Days after software giant Microsoft Corp. announced that it will stop distributing the Windows 98 operating system, and weeks
ahead of the scheduled end of support, industry experts warn that the OS (operating system), though long in the tooth, is
still widely used within organizations.
However, the operating system's longevity could pose significant security challenges for organizations if Microsoft keeps
to its promise to stop issuing security patches in January, prompting companies worldwide to weigh costly jumps to newer Windows
versions, security experts and Microsoft customers report.
Microsoft said on Dec. 8 that it is halting further distribution of Windows 98, with the exception of Windows 98 Second Edition,
by the end of this month to comply with a legal settlement with Sun Microsystems Inc. over a dispute about the Java programming
language.
The Redmond, Washington, company ended no-charge incident support for Windows 98 on June 30 and has long warned that it will
discontinue paid incident support on Jan. 16. After that date, Microsoft has no plans to continue producing security patches
for Windows 98 even if a virus or worm outbreak targets that platform, according to a company spokeswoman.
Should such an outbreak occur, customers should upgrade to a supported Windows operating system, she said. For those who do
not upgrade, information as well as firewall and antivirus software from third-party companies can help protect vulnerable
Windows 98 systems, the spokeswoman said.
With more than 39 million copies of Windows 98 installed across the globe, according to research group IDC, the impact of
Microsoft's policy on Windows 98 will be felt far and wide.
For Atmel Corp., a Colorado Springs, Colorado, maker of semiconductors, third-party software products are patching holes left
by Microsoft's end of support for Windows 98, said Bill VonDane, a senior systems engineer at Atmel.
Atmel has about 1,200 desktop computers running Windows 98, most used by employees for e-mail, word processing and other office
functions. The company also has hundreds of machines in the company's fabrication facility that run test equipment and machines
used to create semiconductors, many of them performing critical functions, he said.
Atmel uses antivirus software by Sophos PLC at the network gateway and on user desktops and updates its virus definitions
every hour. The company also has a plan to upgrade desktop users to Windows 2000 or Windows XP Professional machines, VonDane
said.
But for many of the machines on the manufacturing floor, migration is not such a simple matter. Often, the software controllers
that run the fabrication equipment only work on the Windows 98 operating system. In fact, Atmel still has a number of Windows
95 and Windows 3.1 machines running on its production floor for that reason, he said.
Viruses that affect Windows 98 are a concern, VonDane admitted. Despite that, he is resigned about the end of support for
the OS, and does not consider it a major security issue.
"I don't see problems with running an older OS if it works. The bottom line is that we've had an end-of-life issue with Windows
98 for quite some time," he said. "I'm not looking from support from Microsoft. The only thing I'm concerned with is making
sure Sophos (antivirus) is updated."
Atmel's situation is common, according to Steve O'Halloran, managing director of AssetMetrix Inc. in Ottawa, which recently
conducted research into Windows deployments in 672 companies that use its asset management products.
The review of companies in the U.S., Canada, the U.K., Australia and New Zealand found that machines running Windows 95 and
98 accounted for 27 percent of desktop systems studied, or more than 372,000 installations. Windows XP installations, by contrast,
accounted for just 7 percent of installations, he said.
AssetMetrix believes many of those installations can be traced to a rush by companies in 1999 to upgrade their computers before
the year 2000 shift, O'Halloran said. A slumping economy in 2001 postponed upgrades from Windows 98 to Windows 2000 at many
of those companies, he said.
Like Atmel, some of AssetMetrix's customers have Windows 98 deployed in isolated manufacturing environments or on kiosks where
they are shielded from Internet attacks, O'Halloran said.
The adage "if it isn't broke, don't fix it" also applies, said Dan Kusnetzky, an analyst at IDC.
"Windows 98 works well enough that people will continue to run it until the machine is so obsolete that it can't run anymore,"
he said.
Frequently, such systems use software applications or hardware that isn't compatible with newer operating systems. That means
that even with the end of support, companies will continue to use the operating system until hardware failures or software
limitations force them to move, he said.
That may not be a bad thing. The key is for companies to understand where their Windows 98 machines are deployed and what
their exposure to the Internet is, O'Halloran said.
Companies that have "Internet-facing" computers running Windows 98 face an increasing risk of network security breaches from
viruses, worms and Trojan horse programs in 2004, AssetMetrix said in its report.
Many Indian corporations are preparing to upgrade their Windows 98 PCs to newer operating systems from Microsoft, such as
Windows XP, according to interviews with technology leaders there.
Microsoft's decision to withdraw support makes information systems vulnerable to security attacks, according to Sunil Dath,
head of information technology at Bangalore, India-based electronics design company, Sasken Communication Technologies Ltd.
The company still has over 200 PCs running Windows 98 and 98SE, and they are all networked.
Sasken has already started migrating its systems to newer versions of Windows, Dath said. "As an end user, we have to migrate
to a more stable version of Microsoft's operating system, for which we can avail services and support from Microsoft."
With Microsoft ending support for Windows 98, it makes better sense to upgrade than to try to run newer applications on an
earlier operating system, according to Prakash Gurbaxani, chief executive officer of TransWorks Information Services Pvt.
Ltd., a Mumbai-based business process outsourcing company.
"As the new stuff gets cheaper and more attractive, folks like us prefer to migrate to the latest versions," Gurbaxani said.
AssetMetrix's O'Halloran agrees, saying that many companies may even be entitled to free upgrades to XP, depending on their
license agreement with Microsoft.
Companies with more than 250 employees that renewed their enterprise or volume license agreement with Microsoft since the
release of XP may be able to upgrade now and take advantage of Microsoft patches and the improved security features of that
operating system, he said.
Smaller companies and individual users cannot take advantage of such agreements and may have to plan upgrades in the form
of OEM (original equipment manufacturer) versions of Windows XP or Windows 2000 that come with new hardware, he said.
In the end, though, security concerns rather than outdated functionality will move most companies and individuals off Windows
98 and to newer Windows operating systems, O'Halloran said.
"We now have this external factor, which is security, that brings the viability of Windows 98 into question. If someone discovers
a security exploit and you cannot get a hot fix for it, you have to decide if that's the world you want to live in," he said.
John Ribeiro reported from Bangalore.
E-mail
Printer Friendly
Reprints
(InfoWorld) - In the litigious world we live in, deploying a unified communications platform in your enterprise could...
