NT 4.0: Hold

1
NT 4.0 Hold em or fold em?

• Is NT 4 obsolete or not? And should you upgrade?

2
Overview

• Whos retiring NT 4.0?
• Who ever heard of retiring an OS?
• Is anyone still using NT 4.0?
• Why is this different than other retirements?
• Why or why not upgrade?
• Should you be forced to upgrade?
• The bug that might make you upgrade
• How to upgrade for less money

3
Retired?

• You cant buy NT 4.0 any more as of now
• Currently no support or hotfixes for NT 4.0
  workstation
• 1 Jan 04 no more hotfixes except security holes
  for Server
• 1 Jan 05 no more premier or pay-per-incident
  support and no hotfixes no matter how bad the bug
• (Side note 98 dies in January)

4
Whointheheck retires OSes?

• Actually its happened for years
• For example, 95 and DOS and NT 4.0 workstation
  are retired
• www.microsoft.com/windows/lifecycle/desktop/busine
  ss/default.mspx has details

5
How Do You Know?

• Microsoft has a life cycle support policy
  announced last October
• OSes are supported for seven years
• Five years mainstream
• Two years extended (still supported)

6
But people arent upgradingWhy?

• Its not that 2003 or XP arent really neat tools
• But change has a cost
• See if this looks familiar

7
Logical outcome people upgrade more slowly!
8
Evidence

• NT 4.0 is a seven year old OS
• But people are still using it in fact, many
  controller devices are only available in an NT
  4.0 version
• Imagine running NT 3.1 in 2000
• Consider version skipping how many go
• SQL 6.5-7.0-2000-2003?
• Windows 98-NT 4-2000-XP?
• How many still use Exchange 5.5?

9
Is something wrong?

• No, its a natural side effect of any technology
  maturing
• Thats a significant point
• Note that this is not advice its observation
• Some simply cannot afford to upgrade without a
  life-and-death reason thats important
• But it also means that being an expert gets
  tougher you must know a wider range of OSes

10
Should I Upgrade to 2000/2003?Heavens yes, if
you can afford it

• Plug and Play
• Active Directory
• Group Policies
• Centralized patch control
• More secure out of the box
• Far more efficient in many ways

11
Are There Down-Sides?

• Cost licenses and CALs
• Risk AD radically changes your NT 4.0 domain
  structure
• Hardware lots of circa 1998 hardware cant run
  2000, XP or 2003
• Time

12
Advice Before Upgrading

• AD is the biggest part
• It requires a fair amount of planning because AD
  has a lot of one way doors
• 2003 has an advantage in that its a trifle more
  flexible
• Fortunately there are nowadays many people with
  good solid experience who can help
• If possible, do a clean rebuild rather than an
  upgrade

13
When Is an OS Obsolete?

• While I prefer the newer OSes, I think its wrong
  of Microsoft to give NT 4 users the gate
• I think users determine obsolescence, not
  companies
• Not everyone needs the latest thing, or needs it
  ENOUGH
• Not everyone can afford the latest thing
• Hardware does not obsolete OSes anymore
• Seven-year-old software is not unusual at all in
  other markets

14
Dont Want To? Might have to!The bug that might
kill NT 4.0

• A security hole might convince you to upgrade
• KB 331953 reveals a potential denial of service
  hole in the RPC port mapper, which uses port 135
• Another buffer overflow problem
• The same sort of problem as we saw in MS03-026

15
Severity

• Does not allow an attacker to steal data from a
  system
• Affects NT 4, 2000 and XP
• 2000 and XP patched
• NT 4 ISNT no patches for it

16
Architecturally Impossible?

• MS patched 2000 and XP, but not NT 4
• Their reason that its architecturally
  impossible.
• This seems odd, as RPCs didnt really CHANGE all
  that much from NT 4 to 2000 but theres a 2000
  fix
• So with all respect, this seems suspect and,
  well, awfully convenient for MSFT shareholders
• Which leads to the delicate trust issue

17
(No Transcript)
18
Why this isnt acceptable

• NT 4 has quite a bit of expected lifetime left
• Unless theyre willing to buy the old copies back
  or offer free 2000 upgrades
• Merely saying dont put a system with port 135
  on the Internet is a workaround, not an answer
  despite expert opinion, theres nothing wrong
  with it, given patches, passwords and permissions
• It supports what was basically NTs main reason
  for existence for years file serving
• Worst of all, it sets a dangerous precedent

19
Possible Microsoft Options

• Release a patch
• Explain that the patch is impossible, and release
  source code to prove it
• Develop a more complex patch and charge for it
• Adopt the Pentium approach offer free upgrades
• Never have exposed the vulnerability in the first
  place if they knew they couldnt fix it

20
Final Thoughtfor those who want the new but
cant afford it

• For small businesses
• Microsoft Action Pack
• 300/year
• Gives you Server 2003 Enterprise, Exchange, SQL
  Server, Visio, Office, more
• 10 clients
• www.microsoft.com/actionpack

21
Thanks!

• My sincere thanks for attending
• Free tech newsletter www.minasi.com
• Seminars and audio CDs there too
• Active Directory design service also
• email help_at_minasi.com