It seems like a milestone of sorts. But the reality is that Microsoft's support for Win2K really ended some time ago. If pressed, I'd say that Microsoft finally gave up on Win2K in mid-2004. Until that time, the company had been planning to ship a Win2K SP5 that would have included most of the "Springboard" security fixes that Microsoft eventually delivered in XP SP2 and Windows Server 2003 SP1.
But Win2K SP5 never happened. Instead, Microsoft announced in November 2004 that it would provide Win2K customers with the Update Rollup instead of SP5. The company's rationale for dropping SP5 sounds reasonable at first glance. "By including the most important updates for Windows 2000, the Update Rollup will make it easier for customers to keep existing Windows 2000 systems secure and up to date and to build new deployment images," the company told me at the time. "Because the number of updates included in the Update Rollup is significantly lower than the number typically included in a service pack, and we will have already released most contents of the Rollup Update as individual updates and hotfixes, the Update Rollup also should require less predeployment testing."
That statement would be comforting but for one thing: Imagine how much more secure Win2K would be if it included the Windows Firewall, Security Center, Microsoft Internet Explorer (IE) pop-up blocker and add-on manager, unsafe attachment blocker, a more secure wireless networking stack, and other security-oriented features that XP users received in XP SP2. This lack is particularly galling when you consider that almost 50 percent of all Windows versions deployed in sizeable businesses are Win2K, not XP. (However, XP is more often used in companies with less than 250 PCs.)
That's right. According to a study by AssetMetrix Research Labs, not only is Win2K the most common Windows version in large and mid-sized corporations, but its popularity is barely falling year-over-year, despite the improvements Microsoft has made to XP during that time period. And, if I can be blunt, despite the fact that Microsoft has virtually abandoned Win2K.
The study, which you can download for free (see the URL below), is quite interesting. In 2005, Win2K use in large and mid-sized businesses beat out XP use 48 percent to 37 percent. (Meanwhile, Windows 9x use has been "marginalized" to less than 5 percent of the market, whereas Windows NT 4.0 is still in use at 10 percent of corporations.) What's really interesting is the way Win2K has held its own. Despite XP use jumping from 6.6 percent to almost 40 percent of the market since December 2003, Win2K use has eroded only 5 percent during this period.
To be fair to Microsoft, the company had previously extended the Win2K support lifecycle and will support the OS for a longer period of time than it supported its predecessors. (Win2K has a 126-month lifespan, compared to 96 months for Win98.) But it will have a shorter lifespan than XP, which will be supported for at least 144 months (12 years), depending on when Longhorn ships.
As of July 2005, Win2K is officially in the extended support phase of its lifecycle. That means that the company won't ship any more service packs or free nonsecurity hotfixes for the product. The company will continue to ship security fixes for Win2K and might issue a second Update Rollup in the future if it ships enough security fixes. But you can forget about new features. So when Microsoft ships the more secure IE 7.0 product in late 2005, it will be available to XP SP2, XP Professional x64 Edition, and Windows 2003 SP1 customers, but not to Win2K users.
That's an important point. IE 7.0 isn't just a cool new Web browser with tabbed browsing and other desirable features. It's a more secure browser, and its inclusion in Windows will make the underlying platform more secure. Win2K users won't be able to take advantage of that.
Although Microsoft is a huge corporation with seemingly infinite resources, XP SP2 took more than a year to develop, and the development effort for Win2K SP5 would likely have taken a similar amount of time. Given Win2K's recent slide into extended support and, presumably, a faster uptake rate for XP in the months ahead, I understand why the company would want to put all its security eggs in the XP SP2 (client) and Windows 2003 SP1 (server) baskets and walk away from the aging Win2K platform. It's just a shame that the company didn't take into account that its customers aren't necessarily making the same transition.
Analysis of Windows 2000 Popularity in 2005 (AssetMetrix) http://www.assetmetrix.com/forms/index.asp?template_id=106
