The document analyzes the risks of using outdated Windows 95 and 98 operating systems after Microsoft ends support. It finds that 80% of surveyed companies still have at least one Windows 95/98 system, accounting for 39% of total systems on average. While larger companies were just as likely to have Windows 95/98 systems as smaller ones, the percentage of outdated systems tended to decrease slightly with increasing company size. Factors contributing to the retention of Windows 95/98 included cost-cutting measures during an economic slowdown in 2001 that extended the lifecycles of older PCs, as well as hardware limitations that made upgrading difficult. The document recommends companies immediately evaluate strategies to retire all Windows 98 installations once support ends.
Security and Governance Strategies for the Consumerization of ITMicrosoft
Consumerization of IT introduces the notion of unmanaged devices, also referred to as untrusted platforms. When planning for the consumerization of IT, enterprises must develop strategies to mitigate risks and protect sensitive assets, and develop policies for information protection, data management, platform security, and other related areas. This white paper discusses security and governance strategies that help mitigate risk.
This white paper is one part of the “Microsoft Recommendations for a Consumerization of IT Strategy” series. This series introduces the phenomenon known as the consumerization of IT, including strategies for supporting the proliferation of devices in the workplace, and supporting work tasks on personal devices at diverse locations.
Esg solution showcase considerations for protecting converged systems and ...Fernando Alves
Jason Buffington, Sr. Analyst Enterprise Strategy Group, examines the considerations for protecting converged/hyperconverged infrastructures and shares what Veritas is doing about it.
Modern organizations from different sizes (Small, , Medium and Large) consider information as one of the most important of their assets that need to be secured against increasing number of threats. The importance of the information comes from its impacts on the main tasks performed by the organization. The evolution of Information Technology and Information Systems is changing permanently the characteristics and the components of such systems and the ways needed to protect them against any security risk. Periodic data backup is a system administration task that has changed as new technologies have altered the fundamental structure of networks. These changes encourage rethinking of modern backup strategies and techniques. In addition, standard backup programs and specialized tools are often needed. This paper provides an overview of issues to be considered for a long term, stable and secure backup system. A new approach (Hardware) called Black Box backup system is proposed based on current risk management plans and procedures used mainly in the aerospace industry.
Security and Governance Strategies for the Consumerization of ITMicrosoft
Consumerization of IT introduces the notion of unmanaged devices, also referred to as untrusted platforms. When planning for the consumerization of IT, enterprises must develop strategies to mitigate risks and protect sensitive assets, and develop policies for information protection, data management, platform security, and other related areas. This white paper discusses security and governance strategies that help mitigate risk.
This white paper is one part of the “Microsoft Recommendations for a Consumerization of IT Strategy” series. This series introduces the phenomenon known as the consumerization of IT, including strategies for supporting the proliferation of devices in the workplace, and supporting work tasks on personal devices at diverse locations.
Esg solution showcase considerations for protecting converged systems and ...Fernando Alves
Jason Buffington, Sr. Analyst Enterprise Strategy Group, examines the considerations for protecting converged/hyperconverged infrastructures and shares what Veritas is doing about it.
Modern organizations from different sizes (Small, , Medium and Large) consider information as one of the most important of their assets that need to be secured against increasing number of threats. The importance of the information comes from its impacts on the main tasks performed by the organization. The evolution of Information Technology and Information Systems is changing permanently the characteristics and the components of such systems and the ways needed to protect them against any security risk. Periodic data backup is a system administration task that has changed as new technologies have altered the fundamental structure of networks. These changes encourage rethinking of modern backup strategies and techniques. In addition, standard backup programs and specialized tools are often needed. This paper provides an overview of issues to be considered for a long term, stable and secure backup system. A new approach (Hardware) called Black Box backup system is proposed based on current risk management plans and procedures used mainly in the aerospace industry.
This is basic company information for public view.
For a more complete presentation of agency capabilities and work, please visit www.media8.com/gallery or contact us directly.
Expense Reduction Analysts Business Newsletter
En este numero hablamos de RSC y supply chain y casos de nuestros clientes: ABB (España) y DEBORAH (Italia). Igualmente, analizamos como enfocar la optimización de los costes bancarios.
Buena lectura!!
TECHNICAL BRIEF Protecting & Migrating Legacy Windows OSesSymantec
End of Support is Not the End of Business
Businesses need to be prepared for the end of support of operating systems (OSes), especially if the OS is used enterprise-wide or runs business critical applications, such as Microsoft® Windows XP® and Windows Server® 2003.
As you know, Microsoft ended support for Windows XP on 8 April 2014, and will similarly pull the plugon Windows Server 2003 on 14 July 2015. Without any security patches, Microsoft has cautioned that “PCs running Windows XP after April 8, 2014 should not be considered to be protected”.
However, many organisations stick with their legacy Windows systems, even after support ends. Changing an OS across the entire organisation opens up the risk of downtime for mission critical applications. Migrating to a new OS is also manpower-intensive, and could easily lead to time and cost overruns.
Not surprisingly, companies see very little incentive to replace an unsupported but still functional OS—until there is an overwhelmingly urgent need to do so. In addition, their business may be dependent on old, proprietary applications that cannot run on newer platforms. Yet, it’s crucial for organisations to understand the risks of running an out-of-support OS against the costs and effort of migrating to a new one.
Microsoft Windows Azure - Security Best Practices for Developing Windows Azur...Microsoft Private Cloud
The idea that purchasing services from a cloud service provider may allow businesses to save money while they focus on their core business is an enticing proposition. Many analysts view the emerging possibilities for pricing and delivering services online as disruptive to market conditions. Market studies and the ensuing dialogue among prospective customers and service providers reveal some consistent themes and potential barriers to the rapid adoption of cloud services. Business decision makers want to know, for example, how to address key issues of security, privacy and reliability in the Microsoft Cloud Computing environment, and they are concerned as well about the implications of cloud services for their risk and operations decisions.
This is basic company information for public view.
For a more complete presentation of agency capabilities and work, please visit www.media8.com/gallery or contact us directly.
Expense Reduction Analysts Business Newsletter
En este numero hablamos de RSC y supply chain y casos de nuestros clientes: ABB (España) y DEBORAH (Italia). Igualmente, analizamos como enfocar la optimización de los costes bancarios.
Buena lectura!!
TECHNICAL BRIEF Protecting & Migrating Legacy Windows OSesSymantec
End of Support is Not the End of Business
Businesses need to be prepared for the end of support of operating systems (OSes), especially if the OS is used enterprise-wide or runs business critical applications, such as Microsoft® Windows XP® and Windows Server® 2003.
As you know, Microsoft ended support for Windows XP on 8 April 2014, and will similarly pull the plugon Windows Server 2003 on 14 July 2015. Without any security patches, Microsoft has cautioned that “PCs running Windows XP after April 8, 2014 should not be considered to be protected”.
However, many organisations stick with their legacy Windows systems, even after support ends. Changing an OS across the entire organisation opens up the risk of downtime for mission critical applications. Migrating to a new OS is also manpower-intensive, and could easily lead to time and cost overruns.
Not surprisingly, companies see very little incentive to replace an unsupported but still functional OS—until there is an overwhelmingly urgent need to do so. In addition, their business may be dependent on old, proprietary applications that cannot run on newer platforms. Yet, it’s crucial for organisations to understand the risks of running an out-of-support OS against the costs and effort of migrating to a new one.
Microsoft Windows Azure - Security Best Practices for Developing Windows Azur...Microsoft Private Cloud
The idea that purchasing services from a cloud service provider may allow businesses to save money while they focus on their core business is an enticing proposition. Many analysts view the emerging possibilities for pricing and delivering services online as disruptive to market conditions. Market studies and the ensuing dialogue among prospective customers and service providers reveal some consistent themes and potential barriers to the rapid adoption of cloud services. Business decision makers want to know, for example, how to address key issues of security, privacy and reliability in the Microsoft Cloud Computing environment, and they are concerned as well about the implications of cloud services for their risk and operations decisions.
Strength1. Comprehensive Product Portfolio Microsoft offe.docxjohniemcm5zt
Strength
1. Comprehensive Product Portfolio
Microsoft offers a comprehensive range of software, services, and hardware solutions across different customer classes, which enable it to enjoy a leading market position. Microsoft generates revenue by developing, manufacturing, licensing, and supporting software and services across a wide variety of computing devices. The company does business worldwide through offices in more than 100 countries. Microsoft carries out the development of systems (servers, personal computers, and intelligent devices), server applications (distributed computing environments), information worker productivity applications, business solution applications, high-performance computing applications, software development tools, video games, and online advertising.
Microsoft also provides consulting and product and solution support service, and trains and certifies computer system integrators and developers. It also concentrates on the development of various cloud-based solutions that provide customers software, services and content over the Internet by way of shared computing resources located in centralized data centers. The comprehensive product portfolio of Microsoft enables it to cater to a wide variety of customer requirements across industries and geographies.
2. Strong margins and cash position
Microsoft enjoys strong cash flow conversion rates. In FY2012, the company was able to convert 186% of its net income into cash from operations. Comparatively, IBM converted 118% of net income during FY2011 and Apple converted 122% of net income into cash from operations in FY2012. The strong cash conversion that Microsoft enjoys indicates the inherent strength in the company's business model which is dominated by sticky revenues requiring lower cost of acquisitions and pricing power associated with products that command high switching costs. The company’s strong cash flow generation capability supports its growth prospects. Strong cash flows and margins provide resilience to the business operations and reduce vulnerability to market declines. Cash flows enable the company to further finance growth at feasible costs.
3. Strong Intellectual Property
Securing patent rights is important for the development of the company’s product portfolio. Strong patent portfolio creates market exclusivity to the proprietary technology, giving the company an edge over its competitors. The company's success depends primarily on its ability to maintain and establish the proprietary nature of its technology through the patent process. The company protects intellectual property investments in a variety of ways. It actively works in the U.S. and internationally to ensure the enforcement of copyright, trademark, trade secret, and other protections that apply to its software and hardware products, services, business plans, and branding. Microsoft maintains a comprehensive U.S. and international portfolio of intellectual property which help i.
March is most definitely full of madness as Microsoft resolves 115 unique vulnerabilities! The good news is you can predict what to do much easier than your basketball picks. Patch the OS and browsers and you take care of 97 CVEs from the 115 contenders.
HMI/SCADA 리스크 감소
돌발적인 가동중지를 최소화하고 조직을 보호할 수 있는 핵심 단계
Decrease your HMI/SCADA risk
Key steps to minimize unplanned downtime and protect your organization
Securing your Windows Network with the Microsoft Security BaselinesFrank Lesniak
IT professionals everywhere strive to secure their network, but it can be a daunting task. Luckily, Microsoft provides some boilerplate templates to get you started.
In this session, Frank begins by providing an overview of the Microsoft Security Baselines, explaining what they are and how they relate to the Center for Internet Security (CIS) Benchmarks, why Security Baselines are important (especially in PCI- or HIPAA-regulated environments), what to expect to change when implementing a baseline, when it is appropriate to implement a Microsoft Security Baseline, and provide you with project success criteria.
Then it's time for the details: Frank explains how to inventory your systems, how to download the Microsoft Security Baselines, how to apply your first Baseline to Active Directory, and how to manage the implementation---including recommendations on how to make changes (or "overrides") to the Security Baselines both from a process standpoint and a technical standpoint (using Group Policy Management).
Project Deliverable 2 Business Requirements1Project Deliverab.docxwkyra78
Project Deliverable 2: Business Requirements 1
Project Deliverable 2: Business Requirements 3
Project Deliverable 2: Business Requirements
Jessica Hill
Dr. Jan Felton
CIS 590: Directed Research Project
February 1, 2015
Table of Contents
1 Business Requirements……………………………………………………………….………3
1.1 Project Overview…………………………………………………………………….........3
1.2 Background including current process…………………………………………….3
1.3 Scope………………………………………………………………………………3
1.3.1 Scope of Project……………………………………………………….........4
1.3.2 Constraints and Assumptions……………………………………….............5
1.3.3. Risks…………………………………………………………………..........5
1.3.4. Scope Control ………………………………………………………………5
1.3.5. Relationship to Other Systems/Projects ……………………………………6
1.3.6. Definition of Terms (if applicable)………………………………………...6
1.1 Project Overview
This project is an information Technology project that was requested by WebFOCUS Company. The project is a development of a secure website that offers online advertisements, sharing, collection and storage of visual tools. The Website should be hosted in a cloud environment and should provide database functions for use in data warehousing
1.2 Background including current process
WebFOCUS was developed in order to generate profit through online advertisements as well as offshoring and outsourcing of business operations. Currently the business uses the relational database analysis. The company’s website in operated on both Windows and Mac OS X operating systems. In order to enhance virtualization, the company is seeking cloud computing services as well as data warehousing for data analysis purposes.
The project goals include;
a. Generation of profit through the charges on advertisement
b. Integration of database and operating systems in employee management.
c. Outsourcing work at a reduced cost (Olsen, 2006)
d. Developing a secure network infrastructure
e. The use of cloud computing to handle and share data
Tasks
a. Develop a website for advertisement
b. Install security measures
c. Integrate the website with cloud computing functionalities
d. Develop the outsourcing functionalities within the website
1.3 Scope
The scope of this project involves the determination and documentation of the project goals, deliverable, tasks, the cost and the deadlines.
1.3.1 Scope of the Project
Project Deliverables:
Scope Statement: This statement outlines the major activities to be carried out within the time allocated for the project. The scope statement’s goal is the financial analysis and financial documents regarding the operation of the project. The cost incurred and the revenue generated can be compared to observe the progress of the project.
Progress Reports: These include the process and the stages at which the project is undergoing. For the development of secure network infrastructure, the progress report deliverables would be network firewall types, authenticati ...
Despite cloud computing’s maturation as an enterprise IT application or infrastructure option, IT management concerns persist, notably in the areas of security, IT governance, and business continuity. The speaker will focus on security and data governance issues regarding deployment of private, hybrid and public clouds, and offer a pragmatic plan for resolving these concerns. This plan navigates the tangle of security responsibilities between enterprises and cloud service providers to enable IT managers to leverage the economics and flexibility provided by cloud-based applications. The plan focuses on how companies can create secure spaces in the cloud and both protect and control data in those spaces.
Todd Thiemann ,. Senior Director, Datacenter Products, Trend Micro, Inc.
Todd Thiemann has been with Trend Micro for over eight years and is currently responsible for planning Trend Micro’s products and technologies designed to secure datacenter information including virtualization and cloud security, DLP, and encryption. Todd is also co-chair of the Cloud Security Alliance Solution Provider Forum.
Todd holds a BS degree from Georgetown University and an MBA from the Anderson School of Business at the University of California, Los Angeles.
Similar to Asset Metrix Win98 Analysis Asset Labs Edition (20)
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfPeter Spielvogel
Building better applications for business users with SAP Fiori.
• What is SAP Fiori and why it matters to you
• How a better user experience drives measurable business benefits
• How to get started with SAP Fiori today
• How SAP Fiori elements accelerates application development
• How SAP Build Code includes SAP Fiori tools and other generative artificial intelligence capabilities
• How SAP Fiori paves the way for using AI in SAP apps
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
The Metaverse and AI: how can decision-makers harness the Metaverse for their...Jen Stirrup
The Metaverse is popularized in science fiction, and now it is becoming closer to being a part of our daily lives through the use of social media and shopping companies. How can businesses survive in a world where Artificial Intelligence is becoming the present as well as the future of technology, and how does the Metaverse fit into business strategy when futurist ideas are developing into reality at accelerated rates? How do we do this when our data isn't up to scratch? How can we move towards success with our data so we are set up for the Metaverse when it arrives?
How can you help your company evolve, adapt, and succeed using Artificial Intelligence and the Metaverse to stay ahead of the competition? What are the potential issues, complications, and benefits that these technologies could bring to us and our organizations? In this session, Jen Stirrup will explain how to start thinking about these technologies as an organisation.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
Asset Metrix Win98 Analysis Asset Labs Edition
1. AssetLabs
The following document is authored by Steve O’Halloran – the co-founder of AssetMetrix (now owned by
Microsoft Corporation).mailto:steve@Assetlabs.com?subject=Windows 95/98 documentThis docuem
Re-distribution rights have been allowed via a legal arrangement between Mr. O’Halloran and AssetMetrix.
AssetMetrix – now owned by Microsoft Corporation - remains the holder of Copyright of the following
document. Other AssetMetrix ‘Research Labs’ documents can be found at www.AssetLabs.com
2. Usage Analysis & Risks
of unsupported Operating Systems:
Microsoft® Windows® 95 & Windows® 98
Executive Summary:
On January 16th, 2004, Microsoft® Windows® 98 enters the ‘non-support’ portion of its support
lifecycle. Windows 98 is considered obsolete, and security based hotfixes will not be generally
available for users of Windows 98 or Windows 98-SE.
With the high trend of security exploits (viruses, worms, trojans, etc.) against Microsoft Windows
and associated applications, and with Microsoft’s increased efforts to patch security exploits via
monthly hotfixes, companies with ‘Internet-facing’ PCs installed with Windows 95 or
Windows 98 face an ever-increasing risk of security breach for their entire network
throughout 2004 and beyond.
Analysis indicates that a high level of Windows 98 (and Windows 95) retention is most likely an
artifact of attempts to extend the lifecycle of ‘pre-Y2K’ PCs during the 2001 economic slow-down,
and that this decision to continue to use PCs with 1999-based components restrained
corporations from migrating away from a Win9X environment.
Companies with a significant investment in Windows 98 – and who did not purchase an extended
hotfix support contract in summer 2003 - should immediately evaluate strategies to retire all
installations of Windows 98.
Statistical Synopsis
AssetMetrix Research Labs conducted a statistical analysis of Microsoft Windows 95 and Windows
98 operating systems from 670 corporations ranging in size from 10 to 49,000 employees,
representing a total of 372,129 PCs.
80.2% (538 of the 670) of the companies had at least one instance of Windows 95 or
98, with no correlation between company size and Win95/98 presence (referred to from here on
as ‘Win9X’).
3. Of the 538 companies, Win9X accounted for 39.2% of the operating systems found,
with a standard deviation of 31.3%. Such a high standard deviation suggests a wide variance of
Win9X, from as low as 10% to as high as 70% (as can be seen in the statistics sections).
Index
Understanding the risks associated with Windows 9X ..................................................................................4
Other risks associated to loss of Windows 98 support
Even for Windows 98 PCs that are completely protected from the Internet, the cost of support rises –
both in time and money - as the Windows 98 knowledgebase of support personnel diminishes over time.
Any mission critical application or job function that is running on/through a Windows 98 PC is at an
increased risk of returning to ‘uptime’ - and an increased chance of data loss - as Windows 98 skill set
diminishes over time.
..........................................................................................................................................................................4
Understanding Microsoft’s Lifecycle Support Policy....................................................................................4
Dataset Parameters..........................................................................................................................................7
Data Privacy....................................................................................................................................................7
Data Analysis:..................................................................................................................................................8
Overall Operating System popularity.......................................................................................................8
Distribution of Win9X across Company Size...........................................................................................8
Trends Analysis...........................................................................................................................................8
Factors leading to Win9X ‘retention’ ............................................................................................................9
1. Fiscal measures to reduce costs in 2001 cause retention of ‘Pre-Y2K’ Hardware..........................9
2. Win9X maintained on older PCs due to hardware component constraints.....................................9
3. Win9X retained due to hardware form factor constraints..............................................................10
Commentary ..................................................................................................................................................11
Suggestions....................................................................................................................................................11
Addendum 1:
Microsoft Products ending Extended Support for
Dec 2003 - Jan 2004
........................................................................................................................................................................12
Addendum 2:
Microsoft Products ending Mainstream Support for
Dec 2003 - Jan 2004
........................................................................................................................................................................14
Disclaimer......................................................................................................................................................17
About AssetMetrix.........................................................................................................................................18
About AssetMetrix Research Labs................................................................................................................18
4. Understanding the risks associated with Windows 9X
The largest potential risk to corporations using Windows95 and Windows98 is the probability of an
Internet-based security exploit being discovered after January 2004 that can affect a Windows 9X PC.
Typically, security exploits –due to a code issue within the Operating System and/or the Internet Browser
– are reviewed and remedied by Microsoft via their monthly hotfix releases. After January 2004, Microsoft
is no longer obligated to supply any security based Hotfixes for Windows 98 users.
Thus, Windows 98 users become increasingly prone to any new security exploits, as security patches may
not be supplied. Virus authors & hackers will certainly view any Windows 98 PC as a more vulnerable
entry-point into the network infrastructure, being able to exploit security holes that have been
subsequently ‘patched’ on PCs with Windows 2000, Windows XP, etc.
As time progresses – and the number of security exploits increases – any Internet-facing Windows 98 PC
increases its vulnerability –and opportunity - to attack.
Other risks associated to loss of Windows 98 support
Even for Windows 98 PCs that are completely protected from the Internet, the cost of support rises – both
in time and money - as the Windows 98 knowledgebase of support personnel diminishes over time. Any
mission critical application or job function that is running on/through a Windows 98 PC is at an increased
risk of returning to ‘uptime’ - and an increased chance of data loss - as Windows 98 skill set diminishes
over time.
Understanding Microsoft’s Lifecycle Support Policy
For Business software, Microsoft has three distinct phases for support.1
(1) Mainstream support includes all the support options and
programs that customers receive today, such as no-
charge incident support, paid incident support, support
charged on an hourly basis, support for warranty claims,
and hotfix support. After Mainstream support ends,
Extended support will be offered for Business and
Development software.
(2) Extended support includes all paid support options,
as well as security-related hotfix support which is
provided at no charge. Non-security related hotfix
support requires a separate Extended Hotfix Support
contract to be purchased within 90 days after Mainstream support ends. Microsoft will not accept
requests for warranty support, design changes, or new features during the Extended support
phase.
3) Self-help online support is available for minimum of eight years after the product is released.
By using Microsoft’s online Knowledge Base articles, FAQs, troubleshooting tools, and other
resources, many customers can quickly resolve their issues without contacting Microsoft directly.
1
Microsoft Website: http://support.microsoft.com/default.aspx?scid=fh;[ln];lifecycle
5.
6. The Lifecycle of Microsoft Windows 98 vs. other ‘Windows’
Windows 98 was introduced on June 30th, 1998 (Windows 98-SE introduced one year later) and is based
upon the ‘Win32’ architecture of Windows 95 (originating from DOS & Windows 3.X), whereas Windows
2000 and Windows XP are based upon the WinNT architecture (with origins from OS/2 development; see
chart below).
As such, Windows 98 is the last business-based ‘Win32’ OS remaining on the market (Windows ME is a
consumer based OS).
Originally, Windows 98 end of Extended Support was slated for June 30th, 2003, but was extended by
Microsoft – in June 2003 – to January 16th, 2004, most probably in response to large corporate customers
who had yet to retire their Windows 98 platforms.
Rather than offering Extended Support for Windows 98 from June 2003 to June 2005 (two years after
Mainstream support phase, Microsoft is terminating the extended support phase for both Windows 98 and
Windows 98 SE on January 2004, and will consider those products as obsolete.
7. Dataset Parameters
AssetMetrix Research Labs conducted a statistical analysis of the Microsoft Windows 95 and
Windows98 operating systems sample size of 670 corporations ranging in size from 10 to 49,000
employees.
Inventories of the 670-company sample were conducted within the last 14 months, and represent
372,129 PCs from companies in almost every market sector including:
• Financial
• Communications
• Government
• Healthcare
• Services
• Transportation
• Utilities
80.2% (538 of the 670) of the companies had at least one instance of Windows 95 or
Windows 98, with no correlation between company size and Win95/98 presence (referred to
from here on as ‘Win9X’).
Of the 538 companies, Win9X accounted for 39.2 % of the operating systems found,
with a standard deviation of 31.3%. Such a high standard deviation is not from a small sampling
but rather from a truly wide variance of Win9X, from as low as 10% to as high as 70% (as can be
seen in the statistics sections).
Data Privacy
Corporate participants in this survey are protected by AssetMetrix’s strict privacy and
confidentiality policy. Data used by AssetMetrix Research Labs was blindly aggregated to prevent
any identification of a company and/or any end-user identifiers.
8. Data Analysis:
Overall Operating System popularity
OS Popularity
From the entire dataset, Windows 98 and
Windows 95 accounted for more than 27% of
Win NT4
the OS type, including companies that had no 13.3%
Win XP
6.6%
Windows 98 installations at all
Win 95
Windows 2000 was the dominant Operating Win 9X
14.7%
System, consisting of 54.6% of the OS type. In 27.2%
Win 98
2nd place was the Win9X category, exceeding 12.5%
Win 2000
27%. 52.6% Win ME
0.2%
Surprisingly, there are more installations of
either Windows 95 or Windows 98 than
Windows XP.
Windows XP – introduced by Microsoft in Dec 2001 – accounted for less than 7% of the install base. This
data may suggest that corporations are currently tending to upgrade to Windows 2000 rather than
Windows XP.
Conclusion: The popularity of Win9X (27.2%) is second only to Windows 2000 (52.6%)
Distribution of Win9X across Company Size
AssetMetrix Research Lab analyses Win9X installations vs. Company Size
determined no apparent correlation between
company size and Win9X usage; larger 100.0%
companies tended to have the same
80.0%
distribution range of Win9X as smaller
% of Win9X
companies. 60.0%
40.0%
As seen on the X-Y scatter plot on the right,
20.0%
larger companies are just as apt to have a
significant Win9X install base as smaller 0.0%
companies. 0 500 1000 1500 2000 2500 3000 3500 4000 4500 5000 5500 6000
Company Size
Conclusion: There is no significant correlation to company size and the magnitude of Win9X;
larger companies can have significant installations of Win9X
Trends Analysis Average Win9X install vs. Company Size
By placing the company data into quantile
ranges of 100’s (i.e. 100 to 200, 200 to 300, 70.0%
etc.), Win9X averages were produced from
60.0%
each subset. Overall, there was a slight trend
50.0%
Win9X install (%)
of the average Win9X install to decrease from
30% towards 20% as the company size 40.0% Avg
increased (as noted in the black linear trend- 30.0% Linear (Avg)
line). 20.0%
10.0%
0.0%
0 1000 2000 3000 4000 5000
Com pany Size
9. Conclusion: Smaller companies tended to have an average Win9X population size of 30%, with
larger companies tending to have an average Win9X population size of 20%
Factors leading to Win9X ‘retention’
On first approach, the existence of Windows 95 and Windows 98 in corporate environments is not
expected for the following reasons:
1. Any company who has entered into an OS-based Microsoft VLA (Volume License Agreement) after
December 2001 has the rights to install Windows XP on all PCs with a previous operating system.
2. A 3-year lifecycle would assume that PCs purchased in 2000 would be replaced with PCs pre-
installed with Windows 2000 or Windows XP.
3. Customers have been aware of Microsoft’s intention to ‘retire’ Windows 98.
However, with over 80% of the companies having Win9X present, and at a rate approaching 40%, there
are other factors that supercede the initial logic of retiring Win9X in corporate environments.
1. Fiscal measures to reduce costs in 2001 cause retention of ‘Pre-Y2K’ Hardware
2001 saw a severe impact almost all sectors of the
corporate marketplace; US GDP sank to –1.6%, and GDP Growth
US PC sales decreased by 12% from the previous 6%
year. In short, companies were tending not replacing
their ‘old’ Win9X PCs with newer ones. 5%
4%
From a suggested 3 year lifecycle perspective, the 3%
economic depression in 2001 affected PCs purchased
)
M
F
O
T
P
D
S
U
:
E
C
R
(
2%
in 1998 and early 1999. Not knowing the extent of
this economic slowdown, many companies had opted 1%
to extend the life of their ‘pre-Y2K’ PCs well into 2002. 0%
-1%
This fiscal restraint caused PC lifecycles to be
extended to 4 or 5 years. Since the older PCs -2%
offsetting the purchase of more powerful PCs that 00 01 01 02 02
00
Q4 0
00
02
02
03
03
01
01
-20 -20 -20 -20 -20
0
-20
-20
-20
-20
-20
-20
-20
-20
-20
Q2 Q1 Q4 Q1 Q4
would come pre-installed with Windows 2000 or
Q1
Q3
Q2
Q3
Q2
Q3
Q1
Q2
Windows XP
2. Win9X maintained on older PCs due to hardware component constraints.
In the data analysis, Win9X based PCs had a high correlation to ‘legacy’ PC hardware components
(CPU, RAM and Hard Drive). PCs with Windows 9X tended to have components that were as old
as Windows 95 or Windows 98.
Component Win 95 Win 98 Win9X
(blended)
Avg CPU Speed 334 Mhz 1179 Mhz 723
Avg RAM 86 Mb 231 Mb 153
Avg Hard Drive 5548 Mb 11314 Mb 8199
330 Mhz CPUs were generally introduced by Intel Corporation between April 1998 and January
1999 (accounting for different product lines with the same CPU speed). Intel Corporation later
introduced 1Ghz Desktop CPU’s in November, 2000.
Thus the average age of the Win9X PCs lies between late 1998 and late 2000 (before the
introduction of Windows XP). This indicates that the ‘pre-Y2K’ PC typically retained its original
configuration, and thus was limited to maintaining the original Windows 95/98 rather than
upgrading to Windows 2000 or XP.
10. 3. Win9X retained due to hardware form factor constraints
Until the introduction of Windows XP in
December 2001, Windows 98 was considered OS & Form factor # %
the OS of choice for mobile PCs; both NT4 and Win95 Desktops 25438 84.9%
Windows2000 had many ‘mobile’
incompatibility issues that weren’t addressed in
Win95 Mobile 4523 15.1%
the “NT” architecture.
Win98 Desktops 33484 78.2%
Win98 Mobile 9321 21.8%
As such, migrating a mobile over to Windows 2000 or Windows NT was typically avoided, and
many of those mobiles aren’t effectively powerful enough to use Windows XP today.
Mobile Popularity (% of all PC sales)
Being relatively ‘fixed’ in their component
26.0%
structure, Mobile PCs are less flexible in
25.0% 25.0%
accommodating future Operating 24.0% 23.8%
Systems. The combination of the 23.0%
increasing popularity of Mobiles (see 22.0%
22.3%
21.8%
chart on right) along with resistance to 21.0%
%
use Windows 2000, resulted in another 20.0% 20.0%
factor to have ‘pre-Y2K’ mobiles retain 19.0%
18.2%
their original Win9X operating system. 18.0%
17.6%
17.0%
16.0%
Q2-1998
Q1-2000
Q4-2001
Q1-1998
Q3-1998
Q4-1998
Q1-1999
Q2-1999
Q3-1999
Q4-1999
Q2-2000
Q3-2000
Q4-2000
Q1-2001
Q2-2001
Q3-2001
Q1-2002
Q2-2002
Q3-2002
Q4-2002
Q1-2003
11. Commentary
The pervasiveness of Windows 9X appears to be an artifact of companies retaining their hardware (both
desktops and mobiles) purchased for the Y2K-migration in 1999 and early 2000. The significant presence
of Windows 95 and Windows 98 is a sign that companies have been holding onto original hardware
purchased during ‘pre-Y2K’ and thus have also been holding onto the original Operating System.
The retention of older PCs has prevented most companies from replacing their Win9X operating systems
with more robust Operating systems (Windows 2000, Windows XP).
The seamless interoperability between WIN9X and WINNT based operating systems – both at a desktop
and at a network management level – has led to the ‘acceptance’ of Windows98 in a corporate
environment. From an internal network management perspective, the ability to manage both Win9X PCs
and WINNT-based PCs (Windows NT, 2000 & XP) is effectively seamless. Also seamless is the
interoperability of Office applications between Win9X and WinNT Operating systems, as all editions of
Microsoft Office (except Office 2003) can operate on Windows98.
Windows 98 has not been a management issue with respect to application functionality or network
management. As of January 2004, security should become the dominant determination to the
continuation of Windows 98 in the corporate environment.
Suggestions
1.) Ensure that all PCs – regardless of the OS - have the latest Microsoft Security Hotfixes
2.) Identify the magnitude of Windows95 and Windows98 in your corporation via a PC inventory
3.) Any Windows9X based PC with access to the Internet (including mobiles that leave the company
network) should be candidates for migrating to Windows XP or Windows 2000.
4.) Determine if installations of Windows 2000 or Windows XP is covered under a Microsoft VLA
5.) Determine if any PC candidates require any RAM or HD upgrades, or requiring a new PC
altogether.
6.) Based upon the age of your non-Win9X PCs and the number of new PCs required, determine if
new PCs should be leased or purchased in order to synchronize the new PCs with your existing
population.
12. Addendum 1:
Microsoft Products ending Extended Support for
Dec 2003 - Jan 2004
General Extended
Mainstream
Product Name Availability Support
Support Retired
Date Retired
Access 97 16-Jan-1997 31-Aug- 2001 16-Jan-2004
Content Replication Service Replication Service 30-Jun-1998 31-Dec-2002 1-Jan-2004
DFS 4.1 09-Oct-1997 31-Jan-2003 31-Dec-2003
Excel 97 16-Jan-1997 31-Aug- 2001 16-Jan-2004
Fax Services for NTW 27-Jan-1997 31-Dec-2002 31-Dec-2003
Office 97 30-Dec-1996 31-Aug- 2001 16-Jan-2004
Office 97 Developer 05-Jan-1997 31-Aug- 2001 16-Jan-2004
Office 97 Professional 16-Jan-1997 31-Aug- 2001 16-Jan-2004
Office 97 Small Business 16-Jan-1997 31-Aug- 2001 16-Jan-2004
Office 97 Standard 16-Jan-1997 31-Aug- 2001 16-Jan-2004
Outlook 98 21-Jun-1998 31-Aug- 2001 16-Jan-2004
PowerPoint 97 16-Jan-1997 31-Aug- 2001 16-Jan-2004
Proxy Server 2.0 25-Dec-1997 31-Dec-2003 31-Dec-2003
Routing and Remote Access Service 25-Aug-1997 31-Dec-2002 31-Dec-2003
Services for Netware 4.0 14-Nov-1996 31-Dec-2002 31-Dec-2003
SMS 1.2 23-Oct-1996 31-Dec-2001 31-Dec-2003
Visual SourceSafe 5.0 31-Mar-1997 31-Dec-2001 31-Dec-2003
Windows Media Encoder 7.1 on Windows Millennium Edition Not Available 31-Dec-2003 31-Dec-2003
Windows Media Player 6.4 on Windows XP Home Edition Not Available 31-Dec-2003 31-Dec-2003
Windows Media Player 6.4 on Windows Millennium Edition Not Available 31-Dec-2003 31-Dec-2003
Windows Media Player 7.1 on Windows Millennium Edition Not Available 31-Dec-2003 31-Dec-2003
Windows Media Player 9 on Windows Millennium Edition Not Available 7-Jan-2003 31-Dec-2003
WMF SDK 7.1 on Windows Millennium Edition Not Available 31-Dec-2003 31-Dec-2003
Word 97 16-Jan-1997 31-Aug- 2001 16-Jan-2004
Zero Admin for NT4 21-Sep-1997 31-Dec-2002 31-Dec-2003
15. Product Name
General Availability Date
Mainstream Support
Retired
Extended Support Retired
CD Photo Viewer V1 for
Windows Millennium
01-Feb-2003
31-Dec-2003
31-Dec-2004
Exchange Server 5.0
23-May-1997
31-Dec-2003
31-Dec-2005
Exchange Server 5.0
Enterprise Edition
23-May-1997
31-Dec-2003
31-Dec-2005
Exchange Server 5.5
03-Feb-1998
31-Dec-2003
31-Dec-2005
Review note 1 below
Exchange Server 5.5
Enterprise Edition
03-Feb-1998
31-Dec-2003
31-Dec-2005
Proxy Server 2.0
25-Dec-1997
31-Dec-2003
Not Applicable
Windows Media Encoder 7.1
for Windows 2000
Professional
01-May-2001
31-Dec-2003
Not Applicable
Windows Millennium Edition
31-Dec-2000
31-Dec-2003
31-Dec-2004
Windows Media Player 6.4 on
Windows XP Professional
Not Available
31-Dec-2003
31-Dec-2004
Windows 98 Plus! Pack
30-Sep-1997
16-Jan-2004
Not Applicable
1. Extended Hotfix support contract
fees have been waived for the first
18. About AssetMetrix
Founded in 2000 and headquartered in Ottawa, Canada, AssetMetrix is the industry’s first
managed service for PC inventory and IT asset analysis. AssetMetrix gives IT managers the
power to discover, analyze, and manage their MS Windows & Linux desktop and server
environment at the rate of 1,000 PCs per minute, regardless of location or connection.
AssetMetrix discovers over 250 hardware elements, identifies and categorizes 220,000+ software
titles, and reports these findings in over 150 reports, making it the most comprehensive PC
inventory and asset analysis solution available today.
To date, AssetMetrix is deployed in over 4,000 customer sites, and is used in the management of
hundreds of thousands of seats for international resellers and service providers. For more
information, please visit www.assetmetrix.com.
About AssetMetrix Research Labs
AssetMetrix Research Labs is the research division of AssetMetrix, and is responsible for the
algorithms used within the many ’asset analysis’ reports found within AssetMetrix (i.e. Windows
Migration analysis, PC Population Replacement Forecasting, License Calculators, etc.)
AssetMetrix Research Labs focuses on assisting AssetMetrix clientele (and channel partners) with
strategic IT Asset Management advice and solutions, and also with monitoring industry events
and trends on behalf of AssetMetrix to help partners and clients keep abreast of the most
pressing IT Asset Management issues.
Commentary on this document is welcome.
Phone: 613-244-0235
Fax: 613-236-6336
Email: ResearchLabs@AssetMetrix.com