> >The reality in the business world is a machine's useful life is way longer >than what operating >system manufacturers are supporting from a security patch perspective. The >built in obsolescence is >not hardware, it is the OS, and it is not that the OS is not working and >providing hardware >services, it is security patches the operating system providers are stopping. > >Don't get me wrong. I believe businesses need to move along to bigger and >better hardware and >operating systems in general, but I also know it is not always practical >or appropriate.
Actually, I think the variety and intensity of security attacks on an OS or other vulnerable piece of software roughly follow a sort of bell curve as time passes. When the software is new, there are few attacks. As the software becomes popular and widely distributed, the attacks multiply very rapidly. Then as the next new thing comes out, attacks on its predecessor wane and the malware writers focus on the new thing. So after the peak of the curve has been reached, the older your OS or other software is, the less risk there is in continuing to run it--even after the manufacturer ceases to issue patches. From my point of view, the real issue is communication with other entities. There's no earthly reason for my agency to stop using older OSes and versions of Office--but eventually the entities my agency has to communicate with will drink the Kool-Aid and start sending us stuff in formats that my software can't read, and claiming that they can't read what we send them--at least, not unless people on both ends change their behavior and take extra steps to convert between formats. And it's highly unlikely that people are going to do that instead of demanding that I cave in and drink the Kool-Aid too; after all, it's my job as IT guy to make their lives easier, not more difficult. How difficult and ethically insupportable my job gets is not important to them. And eventually we reach a point where the old OS won't run the new application software, so that forces an OS "upgrade". The reality is, only a relatively small number of enterprises have a real internal business reason to "move along to bigger and better hardware and operating systems" as you suggest--even if I agreed that any significant number of these moves has been in any sense "better", which I do not. The vast majority of them do it because everybody else is doing it and it gets harder and harder to hold the line over time. This is, indeed, planned obsolesence. It's a form of consumer fraud, and it's immoral and unethical. Those are sufficient reasons for it to be stopped. Ken Dibble www.stic-cil.org _______________________________________________ Post Messages to: ProFox@leafe.com Subscription Maintenance: http://leafe.com/mailman/listinfo/profox OT-free version of this list: http://leafe.com/mailman/listinfo/profoxtech ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.
