Slashdot Mirror
Maintaining Windows 2000 for the Long Term?
MarkWatson asks: "I keep two Windows machines: a Windows 2000 laptop (bought with XP, but installed an old Windows 2000 license and Linux) and a desktop with XP (dual boot to Linux). I would like to avoid ever buying a PC with Vista, a situation that looks good because I believe both my Windows systems are reliable, fast, and will service my Windows needs for the long term. My problem is this: I like Windows 2000 better for a few reasons, but mainly because the license is transferable. I would like to still be using Windows 2000 5 years from now in a secure and reliable way (again, just for when I need Windows). Since I am far from a Windows expert, I would like to know your strategy for archiving Microsoft's latest Windows 2000 updates, and generally dealing with security issues. My strategy is to set my firewall up to run in stealth mode and not use Windows for general web browsing. Any suggestions will be appreciated!" How would you keep an old Windows OS (like Win98, and WinXP in another year or two) running long after official support for it has ended?
Prayer?
What if the entire Universe were a chrooted environment with everything symlinked from the host?
Eventually, new patches will stop coming out for it. Sure, some people will hack up XP patches, where they can, but eventually they'll stop coming.
So, what can you do? Make sure that you're running what patches do exist, make sure you never ever expose it live to the Internet, make sure that all of your apps are patched, make sure that you're running fully up-to-date antivirus. Don't install any software which is at all questionable, don't visit any questionable websites. Turn off what you can; if you don't use WSH, turn it off. Turn off autoassociations for it, at least. Turn off as much of ActiveX as you can, javascript and so on. There are lots of guides to hardening Win2000/IIS and so on, and most of the reccomendations here are ones that you should be following anyway.
If you wait long enough, of course, people will be targeting Vista rather than Win2000/XP, and you won't have to worry about it; kind of like how Win98 is actually a fairly safe operating system to be running these days.
Oh, and scan it with an up-to-date BartPE disc every once in a while, just to be sure. Make sure you grab the module for Spybot from the Spybot website.
Vintage computer games and RPG books available. Email me if you're interested.
So ok, its not a perfect solution and might not fit as you didn't specify what you windows needs are, but what about running Win2k virtualized inside a vmware world? Both my laptop and desktop run Ubuntu only these days, but I do have an XP virtual machine on the desktop to "boot up" should I need something which requires Windows. I don't really find much of a reason to do that these days though.
...
If you do need to keep Windows natively on the hardware, I would advise setting up a hardware firewall between the machine and the internet, and browse securely with an up to date browswer (Firefox or Opera). Disable MS Filesharing if you don't use it.
Over the long term, you might want to consider why you're keeping Windows and find an alternative (Linux/OS X, whatever). I can't imagine that anything after Vista is going to be any better and well, you will have to upgrade your machines someday
Windows 2k retired from mainstream support on 6/30/2005. It is currently under extended support until 7/13/2010.
So for the next 3 1/2 years you will continue to receive security and critical patches, and you will be able to pay for support if you need it. So there's nothing to panic about yet.
After 2010 though, if MS doesn't extended support, you may want to look in a new direction. Possibly an emulator for Linux to run what ever 2k app you need, or a replacement for those apps you are using. Worst case scenario, (2k support ends and numerous viruses are released for it) you can still run it, you just have to take into consideration the extra security concerns.
Here is the page for MS's support life cycle info: http://support.microsoft.com/gp/lifeselectindex
-Rick
"Most people in the U.S. wouldn't know they live in a tyrannical state if it walked up and grabbed their junk." - MyFirs
She managed a 3.9 GPA this semester, so this setup didn't hurt her.
That may be true. But, did she get laid this semester, or did she have to spend all of her free nights dicking with this ungodly complicated system?
It supports larger drives just fine; I have a 750GB drive happily running on my Windows 2000 box. To fully use a hard drives that's >137GB, Windows 2000 requires service pack 3 or later and a registry hack. You didn't need the IE and other extra patches just to be able to use the other partition.
Windows XP requires service pack 1 and a registry hack. It's possible for OEMs to upgrade the copy of XP they ship to have this feature by default.
For people who just have to format the entire hard drive as one big partition, then this limitation in Windows 2000 can be annoying. Those of us who prefer to keep the OS drive on the small side, separating out data files onto a separate partition, are barely effected by it. I'm already going to install SP4 on any new Windows 2000 system anyway, so I just need to remember which registry key to tickle after that's done and this problem goes away.
Heise Security released an script called Offline Updater.
.iso for each OS and/or it can also create an all-inclusive DVD .iso for all of the above versions. You then burn the .isos you created and the installation is entirely automated (some reboots required but automatically continues with the install).
/ ctupdate302.zip i st=1&forum_id=108277
This script will allow you to create all-inclusive, fully-automated update cds for the English and German versions of Windows 2000, Windows XP, and Windows 2003. The script will create a CD
Here is an short and sweet write-up on this - http://www.heise-security.co.uk/articles/80682/3
Here is where you download the file (.zip) - http://www.heise.de/ct/ftp/projekte/offlineupdate
Here is Heise Security's Forum on the script - http://www.heise-security.co.uk/forums/go.shtml?l
$diff terrorists hippies
$
$rm -rf *terrorists *hippies