London's Metropolitan Police Still Running 27,000 Windows XP Desktops

An anonymous reader writes: London's Met Police has missed its deadline for abandoning the out-of-date operating system Windows XP, as findings reveal 27,000 computers still run on the software two years after official support ended. Microsoft stopped issuing updates and patches for Windows XP in Spring 2014, meaning that any new bugs and flaws in the operating system are left open to attack. A particularly risky status for the UK capital's police force – itself running operations against hacking and other cybercrime activity. The figures were disclosed by Conservative politician Andrew Boff. The Greater London Assembly member said: 'The Met should have stopped using Windows XP in 2014 when extended support ended, and to hear that 27,000 computers are still using it is worrying.' As in similar cases across civil departments, the core problem is bespoke system development, and the costs and time associated with integrating a new OS with customized systems.

It's not as simple as "just switch over"

[ZeroPly]

As someone who is on the tail end of a 700 computer migration from WinXP to Win7, I feel their pain. A single critical program that won't run on Win7 can be a showstopper. Not to mention special hardware for which no Win7 drivers are available - all of a sudden that $120 upgrade cost for a Win7 license became $25,120 when you include the cost of a new laser engraver.

Re:It's not as simple as "just switch over"

[unixisc]

For applications that had to stay on XP, couldn't they have just run it in VirtualPC/XP mode under Windows 7, while running everything else natively?

Re:It's not as simple as "just switch over"

[BarbaraHudson]

[[and they can always leave a few isolated XP boxes up to support laser engravers and the like.]]

Not if they have software or hardware has to have a network connection for 3rd party licensing purposes. .

That's the future for Windows 10. Your network goes down, you don't just lose your "cloud", but the ability to do pretty much anything. They'll make sure they keep a local cache of the start menu ads, "for your convenience during the interruption of service."

Re:It's not as simple as "just switch over"

[thsths]

That is all very nice, but as an engineer I am always surprised how many IT problems are self inflicted.

"Every computer has to run off the same image" must be up there with the most painful guidelines ever. 90% - sure, 98% - good. But every computer? That is just not feasible, and there is always going to be the odd laser engraver, scanning oscilloscope, motion simulator, or ATM machine that still runs an obsolete OS as an embedded system. Nothing wrong with that as long as network connections are strictly limited, and no data from the public is being processed.

And while we are at it, why is anybody migrating to Windows 7, a system that is already EOLed? Surely by now migration to Windows 10 would be indicated.

Re:It's not as simple as "just switch over"

[ZeroPly]

We actually do that for our accounting software, but that opens up another can of worms. For example, the software opens up reports in Excel and needs an email client available. That means we need a copy of Office running _inside_Virtual PC. Now all of a sudden we're looking at licensing two copies of Office per machine - not chump change. Export to PDF functionality? Sorry - even though you have a full blow Acrobat DC subscription, it won't work inside your Virtual PC.

And of course, it's possible to get malware inside the Virtual PC. So now we're looking at two antivirus licenses per computer.

Re:It's not as simple as "just switch over"

[boristdog]

I still have to support NT4, XP, VxWorks, Win98 and even some networked DOS machines in our factory.

You don't go changing the OS on a piece of equipment that costs over a million bucks to replace and all the software for the equipment is written for that OS. You just keep supporting it. And when you have hundreds of machines that cost a shit-ton of money to replace but work fine with the old OS, you keep supporting it.

And you call the new employees a buncha goddamn whiners because they don't want to learn "old stuff."

Knowing old stuff makes you valuable.

Re:It's not as simple as "just switch over"

[HiThere]

From most of the reports I've encountered, MSWind10 should be avoided no matter what the circumstances. I've encountered one report that (with certain options I don't remember) they've fixed many of the GUI problems. Everyone else has been dubious, speculative, or downright abusive about things like it's privacy policy, it updating requirements, etc.

Even older systems?

[DidgetMaster]

I wonder how many systems around the world are still running Windows 95? DOS? Older versions of Linux, Unix, or Apple's operating systems?

Re:Even older systems?

[Yvan256]

I don't think an old Dremel 395 qualifies as a 3D printer.

Unless you meant "subtractive 3D printer", then yes.
 

Run them for another ten years

[iamacat]

As long as firewall is on and you run a fixed set of apps from trusted sources, you are perfectly safe. So is IE if you only visit internal sites. And for external browsing, browser security is more important than OS security. There will be forked versions of recent Firefox and Chromium builds forever.

The whole upgrade hype is largely financially motivated on part of Microsoft and consulting agencies.

Re:Run them for another ten years

[mdm-adph]

To IT Admin,

Don't worry, I've got the solution to our Win XP upgrade issue -- it's a weird forked version of Chromium I found on some website. I'm sure it's super safe.

Thanks,

Random Internet Person

Re:Run them for another ten years

[iamacat]

Say Microsoft is charing you $75 to upgrade each seat. Now ad in labor, troubleshooting, user training / support. Very optimistically real cost to just get built in functionality running to the same level will bring the total to $200/seat or 5.2 million dollars. I have no idea how much of your hardware will need to be upgraded, again with associated labor costs. Add in fees for upgrading Office and 3rd party apps that do not run well Windows 10. And cost of fixed in-house apps.

I will be happy to assist with locking down your existing workstations for a small fraction of what you think the total cost is going to be.

Re:Run them for another ten years

[BarbaraHudson]

Your scenario means the sysadmins must forever deal with exceptions, control tightly the set of applications, the trusted sources and so on.

And how is this different from what goes on every day under any scenario dealing with networked computers?

Unfortunately they don't think of cross platform.

[jellomizer]

So you are on Windows now. That is all good and fine. However the majority of your Applications should be Web Standards Based developed in a easy OS portable language. With a database system available in multiple OS.

Because time and time again, The next generation of Computer/OS breaks a lot of compatibility and moving over to a new platform is a big headache.
Vs that web application developed in PHP back in 2003 while may not be pretty will still work on Windows 10 or the Bosses new iPad. Without having to rework the entire thing.

should have.....

[phantomfive]

'The Met should have stopped using Windows XP in 2014

The Met should have begun the switch to Linux (or at least open source technologies) in 2001.

Re:Lots of citites still run windows

[__aaclcg7560]

Trying to run a government or even a moderately complex business with Linux machines would be the mother of all clusterfucks.

You're obviously not familiar with the patching process for Microsoft Windows. I give my thanks to Microsoft everyday for the job security it provides me.

Switching to Linux is much simpler

[stooo]

JUL
Linux Rocks

retail support ended

[superwiz]

I believe contract-based enterprise support is still available. My retail-licensed XP vm's still get occasional security update pushes, too.

Re:retail support ended

What you believe is true, despite the click-bait article's allusions. Proof? Here's the Premier Support Agreement that provides support through 2019.

https://www.london.gov.uk/site...

Police Laser Engraver

[wasteoid]

Why do police need laser engravers?

/sarcasm

Re:What's wrong with XP?

[superwiz]

It's main danger is in that runs services in the same session as the locally logged-in user (session 0). This will always remain a vector of attack. But other than that, it's just as easy to secure as Win 7.

Re:Simple solution

[gtall]

And remove one of the major clubs MS uses to beat its users into migrating to their latest? They'd be cutting their own throats. Also, XP would then never die, it would get reborn as "MS without MS" and represent a fork of their alleged software that they do not control.

Re:Simple solution

[avandesande]

This idea has been discussed to death... the drivers and a lot of OS code is protected with NDA from various vendors so they can't release the source code.

Re:What's wrong with XP?

[OrangeTide]

Pay-to-play, even if they pass the support effort on to a 3rd party contractor, would be nice for customers. But ultimately I think Microsoft wants everyone to buy new computers and new copies of their latest operating system. The planned obsolesce has always been about money, the security aspect is a convenient excuse to push that agenda.

As an example, SABRE (airline reservation system) has been running in one form or another since the 1970's. And even though ACP (IBM Airline Control Program, an operating system) was only officially supported for about 10 years ('68-'79), it continued to be used in production environments for decades after that.

But to be fair IBM was traditionally about selling big hardware and support contracts and not about selling software, a very different style of business compared to Microsoft.

Re: Unfortunately they don't think of cross platfo

[jellomizer]

There is a good portion of the W3C that is well supported by the major browsers and if if you follow those your app tends to function correctly in all of them.
I tend to stick to xhtml standard while the most picky, tends to render rather identically across all modern browsers.

Re:Simple solution

[MitchDev]

Doesn't matter, when a company stops supporting a product, they should lose the copyright over it and it should become public domain.

National security issue?

[Stan92057]

I think patching security holes be forced on Microsoft. Any new security hole should be a matter of national/World security and if Microsoft refused to path them, then they should be forced to open the source so it can be patched. That is IMO windows is bigger them MS.

Re:Lots of citites still run windows

[RabidReindeer]

People never seem to figure out that software isn't write-once/run-forever. Over time, software rots from the outside in. Sure, the bits are all there, but the hardware and external services that they are designed to talk to eventually change so much that having the original bits is useless.

Budgeting software as a one-time expense is like buying a Mercedes and never doing an oil change.

There is a problem with Proprietary versus Open, though. I still have the source-code disks for Red Hat 7. Not the RHEL one with systemd, the original Red Hat version 7.2, circa Y2K. If my organization was tied tightly to it, having the source code means that if a problem arises relative to the OS, I could pay someone a no-doubt exorbitant amount of money to dig into that code and do something about it. You can't do that with Windows NT. Even if you had the deep pockets that allowed you source code access to NT, Microsoft probably repealed that by now. Essentially, if you need source code changes for Windows NT, the cost wouldn't be merely exorbitant, they'd probably be ruinous. And, of course, they could simply refuse to help you at all. Because as far as I am aware, Microsoft never licensed Windows unconditionally and in perpetuity to anyone, and if certainly wouldn't have been cheap if they did.

And cheap is a lot of why you end up with thousands of dead copies of XP running on critical systems daily.