[ISN] Windows 98 Users Face Increased Security Risk, Says Study

From: InfoSec News (isn@private)
Date: Fri Dec 12 2003 - 01:31:21 PST

  • Next message: InfoSec News: "[ISN] Microsoft's Patching Conundrum"

    http://www.eweek.com/article2/0,4149,1410097,00.asp
    
    By Peter Galli 
    December 11, 2003   
     
    A new research paper to be released on Thursday is warning those 
    companies still running Microsoft Windows 98 that they face an 
    increased risk of a network security breach when Microsoft retires the 
    product at the end of this year. 
    
    The study, released by Ottawa-based AssetMetrix Research Labs and 
    titled, "Usage Analysis & Risks of Obsolete Operating Systems: 
    Microsoft Windows 95 & Windows 98," points out that while Microsoft 
    Corp. is preparing to retire a number of its flagship products, there 
    are still a large number of PCs in the corporate environment running 
    Windows 98 and Windows 95. 
    
    Inventory data of more than 372,000 PCs - from some 670 companies with 
    between 10 and 49,000 employees - found that more than 80 percent of 
    these companies were still using Windows 98 and/or Windows 95. 
    
    "On January 16th, 2004, Microsoft Windows 98 enters the non-support 
    portion of its support lifecycle. Windows 98 is considered obsolete, 
    and security-based hot fixes will not be generally available for users 
    of Windows 98 or Windows 98-Second Edition," said Steve O'Halloran, 
    managing director of AssetMetrix Research Labs. 
    
    With the high trend of security exploits against Windows and 
    associated applications and with Microsoft's increased efforts to 
    patch security exploits via monthly hot fixes, companies with 
    Internet-facing PCs running Windows 95 or Windows 98 will now face an 
    ever-increasing risk of a network security breach, he said. 
    
    "As we began to help some of our customers plan to migrate away from 
    Windows 98, we noticed that the number of Windows 98-based PCs was 
    higher than we would have anticipated. Our data also indicated that 
    the major driver is a direct result of delaying PC refreshment 
    purchases during the recent economic slowdown," he said. 
    
    The study also found that more than 27 percent of PCs were running 
    Windows 95 or Windows 98, compared to only 7 percent for Windows XP, 
    while Windows NT4, for which mainstream support ended in 2002, is 
    still prevalent in the corporate environment at a rate of over 13 
    percent. 
    
    "Companies with a significant investment in Windows 98—and who did not 
    purchase an extended hot fix support contract this summer—should 
    immediately evaluate strategies to retire all installations of 
    'Internet-facing' Windows," the study said. 
    
    The study also suggests that companies ensure that all their PCs, 
    regardless of operating system, have the latest Microsoft Security hot 
    fixes and that they identify the magnitude of Windows 95 and Windows 
    98 via a PC inventory. 
    
    "Any Windows 95 or 98-based PC with access to the Internet (including 
    mobiles that leave the company network) should be candidates for 
    migrating to Windows XP or Windows 2000. Companies should also 
    determine if installations of Windows 2000 or Windows XP are covered 
    under a Microsoft Volume Licensing Agreement," it says. 
    
    To help its customers with this, AssetMetrix, the Lab's parent 
    company, will on Thursday announce a new asset management service 
    known as Win98-Exodus, designed to help corporations identify PCs 
    running Windows 98 and Windows 95 and help them develop a migration 
    strategy toward Windows 2000 and Windows XP. 
    
    "Companies need to be better informed about the potential security 
    risks associated with using Windows 98 or Windows 95 within their 
    corporate environment. With Win98-Exodus, AssetMetrix customers can 
    view the details of any PC within their organization that is running 
    either Windows 95, 98 or NT. 
    
    "They can then drill down to detailed reporting on the individual 
    components of each PC, assign pricing values for each required 
    hardware or software component upgrade, estimate labor time and cost, 
    as well as viewing application compatibility reporting for each PC," 
    said Jeff Campbell, the president of AssetMetrix. 
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomo@private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Fri Dec 12 2003 - 03:54:27 PST