NT 4.0: Hold ‘em or fold ‘em?

Is NT 4 obsolete or not? And should you upgrade?

Overview

Who’s retiring NT 4.0? Who ever heard of retiring an OS? Is anyone still using NT 4.0? Why is this different than other retirements? Why or why not upgrade? Should you be forced to upgrade? The bug that might make you upgrade How to upgrade for less money

“Retired?”

You can’t buy NT 4.0 any more as of now Currently: no support or hotfixes for NT 4.0

workstation 1 Jan ’04: no more hotfixes except security holes

for Server 1 Jan ’05: no more premier or pay-per-incident

support and no hotfixes no matter how bad the bug (Side note: 98 dies in January)

Whointheheck retires OSes?

Actually it’s happened for years For example, 95 and DOS and NT 4.0

workstation are retired www.microsoft.com/windows/lifecycle/deskto

p/business/default.mspx has details

How Do You Know?

Microsoft has a “life cycle support” policy announced last October

OSes are supported for seven years– Five years “mainstream”– Two years “extended” (still supported)

But people aren’t upgradingWhy?

It’s not that 2003 or XP aren’t really neat tools

But change has a cost See if this looks familiar:

To Upgrade Or Not?

Version number

co

sts

/be

ne

fits

Marginal value ofupgrade

Cost of upgrade

Logical outcome: people upgrade more slowly!

Evidence

NT 4.0 is a seven year old OS But people are still using it; in fact, many

controller devices are only available in an NT 4.0 version

Imagine running NT 3.1 in 2000 Consider version skipping; how many go

– SQL 6.5-7.0-2000-2003?– Windows 98-NT 4-2000-XP?– How many still use Exchange 5.5?

Is something wrong?

No, it’s a natural side effect of any technology maturing

That’s a significant point Note that this is not advice… it’s observation Some simply cannot afford to upgrade without a

life-and-death reason … that’s important But it also means that “being an expert” gets

tougher – you must know a wider range of OSes

Should I Upgrade to 2000/2003?Heavens yes, if you can afford it

Plug and Play Active Directory Group Policies Centralized patch control More secure out of the box Far more efficient in many ways

Are There Down-Sides?

Cost: licenses and CALs Risk: AD radically changes your NT 4.0

domain structure Hardware: lots of circa 1998 hardware can’t

run 2000, XP or 2003 Time

Advice Before Upgrading

AD is the biggest part It requires a fair amount of planning because AD

has a lot of “one way doors” 2003 has an advantage in that it’s a trifle more

flexible Fortunately there are nowadays many people with

good solid experience who can help If possible, do a clean rebuild rather than an

upgrade

When Is an OS Obsolete?

While I prefer the newer OSes, I think it’s wrong of Microsoft to give NT 4 users the gate

I think users determine obsolescence, not companies

Not everyone needs the latest thing, or needs it ENOUGH

Not everyone can afford the latest thing Hardware does not obsolete OSes anymore Seven-year-old software is not unusual at all in

other markets

Don’t Want To? Might have to!The bug that might kill NT 4.0

A security hole might convince you to upgrade

KB 331953 reveals a potential denial of service hole in the RPC port mapper, which uses port 135

Another “buffer overflow” problem The same sort of problem as we saw in

MS03-026

Severity

Does not allow an attacker to steal data from a system

Affects NT 4, 2000 and XP 2000 and XP patched NT 4 ISN’T… no patches for it

“Architecturally Impossible?”

MS patched 2000 and XP, but not NT 4 Their reason: that it’s “architecturally impossible.” This seems odd, as RPCs didn’t really CHANGE all

that much from NT 4 to 2000… but there’s a 2000 fix

So with all respect, this seems suspect and, well, awfully convenient for MSFT shareholders

Which leads to the delicate “trust” issue

Why this isn’t acceptable

NT 4 has quite a bit of expected lifetime left Unless they’re willing to buy the old copies back or

offer free 2000 upgrades… Merely saying “don’t put a system with port 135 on

the Internet” is a workaround, not an answer – despite “expert” opinion, there’s nothing wrong with it, given patches, passwords and permissions

It supports what was basically NT’s main reason for existence for years… file serving

Worst of all, it sets a dangerous precedent

Possible Microsoft Options

Release a patch Explain that the patch is impossible, and

release source code to prove it Develop a more complex patch and charge

for it Adopt the Pentium approach… offer free

upgrades Never have exposed the vulnerability in the

first place if they knew they couldn’t fix it

Final Thought…for those who want the new but can’t afford it

For small businesses Microsoft Action Pack $300/year Gives you Server 2003 Enterprise,

Exchange, SQL Server, Visio, Office, more 10 clients www.microsoft.com/actionpack

Thanks!

My sincere thanks for attending Free tech newsletter: www.minasi.com Seminars and audio CDs there too Active Directory design service also email: help@minasi.com