Windows XP Support Deal Not Renewed By UK Government, Leaves PCs Open To Attack

girlmad writes: The government's one-year £5.5m Windows XP support deal with Microsoft has not been extended, sources have told V3, despite thousands of computers across Whitehall still running the ancient software, leaving them wide open to cyber attacks. It's still unclear when all government machines will be migrated to a newer OS.

Maybe they will move to court instead?

[Z00L00K]

Maybe the UK consider to take Microsoft to court in case something happens and sue them under product responsibility laws or something.

Re:Maybe they will move to court instead?

Maybe the UK consider to take Microsoft to court in case something happens and sue them under product responsibility laws or something.

Take them to court over what? It's not like Microsoft hasn't been perfectly open about support ending last April.

Re:Maybe they will move to court instead?

[alex67500]

It's Whitehall. They'll pass a law through Parliament to make sure they have grounds for the suit ;-)

Re:Maybe they will move to court instead?

[oodaloop]

XP is 14 years old, and they gave plenty of warning when support would end. MS is under no obligation to support anything indefinitely. Seriously, why is your first response to sue? Is personal responsibility that hard?

Re:Maybe they will move to court instead?

[Zocalo]

No need. What the summary doesn't cover (it's in the the actual article) is that that this was always the plan. The UK Cabinet Office arranged a blanket agreement for the extended support coverage that applied to all departments that needed it for a lower overall cost, making it quite clear right from the start that this contract would not be renewed, and it hasn't been. It's now up to the individual departments to decide whether or not they wish to expend some of their own budget on further extending their specific support with Microsoft on a per-department basis. If there's a story here, it's the number of PCs still running XP that are now outside support and which departments those PCs are in, but that's something the article doesn't cover.

Re:Maybe they will move to court instead?

XP is 14 years old, and they gave plenty of warning when support would end. MS is under no obligation to support anything indefinitely. Seriously, why is your first response to sue? Is personal responsibility that hard?

Because it should be the case. Those government agencies had contracts with Microsoft since 2002 where they paid 50 dollars a year extra per computer to Microsoft after Windows XP was released in exchange for a safe/free upgrade path to the next version of Windows. Microsoft's part in the contract was to provide them a new version of Windows by 2003 or free XP support till the hardware dies. But that did not happen. Instead, Microsoft screwed them over and kept releasing service packs for XP instead. They never got a free upgrade to a new OS. Why should they pay for upgrades when Microsoft broke the contract?
As much as "teh internet" hates to hear this, Microsoft should be legally forced to abide by the contacts they signed and keep supporting Windows XP till the last contracted government agency replaced their hardware even if till 2030.

Re:Maybe they will move to court instead?

XP is 14 years old, and they gave plenty of warning when support would end. MS is under no obligation to support anything indefinitely. Seriously, why is your first response to sue? Is personal responsibility that hard?

Because it should be the case. Those government agencies had contracts with Microsoft since 2002 where they paid 50 dollars a year extra per computer to Microsoft after Windows XP was released in exchange for a safe/free upgrade path to the next version of Windows. Microsoft's part in the contract was to provide them a new version of Windows by 2003 or free XP support till the hardware dies. But that did not happen. Instead, Microsoft screwed them over and kept releasing service packs for XP instead. They never got a free upgrade to a new OS. Why should they pay for upgrades when Microsoft broke the contract? As much as "teh internet" hates to hear this, Microsoft should be legally forced to abide by the contacts they signed and keep supporting Windows XP till the last contracted government agency replaced their hardware even if till 2030.

This sounds like a very strange contract clause if formulated this way -- any citations on this?

Re:Maybe they will move to court instead?

[johnw]

Microsoft hasn't been perfectly open about support ending last April.

Well, not quite open. They have consistently portrayed the situation as being one of support ending last April. The truth is, support for XP did not end last April, and was never planned to. What actually happened is that support went from being free (or at least included in the price of the product) to being a very expensive add-on.

Re:Maybe they will move to court instead?

[Xest]

Probably more worrying is the fact that much of our military are still using IE6.

Re: Maybe they will move to court instead?

[bill_mcgonigle]

Just so you know, Microsoft did a lot of shitty deals back then and screwed over a lot of people.

Why wasn't the contact enforced when Vista or 7 came out? One party is a nuclear-armed sovereign - don't tell me Microsoft refused... the courts would surely order cooperation if that were the case.

Re:Maybe they will move to court instead?

[duke_cheetah2003]

Maybe the UK consider to take Microsoft to court in case something happens and sue them under product responsibility laws or something.

Uhhh.. no one is forcing them to continue to use ancient software. They're quite welcomed and encouraged to upgrade to something newer and better. Certainly not Microsoft's problem. Microsoft and most of the rest of the world have long since moved on.

Re: Maybe they will move to court instead?

[Billly+Gates]

There is. It is called Windows 7 and by the way even that is over half a decade old!

Why is it Microsofts fault that they bought software with IE 6 specific rendering probably purchased 6 or 7 years after IE 6 came out! Poor us we are the victims yada yada.

No sympathy and someone or somebodies need to be fired. Talk about bad management.

Re:Maybe they will move to court instead?

Hardly just semantics, and you seem to have missed the point of what I said - indeed, you've made up your own quite different message.

I didn't say anything about the GP not being comprehensible, or what he said differing from Microsoft's line. In fact, he simply repeated Microsoft's line.

My point is that Microsoft have not been open about what is actually happening. Support for XP is not ending, it just costs a lot now where previously it didn't.

Re:Maybe they will move to court instead?

[Spamalope]

No viable replacement was offered until mid 2009 (Win7). New PCs with XP were deployed (certainly in business) until then. That isn't 14 years.

Re:Maybe they will move to court instead?

[Lumpy]

The Surface to Air missiles are programmed via a web interface using Active X controls written in Visual Basic 6.

Re:Maybe they will move to court instead?

A prison built especially for all the computer programmers in the world... Hey, at least no jocks will be allowed inside to bully us :) But we'll still have a large population of idiots.

Re: Maybe they will move to court instead?

[jmac_the_man]

Microsoft's part in the contract was to provide them a new version of Windows by 2003 or free XP support till the hardware dies. But that did not happen. Instead, Microsoft screwed them over and kept releasing service packs for XP instead. They never got a free upgrade to a new OS.

You're shifting goalposts here. In lieu of a new OS in 2003, MS provided XP support (including service packs, which were free) long past the service life of the 2001-era hardware we're talking about. Sounds like they complied with the second part of the contract, which I bolded above.

Re:Maybe they will move to court instead?

[Luckyo]

Retroactive legislation like this would be likely contested up to the constitutional courts and then if necessary ICJ and declared illegal.

Re:Maybe they will move to court instead?

[gbjbaanb]

or maybe they've taken the time during extended support to replace all vulnerable PCs with Win7 and unplug the rest from the internet.

Re: Maybe they will move to court instead?

[Luckyo]

That's one of the reasons that many of these contractual obligations are now litigated on EU level. A single European sovereign country is often too weak to counteract pressure from international corporation on the scale of microsoft/google/apple. See the support debacles with apple all over Europe where apple is straight up breaking the law and national courts lack the ability to impose large enough penalties for them to matter.

Sovereign power has been severely weakened on this front during last couple of decades. In part through natural evolution of economic means of rule over military and nationalistic ones, and in part through systemic infiltration and corruption of power structures of said sovereign states by interests of said economic forces.

Re: Maybe they will move to court instead?

[Immerman]

Is the hardware dead/retired? Is the support still free? If you answered no to either question, then they *aren't* honoring the deal. Unless the contract specifically said "service life" AND gave a definite maximum duration for that term, then the life of the hardware is until its owners decide to retire it. Running 15 year old hardware that still gets the job done is hardly an unusual scenario.

Re: Maybe they will move to court instead?

[Immerman]

Sorry, that should be "if you answered no to both questions"

Perhaps Microsoft was counting on Moore's Law rendering the hardware unable to "get the job done" by now rather than performance improvements pretty much stalling out for the last decade, but that's their problem. If you want to bet on unstated "gotchas" crippling a contract in your favor, you've got to also be willing to have that bet turn sour.

Re:Maybe they will move to court instead?

[BradMajors]

Many computers running Windows XP can not be upgraded to Windows 7 because Windows 7 has additional hardware requirements. I own one of these type of computers. There is no way for me to upgrade my Windows XP computer.

Re:Maybe they will move to court instead?

[VGPowerlord]

Was the year 2003 specifically mentioned or did you just pull that out of your a... hat?

Last I checked, there have been 3 new versions of Windows since 2001: Vista, 7, and 8. If you choose not to use them, that's not Microsoft breaking the contract...

Re:Maybe they will move to court instead?

[hairyfeet]

You want to know what is sad? When I'm sitting there bored at the shop I have installed Windows 7 on some pretty ancient pieces of crap I end up with on trade ins and ya know what? As long as its got a GB of RAM it'll run just fine, 10 minutes turning off any services they do not need and it'd run better than XP. I seriously doubt we are talking last PIIIs and first gen P4s in the British government, if my own local government (who had all theirs switched by cutoff, ended up with a mountain I needed to refurb) are any indication what you'd be seeing is a ton of first gen Core 2 Duos, Athlon X2s, maybe if they were really cheap (like our streets dept) some Pentium Ds.....all of which will run Windows 7, hell Windows 10 just fine.

As some here know just to see if Windows 10 was gonna be a Vista piggie or a "7 sweetie" I grabbed the absolute weakest portable I have, a 2011 AMD Bobcat netbook I use for service calls. For those that don't know what an AMD Bobcat is its a chip that was designed to compete with Intel Atom when the netbook hype was in full swing (and ironically ended up being the APU for the XB1 and PS4 with its successor Jaguar) and has performance roughly equal to a last generation Atom+Nvidia ION setup so we are talking a REALLY weak chip. How does the newest Windows 10 builds run on such a weak chip? It runs just fine,takes less time to boot than Win 7 and once I'm on the desktop its all smooth sailing.

So there really is no excuse for paying something like $15 million bucks just to extend Windows XP (which lets be honest folks it was NEVER that great an OS and wasn't even halfway decent until SP2, I would argue both Win2K and XP X64 AKA 2K3 Workstation 64 were better OSes) when I bet a good 90% of the hardware they have running would take both Windows 7 AND Windows 10 without requiring new hardware and with Windows 7 able to be upgraded to Windows 10 while keeping your programs and settings via WU? Its really a no brainer, they could run Win 7 now and once IT has checked all their mission critical stuff runs fine on Windows 10 just push out the upgrade. Hell Win 7 has XP Mode so they can't even use application compatibility as an excuse,so its sad and shameful all their citizens info is gonna be at risk just because they couldn't get off their butts even with nearly a half a decade of warning what was coming!

Re:Maybe they will move to court instead?

[Addicted+To+FM]

I installed Windows 10 build 10061 x86 on an almost 12 year old computer. Athlon 64 3200+ Gigabyte KA-K8N Pro motherboard 1 ½ GB of DDR1 RAM (333 MHz) Sapphire Radeon 9600 Pro graphics card It boots up incredibly fast and uses... about 1% - 4% CPU at idle and 18ish % RAM at idle. I'm very impressed .:D

Re:Maybe they will move to court instead?

[yuhong]

This reminds me that the reason Server 2003 got an extra year of support is that they waited until after Vista SP1 to release Server 2008, and Vista RTM had many well-known problems.

Re:Maybe they will move to court instead?

[david_thornley]

Vista was released 8 years ago, and it was crap. Windows 7 was 6 years ago, and IIRC you could get XP on new netbooks through 2011, although a quick look didn't find any verification. In other words, any 8-year-old hardware probably came with XP, and XP remained the best Microsoft OS up to 6 years ago. Six years old isn't essentially dead.

Its not like Microsoft "secure" XP anyway?

The Brits aren't dumb. They figured out that whether they throw 5.5M at MS or not, XP will run on regardless. Surely MS don't supply the anti-virus / firewall software? That must be 3rd party, and I'll bet, works out a heck less than 5.5M quid. The posting suggests that the second XP "support" vanishes, billions of malwares will converge on those computers. No. Unless MS pays someone to do it...

Re:Its not like Microsoft "secure" XP anyway?

[Luckyo]

Pretty much this. Most likely someone with a clue finally realised that as long as you have a working firewall and anti-virus that will block outside executables, your XP machine is quite safe from "omg internet viruses". Especially if like most computers in major organisation, it's also sitting behind a NAT.

Re:Its not like Microsoft "secure" XP anyway?

[Luckyo]

You appear to be talking about security holes in third party software. How is microsoft responsible for it?

Re:Its not like Microsoft "secure" XP anyway?

[pacman+on+prozac]

Problem is they also need to be very careful about any files with scripts, like office docs, PDFs, etc. Then anything that uses built in OS libraries, such as image files, SSL connections, etc.

That gets hard, anti-virus is severely limited unless it does proper heuristics which seems to be rare, there are whiteboxing technologies but they are expensive and not foolproof. At some point you need to either isolate those legacy systems from the rest of the world or upgrade them.

Re:Its not like Microsoft "secure" XP anyway?

[Luckyo]

Have you ever realised that government actually does things that aren't top secret?

As in low level bureaucracy, crunching numbers needed to generate statistics, writing largely pointless reports that are necessary for archiving in case they are needed at a later date and so on?

I see those computers all the time. They're usually workstations sitting in places like watch booths of grassroot sports fields and such. They're rarely used, very old and completely irrelevant as they contain no data interesting for anyone. They're mostly there are browsing machines and something from which people involved can write daily report email and browse web for things like work shift schedules.

These computers are highly uninteresting for those behind zero day/targeted threats, as they would cost more to take over than any potential revenue you could secure from them for such an attacker.

Re:Its not like Microsoft "secure" XP anyway?

[Luckyo]

So your argument is that poor protection on OTHER machines is the problem?

Okay. Make a thread on the subject and stop shifting goalposts to jury-rig the argument to fit your "you must update or else you get raped, no really" agenda.

good - waste of money.

Simple answer is just too remove all the pc's from the internet. Do they need it to work out taxes, etc? Of course not.

Wide open to attack?

Hyperbole much? Systems don't suddenly develop security holes the day a support agreement is ended. If it was fine the day before support ended, it's fine the day after. Of course, the moment a new issue _is_ discovered, it's game over.

Re:Wide open to attack?

[Luckyo]

XP SP2 changed so much, it was effectively a new OS by the time it came out if you want to go down that road. Especially by Apple PC OS standards.

Supported != Secure

[mangobrain]

TFA and the summary make it sound as if it is the lack of support contract which makes these systems insecure. This is complete and utter nonsense - it is the fact that they are running Windows XP which makes them insecure. It's not as if malicious hackers around the world were sitting there rubbing there hands in glee, waiting for the day the support contract expired to plunder the systems, having previously been completely and utterly thwarted in their evil plans by the exchange of funds between the UK government and Microsoft.

But at least a support contract would get them fixes for any newly discovered vulnerabilities, right? Well, maybe. No software is perfect, but the world - and Microsoft's practices - have moved on, and realistically it would take a *lot* of money for MS to spend a meaningful fraction of their resources securing an OS past the end of its useful commercial life.

Re:Supported != Secure

[DarkOx]

True, but if you had a working exploit that was no patch to fix, and you knew that your target was about to go off support and loose the ability to submit issues and expect a fast fix turnaround, would you:

A) Go for it the moment you have a working sploit grab all you can.

B) Wait a little while before you take the big risk of using it widely and trying to ex-filtrate the loot to avoid discovery. Then after the support is up and you know the response will be hampered make your move. You know either it will likely take longer for your infiltration to be stopped or the victim will have to accept some self inflicted harm like off-lining production systems until they can find a fix (Which in the case of a government might mean a drone strike, but that is another issue).

Re:Supported != Secure

[rhazz]

Is there any alternative to Microsoft for getting XP support? If another company said, hey, we'll give you equivalent support at 1/10 the cost MS asks, would that be legal or would MS sue them into oblivion? My government agency is also paying these fees for some legacy systems running on 2003.

Re:Supported != Secure

[drinkypoo]

Is there any alternative to Microsoft for getting XP support? If another company said, hey, we'll give you equivalent support at 1/10 the cost MS asks, would that be legal or would MS sue them into oblivion?

No, of course there isn't. Microsoft owns all the code, and they have never delivered all of it to any party. Further, even Microsoft doesn't really understand the code, which has bits and pieces from various legacy codebases grafted onto it, forced into it, et cetera. Some of that stuff went away in Vista, but XP is still crammed full of it.

In order to support XP without making it worse you'd have to first a) secure licensing from Microsoft to permit you to do that and b) hire much of Microsoft to get the personnel with the knowledge to maintain the internals, then c) spend a lot of time and money getting your other hires up to speed. By which time all those machines would be migrated to something else (the year of Linux on the desktop! heh heh.)

The same is true of any other Microsoft OS, to save you the trouble of asking

Re:Supported != Secure

[scsirob]

Don't kid yourself. The personnel with knowledge to maintain the internals of XP are all axed years ago. There's only a few H1B workers applying band-aids if really necessary.

Re:Supported != Secure

[fustakrakich]

I don't know why they should be allowed to keep the patents and copyrights then.

1 year may have been enough

[bazorg]

Assuming that IT pros outside of Slashdot are about as smart as IT pros posting on Slashdot, it's quite likely that those PCs have been replaced, reconfigured (remove network card and USB ports, seal the PC case?) or placed in different areas in their networks to mitigate the risks of running XP. Adding extended support at that price needs to be part of the solution, not the only thing they've done. Hopefully they've used that time for deploying and testing new security measures.

Re:1 year may have been enough

[CaptainOfSpray]

Yes, but UK gov does not have any of those "smart as on Slashdot" IT pros. The UK gov outsourced all its IT to Big-Name-and-Big-Billing suppliers, and got rid of its own IT-literate employees. Now that the BNaBB suppliers have got UK gov over a barrel, the charges they invoice are extortionate. Remember the scandal over the lost CDs containing the entire Dept of Work and Pensions database (IIRC)? That was caused by the relevant dept being unable to write a simple SQL SELECT, and the supplier wanting £5000 for 20 minutes work.

Re:1 year may have been enough

[goarilla]

Does anyone have any insights into what that extended support actually provides. How many security patches
have there been released since ? To me it sound as a very expensive extra insurrance for when the house burns down and
people above you start to look for someone to blame.

Re:1 year may have been enough

[Little_Professor]

Umm, no. The computers at my workplace (UK govt) are the same as they have been for the last seven years. USB ports were disabled at the time of installation, but they are connected to the internal network as well as the internet. Still run several legacy applications that need IE (we're still on IE7). Even worse, even new applications that have been brought in within the last year are still IE-only. With no new updates to IE on XP platforms it's an insane risk

Re:1 year may have been enough

[bazorg]

The standard rules are set out here: https://support.microsoft.com/...

A special customer like .gov.uk may have had a special contract.

Re:1 year may have been enough

[bazorg]

I forgot to add that yes, probably there is a strong element of CYA policy. My company is not as important as MS or .gov.uk and we still have "you must have the servers and workstations running supported versions" in exchange of our SLA for support.

Re:1 year may have been enough

[operagost]

I hear they switched IT providers to the "Permanent Assurance Company." AHOY!

Not true

It's well understood that Windows is so flaky it needs constant patching and the minute you stop paying, it explodes into a fireball. The only thing keeping that POS software from chomping on your important data is a constant fee paid to Microsoft to tame it.

What you need is to cloudify the lot, you don't see clouds explode into fireballs do ya! That's the power of the cloud, I learned that at MBA school.

Re:Not true

[danomac]

Clouds don't explode into fireballs, but they do drift away, leaving them back at square one.

Go Linux!

[MagickalMyst]

Linux would be a refreshing change. And updates are free!

Re:Go Linux!

[Dr_Barnowl]

Running things without support agreements brings managers out in hives, particularly an arena as risk-averse as a health service.

Something you paid for fucks up? It's the supplier's fault.

Something you didn't pay for fucks up? It's YOUR fault.

Therefore there's no real advantage, from the POV of licensing costs.

The real reason they've not migrated from WinXP has to be considered. The NHS is a mire of vast depth full of crufty software. They have so many pieces of old software it's not true. It's really diverse environment, with a high "institutional knowledge" factor where many systems just aren't adequately documented outside the heads of those who implement them.

Ironically, some of the oldest stuff is the easiest to migrate - because it's got a VT-100 terminal interface and runs on an AS/400 in a broom cupboard. You could even say that Linux would be it's natural environment, because any standard terminal will work.

But the next level...

You have :-

* 16-bit applications

I know of at least one hospital pharmacy management system still in use in the UK that's a 16-bit application. You can run it on 32-bit Windows, but not 64-bit, because it doesn't come with the 32-to-16-bit thunking layer.

* Old device drivers

There are plenty of devices with no drivers for Windows 7 and up.

* Badly written applications

Lots of programs on Windows got away with really bad habits like writing files in their own install folder for a long time. Windows 7 is somewhat stricter about this. Of course, on Linux, applications have mostly been grown up about this for some time.

And of course

* What if it breaks?

It's actually a very real risk. A lot of the software used in the NHS is of distinctly amateur quality and do things in eccentric and old-fashioned ways. I've seen software broken just because someone upgraded it's file server from NT to 2000 - it didn't play nice with some of the new optimizations on SMB (SMB optimizes single-user access to files by pre-emptively write-locking the file on the server. Which is not what you want when it's actually a multi-user data store.)

It's gone this way for as long as it has because like everything else in the NHS, the budget has been cut to the bone. There just isn't enough slack to institute change - but change is essential for improvement to occur.

It should be the poster-child for the advantages of FOSS though. Linux software tends to be more portable, and if you have the source, you've got more chance of porting it.

Re:Go Linux!

[Gavagai80]

Even if you have the source, you need a team of people who are capable of updating it. If they were running linux, they might well still be on a 2.4 kernel because of a custom made third party app that requires it that nobody could make sense of.

Re:Go Linux!

[jez9999]

It's gone this way for as long as it has because like everything else in the NHS, the budget has been cut to the bone.

How is this when NHS funding has been ring-fenced and gets increased every year? Are UKIP right about vast waste in middle management?

Re:Go Linux!

[Dr_Barnowl]

Firstly, the thing about NHS funding increasing every year is a lie, and our politicians have been told to stop lying about it repeatedly (that link is to the Telegraph which is usually considered to be a Tory paper, so extra truthiness points).

Secondly, we have a rate of about 4% inflation for healthcare costs. Even if they are increasing funding, are they doing it 4% year on year? No.

Thirdly, a lot of the money is going on the stupid PFI contracts which bleed money away from clinical services and go to debt repayment instead. They were transparently a massive con trick from the out - the NHS is the largest employer in Europe. They have a budget larger than small countries. They should be able to borrow money like a small country (ie - by issuing low interest bonds), not have to be sent cap-in-hand to a private company and directed to sign a sweetheart deal with 300% returns for the private company. The citizens of this country are justifiably proud of the NHS and would probably be more than happy to buy those bonds.

Are UKIP right about waste in middle management? Probably. But that's because the middle management are being directed by targets, which are a blunt instrument. If the middle management were tasked with enabling the clinicians to do the most healthcare possible, instead of directing them to waste their time and effort meeting their numbers, it would be a different story. But the targets are there specifically to cut budgets, because they get paid based on the results of those numbers.

Re:Go Linux!

[Dr_Barnowl]

If you have the source, you have the option of hiring a team to update it. The NHS is large enough that they can afford to hire their own. Indeed, many hospital trusts do already have their own in-house teams of developers maintaining home-grown applications.

OTOH I've seen in-use hospital systems where the source code has actually been lost and the last person who worked on it died some time ago. That should be illegal. On products I've worked on in the past, there have been source escrow agreements. These days I'd go one further and insist on escrow of a working development machine, in OVF format, complete with a full Git repository of the source code, refreshed on each release of the software. Don't mind if it's encrypted as long as the encryption key is lodged in escrow and released on the demise of the company concerned.

Support?

[RobinH]

Exactly what kind of support are they getting? Just telephone type "my cup holder broke"? Seems like internal IT could handle most of that. Or are they actually fixing Windows XP bugs for them?

Re:Support?

[oodaloop]

Just telephone type "my cup holder broke"?

Look, those things are really flimsy, and while they may have barely held the Super Big Gulp in 2001, cups today are more robust. I daren't put my Double Gulp in there anymore, as it's barely hanging on. Heck, even the X-Treme Gulp came out in 2001! Microsoft should replace all the cup holders with ones not only capable of holding the Team Gulp, but also those Gulps anticipated to come out in the next 5 years.

Re:Support?

[painandgreed]

Exactly what kind of support are they getting? Just telephone type "my cup holder broke"? Seems like internal IT could handle most of that. Or are they actually fixing Windows XP bugs for them?

They were probably getting the same thing that my company is paying and getting which is security fixes. They are still being created and sent out to customers that pay. Windows update is not working, they'd have to be installed individually or via the domain management.

Good decision

[goarilla]

Now take that 5.5 million and replace your old machines and software.

Re:Good decision

[Dr_Barnowl]

Hahahahaha.

£5.5M won't even scratch the surface.

We're talking an enterprise with around a million computers, running a vast swathe of different, obscure, an

In other news...

[RDW]

Support for the current Government reaches EOL next week and currently seems unlikely to be renewed. However, it looks like an upgrade supported by multiple vendors for five years may be in place shortly after:
http://www.telegraph.co.uk/new...

Think of the monies!

[sys64764]

Good tactic from the MS marketing guys to drop this in the news and get them to sign faster without negotiating too much!

Windows 10

[ChunderDownunder]

At this late point in the game, no government department is going to waste time and money on migrating to Windows 7 - a 5 1/2 year old OS that hasn't received a service pack in 4 years, whose "mainstream support" already ended in January.

With that in mind, you better hope your IT department has at least been following the Windows 10 beta program, in terms of testing on a few machines. It'll be released by October in time for the Christmas gift period - leaving a slim window of opportunity to be deployed at your office by the end of March (the end of your fiscal year).

tl;dr - you're up shit creek... :(

Re:Point Of Sale

[Himmy32]

That'd be a quick way for them to get a lawsuit judgement worth far more than the support contract.

risk is low

[SkunkPussy]

If these computers are within a secured network and particularly if they don't have access to the internet, then there isn't any great risk in continuing to use these XP machines.

Re:risk is low

[WoodburyMan]

..Until the day one person brings in a infected USB drive. I've seen my share of viruses on XP that copy themselves via Autorun.inf files. Microsoft disabled it via a patch at some point post SP3, but most systems I ran across never had it.

Re:Seriously?

[drinkypoo]

Calling an operating system that persists on a significant percentage of computers to this day 'ancient' is ridiculous, I don't think it even qualifies for the term 'legacy' yet.

There have been no less than three windows releases since, and a fourth is about to drop, it's safe to say that XP is 'legacy'. In Windows land, I like to use driver availability as my gauge. If you go into a store you're going to find that only a small subset of the available printers and scanners (and PSCs) even have XP drivers any more. Lots of new PC games now require Vista or later.

In internet years, XP's release was in ancient times. We still use many ancient inventions.

Re:Seriously?

[Gavagai80]

Do you know anyone running Mac OS X 10.1, or Red Hat 6 with the 2.4.0 kernel? How about Solaris 8? Nope, they're ancient -- and the same age as XP.

Ever heard of LInux?

They could retrofit all of these XP machines with Linux and open source software that would meet 99% of their needs, at a cost of some re-training, and development / porting of custom software. Naturally, MS would fight this tooth-and-nail. Who said that bribery won't get you anywhere?

Re:Seriously?

[StrangeBrew]

In my world, a sun dial is ancient, clocks are old. A litter is ancient, a Model-T is legacy, a 88 Honda Civic is old. When using ancient to describe objections, to me it means no longer in use and no longer relevant. Legacy means, it still is functional and has use, but is far from current and is costly to keep running or maintain. Old means just that... not new. In the world of many younger people it's 'Oh crap, they released a new iPhone, the one in my hand is now ancient.'.

Re:Seriously?

[WoodburyMan]

It's Legacy. For me, it turned legacy as soon as .Net 4.5 wasn't supported. Our in house software started using 4.5 features and will no longer run on XP. The literally two systems with XP we have left, for Legacy reasons to run specialized manufacturing software made for Windows 95, have to remote into a terminal server to run our in house software.

Re:Seriously?

[ledow]

If he was twelve, XP was released before he was born.

In IT terms "before you were born" is old. Very old. Ancient. Dead. Buried. Gone.

I touched my last XP install two years ago when I migrated a school using it from XP to 8 (and all their servers a similar jump).

The prime argument? It was a school, and the OS they were using to teach ICT to the kids was OLDER than the kids. All of them. And, as such, they did not know how to operate it because they were all used to Vista, 7 and 8 at home. We were teaching them BACKWARDS skills to do things on OLDER software than the ICT skills they already had when they entered the school.

What percentage it's on is neither here nor there. Still WinZIP is on millions of computers. But it's old. And versions of WinZIP from the XP era are ancient. I bet I could find a ton of computers with Quicktime and Realplayer on them still. They're old. They're ancient.

And, like XP, they are obsolete.

Nope.

[rs79]

All XP gets regular updates. They have to or the net would break.

Re:Seriously?

[painandgreed]

Do you know anyone running Mac OS X 10.1,...

Mac OS 10.1? No. Especially since it was just a free bug fix for 10.0. and improved upon by later dot updates. I've still seen 10.4 in the wild and have my own 10.6 computer for older hardware or Rosetta support. Go out to some still running F5 firewalls, and people would probably be scarred as to what version of Linux is being run.

Re: In many situations, Windows XP is secure.

[xaxa]

The hardware cost is irrelevant. It's the cost and time to thoroughly test / migrate / rewrite lots of bespoke software, made to the lowest quality by some company like Accenture on a contract, for which the source code probably wasn't supplied and all the original developers have left. And if the system fails the Daily Mail will write about it. And the tories slashed the budget, so all that's left can just about cover the new thing the new regulation requires.

Limited user privilege escalation? Tell me how.

[Futurepower(R)]

"You have to consider local, internal attacks..."

If you know of an attack that works against a Windows XP limited user, please mention it. It is likely it could be fixed without Microsoft's support.

"XP is dead. It's lifespan is over."

Software doesn't die. Are you saying that, after literally thousands of bug fixes, Microsoft had still not fixed all the vulnerabilities in Windows XP? That's certainly possible; Microsoft makes more money if there are vulnerabilities, since people pay full price for the next version of the operating sytstem.

"we had major difficulty getting drivers for things as simple as SATA controllers for it"

SATA add-on cards.

"If you have ANY significant number of XP machines, it's time to pay the pittance that an entirely new machine would cost"

That's not the problem. The real cost is in all the configuration and teaching people to use new computers. There are programs, lots of them, that don't run on Windows 7.

"And Windows 10 is expected to be free..."

I'm guessing that Windows 10 will be "free" because it will force a lock-in to Microsoft's methods.

"If you have a "network", especially a business one, of any description, you are negligent in sticking on XP now."

What is particularly vulnerable about XP on a network? We use a software firewall on each computer, Windows 7 or XP, and everyone operates as a limited user.

"You can't secure XP. ... there's no real thing as a limited user in XP because it's basically a cinch to demonstrate privilege escalation using any number of pieces of bog-standard software on XP..."

Look at this video of a "privilege escalation": Windows XP local privilege escalation. It's total nonsense. One of the comments: "When you try this without administrator rights you get an error: Access is denied."

Re:Seriously?

[StrangeBrew]

So you try to discredit my scale by substituting in an arbitrary scale of your own? You are also trying to imply that old = ancient, suggesting that you have a penchant for hyperbole. As I stated, XP is still very much alive and kicking, with phase out being forced by Microsoft through a cutoff of support more than it becoming obsolete in the business world. Contrast that with DOS, Windows 3.1, NT and 95. Those I would say are potentially ancient, and only persist to run legacy software with no modern alternative (common in laboratories with older gas chromatographs for example).

Re:Seriously?

[imac.usr]

I work at a company whose IVR system is still dependent on a pair of Solaris 8 systems. :(

Anyone running XP at this point...

[Methadras]

deserves the attacks they get. I do not see a reason why anyone should be running XP anymore.

Go to Munich

[vandamme]

....and learn from their mistakes. It now takes me 20 minutes to load Linux Mint on an ex-XP machine, then back to work.