After last month’s Worldwide Partner Conference in Houston, Microsoft partners have fanned out across the globe armed with warnings of security vulnerabilities once Windows XP and Office 2003 reach end if support in April 2014, as well as incentives to encourage customers to upgrade their hardware and software.
However, is Microsoft playing Chicken Little with its Get 2 Modern campaign? Will the sky really fall in April 2014? The threat has been torqued argues Shawn Allaway, CEO of Converter Technology, a solution provider specializing in enterprise migrations based in Nashua, NH.
In a recent column, Allaway draws lessons from the Y2K drama, when fear of a global computer meltdown when the clock struck January 1, 2000 led to a massive technology investment, and the calendar flipped over not with a bang, but with a whimper.
“What can we take away from Y2K? If you are a systems integrator, software or hardware vendor then you learned there’s a great deal of money to be made by hyping fear and uncertainty, and offering the ultimate panacea to enterprises seeking protection – new hardware, software and migration services that promise to avoid the risks associated with unsupported critical systems,” wrote Allaway. “If you are the enterprise, you may have learned that to avoid scrambling the jets to fly off and execute a major company-wide upgrade you must first fully understand the business impact of such capital expenditures, disruptions to employee productivity, and your own individual risk tolerance.”
Related Articles on CDN
Allaway isn’t arguing upgrading to a supported OS is unnecessary – just that it may not be an imperative for every company, and each individual firm should evaluate its own infrastructure and risk tolerance before making a decision to upgrade from a platform and application that has served, and is still serving, it well. And above all, don’t rush in without that thorough evaluation.
“While vendor unsupported software is not an optimal state, does it really warrant superseding other internal initiatives or, potentially even worse, rushing through an upgrade by sacrificing proper planning, testing and execution just to be on a latter version?” asks Allaway.
While Allaway is right that businesses should evaluate their own unique needs carefully, this isn’t a Chicken Little scenario. The security risks of running an unsupported and un-patched operating system should not be overlooked – hackers will be quick to identify and exploit any un-patched vulnerabilities.
While the security risk is there though, the conversation Microsoft partners needs to have with their clients is around their own unique business needs. It shouldn’t (just) be about security, but about how a modern OS and a modern Office can improve employee productivity. And with many organizations having delayed refreshing their hardware for years, moving to new software at the same time can make sense. And those are the arguments Microsoft is arming its partners with.
Hello, the comparison with Y2K is truly bad!! I had worked on a number of main frame application development groups. The Y2K problem was there in spades. When the applications were developed back in the 70’s, no one expected to still be in use 30 years later. The thing that saved the project on which I had worked, and many others of that era was detailed and careful documentation in text format. This meant that we could scan the documentation for all date fields, and simply make the changes needed to accommodate a large (4 digit rather than 2 digit) date field. This was typical of a great number of old applications running with Y2K bugs which were changed in plenty of time. In fact, the biggest problems were with applications that were coded late in the last century when management saw documentation as an expensive overhead!!
As far as XP is concerned, proper security measures will be fine to avoid a problem. The reality is that most hackers will loose interest rapidly in an OS which is not widely used. To this day, there are a fair number of production applications in use which use Windows 95 and OS/2. There has not been a security breach for years, because these systems are on LANs behind strict firewalls and have suspicious sites blocked. The same is true for many production XP systems. Putting in updates in a business production environment is hard work. Most of the companies I work with will do it one or perhaps twice a year – yet they have not had any serious problems for years.
The businesses which have problems are those with exposed LANs and the extensive use of wireless. These are usually smaller companies which have a tendency to upgrade faster and have turned on automatic updates. Most of these companies are no longer on XP, but they provide a good source of steady revenue to independent contractors who are needed to rebuild systems and even servers because of lax security procedures, heavy use of wireless, poor passwords (the company name seems to be a favourite password of late) and too much reliance on vendor updates.
So, XP problem, no way. It is solid, works well, (in fact, since I support customers I have a large variety of OS, right back to DOS 3 – used in embedded systems, to OS/2, Linix, Unix and Windows up to Win 8 – but my production system is XP and will remain so for a very long time. On the other hand, my security, mostly external, will be regularly upgraded. Lastly there is wireless on my production system, and I have a fully disconnected (Wireless, LAN and Modem hardware removed) XP system for data which must remain secure, with full encryption at the hardware level of the hard drive.
I also have a completely separate system for surfing and testing applications. This has been hit a few time over the years, but who cares. I have imaged the hard drive, and reload the BIOS and system images on a regular basis, and its off to the races again.
Thanks
Alex