Thought for the day: Are your Windows secure?

Companies should worry less about migrating to new operating system and concentrate more on its security, says Simon Moores.

New Asset  

Companies should worry less about migrating to new operating system and concentrate more on its security, says Simon Moores.




Windows NT 4.0 is alive and well and at a bank, business or hospital near you.

That's the problem, and it's one shared by both Microsoft and business. The company may have discontinued support for Windows NT on the desktop in June and will do the same for the Server next year, but for a number of very good reasons NT is stubbornly refusing to take the door marked "Exit".

This month, I had a conversation with the head of security at a leading bank.

"Blaster was a wake-up call to all of us in the financial services industry," he tells me. With tens of thousands of desktops and almost a thousand servers, we were planning a gradual migration from Windows NT, to Windows 2000 and then finally to Longhorn when it arrives.

"Windows XP doesn't appear in our plans at all, he adds. "However, not only did the events of the summer give us serious cause for concern on the security front, but they also made us worry over falling foul of the regulators, who are themselves concerned over levels of preparedness for whatever comes next."

It appears that the reluctance to move up and away from Windows NT to Windows 2000 or even Windows Server 2003 wasn't a software licensing issue, but a total cost of ownership worry.

Windows NT both on the desktop and the server still runs relatively cheaply on PCs that are more likely to be found gathering dust in my attic.

Take 20,000 desktops, migrate these to Windows 2000 and multiply the result across the NHS or European banking sector and the cost in new hardware is not insignificant in an industry which claims it is struggling to be profitable or productive.

Concerns over migration costs appear to have been left behind by worries over security, and so, in this example, the migration process will now be accelerated into an 18-month window, which will see Windows Server 2003 putting in an appearance. It is robust, and Windows 2000 rolled out to fat-desktops and mobile users and potentially, a Linux-based thin client is deployed to the bulk of transactional users.

Either way, this won't be cheap and credit card charges will continue to remain outrageous in the eyes of the public as a by-product of the banking sector's rush to make itself as immune as possible from the threat from "the next big thing" to appear from the "dark side'"of the internet.

One further interesting comment I gleaned from my conversation, was that NT is no more or less insecure than any other Microsoft operating system.

Instead, it's how the IT department manages the security of the Windows environment that counts, and that Windows Server 2003 is attractive because Microsoft have made the tools and policies available that makes securing that environment easier.

Every dog has its day, and NT has had its. Banks should know about security and they know a great deal about cost. If this is a good example of current thinking, then squeezing the extra pennies out of a Windows NT environment is too much of a risk.

Of course, the risk to Microsoft is whether what they choose next has Windows written on the box, but having spent six months talking with financial institutions here and in Europe, I suspect that Bill Gates hasn't any reason to lose sleep over the UK.

What do you think?

What are you doing to make sure Windows is secure?  Tell us in an e-mail >> reserves the right to edit and publish answers on the website. Please state if your answer is not for publication.

Setting the world to rights with the collected thoughts and opinions of leading industry analyst Dr Simon Moores of Zentelligence.

Acting globally, Zentelligence (Research) advises governments, suppliers, business and the media on the evolution, application and delivery of leading-edge technologies and specialises in the areas of eGovernment and information security.

For further information on Zentelligence and its research, presentation and analyst services visit

Read more on Operating systems software