeline (if they make a bank-based "agile business" ad i'm gonna puke).
All I'm saying is NT has be hacked to shit. Let it go. Anything that doesn't comply w/ 2000+ should be rewritten/reinstalled/replaced.
DO YOU HEAR ME?!?! YOU GRAY-HAIRED STUFFED SHIRTS IN YOUR CORNER OFFICES! GET A CLUE!
Sorry for the rant. I know many of you are thinking...."Go Linux" or "Thin client". Go0d fucking luck with PHB that can't even navigate his own "Start" menu, nevermind the comprehend the benefits of modern offerings.
A Perfect example for corporations. And, they call the GPL a virus. M$ is the carrier of the freakin' black death, and its proprietary software should be avoided like the plague it is.
Any mention of Apple Computer that's less than glowing gets marked down these days. The crowding onto the 'Anything but Microsoft' wing of the Slashdot complex by Mac heads was about a year or so ago now. It coincided with the new Apple sections on this site.
Apple is no longer to be seen as the litigious closed-source company who championed the look-n-feel lawsuits in the 80's and tried to limit and control whole User Interface concepts, who the whole geek community hated with a passion. No, they're now a fine company, even under the same rather slimy management.
Awhile back it was starting to look like hAndover was going to be purchased by Apple Computer. That doesn't appear to be the case any longer. Thank goodness.
No way to tell if it's really "impossible" to do it, or just "nobody in MS team can see a way to do it" (I'm not going to suggest that MS isn't interested in keeping NT4 useable in order to drive people to upgrade and pay more $$; however I do find it interesting that they've refused to roll up all their post SP6a + SRP patches into one easy-to-apply package). MS does not have a monopoly on smart people. It does have a monopoly on the source code... Anyone wonder if the source was available someone would have piped up and said "no, you CAN fix it by ..." ?
... and that's fine. If NT4 is filling the role you want and you have no need to expand any time soon, then great. Leave it at NT4.
:)
Only problem with that is detailed by this story: when a vuln is discovered and does affect your server in the future... you're screwed.
NT4 came out in September 1996, just three months after Linux 2.0. The last 2.0 version is 2.0.39, which was released January 2001, over two years ago. Both groups have moved on, and aren't willing to spend much effort on the old versions.
If I install a machine with 2.0.39, is there any known big vunerability? If one was discovered would there *then* be a 2.0.40? With free software there's not much interest in backporting features, since upgrading to the latest version is free, should you need those features.
Anything that has outlived it's time as the mainstream stable branch wouldn't normally be updated except for security fixes, so I expect both 2.0 and 2.2 to have very slow release cycles now. Unlike Windows, where you expect some feature creep (for example DirectX upgrades) without having to pay for an OS upgrade.
Anyway, this isn't really about that either, but it's about the EOL date Microsoft has set. What do you think would happen if RedHat said "Uh RedHat 8 is fundamentally flawed, so we won't fix this bug even though its still under support. Block this service, or upgrade to RedHat 9, oh and you'll need a new support contract for that version." Would you find that acceptable?
Kjella
Live today, because you never know what tomorrow brings
...it is also advised you switch to linux.
A friend bought the pro version of zonealarm for an NT server ... it kept crashing.. so he went back to the free version - cool...not.
If Google really cared they would fix Android Chrome to reflow text, instead of discriminating
Okay, so it does suck a little that Microsoft is not supporting their software before they officially said they would stop supporting it.
However...
NT? That's like the 95 of the NT Kernel. Please move on...there is nothing else there. Microsoft seems to realize this. They're just trying to kill it off. (Much like they are working to kill of 95/98/ME by writing applications that DO NOT WORK for those systems. Ex. Office 11)
This may not be popular but I was never a fan of win95/98/me to many problems NT 4 was the biggest step windows ever made. I worked with it a bit today and after about sp3 their was really nothing wrong with it. I have many customers who have been using it for years and lots that really would have no benifit to upgrading. It really was the last really good change microsoft made and was a quantum leap over win9x.
Quite frankly, Windows NT 4 is why spaghetti coding is BAD. Earlier operating systems created by Microsoft show lack of focused planning and eagerness to create something new. I supposed the debugging/patching team finally had the last straw and had subsequent OSes built with more stable kernels. Developers: Always comment your code and begin coding with a well-thought out plan. Even with RAD, know what your doing before you start!
I remember the days of the antitrust suit against Microsoft... it was because everything was too integrated. Microsoft swore up and down that their severe integration was good. You decide that for yourself - especially in light of the current situation.
Although you may think I am simply another Linux proponent, I do not believe that a flaw would be simply unfixable with Linux. Distributions are highly modular, and although spaghetti code is inevitable, it is minimal in the Linux kernel and important services - namely because hundreds, perhaps thousands of developers contribute and sloppy base code is not an option. In no way am I saying Linux is for grandmas, however I would never entrust my business/server to Windows. It simply seems imprudent.
In this case, even when NT4 seems to be terminally broken, there's no reason whatsoever to believe that 2k/xp aren't even after MS has provided it's stinky useless patches for those.
What's the point of MS's pro-secure(haha) stance if it's unwilling to patch even one of it's products so long as it takes to make it bulletproof? NT4 is old but proven and been around so long that seems foolish to throw it away and bring in new OSes with new flaws. Doesn't help much if 2k/xp are "based on NT technology" because at the same time the get bloated with all kinds of new stuff.
One thing MS can't do is keeping it's OSes simple. Unfortunately simplicity is one of the requirements of secure software.
Preserve old classics: copy your collection onto all hard drives.
It's not a matter of if you must upgrade, but when. However, realize that buying new products from the same company will not necessarily protect from this happening again. It would be a bad idea not to use the situation to explore options. Many are making the move.
There may be some ideological reasons to try Microsoft's server experiments, but no technical ones. Even the ideological ones don't float: no matter how much you admire Bill G's enormous personal wealth, giving him more of your company's money is not going to make you rich(er).
So many corners have been cut on service and products that it looks like Microsoft may not live out the summer. WinNT and other legacy software can keep running with the help of work-arounds as long as no one was dumb enough to sign a subscription.
Beta is broken and the link to classic doesn't work. Stop wasting our time or there won't be anybody left here.
It's pretty amazing, but the hotel company that I work at, 95% of the users still uses Windows 95, an 8 year old operating system! It really becomes a problem when software developers write applets that require Java 1.4 and 1.4 doesn't support Win95. Yeah, the applets don't even run under Win95. Surprisingly enough, they have decent hardware here (Pentium 4s) but their operating system is about the oldest thing here.
Change your first period to a comma and your third to a semicolon if you wish to be pedantic about the grammar of others ;)
Best examples are bars - if you had come when it was open you may well end up being there even hours after official closing hour if you are "making business" with bar. :)
So, such cases IMO pretty clearly illustrate how each business value their customer.
hany
You got in Informative?
I did some development of NT services, spooler modules and such, and I can tell you that this is not true. 1st it is difficult to kill process owned by SYSTEM account. If it is a service, you can stop it - if it is not hung. If it is a system process and it is hung/consuming much resources or is not a service, or is owned by not your account, it get's pretty resistant to such attempts. Sometimes you can attach by debugger and kill it - but not always. What works for me is Process explorer
I'll set up a Linux firewall, it's the only reasonable option. It's fast, easy, free. I won't buy new 2K licenses to deal with this - I'm definitely not upgrading six NT servers, buying a new version of our $10,000 accounting software to work properly with Win2K, or upgrading Exchange 5.5. I just won't - not because of this, anyway.
MS will never see another nickel from me for as long as I live. I understand the EOL issue, but EOL doesn't exist with open source, and MS simply can't compete with that concept.
I hate this business sometimes.
# Erik
What Microsoft means to say is that it previously introduced a flaw to bolster later excuses for not supporting legacy software, thus pressuring businesses to invest in the next 'buggy' that comes along. Time to ramp up the marketing for 2003.
What those who want activist courts fear is rule by the people.
Besides which, the folks that haven't upgraded to something else are still not likely to upgrade, for the same reasons. They'll just be more vulnerable.
BTW, does anyone know if the US Navy is still using NT servers?
Personally, I've had great experiences with Tiny Personal Firewall.
http://www.tinysoftware.com
Same thing regarding OS...works great on 98, 200, XP. Same thing regarding application limiting. Also does nice things like MD5 sum checking to see if an application has changed and then prompts you if you want to accept the new application.
They refuse to release samba and openssl patches for their 10.1 server forcing users to upgrade to 10.2.
And this is after only one year!
In other areas, say cars, even if the maker drops support it's simple and legal for a 3rd party to do maintainence (though not for much longer if engine management becomes totally s/w based and DCMA remains in force.)
In closed source software, when the supplier drops support you are fscked. Even if you can find someone with the skills, the components are not available and you can't even look at the broken bits to see how to make new ones.
Hmm, I never thought of that. And even if they did release the code, they probably would still own it.
You think that I'm crazy, you should see this guy!
I know the software industry isn't really cut out for this, but why the hell can't they make a solid product and support it indefinitely? If it ain't broke, don't fix it! For example, my father's company still runs a DOS application programmed in the late 80's that is STILL SUPPORTED. It works *perfectly*. If it aint' broke, why fix it? The major problems we run into are because M$ forces us to upgrade operating systems ever 4 years and getting the DOS app to work again becomes increasingly difficult.
We are seriously considering a platform change to linux.
What incentive is there for a company to make a sometimes multi-million dollar investment in a product that isn't guaranteed but for four years? My uncle runs a manufacturing plant, and has machines in there built in the *1920's* that are still on the line. Whenever they break, his shop fixes them now (see an open source link here?).
Get with it Microsoft. Build a product for companies to use long term. We don't ALL need the latest 'features'.
The EOL for NT4 Workstation is in June. This isn't June, if I'm not mistaken, nor is it June for another couple of months. Furthermore, NT4 Server has a much longer lifespan than Workstation does.
It, according to MS, is still supported.
I am not merely a "consumer" or a "taxpayer". I am a Citizen of the State of Texas