Slashdot Mirror
London Metropolitan Police's 18,000 Windows XP PCs Is a Disaster Waiting To Happen (mspoweruser.com)
According to MSPoweruser, the London Metropolitan Police are still using around 18,000 PCs powered by Windows XP, an operating system Microsoft stopped supporting in 2014. What's more is that the police force is upgrading its PCs from Windows XP to Windows 8.1, instead of Windows 10. Only 8 PCs at the police force are reportedly powered by the "most secure version of Windows right now." From the report: From the looks of things, the London Metropolitan Police will continue to upgrade their systems to Windows 8.1 at the moment. Windows 8.1 is still being supported by Microsoft, although the mainstream support for the OS is set to end on the 9 January 2018. Microsoft will offer extended support for the OS until 2023, which means Windows 8.1 is still a much more secure alternative for the Metropolitan Police than Windows XP. Windows 10 still would have been the best option in terms of security, however. Microsoft is releasing security updates for the OS every month, and the new advanced security features like Windows Defender Advanced Threat Protection makes PCs running Windows a whole lot more secure. The spokesman of the 0Conservative London Assembly said in a statement: "The Met is working towards upgrading its software, but in its current state it's like a fish swimming in a pool of sharks. It is vital the Met is given the resources to step up its upgrade timeline before we see another cyber-attack with nationwide security implications."
Private companies upgrade regularly, realizing it improves security/productivity. Government agencies never upgrade, then bitch that their anti-terrorism agencies are using 10 year old HW/SW cuz they can't afford to upgrade.
// Got memory upgrades in between desktop upgrades
/// Not so much nowdays, we seem to have hit "good enough": I'm not complaining, my work PC is plenty fast for what I do.
It's called managing your resources. Or maybe "scare the government into giving us more money than we need cuz look how outdated we are". Either way, the folks in charge need to be fired and the entire culture changed.
/ I used to get a new desktop every 3 years, whether I needed one or not
... after a registry hack to tell it it's an ATM (or other embedded).
To apply the hack, create a text file with a .reg extension and the contents below:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\WPA\PosReady]
"Installed"=dword:00000001
It little behooves the best of us to comment on the rest of us.
How does the current support level of the XP-based POSReady version (the Windows version for bespoke embedded device use), which is still receiving patches until 2019, compare with the support level of Windows 8.1?
I'm sorry but if you are serious about security and long-term stability (decades) then Windows isn't the way. Sure, no OS is perfect but that doesn't means you should choose to drink raw sewage because filtered water isn't really pure water. Honestly, they should be using some minimal version of FreeBSD with an minimalistic or possibly text interface. Progress is good but only if you are heading in the right direction.
Anons need not reply. Questions end with a question mark.
Welcome to Public Spending, you see things like this everywhere. No money to fund Gov agencies. Makes one wonder if it is due to graft or incompetence or something else.
I blame the public, the vast majority will talk about a celebrity's sex life or a bunch of millionaires running around on a playing field like the world depends upon it. But knowing or really caring about what an elected official does, no one cares. So we end up with a majority of officials who only cares about themselves and how much they can skim for themselves or family/friends.
Running a VM doesn't take all that much in terms of processor power, but it requires a lot of memory (RAM), usually around 4GB or more. The problem is that 4GB is right at the limit of what XP can use. You want to have at least 8GB of RAM to run smoothly, but that means you have to upgrade to Win7-64 at the very least.
And even if you're running a VM, the machine can still be infected, and act like a vector to spread the virus through the network. So you have to have a firewall and virus scanner, just like a hardware machine.
And since we're dealing with previously unknown zero-days, neither of those are of much use. Indeed, they may be worse than useless, as we're starting to find out.
[End Of Line]
Forms of XP are still being sent out on brand new systems and will be for years. These devices tend to be the all in one industrial computers or the ones that integrate with car systems like the ones used in police cars. Because no one is making a secure browsers for XP anymore (developers repeat the lie "it isn't supported by MS anymore"), their users may be leaking data about you.
Free support for home XP users stopped but to many, it is still a current product. While it would be great to have it disappear, I expect its use will far outlive Windows 10 simply because of the old hardware the can't run anything newer that is often attached to even more expensive hardware in a way the prevents upgrades.
...but "18,000 PCs is?" We have this word, "are," for when you have more than one thing. You should look into that.
I can understand if they only wanted to upgrade to Windows 7 (the best OS ever made by Microsoft) but why windows 8.1 - that's such a lemon.. Windows 10 is also a lemon... what a joke!
Its called Windows Powered Off Edition. :P
, said the UK government for everything. That's why they won't use Linux. It's why any government part of the Five Eyes mostly runs archaic M$ bullshit. Compatibility versus a slight learning curve means more than security does to these people. Plus, Micro$oft makes a fortune off the contracts and licenses.
"...a Disaster Waiting To Happen"
I think that's putting it mildly. It may well be the understatement of the century.
Just cruising through this digital world at 33 1/3 rpm...
Completely Firewall off the internet ...
Completely Firewall off the internet
Completely Firewall off
Hey! Look at this neat USB drive I found!
Have gnu, will travel.
if only the govt had its own OS and source code, which it could distribute for free, and update based entirely on security not profit. and if only we didnt run our essential public agencies on privately owned source code from a profit driven company. gee, i wonder what can be done. Lets ask Karl Marx....
XP may not be getting updates, but it is not getting targeted either.
I am seeing most attacks targetting Windows 7.x - 10.x.
Back up your data, if XP is hit with malware, scrub your system and reinstall.
Windows systems newer than XP are not especially safe either.
given that:
a) police computers hold private information on thousands of individuals - convicts, suspects, victims, informants, witnesses, and more
and
b) Windows 10 is spyware that routinely uploads data that it finds on PCs to microsoft servers
It should be illegal for police computers (or those of any government department or any company holding personally identifiable information) to use Windows 10 to store, process, or interact with that data.
that Theresa May pulled about 18,000 police off the beat. It was one of the reasons her party got beat up in the last election. This is small potatoes compared to that. But either way it's pretty obvious the problem is a lack of funding...
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
Tangentially related, Windows 3.1 was supported until *after* the 9/11 attacks.
For some reason that sort of freaks me out (semi-relevant XKCD).
When a Windows Server Datacentre licence costs as much as it does, is it any wonder why governments are slow to upgrade?
Upgrading is a lot of work, regardless of OS however. Things can and do break between versions.
READY.
PRINT ""+-0
Virtualization is older than a Pentium. IN modern times QEmu has been around forever and even the Mac PPC platform had a pretty decent x86 emulator.
Custom electronics and digital signage for your business: www.evcircuits.com
AC "How the CIA infects air-gapped networks" (6/23/2017)
https://arstechnica.com/securi...
Shattered Assurance, Emotional Simian, Brutal Kangaroo, EZCheese, Lachesis.
Domestic spying is now "Benign Information Gathering"
Trust us with your key escrow, we will keep it in the safest system... we swear.....
Seriously, how on earth can they be trusted with key escrow when they cannot keep their systems safe
This is why mainframe software lives: applications that ran in 1966 still mostly work as-is. Pretty, no, but the lack of a rework bill *is* pretty.
Table-ized A.I.
"London Metropolitan Police's 18,000 Windows 10 PCs Is a Disaster In Progress "
It is infuriating that government wastes money on commercial softwre at all. It simply isn't good value for the taxpayer. For an organisation the size of the London police force, they have sufficient power to ensure that Linux or UNIX versions of any important bespoke software get deployed. UNIX and derivatives are definitely a more cost effective option, and have a smaller attack surface than Microsoft's expensive offering. There is also the advantage that UNIX admins are usually much more competent than the 'click until it works' admins who seem to be prevalent in the windows world, and in my experience, you only need half the number for the same size of organisational unit.
All it would take is a providing a few fixes for an OS they heralded as the best less than a decade ago.
Time is what keeps everything from happening all at once.
And this great new mouse!!!
http://hackaday.com/2010/09/30...
The solution is perhaps rather expensive, but obvious: do not allow any operating system to have more than, e.g. 33% share in any essential sector of society. So that if any OS is overwhelmed by an attack, 66% of the capacity remains unaffected.
Paai
Microsoft Windows XP "end of life": Conflict of interest.
I regularly run a Fedora VM on an ASUS T100 with 2GB RAM while continuing to use Firefox, Thunderbird, and Libre Office on the Win 10 host. Your claim is bullshit.
Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
It turns out that the last Labour Government did have a licensing deal with Microsoft that would allow them to have a migration plan to newer versions of Microsoft Software. In 2010, the Conservatives cancelled the deal and returned licensing responsibility to local NHS trusts. This added to local IT Budgets which made it harder for them to provide support and this is where we are today! Source: Private Eye, No 1444.
You can make arguments for keeping old outdated operating systems and software around. But the end reason is lack of funds to put forth a real upgrade plan. Nobody seems to have a plan to move past a certain point. It like they are locked in the past, unable to invest in the future. If the London police only upgrade to Win 8.1 it means buying only a couple years until another crisis in expired support happens. Unfortunately the advances in operating systems seems to present problems as well as solutions to those who operate them in government and business.
The problem is that 4GB is right at the limit of what XP can use.
I'm pretty sure XP had a 64bit version which could address more than 4GB
Build a Man a Fire, and He'll Be Warm for a Day. Set a Man on Fire, and He'll Be Warm for the Rest of His Life.
It's generally referred to as "Windows Embedded Standard 2009".
WES2009 still has full support from Microsoft. They've even got a version you can install on a desktop computer called WES2009 POSReady. It's kinda designed for point of sale terminals, but it's as close to Windows XP SP4 as you're ever gonna get. It still receives security updates regularly.
WES2009 (the actual version built on Windows XP Embedded) is a highly componentized version of XP. Microsoft abandoned this workflow for building embedded images with Windows 7 Embedded, which kinda forces you to use a fairly full fledged OS even if you don't want to. Lots of people stick to WES2009/XP Embedded because of this, it's a reasonable 32-bit platform that you can strip down to sub-64MB if you really want to.
When Linux first started to produce viable desktop products, the argument was the same as for Macs: we need to run just one O/S, and many of our users need Windows applications, so that's that, we all have to run Windows.
But then IT themselves pushed every major software project towards web solutions, because they didn't want to install any .EXE files at all - they never really got over their beloved mainframe environment, you see; they wanted all the PCs to go back to being dumb terminals and leave them in control. Cheaper and much, much easier on their nerves.
But we STILL had to buy Windows, because all the Web applications ran on IE. When we asked one vendor in 2004 if their program ran OK on Firefox and so forth as well, they blinked in surprise and said it had never occurred to them to test.
Then around 2010, more and more web applications would NOT run on IE, and best on Chrome, and they reluctantly allowed that install.
But a Linux conversion will STILL never happen, even though there is now no sane excuse at all. Because all of these changes had one central source: IT always does the easiest thing.
1) Always stay with existing solutions unless there's a gun to your head
2) Always buy a new solution from the largest, most monopolistic company you can find: IBM over Amdahl, Microsoft over Apple, Google over anybody.
3) Never do anything that a herd has not done first.
You could sell a government IT office on a solution that GM and Boeing and Prudential had tried first, I suppose. But don't look to government for IT pioneering.
POSReady: 2019-04-09
Windows 7: 2020-01-14
8.1 Pro: 2023-01-10
That's Security patches only. Hardware support for XP was dropped quite a while ago, and application support is falling off rapidly. Even with Windows 7 hardware support is dropping off.
Hardware support is a bigger issue from a practical point of view. If hardware (via PCI interface, etc) requires XP, the rest of the system must be able to run XP. If it is just an application that only needs (firewalled) network support, or USB support, or Serial support, it can be run in a VM on a modern hardware.
Nope, the disaster has already occurred. ;-|
It did. Actually the 32-bit version supported up to 64 GB of RAM; the 4 GB limit is a licensing restriction. (The limit of 4 GB of address space per process is however technical and does require 64-bit to increase.)
Of course this all seems a bit backwards, because the idea was to run XP in a VM, not run VMs on XP. The high memory requirements for VMs are on the host, not on the guests.
And there is no uniformity. Our network PCs range from Windows 7, Windows 8, to Windows 10. The only uniformity comes with our remote network sessions and even those are pretty rough. And don't even get me started on Windows 10 and their automatic updates screwing up our security verification system. That's government inefficiency for you, though.
Great Britain's newest, largest, ...best, wonderful... new aircraft carrier, it runs XP
While The QE is a big ship, it only carries half the aircraft of the Gerald Ford.
Even though it's not the big boy on the block, this is one big, very capable ship. A lot to be proud of. So what do they run on the computers running the ship? Windows XP? Are they out of their gourd?
http://www.popularmechanics.co...
Can't make this stuff up. I see that they claim this is only temporary. However once it's in, it's often really tough to get rid of it.
You are the one that called my comment into question and attempted to "correct" the truth with guesswork so why complain and pretend to act so wounded?
I didn't attack you just your uninformed "correction" based on gut feeling instead of any of the many news articles, many in the international press, about May's drastic cuts to the police since 2010.