hippy
Posts: 6069
Joined: Fri Sep 09, 2011 10:34 pm
Location: UK

WannaCrypt Microsoft updates for older Windows systems

Sat May 13, 2017 12:14 pm

Microsoft have taken the step of issuing security updates for users of older Windows systems; XP, Vista, Windows Server, Windows 8. More details and links to downloads here -

https://blogs.technet.microsoft.com/msr ... pt-attacks

fruitoftheloom
Posts: 20900
Joined: Tue Mar 25, 2014 12:40 pm
Location: Delightful Dorset

Re: WannaCrypt Microsoft updates for older Windows systems

Sat May 13, 2017 1:33 pm

hippy wrote:Microsoft have taken the step of issuing security updates for users of older Windows systems; XP, Vista, Windows Server, Windows 8. More details and links to downloads here -

https://blogs.technet.microsoft.com/msr ... pt-attacks

Whooppie-doo closing the stable door after the horse has bolted never to be seen again.

No sympathy whatsoever both XP & Vista are end of life should not still be using.....
Retired disgracefully.....

hippy
Posts: 6069
Joined: Fri Sep 09, 2011 10:34 pm
Location: UK

Re: WannaCrypt Microsoft updates for older Windows systems

Sun May 14, 2017 1:50 pm

fruitoftheloom wrote:No sympathy whatsoever...
That does seem to be the way it is these days. Less sympathy, empathy or understanding for people's plight, their not having the advantages and privileges others may have.

There are plenty of people using older systems because they cannot afford to upgrade, cannot afford new hardware to support upgrades. And there are plenty of others who have no say in the matter, are told what to do, what they can have, how much money they can spend and how they must spend it, by parents, company departments, organisations, and even governments. How things are for people is not always through their choice.

User avatar
thagrol
Posts: 1887
Joined: Fri Jan 13, 2012 4:41 pm
Location: Darkest Somerset, UK
Contact: Website

Re: WannaCrypt Microsoft updates for older Windows systems

Sun May 14, 2017 4:26 pm

hippy wrote:
fruitoftheloom wrote:No sympathy whatsoever...
That does seem to be the way it is these days. Less sympathy, empathy or understanding for people's plight, their not having the advantages and privileges others may have.

There are plenty of people using older systems because they cannot afford to upgrade, cannot afford new hardware to support upgrades. And there are plenty of others who have no say in the matter, are told what to do, what they can have, how much money they can spend and how they must spend it, by parents, company departments, organisations, and even governments. How things are for people is not always through their choice.
I'm with hippy. There are lots of reasons why users of older systems cannot upgrade. In the case of large organisations like the NHS it's more likely to be a limitation of mission critical software that simply can't run on newer platforms than one of budget.
Attempts to contact me outside of thes forums will be ignored unless signed in triplicate, sent in, sent back, queried, lost, found, subjected to public enquiry, lost again, and finally buried in soft peat for three months and recycled as firelighters

peterlite
Posts: 720
Joined: Sun Apr 17, 2016 4:00 am

Re: WannaCrypt Microsoft updates for older Windows systems

Mon May 15, 2017 2:44 am

The bosses of those organisations update their BMWs, Mercedes, and Audis every three years to ensure they have the latest airbags and cup holders. They know the importance of current technology.

stderr
Posts: 2178
Joined: Sat Dec 01, 2012 11:29 pm

Re: WannaCrypt Microsoft updates for older Windows systems

Mon May 15, 2017 3:34 am

peterlite wrote:The bosses of those organisations update their BMWs, Mercedes, and Audis every three years to ensure they have the latest airbags and cup holders.
Especially the Audi cup holders.

stderr
Posts: 2178
Joined: Sat Dec 01, 2012 11:29 pm

Re: WannaCrypt Microsoft updates for older Windows systems

Mon May 15, 2017 3:37 am

fruitoftheloom wrote:No sympathy whatsoever both XP & Vista are end of life should not still be using.....
I guess the HMS Carries Around the Nuclear Bombs is still using the XP: http://www.popularmechanics.com/militar ... indows-xp/ . So I don't know about having sympathy for them, but what about the bloody rest of us?

User avatar
thagrol
Posts: 1887
Joined: Fri Jan 13, 2012 4:41 pm
Location: Darkest Somerset, UK
Contact: Website

Re: WannaCrypt Microsoft updates for older Windows systems

Mon May 15, 2017 11:13 am

peterlite wrote:The bosses of those organisations update their BMWs, Mercedes, and Audis every three years to ensure they have the latest airbags and cup holders. They know the importance of current technology.
Changing a car is easy Changing a key part of your IT infrastructure is not.

The process would be something like this:
  1. Buy one or two new machines and determine if all your critical software and peripherals run on them without problems. If there are problems, identify them and find solutions.
  2. Put the contract out to competitive tendering.
  3. Run a pilot programme to ensure things work in the real world and not just in a lab.
  4. Phased roll out across the organisation coupled with staff training
All the above takes time and money. Possibly so much time that the PCs from step 1 are obsolete by the time step 4 is complete.

And the whole process can fail at step 1 if a piece of hardware of software won't function on new kit and cannot be replace or upgraded.

Individual users and small businesses can afford to buy new PCs and fix the problems afterwards. Large organisations cannot.

In the specific case of the under funded NHS, would you rather they spent millions replacing ageing but reliable IT or spent that money on patient care? The affected NHS trusts need to fix the hole in their IT security that allowed the malware in before rushing out and replacing their entire infrastructure. Yes your internal systems may be old and have unpatched vulnerabilities but if you stop the malware at the network border does that really matter?
Attempts to contact me outside of thes forums will be ignored unless signed in triplicate, sent in, sent back, queried, lost, found, subjected to public enquiry, lost again, and finally buried in soft peat for three months and recycled as firelighters

peterlite
Posts: 720
Joined: Sun Apr 17, 2016 4:00 am

Re: WannaCrypt Microsoft updates for older Windows systems

Wed May 17, 2017 11:28 pm

One of the selling points for Windows was backward compatibility. If you cannot upgrade an old machine from XP to the next release, you complain to Microsoft. Millions did complain about Vista and Vista was quickly replaced by Windows 7.

Windows 7 was not an expensive upgrade. In cost terms, it is equivalent to running the company car for an extra couple of years by replacing the worn tyres. Everyone on XP had 8 years to make the switch. Windows 7 security updates covered the current problem.

I have not found a computer that could not upgrade to Windows 7. If a machine was that old, it would not support hardware encryption and software encryption would be too slow. You would not let a public service use computers without encryption everywhere.

Windows 8 was another Vista moment but 8.1 fixed the problems. Windows 8.1 has current security updates.

In the government department cases, people should be fired right up to the responsible minister.

User avatar
thagrol
Posts: 1887
Joined: Fri Jan 13, 2012 4:41 pm
Location: Darkest Somerset, UK
Contact: Website

Re: WannaCrypt Microsoft updates for older Windows systems

Thu May 18, 2017 1:06 am

peterlite wrote: Windows 7 was not an expensive upgrade. In cost terms, it is equivalent to running the company car for an extra couple of years by replacing the worn tyres.
Like I said before, it isn't that simple and the license cost is the least of it.

To carry on with your car based example...

Imagine you have a fleet of 6,000 vehicles ranging from the boss' BMW to the gardener's lawnmower passing through 17 seater mini-buses, 3.5 tonne vans, and everything in between.

A decision is made to extend the life of these vehicles by fitting new tyres. So an order is made for 30,000 new 18" low profile tyres (coz thats what fits the BMW and every vehicle must have the latest and greatest. And a spare).

What you end up with is one BMW with five new tyres, 29,995 useless tyres, and a fleet manager out of a job. Not to mention the time wasted calling all those vehicles in to have the tyres fitted. And another project to get the right tyres for the right motor.

No-one in their right mind takes on a project of that magnitude without doing the proper research and planning first.

Going back to window 7. Lets take the same number of upgrades: 6000. Lets assume that every upgrade will go perfectly, each PC has only one user and there's no knock on effect from a PC being out of use. Lets be generous and say each upgrade will take 2 hours start to finish. I'll even go as far as allowing all the PCs to be identical.

Also assume an 8 hour workday excluding breaks. So four upgrades a day per technician.

That's 12,000 man hours to perform the upgrades with another 12,000 lost to the required PC downtime.

Now, the real world isn't perfect. You can bet that all the PCs aren't identical, that some piece of software won't run properly or some piece of hardware doesn't have a driver (moving from 32bit to 64bit? better check all those drivers exist and are signed). Which adds to the time and cost.

And that's ignoring any staff training. Moving from XP/vista/7 to Win8? Better get some trainers in.

In car terms that would be replacing 6000 automatics with 6000 manual transmissions. Your drivers would need retraining and new driving tests/licenses.

Swapping new hardware for old isn't actually much easier. Someone still has to configure it and install it at the point of use.

As for backwards compatibility, you're joking, right? I've lost count of the times I've had to bin perfectly functional peripherals because there's no driver for them on the latest/greatest version of windows. And software, though not quite as frequently. (yeah, with software you might be able to run it in a VM but that's more complexity and cost)

Once again, if you only have one PC, it's easy. You can afford to upgrade first and fix later. When you have 6000 you can't afford to work that way and the license cost is only a small part of it.

(Why 6000? One of the affected NHS trusts said that's how many PCs they have in an interview with BBC news)
Attempts to contact me outside of thes forums will be ignored unless signed in triplicate, sent in, sent back, queried, lost, found, subjected to public enquiry, lost again, and finally buried in soft peat for three months and recycled as firelighters

peterlite
Posts: 720
Joined: Sun Apr 17, 2016 4:00 am

Re: WannaCrypt Microsoft updates for older Windows systems

Thu May 18, 2017 1:23 am

OK, I agree with your maths. In the projects I worked on from day one, we purchased machines 200 or 1000 at a time and demanded identical machines down to the bios level. We could then ugradep 200 or 1000 machines after testing just one from that batch. The updates were often done a whole floor, say 40 machines, at a time using one person and 40 CDs for one hour. A little bit of planning made everything easy.

I know some projects, in other organisations, ran into problems when purchasing officers decided on the brand and model. A batch of 200 PCs might have identical cases but several different motherboards and a disk so slow that an operating system upgrade is overnight instead of a lunch break. The purchasing officers save $50 per PC during purchase but the installation costs $100 more due to weird problems and the wrong connectors at the back of the machine.

Return to “Off topic discussion”