I wouldn't go that far...at least if you are talking about functionally obsolete. I know of lots of shops out there who are "thinkin about upgrading to xp..." we actually have a few 2k/O2K boxes kicking around here I hate 'em ...but I still got 'em, most are now XP/O2K03.Both softwares are effectively obsolete these days?
A year ago almost 50% of OS were w2k http://www.theregister.com/2005/06/1...ws2000_nicely/
While that will have change some... I'd bet it's still over 30%
If you're talking stucturally obsolete... from a support, security and maintenance POV, no question but still widely used... I'm glad i've got an IPS helping protect even these old systems from this sort of attack.
btw mprice... MS bashing, saying that they suck and their code sucks is so 2001. They have made very large strides in cleaning up their house. Are they perfect ...not a chance but being the elephant on the block makes them an easy target and you can bet if there is one error in a million lines of code...someone will find it. (or 25 errors...or whatever) just so they can say I fecked over MS... or so they can steal someone personal info... and with organized crime now heavily into identity theft and fraud, some very bad, but very smart people are out there creating malware.
Just so you don't think I'm an MS cheerleader, I do think the problem with most Ms Apps is that they write giant apps that do things 95% of user don't even understand. Massive functionality = high potential for coding errors. But then you can't really keep inducing people to buy Notepad 2007 Now With Fonts! That being said some of their apps are damn good.
I'm pretty sure that the reason we've seen Vista delayed so much is almost entirely due to security. They've really staked the entire future of MS on getting this one right by making the commitments to security they have. Are they going to be able to do it? probably not at first..http://www.theregister.com/2006/07/1...rity_analysis/ I look forward to using Vista after it's been compromised for a year or so...
Open Source is not immune (I've had Firefox updated with 6 major updates since the release of 1.5 late last year)
Finally rushing patches out is not a great idea when you've a user base of a gazillion people relying on you to do it right. (check out the Intel wireless driver security patch problems http://www.antionline.com/showthread...hreadid=276148)
In an MS world and most of us are whether we like it or not, best we can do is keep patched, run an IPS, AV, a good firewall, stay informed and educate your users.
Patches and vulns are a fact of life which is why I'm on the IPS bandwagon...
http://www.securityfocus.com/infocus/1670
http://www.nss.co.uk/WhitePapers/int...on_systems.htm
zero days don't worry me (as much as they used to anyways)
Reply With Quote