Friday, August 16, 2013

The Windows XP Dilemma - Part 1

I apologize for not having posted anything of significance in quite a while.  My life has been a roller coaster lately and I haven't had time to focus on writing as much as I used to.  But here goes...

Rod Trent got my attention today when he posted a link to a humorous article about "Top 10 Reasons to Keep Windows XP", over on Windows IT Pro Magazine's web site.  It is pretty funny, and I encourage you to take a break from any serious crap going on around you and read it.  However, I have more to say on this subject, so I also encourage you to continue reading below.  Keep in mind that I'm walking a fine line between end-user and IT professional, as it pertains to my wording.  I may put some of the IT pros to sleep here, but don't worry, I'm going to pour more sauce into it to keep things alive.  Read on....



That said (or written), I had some other thoughts on this Windows XP issue.  Some of which may have been mentioned by others before me, but I will layer my thoughts with my own sauce to make it more tasty.

Why are ANY companies still on Windows XP?  Never mind that there are still more of them are still using (and relying upon) Windows XP than you, or I (or Microsoft) would want to believe.  From my own personal standpoint: If I couldn't afford to purchase a new version of Windows, I would replace it with some flavor of Linux.  Drastic?  Sure.  A bit hyped?  Maybe.  But let me slather some Dave sauce on it here a bit...

I'm sure you've heard enough about how Windows Vista, Windows 7, and Windows 8, all provide better security, reliability, performance and more exciting features, than Windows XP.  I'm sure you've seen the "deals" offered at every retail shop from BestBuy to whomever.  I'm sure you've seen the ads on every web site, from Acer, Asus, Dell, HP, Lenovo, Samsung, and every manufacturer ever imagined.

But, think about this for a moment, as you read this from your Windows XP computer sitting at home, in the office, or some fast food place, or coffee shop:

A Real World Test

In 2007, when I had the luxury of a "testing lab" network at the place I was working at, I decided to see if my suspicions were valid about how vulnerable a "stock/generic" Windows XP Professional installation would be if it were connected "directly" to the Internet.  No firewalls of any kind.  No anti-virus or anti-malware protection of any kind.  Just regular, vanilla, reseller-agnostic version of Windows XP Professional, with Service Pack 2 "slipstreamed" into the base installation.

I repeated this test six (6) times over the course of two (2) weeks.  The same installation process was used on two different pieces of hardware: A Dell OptiPlex GX260 and a Dell OptiPlex GX270.  Those were the standard-issue platforms for all of our corporate employees at that time.  Three (3) installs on each of the two (2) machines (like I said: six tests overall).

The average time it took for someone outside to port scan, probe, identify a hole, exploit it, and install something malicious was 2.5 minutes.  Some took longer.  One was "owned" by an outsider in less than one minute. And this is on relatively slow hardware, by today's standards anyway.

Four (4) of those involved a variant of the most-popular root kit of that time.

The short end of this was that none of the installations could be reliably recovered.  All of them required a completely new re-install, in an isolated or firewalled environment, in order to provide any reasonable assurance of "security".

When Windows Vista was released, I tried the same test, but only on one piece of hardware, repeated twice (2 times).  I couldn't use more hardware, nor could I repeat the test more times, because we were in the midst of being acquired by another company.  The new owners ordered an immediate shutdown, disconnect, and dismantling of the "test lab". NO questions were to be asked.  Just "do it" and do it "now!", I was told.

(Side note: It's a little bit ironic that a week later I was chided for not being able to test a patch before it was to be pushed out in to production.  When they asked me why I hadn't tested it, I said because I no longer had a "test lab".  They asked me "Why" and I said, "Because YOU told me to get rid of it.  Would you like me to print and show you your own e-mail?".  Good times).

Longer story made short:  The tests with Windows Vista went much better, mainly as a result of having (a) a better firewall feature in place, and (b) fewer "attack surfaces" left open by default.  Windows 7  and Windows 8, respectively, have continued on in that direction of battening down the hatches for greater security, while at the same time, making better use of the current hardware capabilities.  The net result is a much better, and much SAFER experience for YOU, your family members and loved ones, your sports teammates, your alumni members, and your business.

Why Continue Using It?

So why do people remain on such an insecure, unprotected operating system?  Two reasons:  Budget (or, lack thereof), and Laziness.

But, there's more to it than just those two excuses.  If you turn off your 1998-2002 era piece of computer garbage (oops, I meant to say "computer hardware", my bad), and run down to a store to buy a new version of Windows for your old decrepit computer, will that take care of it all?

No.

Why not?

Because there's more to it than just the operating system.  There are additional concerns like drivers (programs that help your Windows operating system "see" and work properly with various other hardware gadgets inside and connected to your computer), your software programs, and so on.

(shameless plug: I'm writing another book related to this subject, but you're not required to buy it - psssssst, but doing so would help me feed my four kids, just sayin')...

Situation 1 - Applications

You've been relying upon TurboTax 1998 Edition, Doom II, and Lotus 123 for all your serious work on your old, rusted-out Windows XP machine.  You drive over to BestBuy and discover that Lotus is gone from the shelves; there's only TurboTax Premium 2014 Edition, and the mention of Doom II just makes all of the teen-aged clerks scratch their heads in confusion.  Now what?  You have to buy a  (dum-de-dum-dum-DUMMMM! music goes here) NEW COMPUTER.  Bad news for your bank account.

Situation 2 - Hardware

Those tax forms, spreadsheets, and game stats all had to be printed out on your trusty inkjet printer you bought back in 1999 or 2000.  The Cyan ink jet is dried up solid, so everything only comes out in weird tones and shades, but hey, it still works, right?  At least the gray-scale and all-black prints work okay.  You start looking at a spiffy new printer.  Man!  They sure have added some cool new features since then!  And wow, the prices aren't actually all that bad.  Then you spin the box around and look at that dreaded "System Requirements" disclaimer stuff.  Then you see it: "Windows Vista, Windows 7 or later."

If you had to stop and ask yourself: "They have newer versions of Windows than XP?" just stop right now and go to the nearest bar. I can't help you any further at this point.

If you're still reading, you're probably wondering about why there are new requirements.  It's because with newer operating systems, you get newer features, and those bring newer functions and capabilities.  Those all mean newer tools that have to be used in order for the new gadgets to talk to Windows so they each understand what the other is saying.  Trying to put a 2013 model printer on a 1998 computer setup is like sending a skaterboarder punk kid back to 1882 and dropping them into a courtroom to argue a legal case.  It's not going to work out very well for anyone.

- - - - - - - - - - - - - - -

Coming up in Part 2 - The emergence of Software Repackaging in the world of Windows upgrades and migrations.  The peripheral problems.  The licensing nightmares.  And more!
Post a Comment