At the beginning of July, Microsoft moved Windows 2000 to its extended support phase as part of the company's life-cycle plan. For those of you who haven't been following this bit of dubious corporate shenanigans, here's what's going on.
In earlier times, PC hardware and, more important, hardware prices changed often and radically. MS-DOS 1.0 didn't support hard disks because the disks were too expensive. By 1984, everyone had a hard disk, and suddenly the OS was full of hard-disk-relevant utilities. Virtually no one ran MS-DOS 1.0 on a hard disk-equipped system. The same thing happened with new processors. In 1985, the new-fangled 386 machines were out of reach of most individuals, and heck, everybody knew that 386s were intended only as servers anyway; it would be a waste of power to put one on a desktop. (That's really how many people thought.) By 1988, 386s were reasonably priced, but memory wasn't, so memory managers appeared in OSs. By the early 1990s, graphical video boards, mice, and network cards were common. People wanted OSs that could exploit the memory, video, and multiprocessing capabilities of inexpensive home systems. The constant hardware changes so fired users' demand for a cool new OS to exploit that hardware that people actually waited in line outside computer stores on the day that Microsoft shipped Windows 95.
Sadly, those days are gone--perhaps forever. New OSs aren't really driven by new hardware in the way that Windows 95 was, mostly because there haven't been radical levels of change in our desktop hardware--it's just become faster, smaller, and cheaper. The Pentiums we use are little more than jazzed up 386s. We're still using DRAM, hard disks, mice, video cards, and so on, which means (if there are any Microsoft shareholders in the audience, you might want to cover your ears) that if you're running new hardware, Win95 will serve almost all your needs.
Arggh, that hurts to say (and it's not correct, if you care about security), but the fact is that just about any new off-the-shelf 32-bit Windows application will run on Windows Server 2003, Windows XP, Win2K, Windows NT 4.0, or Win9x, provided you have sufficient RAM and hard disk space.
So, many people reason, why upgrade? Why not just stay with an OS that seems to work fine? Two reasons exist for upgrading; one is obvious and inevitable, and one is sneaky and underhanded. The obvious reason to upgrade is that, although the improvements that Windows 2003 or XP offer aren't earth-shattering, they're nice, and taken in the aggregate, are tempting. As a support person, I'd much rather support 1000 XP desktops than a similar number of Win2K or earlier desktops. Supporting the later OSs is easier, which translates to better Total Cost of Ownership (TCO). But does making your support techs happier and lowering your TCO a bit yield an attractive net value over staying with Win2K desktops? Sometimes yes, sometimes no, but for many IT directors the change isn't worth the cost or effort.
And that's what's driving Microsoft crazy. The slow pace of hardware change isn't motivating the masses to buy new versions of Microsoft's OSs. So the company devised an underhanded reason to convince customers to upgrade. Over time, people discover flaws in Microsoft's code; nasty, scary flaws that intruders can exploit to take control of a user's computer. If Chevrolet were to discover that a flaw in the AM/FM radios in model year 2000 cars would let another driver with the right equipment take control of your vehicle, the company would move heaven and earth to find a fix--and then distribute it for free. Microsoft doesn't see it that way, however.
When Win2K appeared on the market, Redmond assumed that everyone would upgrade lickety-split. It wasn't a bad assumption; Win2K is a better OS. But people were still smarting from having to fix their Y2K problems, and some folks (e.g., nonprofits, small governments) couldn't afford to upgrade. Other companies are actually prohibited from migrating away from NT 4.0. For example, a friend of mine works in a metal shop where the computerized metal-folding machines depend on NT 4.0 Service Pack 3 (SP3). If the company upgraded its controller machines to SP6a, it could kiss any manufacturer support goodbye. And let's not even talk about what would happen if they upgraded to Win2K.
Then a defect in the remote procedure call (RPC) mechanism made Denial of Service (DoS) attacks on NT 4.0 and later systems a real possibility. See the Microsoft article " MS03-010: Flaw in RPC endpoint mapper could allow Denial of Service attacks" ( http://support.microsoft.com/?kbid=331953 ) for more information about the flaw. Microsoft released patches for Win2K and later systems but claimed ruefully that it was "architecturally impossible" to fix NT 4.0.
Suddenly, NT 4.0 shops that wanted to be secure needed to upgrade. Which leads me to my concern about this life-cycle nonsense for Win2K: Will Microsoft also withhold fixes for egregious defects in Win2K to push people to upgrade to XP or Windows 2003? It's not clear, but one troubling harbinger has already arrived in the XP SP2 antispyware fixes. XP SP2 offered significant changes to Microsoft Internet Explorer (IE) that are compelling to anyone worried about spyware. (And anyone who isn't either doesn't use the Internet or isn't paying attention.) Those changes also made it into Windows 2003 SP1, but the company won't back-port them to Win2K. That's sad.
I don't think that any software company should put a gun to its customers' heads and tell them to upgrade or face the consequences of whatever defects lurk in the company's products. That's particularly true in the case of IE, whose security problems stem primarily from Microsoft's feverish need to add more programmability to IE to achieve greater market share. Yes, at one time new technology drove new software, and sometimes that's still the case; I just bought a Lenovo ThinkPad X41 Tablet PC, and I'd be crazy to run any OS on it but XP Tablet Edition. But the days when people wait in line at midnight for new OSs are over. Microsoft and every other software company must understand that they need to win repeat business, rather than compel it. Or am I the only one who's noticed that Linux's K Desktop Environment (KDE) GUI is looking snappier with every new version?