Windows XP Mode in Windows 7!

[jagabo]

I want to try the XP mode on a few kid games I have that only work in XP.

Virtual machines like this rarely work well with games. Try Microsoft Virtual PC or VirtualBox. Both are free downloads.

[rallynavvie]

Virtual machines like this rarely work well with games. Try Microsoft Virtual PC or VirtualBox. Both are free downloads.

Err, you realized you stated they don't work and then proceeded to recommend two other VM hypervisors, right?

Actually Workstation 6.5 has done really well for me with 3D acceleration within my Windows VMs. I'm not able to use anything cutting edge but games that are a couple years old work pretty well. I'm thinking though that the poster was talking about simple child's games that probably don't use much 3D acceleration and would probably run just fine using the typical VM video drivers.

[jagabo]

Virtual machines like this rarely work well with games. Try Microsoft Virtual PC or VirtualBox. Both are free downloads.

Err, you realized you stated they don't work and then proceeded to recommend two other VM hypervisors, right? :wink:

I meant so he could try them out (without having to wait for XP Mode) and see for himself that VM's usually don't work well with games. Of course, he will still want to try XP Mode when it becomes generally available. Maybe he'll be lucky and his kid's games will work.

[lordsmurf]

There is no legitimate reason to run a near-10-year-old browser for primary web surfing. It's stupid beyond stupid.

That's because you are a one man operation. Scale that thinking up to 100, 1000, 10,000 or more and you'd lose your job

You assume too much. My aggravation at this stems from an operation with thousands of seats.

IE7 and IE8 are free. What's the problem? Push the damned update through the network, and get it over with.

Having to create brand new websites or web apps in 2009 -- intranet or external -- only to make them work with some legacy IE6 shit, is why web projects take 6 months longer than they have to.

For ****'s sake, IE6 was made for Win98, Win2000, WinME and pre-SP1 XP. It's decade-old software, ridden with bugs, flaws and severely outdated security/rendering for websites.

What reason can you have to keep IE6 on a computer as the primary browser? I can understand some oddball legacy app needing IE6 --- fine. But use a newer IE, Firefox, Chrome --- anything, please --- for browsing and that other 99% of the time your stupid browser is open!

There is not a defense aside from laziness (or ignorance or stupidity) for maintaining IE6 as the main browser on a computer.

[stiltman]

It's called Vendors. I still have vendors using win2k as the OS. Will they update it just for us,,,,,Not a chance. Heck, I have a vendor that's using a very specific version of Java (2 years old I might add). What do I tell them? Get with the times?

Sure it's nice to think I can do it and get it over with, but the side affects are huge

Hell it was more than a pain in the arse to block IE7 via WSUS than it was to get it installed via WSUS

[lordsmurf]

Yes, at some point, those people need to be cut off. This isn't about updates, it's about security and improper rendering engines. Use Google Chrome or Firefox or something else, if IE must stay as IE6 for some silly old program.

[Dv8ted2]

it's about security

[edDV]

Virtualization allows multiple OS or OS versions to run on a server or workstation isolated from each other. Thus old software can be accommodated without custom applications needing to be updated to the current OS. These can be further isolated for security.

[lordsmurf]

Yeah, that's a better solution! If you need some ancient crap IE6, do it in a virtual session, for that one application. For all other uses of web, do it from the non-virtualized desktop workstation, in a real modern browser, be it IE8 or Firefox 3 or Chrome.

There really is no excuse for using old tech as the PRIMARY means these days. My beef with IE6 isn't that it is outdated as much as it is SEVERELY OUTDATED AT ALMOST A DECADE OLD. At some point, please pull the life support, it's dead.

[RLT69]

There really is no excuse for using old tech as the PRIMARY means these days. My beef with IE6 isn't that it is outdated as much as it is SEVERELY OUTDATED AT ALMOST A DECADE OLD. At some point, please pull the life support, it's dead.

You just don't get it. You're concern is with it being a web surfing browser. That's fine. But in large corporations web browsers are used for internal purposes. Outside use is heavily restricted - they block web sites that you can go to, if they allow you to go to any at all.

So using IE 6 for internal use is not a problem.

Your point would be valid if the browser was used for heavy outside use.

I would love to have you sit down with a CEO or the CIO of a large corporation and have you put forward your arguments. I have a feeling they would kindly thank you and show you to the door. Because the problems of doing large infrastructure upgrades are HUGE. You have no idea the different systems that are effected by this. Yeah, "simply push it out," and then watch all the apps that break or don't respond properly.

That's brilliant.

[rallynavvie]

Maybe we should branch off the IE debate to its own thread? It's pushing out all this great VM content

[Dv8ted2]

You just don't get it. You're concern is with it being a web surfing browser. That's fine. But in large corporations web browsers are used for internal purposes. Outside use is heavily restricted - they block web sites that you can go to, if they allow you to go to any at all.

I call BS. There are ways around everything. As a information security specialist, I can vouch for this being the truth. You may use a proxy server if you wish, but people will go around it by monkeying with the proxy settings. Reverse firewalls also are not fullproof. Even employing defense in depth using IDS units as well as other equipment, you are not bulletproof. It is information security that is vital to every organization.

So using IE 6 for internal use is not a problem.

BS...

It is holding back progress from a security standpoint. I have worked at companies before that had no imaging plan in place and it has taken me three days to clean up computers that have been wrecked by myspace.

Your point would be valid if the browser was used for heavy outside use.

Because the problems of doing large infrastructure upgrades are HUGE. You have no idea the different systems that are effected by this. Yeah, "simply push it out," and then watch all the apps that break or don't respond properly.

It is IT's job to test the applications with new standards and technology and update accordingly. By staying with the status quo, your network is begging to be attacked.

You need to approach with the attitude that your network will be attacked, and you close off attack vectors. Staying with outdated browser technology is a huge risk.

Mose CEO's do not understand the need to secure networks properly. They look at IT as a cost center rather than something that is VITAL to the health of the organization. It is difficult to maintain the five-nines uptime rule, if you cannot properly secure your network, because your company is employing outdated protection measures. That is also not Microsoft's fault.

Networks can also be hacked from within as well as outward attacks. You have social engineering and other methods such as DDoS attacks.

Nowhere in this have I used inflammatory remarks. I have used sound techniques and talked about relevant technology. There is no need to call people children and question their intelligence because you do not agree with their methodology.

[JohnnyMalaria]

I work for a 100,000+ employee company. IE6 + XP SP2. IE7 is not on the radar. Vista will never happen. Win7 not until at least 2 years post launch. That means IE6 + XP SP2 the de facto desktop build for a decade. I work in an extremely regulated environment. Security and stability are the key. Internally developed software that depends upon IE6 components has to be thoroughly validated. That can mean 6 months for one application, no matter how small or how little it interacts with our internal bespoke systems. Some of our desktop builds are so locked down, connecting to web servers is limited to a very small subset of the internal ones. On the standard build, even the most seasoned and gifted PC user will not get anywhere that is prohibited. Audits are performed remotely on each computer on a frequent basis. Security updates, policy changes etc are pushed regularly. Changing to a supposedly more secure browser will simply reduce some risks that are already mitigated and increase others. Obviously, things can be breached - advertently or otherwise. But malicious attempts will (and are) dealt with by immediate termination. All network access is monitored and recorded including the exact PC and user.

Sometimes, though, upgrading or dumping a system can be beneficial. Nine years ago, we switched from Exchange to Lotus Notes. Finally, we are going back and upgrading from Office 2003 to 2007. It will take about 9 months - an amazingly short time given the hundreds of internal systems that use these applications.

[stiltman]

I work for a 100,000+ employee company. IE6 + XP SP2. IE7 is not on the radar. Vista will never happen. Win7 not until at least 2 years post launch. That means IE6 + XP SP2 the de facto desktop build for a decade. I work in an extremely regulated environment. Security and stability are the key. Internally developed software that depends upon IE6 components has to be thoroughly validated. That can mean 6 months for one application, no matter how small or how little it interacts with our internal bespoke systems. Some of our desktop builds are so locked down, connecting to web servers is limited to a very small subset of the internal ones. On the standard build, even the most seasoned and gifted PC user will not get anywhere that is prohibited. Audits are performed remotely on each computer on a frequent basis. Security updates, policy changes etc are pushed regularly. Changing to a supposedly more secure browser will simply reduce some risks that are already mitigated and increase others. Obviously, things can be breached - advertently or otherwise. But malicious attempts will (and are) dealt with by immediate termination. All network access is monitored and recorded including the exact PC and user.

Sometimes, though, upgrading or dumping a system can be beneficial. Nine years ago, we switched from Exchange to Lotus Notes. Finally, we are going back and upgrading from Office 2003 to 2007. It will take about 9 months - an amazingly short time given the hundreds of internal systems that use these applications.

Same thing I said, tried to say, just said much better
Thanks Johnny

[Dv8ted2]

I work for a 100,000+ employee company. IE6 + XP SP2. IE7 is not on the radar. Vista will never happen. Win7 not until at least 2 years post launch. That means IE6 + XP SP2 the de facto desktop build for a decade. I work in an extremely regulated environment. Security and stability are the key. Internally developed software that depends upon IE6 components has to be thoroughly validated. That can mean 6 months for one application, no matter how small or how little it interacts with our internal bespoke systems. Some of our desktop builds are so locked down, connecting to web servers is limited to a very small subset of the internal ones. On the standard build, even the most seasoned and gifted PC user will not get anywhere that is prohibited. Audits are performed remotely on each computer on a frequent basis. Security updates, policy changes etc are pushed regularly. Changing to a supposedly more secure browser will simply reduce some risks that are already mitigated and increase others. Obviously, things can be breached - advertently or otherwise. But malicious attempts will (and are) dealt with by immediate termination. All network access is monitored and recorded including the exact PC and user.

Sometimes, though, upgrading or dumping a system can be beneficial. Nine years ago, we switched from Exchange to Lotus Notes. Finally, we are going back and upgrading from Office 2003 to 2007. It will take about 9 months - an amazingly short time given the hundreds of internal systems that use these applications.

Same thing I said, tried to say, just said much better
Thanks Johnny

Sorry guys...

Not buying it. Maybe your companies are exemptions to the rule, but you are not going to convince me otherwise. Even if you push updates through WSUS, you still end up with machines that are not patched, and those machines end up in botnets, and get infected with the likes of Conficker, and so on...

You have executives that believe they have to download music, games...There are people in the organization that download porn which infects the computers even more. I have seen and heard just about every excuse in the book. You should never believe that your network is fully locked down. Have you had independent auditors come in and do penetration testing?

[JohnnyMalaria]

You clearly don't understand how monster regulated industries operate. Every aspect of every system is audited out the wazoo. The data they generate, store and report are the company's life blood. Anything new added to the system undergoes a mind blowing process. I have a system that amounts to nothing more than scanning an image and doing some image analysis. To date, over 50 people have had some kind of involvement and at least 30 reports have to be written, reviewed and approved. All in accordance with dozens of SOPs that, in turn, derive from countless policies. External vendors have to fulfill their own validation to our standards (not theirs) before anything can enter our systems. I can guarantee our systems are subject to independent audit. Data are so critical, we have buildings near our primary data centers that are nothing more than giant UPS devices - packed to the rafters with batteries. Our regulatory authorities perform audits - randomly and at key points in our product development cycle.

If you seriously believe the company's executives even have the time to download porn, you don't understand the nature of businesses of this size. Their fingers probably never even touch a corporate computer. In the 16 years I have been with the company, I cannot think of a single instance of when a virus has not been dealt with at the point of infection. Our data are just too valuable (estimated to be worth $30BN) to be slack.

[Dv8ted2]

You clearly don't understand how monster regulated industries operate. Every aspect of every system is audited out the wazoo. The data they generate, store and report are the company's life blood. Anything new added to the system undergoes a mind blowing process. I have a system that amounts to nothing more than scanning an image and doing some image analysis. To date, over 50 people have had some kind of involvement and at least 30 reports have to be written, reviewed and approved. All in accordance with dozens of SOPs that, in turn, derive from countless policies. External vendors have to fulfill their own validation to our standards (not theirs) before anything can enter our systems. I can guarantee our systems are subject to independent audit. Data are so critical, we have buildings near our primary data centers that are nothing more than giant UPS devices - packed to the rafters with batteries. Our regulatory authorities perform audits - randomly and at key points in our product development cycle.

If you seriously believe the company's executives even have the time to download porn, you don't understand the nature of businesses of this size. Their fingers probably never even touch a corporate computer. In the 16 years I have been with the company, I cannot think of a single instance of when a virus has not been dealt with at the point of infection. Our data are just too valuable (estimated to be worth $30BN) to be slack.

I may not have worked for your company, but I have worked for some companies, such as AT&T, which has over 300,000 employees, and other large enterprises, which had their own regulations.

I did not say that the executives were downloading porn. The executives are downloading music through Itunes, and other employees are downloading music and porn through software such as Limewire. The executives will call you at the drop of a hat if they can't play minesweeper, or other games. I have seen this happen.

If the pentagon and other areas of our defense cannot keep their own computers from being hacked, and other massive companies have had customer information broken into, what makes you think your company can do any better?

Nothing is foolproof.


The following snippet further hammers home my point.

WASHINGTON – Wanted: Computer hackers.

Federal authorities aren't looking to prosecute them, but to pay them to secure the nation's networks.

General Dynamics Information Technology put out an ad last month on behalf of the Homeland Security Department seeking someone who could "think like the bad guy." Applicants, it said, must understand hackers' tools and tactics and be able to analyze Internet traffic and identify vulnerabilities in the federal systems.

In the Pentagon's budget request submitted last week, Defense Secretary Robert Gates said the Pentagon will increase the number of cyberexperts it can train each year from 80 to 250 by 2011.

With warnings that the U.S. is ill-prepared for a cyberattack, the White House conducted a 60-day study of how the government can better manage and use technology to protect everything from the electrical grid and stock markets to tax data, airline flight systems, and nuclear launch codes.

source

[lordsmurf]

IE6 for an intranet app is fine -- stupid, but fine. Why not build based on DOS or Windows 3.11 while you're at it? This is why VMs exist, just FYI.

Anyway, intranet is not external web access. Any machine with web access should be using the latest browser.

Companies that choose to use antiquated and insecure tech do suffer, and will continue to suffer, from those poor choices. If the CEO is a technological dipstick, that still does not justify it. If anything, people like that should be ousted. If you're the IT person, do your job and continually suggest the need for upgrade to your superiors. Be proactive, not a defeatist coward.

Most companies are not regulated, locked down, etc -- they give free and open range to the wild, wild Web. They need to be using something other than IE6 on those systems.

[JohnnyMalaria]

I may not have worked for your company, but I have worked for some companies, such as AT&T, which has over 300,000 employees, and other large enterprises, which had their own regulations.

Chalk and cheese. Two wholly different regulated industries with wholly different requirements and accountabilities. FCC vs FDA. I'm not talking about self-regulation.

If the pentagon and other areas of our defense cannot keep their own computers from being hacked, and other massive companies have had customer information broken into, what makes you think your company can do any better?

The military is self-regulated (compared to private/public corporations). Providing troops with internet access during combat is the height of stupidity.

Nothing is foolproof.

Correct. If you have developed an infrastructure that has proven to be very successful at protecting your assets, there's no point to change it just to keep up with the Joneses. You change it when this is a good business reason to do so.

Some buy a new car every year or two. I buy a replacement when the one I have is becoming a risk from financial, safety and maintenance perspectives. I buy a model that is a few years old so I can gauge the reliability and if it is fit-for-purpose.

The following snippet further hammers home my point.

...

I agree. But blindly updating to the latest-and-greatest isn't the right way to address the threats. Risk assessment is.

[JohnnyMalaria]

IE6 for an intranet app is fine -- stupid, but fine. Why not build based on DOS or Windows 3.11 while you're at it?

How about because the existing OS/IE combo has served the company extremely well and the cost of upgrading far outweighs the benefits of IE7 over IE6, for example. At some point it will be upgraded - probably when IE8 is mainstream and people such as yourself will mock the very software you are currently extolling.

Anyway, intranet is not external web access. Any machine with web access should be using the latest browser.

Maybe in small, unregulated companies without the resources to manage their risks appropriately. I'm refering to a specific type of industry. Your arguments simply don't apply there. Changing browser does more than change how web pages are retrieved and rendered. Apps that have no web needs at all use APIs provided by the IEx framework. Full risk assessment and validation are required.

[lordsmurf]

I think an internal audit of existing "risk assessment and validation" would be more appropriate. I doubt IE6 would pass even half as well as IE7 or IE8.

[Dv8ted2]

I think an internal audit of existing "risk assessment and validation" would be more appropriate. I doubt IE6 would pass even half as well as IE7 or IE8.

The ActiveX controls in IE6 were security risks in themselves. IE7 started to disable the ActiveX controls, which is probably why most companies refuse to upgrade to at least IE7. Their application depends on a security risk, and removing the risk would break the application. That is a shaky house of cards and not a very effective means of applying security.

[lordsmurf]

I think an internal audit of existing "risk assessment and validation" would be more appropriate. I doubt IE6 would pass even half as well as IE7 or IE8.

The ActiveX controls in IE6 were security risks in themselves. IE7 started to disable the ActiveX controls, which is probably why most companies refuse to upgrade to at least IE7. Their application depends on a security risk, and removing the risk would break the application. That is a shaky house of cards and not a very effective means of applying security.

This has been, repeatedly, my observation as well.

[RLT69]

Loved your posts Johnny! Very succinct.

As I have said before there are reasons that you may not know why companies do not upgrade. Saying that's BS doesn't make them go away.

What's ridiculous is that people who do not know how these companies function are going to tell them they should upgrade regardless. That they can't conceive of situations were upgrading might not be feasible. They assume it's just pure ignorance or penny pinching.

We have presented numerous and detailed reasons why it may not be possible. We have explained some of the regulations certain industries have (e.g., FDA regulations) that make this difficult.

And yet, they persist, upgrade at all costs. That is BS.

P.S.
My apologies to rallynavvie and the VM crowd for extending this thread.

[lordsmurf]

I think this conversation is very pertinent to VMs -- again -- that's why they exist. There has always been interest in keeping backwards technology functional, without hamstringing the current tech. A VM accomplishes that.

Only in recent years has hardware been so fast that the machines are capable of multiple concurrent OS installs.

[Dv8ted2]

I also hold no beef against VM's. They do have their uses. I fact I use one myself. I am just saying that using VM's does not negate that there are gaping holes in the way that Microsoft's operating systems prior to Vista have been constructed. Vista changed the security model and Windows 7 is a continuation of that model.

I am also saying that this argument is multi-faceted. Yes, there are reasons why you cannot upgrade, but eventually you will have to. Whether you do it now or do it later, the security model at some point will cease to exist, and the new security model will take it's place.

My main concern is security.

[SCDVD]

This article gives some useful information on which CPUs do or don't support hardware virtualization which is necessary for Windows XP Mode in Windows 7.

http://blogs.zdnet.com/Bott/?p=946&tag=nl.e539

[roma_turok]

If you have Windows 7 rc 7100 you can download Xp mode from this link: http://www.microsoft.com/windows/virtual-pc/download.aspx
more info: http://www.winsupersite.com/win7/xp_mode_beta.asp

[Dv8ted2]

So far, XP mode has been given horrible reviews.

source
source

[FulciLives]

I was just thinking of putting together a new system with the AMD Athlon X2 7850 Kuma 2.8Ghz chipset.

I just looked it up on AMD's website but I can't seem to find much if any information regarding this but I thought all AMD Athlon X2 CPU chips had AMD-V which should be fine ... right?

- John "FulciLives" Coleman