NT 4 0 Hold em or fold em

NT 4. 0: Hold ‘em or fold ‘em? Is NT 4 obsolete or not? And should you upgrade?

Overview Who’s retiring NT 4. 0? n Who ever heard of retiring an OS? n Is anyone still using NT 4. 0? n Why is this different than other retirements? n Why or why not upgrade? n Should you be forced to upgrade? n The bug that might make you upgrade n How to upgrade for less money n

“Retired? ” n n n You can’t buy NT 4. 0 any more as of now Currently: no support or hotfixes for NT 4. 0 workstation 1 Jan ’ 04: no more hotfixes except security holes for Server 1 Jan ’ 05: no more premier or pay-per-incident support and no hotfixes no matter how bad the bug (Side note: 98 dies in January)

Whointheheck retires OSes? Actually it’s happened for years n For example, 95 and DOS and NT 4. 0 workstation are retired n www. microsoft. com/windows/lifecycle/deskto p/business/default. mspx has details n

How Do You Know? Microsoft has a “life cycle support” policy announced last October n OSes are supported for seven years n – – Five years “mainstream” Two years “extended” (still supported)

But people aren’t upgrading Why? It’s not that 2003 or XP aren’t really neat tools n But change has a cost n See if this looks familiar: n

Logical outcome: people upgrade more slowly!

Evidence NT 4. 0 is a seven year old OS n But people are still using it; in fact, many controller devices are only available in an NT 4. 0 version n Imagine running NT 3. 1 in 2000 n Consider version skipping; how many go n – – – SQL 6. 5 -7. 0 -2003? Windows 98 -NT 4 -2000 -XP? How many still use Exchange 5. 5?

Is something wrong? n n n No, it’s a natural side effect of any technology maturing That’s a significant point Note that this is not advice… it’s observation Some simply cannot afford to upgrade without a life -and-death reason … that’s important But it also means that “being an expert” gets tougher – you must know a wider range of OSes

Should I Upgrade to 2000/2003? Heavens yes, if you can afford it Plug and Play n Active Directory n Group Policies n Centralized patch control n More secure out of the box n Far more efficient in many ways n

Are There Down-Sides? Cost: licenses and CALs n Risk: AD radically changes your NT 4. 0 domain structure n Hardware: lots of circa 1998 hardware can’t run 2000, XP or 2003 n Time n

Advice Before Upgrading n n n AD is the biggest part It requires a fair amount of planning because AD has a lot of “one way doors” 2003 has an advantage in that it’s a trifle more flexible Fortunately there are nowadays many people with good solid experience who can help If possible, do a clean rebuild rather than an upgrade

When Is an OS Obsolete? n n n While I prefer the newer OSes, I think it’s wrong of Microsoft to give NT 4 users the gate I think users determine obsolescence, not companies Not everyone needs the latest thing, or needs it ENOUGH Not everyone can afford the latest thing Hardware does not obsolete OSes anymore Seven-year-old software is not unusual at all in other markets

Don’t Want To? Might have to! The bug that might kill NT 4. 0 A security hole might convince you to upgrade n KB 331953 reveals a potential denial of service hole in the RPC port mapper, which uses port 135 n Another “buffer overflow” problem n The same sort of problem as we saw in MS 03 -026 n

Severity Does not allow an attacker to steal data from a system n Affects NT 4, 2000 and XP n 2000 and XP patched n NT 4 ISN’T… no patches for it n

“Architecturally Impossible? ” n n n MS patched 2000 and XP, but not NT 4 Their reason: that it’s “architecturally impossible. ” This seems odd, as RPCs didn’t really CHANGE all that much from NT 4 to 2000… but there’s a 2000 fix So with all respect, this seems suspect and, well, awfully convenient for MSFT shareholders Which leads to the delicate “trust” issue

Why this isn’t acceptable n n n NT 4 has quite a bit of expected lifetime left Unless they’re willing to buy the old copies back or offer free 2000 upgrades… Merely saying “don’t put a system with port 135 on the Internet” is a workaround, not an answer – despite “expert” opinion, there’s nothing wrong with it, given patches, passwords and permissions It supports what was basically NT’s main reason for existence for years… file serving Worst of all, it sets a dangerous precedent

Possible Microsoft Options Release a patch n Explain that the patch is impossible, and release source code to prove it n Develop a more complex patch and charge for it n Adopt the Pentium approach… offer free upgrades n Never have exposed the vulnerability in the first place if they knew they couldn’t fix it n

Final Thought… for those who want the new but can’t afford it For small businesses n Microsoft Action Pack n $300/year n Gives you Server 2003 Enterprise, Exchange, SQL Server, Visio, Office, more n 10 clients n www. microsoft. com/actionpack n

Thanks! My sincere thanks for attending n Free tech newsletter: www. minasi. com n Seminars and audio CDs there too n Active Directory design service also n email: help@minasi. com n