The World According to Mitch

The day to day ramblings of an IT Professional (and so much more…)

End of Days

In the IT field there are a number of different names for it. CompTIA seems to use two terms: End of Life (EOL) denotes that a product is no longer available for purchase, and End of Service Life (EOSL) means that it is no longer supported by the vendor. Microsoft uses the term End of Support to denote an operating system or application that will no longer receive patches.

Whatever term we use, unsupported operating systems and applications are a huge security risk. Simply put: when a vulnerability is discovered in supported software, the developer can create and distribute a security patch that will address the vulnerability. If a vulnerability is discovered in unsupported software then the developer will not patch it, and any deployed instances of the software will forever be vulnerable.

This is a serious enough issue that any security-minded company will have a policy that states that no unsupported software may be used. This covers both the end of life but also the pre-release (beta) versions of software.

For nearly four years prior to April 8, 2014 I tweeted every day how many days there were until the end of support for Windows XP. My #EndOfDaysXP tag was retweeted far and wide. It was, hands down, the longest-lived operating system the company had released – from the day it was launched (October 25, 2001) it was supported for just under 12.5 years. Microsoft Canada had me criss-crossing the country for three years teaching Windows 7 deployment, and helping to convince companies and individuals to retire their Windows XP (which was never very secure in the first place). I spent so much time and effort evangelizing the effort that when it did happen the Microsoft Canada Partner team gifted me a ‘gold’ Seiko watch with the words ‘Happy Retirement Windows XP’ on the back. I still have it.

There was nowhere near the same kind of fanfare leading up to Tuesday October 14 – a little over a week ago – or at least I did not notice it if there was. However that was the day that Windows 10 was launched. It was touted at the time as the last desktop operating system that Microsoft would release – it marked the shift toward the Windows as a Service model, and so while they would release two new versions every year, it would always be under the Windows 10 name and so, while Windows 10 was technically fourteen different versions of the operating system, it was technically only the one. Microsoft’s ‘last operating system’ was actually supported for less time that Windows XP had been… a little under 10.25 years.

The point of this article is not to wax nostalgic about the quiet demise of Windows 10. If my experience has taught me anything, it is that we will be seeing Windows 10 in the wild for many years to come. Why am I so sure? Because I still see Windows 7 regularly (EOSL January 14, 2020)… and from time to time I even come across the odd Windows XP machine.

If we are being honest, the only reason Microsoft transitioned us from Windows 10 to Windows 11 is because they wanted to be able to enforce security requirements that leveraged features of newer hardware. Their Windows as a Service model that had us all getting the new release on Patch Tuesday worked smoothly… until they realized that to enforce those security requirements on computers with incompatible hardware might well have rendered tens or even hundreds of millions of computers inoperable overnight. They knew that was simply not an option. However… if they released a “new” operating system with stronger security requirements, then users with newer machines would be able to update smoothly… and users with older hardware that did not meet the minimum requirements would be told that their computer was not eligible for the upgrade. From the day Windows 11 launched on October 5, 2021 they would have four years to upgrade their hardware… which is actually quite reasonable considering that by that time any computer that was not compatible with Windows 11 was already six years old… so by #EndOfDaysWin10 they would be eleven years old – the IT equivalent of an octogenarian.

I know from firsthand experience that there are still computers out there that do not meet the Windows 11 minimum hardware requirements, but are otherwise still perfect machines. I have one laptop that I acquired when I was still with Microsoft Canada that is an HP EliteBook with an i7 CPU and 32gb of RAM. Unfortunately it fails the hardware check – the i7 CPU is a 3rd generation i7 (Ivy Bridge) while Windows 11 only supports the 8th generation i7 (Whiskey Lake) or newer. It’s Trusted Platform Module (TPM) also fails to make the cut because only TPM 2.0 is supported, not my HP’s older TPM 1.2. I also know that despite these failings, the computer is perfectly capable of running Windows 10 without any issues… until the wheels fall off to use an old trope.**

In the 1960s IBM guaranteed purchasers that their computers would remain current for a minimum of seven (7) years. That was quite reasonable to expect, considering that the price of a mid-range System/360 Model 40 could run you USD$250,000. Today we are buying computers for under $1000 and expecting them to be current forever. That is not reasonable, and I have always understood why Microsoft releases new operating systems on the cadence that they do. For the first twenty or so years of the personal computer we saw exponential increases in the CPU speed. Moore’s Law (1975 version) stated that the number of transistors on a microchip would double every two years, which effectively meant the speed would be double. While it was not the latest and greatest on the market, I purchased my first PC (the first one running an Intel CPU and MS-DOS) in 1988, and its speed was 12MHz. Nine years later I purchased my fist PC with a 1.2GHz CPU – an increase of a factor of 100 in just nine years.

Seeing an increase like that in the period from 1988-1997, it would stand to reason that by the year 2025 we should have been measuring CPU speeds in Terahertz… alas, we are not. The fastest commercially available Intel CPU is the Intel Core Ultra 9 285K with a base clock speed of 3.7GHz and a boosted clock speed of up to 5.7GHz. That second speed is less than four times the speed of that CPU from 1997.

When and why did we slow down? We didn’t… we just started using new measures for advancement other than simple clock speed. That Intel Ultra 9 has 24 cores which means it is able to run 24 processes simultaneously as if it were 24 separate CPUs. This was a huge improvement over the single-core CPUs when it comes to multithreading and virtualization. They also include myriad security features that allow functionality such as Secure Boot and Credential Protection which greatly improved the value of the CPU without actually increasing the speed. So yes, the clock speed increases have slowed down but the technology improvements have been incredible. Thanks to these our operating systems and CPUs can offer the user security that was simply not even a dream twenty years ago.

It is these security features that Microsoft’s latest operating system – Windows 11 – requires to ensure a secure computing experience for the user. Does that mean there are no longer any threats? Of course not… because we as an industry can throw every security feature out there and there will always be human error and people vulnerable to social engineering attacks. ‘If you just press this then luck will follow!’ I can assure you that it is not good luck of which they speak.

As the era of Windows 10 fades in the rearview mirror we will continue to see improvements to the technologies we use on a daily basis. Last week Windows Update upgraded my primary system to Windows 11 25H2; there are numerous security improvements in the latest offering, but I doubt that most users will notice anything new. Improvements to the kernel security may be interesting to the geekiest of geeks, but I doubt even I would be able to see the relevance. I am sure I would have noticed that PowerShell 2.0 and WMIC (Windows Management Instrumentation Command-Line) were removed, but I hardly ever use WMIC, and I am perfectly content with the combination of PowerShell 5.1 (installed by default) and PowerShell 7.5.4 (don’t ask why we need both) and won’t miss PowerShell 2.0 one bit. I like the better enterprise-level policy controls we have… but again, end users won’t care.

Conclusion

For all of the people who complain about new versions of operating systems and applications, let me assure you that your experience as an end user may be a bother but it is nowhere near on the scale of what we as IT professionals – and especially IT professionals who specialize in cybersecurity – need to contend with. That is not to say that your issues are not real but they are likely mostly cosmetic. Under the hood we have to learn how the new pieces work so that we can give you the best and most secure experience that we can. If you find yourself nostalgic for Windows 7 or wonder why you need to purchase a new computer to run Windows 11 now that your Windows 10 is no longer supported (but seems to be otherwise completely functional) then please understand that we have very good reasons for these upgrades and our suggestions, while possibly inconvenient and even costly to you, will in the end ensure that we can continue to keep you safe and secure…

…as long as you don’t click THAT button!

**Someone is going to tell me that I can do this or that to jerry-rig Windows 11 to work on the system. I know, and I am not doing that. Others will tell me that I can continue using Windows 10 version 22H2 without any issues. I’m not going to do that either. Why not, you may ask? I’m a cybersecurity guy. I am still using the laptop, but it is running a Server OS and it is simply a backup to my two rack-mounted servers in case of a really weird outage.

Mitch Garvis

, , , , , , , ,

Leave a comment