Slashdot Mirror
Ask Slashdot: Preparing For Windows XP EOL?
An anonymous reader writes "As most of us working in IT may know, Microsoft will stop supporting Windows XP on April 8th, 2014. Although this fact has been known for quite some time, XP is still relatively popular in companies and also enjoys noticeable marketshare for home users. Even ATMs are running XP and will continue to do so for some time. A lot of companies/users don't want to change because they see no additional benefit to do a costly upgrade, no reason to change a running system, and they may in some cases be right with their assumptions. So what is the best way to secure this remaining Windows XP systems? Installing the latest security patches, checking firewall status and user permissions etc. should be fairly obvious, as Microsoft Security Essentials may also not receive updates anymore, changing antivirus programs seems a sensible thing to do."
stupid AC. I'll tell you why: some people have expensive hardware that only works with xp and its NOT practical to rebuy working hardware just to run a more modern os. the os only exists to run apps and if the value of the apps and hardware are high enough, you will stay with the older os.
of course, AC's think that only linux matters. they can't see that in the real world, you need TOOLS to do your job and if those tools are only running on an older os, you keep that older os!
this should not have to be explained. maybe I got trolled, but figured if he was serious, I'll at least explain WHY you need to continue to run older systems.
--
"It is now safe to switch off your computer."
Use Firefox. Keep the biggest attack vectors up to date (Adobe stuff in particular). Get rid of Java entirely unless you desperately need it; in that case, keep it up to date religiously. Use Adblock Plus (or equivalent) to block ads which sometimes carry malicious code. Don't do stupid things online. Don't run executables unless you absolutely know they're safe. Don't install pirated software since pirated software sometimes comes with lovely surprise infections. Use a limited user account for your daily activities and an administrator account only for maintenance tasks or to run software that won't work under the limited account. Always use a NAT router between the computer and the Internet, and don't run any open wireless network with that PC attached.
It's largely just a matter of (A) don't do obviously dumb things and (B) don't run everything as an administrator in the first place. Remember that antivirus and security software is a final line of defense; everything else is basically a problem with the user's behavior or knowledge, and if you are careful and follow good security practices in the first place, you aren't at any significantly greater risk than you are now.
One more thing: if someone really wants to break in, they will. XP or 7 or 8 or 8.1 and all the updates in the world won't matter in such a case, so my final piece of advice: don't piss anyone off that might want to come after you.
For many of my clients that run milling machines that still run XP, I am just making sure that they are not connected any longer. In that scenario, continuing XP is sensible and cost effective, with little to no risk. I'm sure most of the IT world is going to see the flare up of exploits that people have been hanging on to waiting for MS to no longer be willing to patch. Anyone of my other clients - law firms, non profits etc. - I am forcing the upgrade. No need to be so tied to such a clunky and difficult to recover OS anymore. Embrace the already 4 year old future, get on the update bandwagon and move on. None of my clients are seeing this as the end of the world like the media and others are describing it.
Really. One of my customers has a Win98 box, because it controls a $50,000 device. Another one runs NT Server, because porting 100,000+ part numbers to a new database isn't worth the upgrade.
People forget these contraptions we are typing on are simply tools, especially to businesses that focus on their own products, not what OS is on their computer.
If you think I voted for Trump because of this post, you're wrong. I voted for Dr. Jill Stein of the Green Party. Again.
Depends on the device and the support you get for the device. Just think about it: Microsoft never did give any real "support" to you, most of the time they told you to go to your manufacturer for that. If the manufacturer of the $50,000 device still gives you support in the sense that he will fix any problems that occur with the device, including replacing the hardware that still runs Win98, that is more support that you have ever gotten and will ever get from Microsoft.
At my company we have dozens of $500K+ machines that are controlled by NT 4.0 boxes, and dozens of somewhat newere $2M machines contolled by XP boxes.
The vendor has no incentive to upgrade their software to work with a new OS, they'd rather we spend several hundred million on new equipment. And the software that controls the machines is closed and proprietary to the vendor.
We'll still be using NT and XP in 2020.
Where I work a good number of the surface mount assembly lines are run by windows 2000 and XP.
The screen printers still run DOS. Many of the electrical testers and chip programmer rigs need XP or lower as well.
As most of these setups require custom PCI IO cards, visualization isn't an option either.
(Though I am happy to have found an ISA to USB adapter that works well under visualization)
When "a pc upgrade" involves replacing a quarter million dollars in hardware and finding the time to eat the cost of downtime over three running shifts, even I couldn't justify the cost of doing so just to get a newer OS (that will still be windows and still go EOL at some future point!)
My solution is to segment older OSes on the network. They can reach the SQL server and occasionally the file server as needed.
NO email, NO internet, NO intranet, no random transfers between there and other networks.
Everyone has Win7 desktops for office, outlook, and firefox. There is no need to even treat the XP systems as computers anymore. They are now appliances.
With the SMT line PCs not even showing a desktop or letting the operators exit the controller GUI, and the test hardware being locked to a list of approved executables (More for QA actually), the likelyhood of an infection requiring a reinstall is next to nill.
That leaves hardware failures. I have full drive images to restore once the HDs fail. On a more serious failure, the entire rig is considered failed. Either time to pony up the $25k for a new system, or we do without.
As long as you get your desktops upgraded, there is a lot less you need to use XP for, and most attack vectors can actually be completely blocked without effecting any work flow what so ever.
I see this response a lot, and I completely understand it. Business needs what it needs, and so if it doesn't see a need to update, it won't. Got it. Perfectly. Crystal Clear.
But an honest question: What happens to that 100k database (maybe 200k in the future?) 5,10,20 years from now, when the computer it runs on breaks and you can't get replacement parts for that old motherboard. When Windows 98 does not have drivers for the hardware being made. When the database grows so large that the HDD in your Windows 98 box can't even handle it. When Windows 98 can't keep up with the network speeds and standards of the future that are required to stay competitive. When the install medium itself gets scratched too many types and stops reading.
I don't feel like I've EVER seen any contingency plan for this. The excuse is always "You're out of touch, business needs to run older systems". Again, I agree and understand. But at some point, maybe not soon, but at some point it WILL stop working, or at the very least, it's age hampers the budget more than helps.
Is there a plan to at least move to VMs to try to preserve the software a little more? (Maybe you are already using the VMs). Are there good backups for the VMs? Can the VMs access the USB ports and what not for your devices? How many of your devices use old ports that don't even come on any computer sold in the past 10 years?
While I understand the reasons for not upgrading immediately (or not even quickly), 15-20 years seems excessive, and I start to think this is a failure of business leaders more so than a misunderstanding of technical people.
I kind of wonder whether activation is going to work after April 8. No one has brought this up in years. Microsoft's servers have to still answer to requests from XP machines; if they don't, the software is unusable. Really, they should activate any request with any key since it's unsupported and it would take more effort on their part to continue maintaining the database.
Gamingmuseum.com: Give your 3D accelerator a rest.
And there is nothing wrong with using XP for that machine for the next 20 years...
So long as it isn't online, isn't used for anything else, etc...
It doesn't even have to know what decade it is in, just run the transmission dynaometer and that's it...
Your only real issue is that at some point, spare parts for the computer itself may become hard to get, I personally would invest in 1 or 2 spare computers, clone the current one, set them in storage, and have them for backups. It shouldn't cost much, a few hundred dollars, and you'll have backups to the one part that is least likely to get support.
The UCLA Medical System, a gigantic organization, required all hospitals, providers, etc. to standardize on a single, integrated medical record-keeping system. Medical history, diagnoses, prescriptions, appointments — the works. This was within the last 12 months.
It runs on XP.
Happy privacy!