[davidf18]

Interesting, readers of HN should know that upgrades to the newest version of Windows and updates is essential for reasons of software security. Newer versions of Windows incorporates security measures not in older versions -- sometimes even taking advantages of new security features in Intel hardware.

For example, Target and Home Depot were hacked because they failed to upgrade their point-of-sale hardware from Windows XP embedded to Windows 7 embedded or later which was an upgrade recommended by Microsoft. Windows XP embedded had a security flaw later patched in later versions of Windows.

[kristianc]

People vastly underestimate how massive, complex and heterogenous the likes of Target, Home Depot, Walmart's stacks are.

I've worked with people very used to working with enormously complex systems and even they say Walmart etc is on the higher end of that scale. We're talking weeks of people on site to get new software stood up.

This isn't to diminish your point about the need for upgrades, but it's nothing like a push button process.

[davidf18]

Shouldn't these stores standardize on vendors? Why would they use different vendors which only adds to complexity unless they've bought out a different store chain and are integrating existing systems?

Also, they should pay the vendors contracts for maintenance instead of trying to do the upgrades themselves. The vendors are generally more likely to do the testing necessary and have the skills for upgrading systems across from various customers.

At any rate, as you put it, eventually they still should do the upgrade.

[kristianc]

Even if they do standardize on vendors, they're then also dependent on, say, Oracle Retail supporting a given platform.

If you want your POS to talk to your marketing automation system, that's another integration and maybe another vendor who Oracle may or may not wish to support etc.

There's no way for a bank to standardize on vendors as it's back office systems might have been designed in the 1980s. If it wants to add an iPhone app or mobile payments, it has to rely on another vendor almost automatically.

Making these stacks work generates huge revenues for people like CA, Automic, IBM. Process automation is big business. Big meaty huge Fortune 500 companies held together with the software equivalent of sticky tape.

[1_2__3]

Not to be crude but what you call "standardizing on vendors" I call a great way to spend your days getting screwed by said vendor(s).

[davidf18]

Sometimes one has to pay that price. Can you suggest an alternative that reduces complexity?

[xwvvvvwx]

This is interesting. Could you give a bit more detail?

[davidf18]

See: http://www.dailytech.com/Appalling+Negligence+DecadeOld+Wind...

[akappa]

Of course, but I was talking about the incentives of an average user, which I'm not sure care about security as much as we do.

Just to make what I'm saying more concrete: most people in my home town in Sicily think it's perfectly OK to bring their phones and laptops to some random guy owning a tech-assistance shop and tell him their Facebook/Email passwords straight away so he can reinstall stuff and save their login for them. Do you think they care about upgrading because of "improved security"? I'm not sure they even understand what a security issue is...

[jessaustin]

You describe the proximate cause of those breaches, but perhaps the ultimate cause was the difficulty of updating that OS in the first place?

[davidf18]

The point-of-sale terminals have vendors that produce them in large quantity and they should have the expertise to upgrade the software of the machines that they built.

One can always hire experts with a proven track record to help with the install of the new OS.

Incidentally, many people may have trouble with upgrades to the new OS because 1. Running old hardware 2. Not running quality hardware -- e.g. for Windows laptops traditionally Thinkpads. 3. Do a fresh install. E.g. don't upgrade, but backup the data, clean the disk, do a fresh install.

I use Mac and did the fresh install of Sierra 10.12.1 and then upgrades for point version updates.

I also have been running Windows under Parallels and on Thinkpads prior to 2011 and not had problems with new versions of Windows.

[davidf18]

Details on the Target and Home Depot attacks that would have been prevented by the upgrade from Windows XP embedded to Windows 7 embedded or later:

http://www.dailytech.com/Appalling+Negligence+DecadeOld+Wind...

[testUser69]

Most HN readers probably don't even use Windows. I think it's objectively the worst OS for a tech enthusiast.