Sigh. I guess I should make good on my stated intent to write about things that annoy me and/or interesting technology, or failing that technology that annoys me. So on that note I've got something to say about Windows Vista. Yes, I am aware that it is no longer 2007 and no one cares about Vista anymore. Windows 7 is in RC with a slated RTM date of late October 2009. Vista is old news for everyone, except me.
When Vista came out I took one look at UAC, read a few articles about how slow it was, and swore never to use the OS. I figuratively pulled the blankie of corporate hardware and licensing over my head. At the time I had an employer supplied Thinkpad running XP that no one had ever got around to putting on the domain and a pretty kick-ass corporate desktop running Gentoo x64. I was happy with what I had and all I knew about Vista was that I didn't like it.
That was then. Now I'm on my own without the luxury of someone else paying for volume license keys. I had to buy my own laptop and live with the available OEM options. Sure I could drop the MSFT products and run Linux, I have no problem with Linux on the desktop and for the most part I can live without MS Office. I could do that, but can I afford to? I'm running my own business, I can't afford to have technology problems which might interfere with my ability to work. Specifically, I need to be able to run IDA. I asked around and was warned I'd spend more time fighting with WINE than reversing and I can't afford to fiddle with settings and hope it works. Forage Security's second computer will run Gentoo, but for better or for worse I'm now a Vista x64 Business Edition user. And you know what? It's not that bad.
I'm running SP2, UAC is enabled, aside from the perplexing and pointless relabeling of familiar control panel items, the experience (no pun intended) is much like that of XP, only smoother. Maybe it's the visual effects. Only problem so far has been that SSLTunnel doesn't seem to be supported on x64 and I don't have the expertise (or the time) to port the driver files. Oh well.
If you're still reading, you may be wondering if all this rambling about Vista being "not that bad" has a point. It actually does. I was at my bank the other day and couldn't help but notice that all the teller's machines were running Windows 2000. Fine and dandy for them, I'm sure, but last time I checked extended support for Windows 2000 is expected to cease July 13, 2010. That means just over a year from now there will be no more publicly available security patches and it's way past time to retire those boxes.
Nevertheless, a large enterprise can afford and may choose to pay for continued support even after the end of generally available extended support. But let's face it, the end is nigh for the one of the most popular operating systems in history. Now, if you're a "for-real" cyber criminal and you are sitting on a remotely exploitable buffer overflow in Windows 2000, what do you do? Exploit it now and see it patched within a couple of months? Probably. MS08-067 showed that even when the patch is available, hundreds of thousands of systems can still be compromised. But maybe you'll wait until July 14, 2010 knowing that most of the people still running 2K at that time will never see a patch. I guess you'd do whatever seemed the most profitable, I don't know which way that is.
On the other side, if you're running the IT department of a fortune 500 company, and you've (hopefully, finally) just finished migrating all you NT4 hosts to Server 2003 and are now faced with the costly prospect of an even larger migration of Server and Desktop 2000 hosts... what do you do? Well, look at the timing, it's obvious that this has occurred to MSFT too. Windows 7 promises to improve on the lessons learned with Vista, but there is not going to be a Window 7 Server, instead we'll get Windows Server 2008 R2 at about the same time Windows 7 hits the streets. All of this before 2K expires.
But is it soon enough? By now, IT departments have learned to wait for SP1. And quite frankly, 9 months isn't long enough for a major organization to adopt a new desktop operating system. Those with a lot of foresight are already testing their applications with the release candidate and training their users. Those that haven't started yet will probably take a long hard look at the matured Vista SP2 offering for their desktops.