Upload
silas
View
21
Download
0
Embed Size (px)
DESCRIPTION
NT 4.0: Hold ‘em or fold ‘em?. Is NT 4 obsolete or not? And should you upgrade?. Overview. Who’s retiring NT 4.0? Who ever heard of retiring an OS? Is anyone still using NT 4.0? Why is this different than other retirements? Why or why not upgrade? Should you be forced to upgrade? - PowerPoint PPT Presentation
Citation preview
NT 4.0: Hold ‘em or fold ‘em?
Is NT 4 obsolete or not? And should you upgrade?
Overview
Who’s retiring NT 4.0? Who ever heard of retiring an OS? Is anyone still using NT 4.0? Why is this different than other retirements? Why or why not upgrade? Should you be forced to upgrade? The bug that might make you upgrade How to upgrade for less money
“Retired?”
You can’t buy NT 4.0 any more as of now Currently: no support or hotfixes for NT 4.0
workstation 1 Jan ’04: no more hotfixes except security holes
for Server 1 Jan ’05: no more premier or pay-per-incident
support and no hotfixes no matter how bad the bug (Side note: 98 dies in January)
Whointheheck retires OSes?
Actually it’s happened for years For example, 95 and DOS and NT 4.0
workstation are retired www.microsoft.com/windows/lifecycle/deskto
p/business/default.mspx has details
How Do You Know?
Microsoft has a “life cycle support” policy announced last October
OSes are supported for seven years– Five years “mainstream”– Two years “extended” (still supported)
But people aren’t upgradingWhy?
It’s not that 2003 or XP aren’t really neat tools
But change has a cost See if this looks familiar:
To Upgrade Or Not?
Version number
co
sts
/be
ne
fits
Marginal value ofupgrade
Cost of upgrade
Logical outcome: people upgrade more slowly!
Evidence
NT 4.0 is a seven year old OS But people are still using it; in fact, many
controller devices are only available in an NT 4.0 version
Imagine running NT 3.1 in 2000 Consider version skipping; how many go
– SQL 6.5-7.0-2000-2003?– Windows 98-NT 4-2000-XP?– How many still use Exchange 5.5?
Is something wrong?
No, it’s a natural side effect of any technology maturing
That’s a significant point Note that this is not advice… it’s observation Some simply cannot afford to upgrade without a
life-and-death reason … that’s important But it also means that “being an expert” gets
tougher – you must know a wider range of OSes
Should I Upgrade to 2000/2003?Heavens yes, if you can afford it
Plug and Play Active Directory Group Policies Centralized patch control More secure out of the box Far more efficient in many ways
Are There Down-Sides?
Cost: licenses and CALs Risk: AD radically changes your NT 4.0
domain structure Hardware: lots of circa 1998 hardware can’t
run 2000, XP or 2003 Time
Advice Before Upgrading
AD is the biggest part It requires a fair amount of planning because AD
has a lot of “one way doors” 2003 has an advantage in that it’s a trifle more
flexible Fortunately there are nowadays many people with
good solid experience who can help If possible, do a clean rebuild rather than an
upgrade
When Is an OS Obsolete?
While I prefer the newer OSes, I think it’s wrong of Microsoft to give NT 4 users the gate
I think users determine obsolescence, not companies
Not everyone needs the latest thing, or needs it ENOUGH
Not everyone can afford the latest thing Hardware does not obsolete OSes anymore Seven-year-old software is not unusual at all in
other markets
Don’t Want To? Might have to!The bug that might kill NT 4.0
A security hole might convince you to upgrade
KB 331953 reveals a potential denial of service hole in the RPC port mapper, which uses port 135
Another “buffer overflow” problem The same sort of problem as we saw in
MS03-026
Severity
Does not allow an attacker to steal data from a system
Affects NT 4, 2000 and XP 2000 and XP patched NT 4 ISN’T… no patches for it
“Architecturally Impossible?”
MS patched 2000 and XP, but not NT 4 Their reason: that it’s “architecturally impossible.” This seems odd, as RPCs didn’t really CHANGE all
that much from NT 4 to 2000… but there’s a 2000 fix
So with all respect, this seems suspect and, well, awfully convenient for MSFT shareholders
Which leads to the delicate “trust” issue
Why this isn’t acceptable
NT 4 has quite a bit of expected lifetime left Unless they’re willing to buy the old copies back or
offer free 2000 upgrades… Merely saying “don’t put a system with port 135 on
the Internet” is a workaround, not an answer – despite “expert” opinion, there’s nothing wrong with it, given patches, passwords and permissions
It supports what was basically NT’s main reason for existence for years… file serving
Worst of all, it sets a dangerous precedent
Possible Microsoft Options
Release a patch Explain that the patch is impossible, and
release source code to prove it Develop a more complex patch and charge
for it Adopt the Pentium approach… offer free
upgrades Never have exposed the vulnerability in the
first place if they knew they couldn’t fix it
Final Thought…for those who want the new but can’t afford it
For small businesses Microsoft Action Pack $300/year Gives you Server 2003 Enterprise,
Exchange, SQL Server, Visio, Office, more 10 clients www.microsoft.com/actionpack
Thanks!
My sincere thanks for attending Free tech newsletter: www.minasi.com Seminars and audio CDs there too Active Directory design service also email: [email protected]