SoylentNews is people
SoylentNews
There is a relatively old—though still fundamentally true—adage about Windows: Microsoft's biggest competition is Microsoft, as a specific subset of users (and businesses) only upgrade to the latest version of Windows kicking and screaming. According to SpiceWorks' Future of Network and Endpoint Security report, published Tuesday, 32% of organizations still have at least one Windows XP device connected to their network, despite extended support for XP ending in 2014. (Notably, the last variant of XP, Windows POSReady 2009, reached end of life in April 2019.)
With the looming end of free support for Windows 7, this reticence of users and enterprises to upgrade to newer versions of Windows is likely to create significant security issues. Presently, 79% of organizations still have at least one Windows 7 system on their network, according to SpiceWorks, which also found that two thirds of businesses plan to migrate all of their machines off Windows 7 prior to the end of support on January 14, 2020, while a quarter will only migrate after that deadline.
(Score: 2) by jmorris on Wednesday July 31 2019, @01:56AM (4 children)
We had a vendor pitch us an embedded system that was still running XP. Yes, in 2019. They aren't fly by night so I guess Microsoft either still sells licenses or you can resell a machine that exercised downgrade rights included in Pro and Corporate licenses. Even downgraded to a version that has been out of support for five effing years. I was gobsmacked.
The lesson to take is everybody talks about security, but the reality is almost nobody actually gives a damn until they get hacked. Which is the secret to Microsoft's continued existence.
(Score: 3, Interesting) by RS3 on Wednesday July 31 2019, @02:11PM (2 children)
Not sure where you got your info on the "out of support for five effing years." XP / POS / Embedded has been supported all along. MS recently have tapered off support, but 2 critical updates came through in the past 3 months.
And in an embedded system that's online, what specific service do you envision is running and vulnerable? SMB/CIFS? You've got a firewall, right? You're not opening ports 137-139, 445, etc., to incoming traffic, right? Worried about internal malware? That'll clobber any Windows.
How about this: instead of "old ancient" and "new modern", we call the OSes "well refined and debugged", and "tons of bugs yet to be found and fixed".
(Score: 0) by Anonymous Coward on Wednesday July 31 2019, @05:09PM
Internal malware can be mostly taken care of with a proper whitelisting based execution policy --- easier in Windows 7 an up because it's built-in (but rarely used and never spoken of by "security experts" for who knows what reason), but there are plenty 3rd party programs to add such functionality to XP. Hell, simply blacklisting %temp% goes a long way to kill almost anything fishy cold.
(Score: 2) by jmorris on Wednesday July 31 2019, @07:01PM
Had we bought, we would be installing the stuff about now. And embedded is a fuzzy thing. These machines would be in a kiosk and boot to a single application, but they would also be exposing a GUI to the general public and accessing Cloud based resources. So what would I do, put them in our DMZ zone where they would be easier for an outsider to hack into but couldn't harm the internal network as easy, or bury them inside the internal net which makes them a harder target, but with all the Cloud activity not invulnerable, but if taken gives an attacker a paved road into our internal net? Or build a third hardened internal net for them?
With the exception of a Windows based accounting system, which is impossible to avoid since the only vendors with access to the government systems required to do payroll reporting is Win/Mac only, I have avoided the Windows plague. No intention to invite it in now, especially a version that would be extinct on the ribbon cutting day. Maybe the vendor would eventually update, maybe we would be stuck on XP for another five to ten years.
(Score: 2) by toddestan on Thursday August 01 2019, @03:11AM
The place I used to work at sold embedded systems, and basically Microsoft's response when we asked about still getting XP licenses was "tough shit". Maybe for larger companies, Microsoft might have changed their tune, but we were way too small for them to care about. We of course moved to Windows 7, but some of the older stuff we had stopped selling some time ago but still supported was never going to move to something newer. They stockpiled a bunch of XP machines for repairs, and smartly would take back working XP machines as trade-ins from customers who would upgrade their equipment and stockpile those too, which gave them even more spare XP machines they could sell as "refurbished".
I'd be a bit curious too about what hardware that system was running too. One of the other issues we ran into was the lack of drivers for newer hardware. For example the last of the new XP machines had an nVidia graphics card - not because it needed one, but because the built-in Intel graphics didn't have an XP driver. And in 2019, there's a fair amount of hardware that doesn't even have a Windows 7 driver, ditto for XP. It wouldn't surprise me if those machines were running some hardware from 5-6+ years ago in addition to Windows XP.