"Odds are pretty good that the corporation is still standardized on Windows 2000, which is almost at its end-of-life. There's also a good chance of finding many machines in the enterprise still running Windows 98 or 95. Trust me, they're everywhere. Having spent many years in software sales, I can say without a doubt that many organizations are far, far behind the desktop technology curve compared to most home users."

Oh, I agree many businesses are way behind the curve. I know of a large company that was still using Windows for Workgroups 3.11 until late 2001 (released 1993, support officially discontinued in December 2001). And there's a local fast food outlet that has suspiciously OS/2-like screens at the checkouts. Oh heck, I can remember helping a friend's small business migrate to Win 98 from ~Concurrent DOS~, circa 1999.

However, this isn't necessarily a bad thing -- provided that you are ready to migrate at least a few months before official end-of-life (so you'll always have up-to-date hotfixes available, and have some fudge time in case the migration goes wrong), being as far as possible from the bleeding edge can be seen as an advantage. You have well known stable configurations, the bugs are all either patched or at least well known and understood by your IT staff, hot fixes are required much less often (= better security & lower costs), and you get better ROI on both software licenses and staff training. Plus, when dealing with Microsoft OSes, it usually also means getting better performance out of cheaper (older) machines.

For that matter, even when M$ is no longer supporting the OS, security doesn't necessarily degrade all that much, if at all. You've already got ten years of evaluation and hardening in the system, and very few bright young crackers are focussing much thought on your antiquated system. (When was the last worm you heard of that hits WfW 3.11 ?!). Plus of course M$ for a while has had a habit of marketing new releases by adding useless bells and whistles that do little or nothing for business productivity but open new failure modes -- ever heard of a mass-mailing worm that uses MS Mail?

The main reason for small to medium businesses upgrading OSes is that the hardware is becoming flaky and new machines will come with a new Win OS already installed (assuming you are committed to the Win OS treadmill). In the case of those guys who were still using WfW 3.11, an older configuration of the company had left them with a huge "junk room" full of lots of spare 486DX4-100s and Pentiums (and also a lot of 10Base2 thinnet stuff -- but that's another story!). Apart from staff salaries, they hadn't needed to spend a cent on IT for about 5 or 6 years.

Since the official end-of-life for Windows 2000 will be June 2010, there really isn't much reason for most folks to look at Win 2K3 just yet.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/337/32146#32146