Netcraft reports that about 1.1% of the websites that they track are still served up by NT4, and that there’s a major security flaw in NT4 that will go forever unpatched due to its end-of-life status.
Hundreds of thousands of web sites that continue to run the Windows NT4 face a security dilemma, with no public patch available for a vulnerability in a key Windows networking protocol. The critical flaw in the Server Message Block (SMB) protocol could allow remote attackers to seize control of servers.
This is a good example of why you don’t want an outside company to have a stranglehold on your critical business components. Granted, NT4 is older than dirt, and no one should be using it anymore, but MS is essentially forcing an upgrade by discontinuing support for it. They’ve found a way to spin the PR, though:
“Windows NT Server 4.0 was developed before the era of sophisticated Internet based attacks. It has reached the point of architectural obsolescence,” said Peter Houston, Microsoft’s senior director of Windows Serviceability. “It would be irresponsible to convey a false sense of security by extending public support for this server product.”
Microsoft isn’t the only ones that are guilty in this regard. Red Hat drops support for older versions pretty quickly as well, despite the fact that the code is readily available to plug any and all security holes that might crop up.
Aren’t these companies essentially saying that their old software was terribly flawed? “No, our old stuff was poorly put together and the security holes can’t be fixed. But our new stuff, now that’s great stuff.”