210 likes | 222 Views
This article discusses the retirement of NT 4.0, who is still using it, why people aren't upgrading, and whether you should upgrade to 2000/2003. It also highlights the bug that might convince you to upgrade and explores possible options for Microsoft.
E N D
NT 4.0: Hold ‘em or fold ‘em? Is NT 4 obsolete or not? And should you upgrade?
Overview • Who’s retiring NT 4.0? • Who ever heard of retiring an OS? • Is anyone still using NT 4.0? • Why is this different than other retirements? • Why or why not upgrade? • Should you be forced to upgrade? • The bug that might make you upgrade • How to upgrade for less money
“Retired?” • You can’t buy NT 4.0 any more as of now • Currently: no support or hotfixes for NT 4.0 workstation • 1 Jan ’04: no more hotfixes except security holes for Server • 1 Jan ’05: no more premier or pay-per-incident support and no hotfixes no matter how bad the bug • (Side note: 98 dies in January)
Whointheheck retires OSes? • Actually it’s happened for years • For example, 95 and DOS and NT 4.0 workstation are retired • www.microsoft.com/windows/lifecycle/desktop/business/default.mspx has details
How Do You Know? • Microsoft has a “life cycle support” policy announced last October • OSes are supported for seven years • Five years “mainstream” • Two years “extended” (still supported)
But people aren’t upgradingWhy? • It’s not that 2003 or XP aren’t really neat tools • But change has a cost • See if this looks familiar:
Evidence • NT 4.0 is a seven year old OS • But people are still using it; in fact, many controller devices are only available in an NT 4.0 version • Imagine running NT 3.1 in 2000 • Consider version skipping; how many go • SQL 6.5-7.0-2000-2003? • Windows 98-NT 4-2000-XP? • How many still use Exchange 5.5?
Is something wrong? • No, it’s a natural side effect of any technology maturing • That’s a significant point • Note that this is not advice… it’s observation • Some simply cannot afford to upgrade without a life-and-death reason … that’s important • But it also means that “being an expert” gets tougher – you must know a wider range of OSes
Should I Upgrade to 2000/2003?Heavens yes, if you can afford it • Plug and Play • Active Directory • Group Policies • Centralized patch control • More secure out of the box • Far more efficient in many ways
Are There Down-Sides? • Cost: licenses and CALs • Risk: AD radically changes your NT 4.0 domain structure • Hardware: lots of circa 1998 hardware can’t run 2000, XP or 2003 • Time
Advice Before Upgrading • AD is the biggest part • It requires a fair amount of planning because AD has a lot of “one way doors” • 2003 has an advantage in that it’s a trifle more flexible • Fortunately there are nowadays many people with good solid experience who can help • If possible, do a clean rebuild rather than an upgrade
When Is an OS Obsolete? • While I prefer the newer OSes, I think it’s wrong of Microsoft to give NT 4 users the gate • I think users determine obsolescence, not companies • Not everyone needs the latest thing, or needs it ENOUGH • Not everyone can afford the latest thing • Hardware does not obsolete OSes anymore • Seven-year-old software is not unusual at all in other markets
Don’t Want To? Might have to!The bug that might kill NT 4.0 • A security hole might convince you to upgrade • KB 331953 reveals a potential denial of service hole in the RPC port mapper, which uses port 135 • Another “buffer overflow” problem • The same sort of problem as we saw in MS03-026
Severity • Does not allow an attacker to steal data from a system • Affects NT 4, 2000 and XP • 2000 and XP patched • NT 4 ISN’T… no patches for it
“Architecturally Impossible?” • MS patched 2000 and XP, but not NT 4 • Their reason: that it’s “architecturally impossible.” • This seems odd, as RPCs didn’t really CHANGE all that much from NT 4 to 2000… but there’s a 2000 fix • So with all respect, this seems suspect and, well, awfully convenient for MSFT shareholders • Which leads to the delicate “trust” issue
Why this isn’t acceptable • NT 4 has quite a bit of expected lifetime left • Unless they’re willing to buy the old copies back or offer free 2000 upgrades… • Merely saying “don’t put a system with port 135 on the Internet” is a workaround, not an answer – despite “expert” opinion, there’s nothing wrong with it, given patches, passwords and permissions • It supports what was basically NT’s main reason for existence for years… file serving • Worst of all, it sets a dangerous precedent
Possible Microsoft Options • Release a patch • Explain that the patch is impossible, and release source code to prove it • Develop a more complex patch and charge for it • Adopt the Pentium approach… offer free upgrades • Never have exposed the vulnerability in the first place if they knew they couldn’t fix it
Final Thought…for those who want the new but can’t afford it • For small businesses • Microsoft Action Pack • $300/year • Gives you Server 2003 Enterprise, Exchange, SQL Server, Visio, Office, more • 10 clients • www.microsoft.com/actionpack
Thanks! • My sincere thanks for attending • Free tech newsletter: www.minasi.com • Seminars and audio CDs there too • Active Directory design service also • email: help@minasi.com