Maintaining Windows 2000 for the Long Term? 110
MarkWatson asks: "I keep two Windows machines: a Windows 2000 laptop (bought with XP, but installed an old Windows 2000 license and Linux) and a desktop with XP (dual boot to Linux). I would like to avoid ever buying a PC with Vista, a situation that looks good because I believe both my Windows systems are reliable, fast, and will service my Windows needs for the long term. My problem is this: I like Windows 2000 better for a few reasons, but mainly because the license is transferable. I would like to still be using Windows 2000 5 years from now in a secure and reliable way (again, just for when I need Windows). Since I am far from a Windows expert, I would like to know your strategy for archiving Microsoft's latest Windows 2000 updates, and generally dealing with security issues. My strategy is to set my firewall up to run in stealth mode and not use Windows for general web browsing. Any suggestions will be appreciated!" How would you keep an old Windows OS (like Win98, and WinXP in another year or two) running long after official support for it has ended?
Seems to work for some people... (Score:5, Funny)
I can support your W2K (Score:4, Funny)
Re: (Score:1)
Re: (Score:2)
still use it (Score:1)
Re: (Score:1)
Support ends but.... (Score:2, Informative)
Accept the realities (Score:5, Informative)
Eventually, new patches will stop coming out for it. Sure, some people will hack up XP patches, where they can, but eventually they'll stop coming.
So, what can you do? Make sure that you're running what patches do exist, make sure you never ever expose it live to the Internet, make sure that all of your apps are patched, make sure that you're running fully up-to-date antivirus. Don't install any software which is at all questionable, don't visit any questionable websites. Turn off what you can; if you don't use WSH, turn it off. Turn off autoassociations for it, at least. Turn off as much of ActiveX as you can, javascript and so on. There are lots of guides to hardening Win2000/IIS and so on, and most of the reccomendations here are ones that you should be following anyway.
If you wait long enough, of course, people will be targeting Vista rather than Win2000/XP, and you won't have to worry about it; kind of like how Win98 is actually a fairly safe operating system to be running these days.
Oh, and scan it with an up-to-date BartPE disc every once in a while, just to be sure. Make sure you grab the module for Spybot from the Spybot website.
Re: (Score:2)
I have only one suggestion to add to the parent's suggestions: Set up and use a non-privileged account. You'll have to do a bit of fudging user/folder permi
Slightly more useful (Score:2)
Re:Slightly more useful (Score:4, Informative)
Safe Windowsupdate (Score:3, Informative)
Preferred software to have first--1. Your Windows insta
Offline Updater (Score:5, Informative)
This script will allow you to create all-inclusive, fully-automated update cds for the English and German versions of Windows 2000, Windows XP, and Windows 2003. The script will create a CD
Here is an short and sweet write-up on this - http://www.heise-security.co.uk/articles/80682/3 [heise-security.co.uk]
Here is where you download the file (.zip) - http://www.heise.de/ct/ftp/projekte/offlineupdate
Here is Heise Security's Forum on the script - http://www.heise-security.co.uk/forums/go.shtml?l
Re: (Score:2)
Rich.
Re: (Score:2)
Until TurboTax releases a Linux version...yes.
Re: (Score:2)
Re: (Score:1)
Check out info from http://www.heise-security.co.uk/articles/80682 [heise-security.co.uk] for how to go about it. Haven't tried it myself yet but looks to be useful.
Re: (Score:2)
After a normal update run, you might check c:\WUTemp and see if the updates that were just installed are still there. I don't recall if Win2K behaves that way, but I think WinXP does. Using WindizUpdate [62nds.com] instead of Windows Update will also save patches (useful when you have clean WinWhatever installs on different hardware and
Re: (Score:2)
The real problem once those precautions are accounted for, is that if a new piece of desirable software doesn't support W2k, then it would take annoying hacking to disable or correct
Re: (Score:2)
Install with the slipstreamed disc and then run Autopatcher before you connect it to any network.
Install something like Zone Alarm and then connect it to the internet.
Go to windowsupdate and grab any patches you need. Aitopatcher is pretty good; WU won't have much to suggest.
Remember to keep versions of AVG, Autopatcher, Nlite, Zone Alarm, and any other applications you use on
Virtualization? (Score:5, Insightful)
If you do need to keep Windows natively on the hardware, I would advise setting up a hardware firewall between the machine and the internet, and browse securely with an up to date browswer (Firefox or Opera). Disable MS Filesharing if you don't use it.
Over the long term, you might want to consider why you're keeping Windows and find an alternative (Linux/OS X, whatever). I can't imagine that anything after Vista is going to be any better and well, you will have to upgrade your machines someday
Re: (Score:3, Informative)
Other then the lack of 3d graphics support (which I was hoping would let me run a few Windows games without
messing with wine) it works really well. All my business/job needs are met by this setup. Games... I'm still
working on that.
Re: (Score:1)
After running various Windozes in VMware for a couple of years I recently switched to QEMU [bellard.free.fr]. It works very well with a reasonable speed using the kernel accelerator module KQEMU.
Re: (Score:1)
(excell is a good spread sheet)* and Turbotax.
I also keep it behind a firewall (dual home slackware with snort and iptables)
Turbotax needs the internet for updates , however I do not use it for browsing.
I also only turn it on when needed.
As a solution it seem to work well.
* Yes gnumeric is good, but slack does not support gnome , and trying to gather
the dependencies for gnumeric is a thankless/impossible
Re: (Score:1)
Re: (Score:2)
While I haven't had a chance to play with Virtual PC yet (mainly because I don't like running Windows as the host OS), unless you are running W2K3 Server Enterprise Edition as the host OS you will need a Windows license for the host as well as one for the virtual machine. That extra licensing cost for Windows is one reason why I prefer to use Linux as the host OS.
Re: (Score:2, Interesting)
Go for VMware - you don't want to be locked in to VirtualPC, because that will ti
Two different approaches (Score:4, Informative)
Win98 - I'll agree with another poster, virtualize it. VMWare Player is your friend. (and why is Win98 your friend too? I suppose it's not WinME
Re: (Score:2)
Do you know of any brands of archival quality CD's? I have looked in vain for such a thing.
Re: (Score:2, Informative)
Re: (Score:2)
They'res also Microsoft's Microsoft Baseline Security Analyzer [microsoft.com] which will scan your computer and notify you of missing security updates, and direct links to download them.
old software (Score:2, Insightful)
I guess to answer your question as to how to keep Windows 2000 running for the next 5 years? Very carefully.
Re: (Score:2)
Why (Score:2, Informative)
Do you really think your laptop will still be working in 5 to 10 years? Do you remember what we had 5-10 years ago?
5 years ago, my system was top of the line. 500 MHz. 192 meg of ram, an insane amount for the time.
10 years ago, had a pentium 90 MHz, with a whole 16 meg of ram, running the newest Windows 95 operating system.
Really, do you think you are going to keep your laptop that long?
So your license is transfera
Re: (Score:2)
I was a HP/UX admin before I got my MCSE and switched to the NT world; Win2k is the best operating system I've ever used.
I have a laptop running debian, a laptop running WinMCE, a server running Solaris VII, and all my house systems (6-8, depending on biz & family needs) run Win2k.
Every game ever made for DOS/Win works, either just straight up, or with VirtualPC.
Re: (Score:2)
Re: (Score:1, Insightful)
And yet, Linux is free. That $200 could be put to better things (hardware, bandwidth) rather than propping up a convicted monopolist. Windows has hidden expenses too in order to make it secure: (antivirus, personal firewall, anti-spyware, router). None of that is required for Linux.
Re: (Score:2)
Yes you need various add-on programs to properly secure Windows, but you can get all of them for free (AVG, AdAware, etc), so they aren't really expenses, hidden or otherwise. Similarly, you need various free software tools, as well as some level of expertise, to secure your Linux box. Most Linux distros may come stock in a more secure configuration than a stock Windows install, but that doesn't mean you can just leave them alone
Re: (Score:3, Informative)
Re: (Score:2)
I'm not the poster you're replying to, but my home machine is connected to the internet
without any firewall. The only network service I've got turned on is sshd and the only
reason it's on is because I turned it on. By default, there was nothing open.
Do I feel secure? Yeah, pretty much I do even though I haven't really done anything else
to secure my machines.
If I were to post my IP, what do you think you'd be able to do?
Re: (Score:1)
Re: (Score:2)
to secure my machines.
I really wish we had Theo deRaadt reading (and commenting) on this thread...I can't even begin to imagine how novel, riddled with expletives, and generally blistering the abuse you would get from him would be, I suspect.
Re: (Score:2)
Re: (Score:1)
Re: (Score:2)
Because the "standard" is turning into a locked-down DRM hellhole, that's why. I want my computer to obey me, not the other way around!
Support (Score:1)
Long-term: virtual; short-term: be careful (Score:3, Informative)
If it's at all possible, block all traffic, incoming and outgoing, except what you need. If it's possible, only allow certain processes, such as firefox, to access the Internet at all.
Also, make a full-image backup plus frequent additional backups so you can restore your system if it gets compromised.
The long-haul solution is to go virtual. Get a lightweight Linux with your favorite VM and install Win2K on it. Back up the image frequently. This way if your laptop dies you can replace it and not worry about driver issues. Heck, you can even do all "Internet" traffic on the Linux side and restrict the Windows network to a private-virtual-lan with the host system. Even then, block all traffic except what you really need, such as for file transfer and for printing.
2k is under extended support until 2010 (Score:5, Informative)
So for the next 3 1/2 years you will continue to receive security and critical patches, and you will be able to pay for support if you need it. So there's nothing to panic about yet.
After 2010 though, if MS doesn't extended support, you may want to look in a new direction. Possibly an emulator for Linux to run what ever 2k app you need, or a replacement for those apps you are using. Worst case scenario, (2k support ends and numerous viruses are released for it) you can still run it, you just have to take into consideration the extra security concerns.
Here is the page for MS's support life cycle info: http://support.microsoft.com/gp/lifeselectindex [microsoft.com]
-Rick
Re: (Score:3, Insightful)
As a result of not many people using it (most of the poeple using Win2k will have upgraded/bought another computer by then - 8 or so years seems a bit long for your average home internet user to stick with an OS), there'd not be many people writing malicious stuff for it, simp
Re: (Score:2)
Sadly, the OS was almost completely ignored as a consumer desktop in the ramp up to XP which is a real shame because I still think its the best Win
Re: (Score:2)
Use a Virtual Machine (Score:3, Informative)
The ideal solution is a VM. At least if you use VMware ESX, the virtual hardware exposed by the VMM (virtual machine monitor) is always constant regardless of the physical hardware, and the virtual I/O devices are rather old, so any old OS would support it. In fact, in most cases this solution runs faster than the old beige box regardless of the virtualization tax due to the speed of the new processors.
You can keep a system running for years and years with this method, even backup the full VM as a file.
Disclaimer: I work for VMware, but I see this all the time with actual customers.
Consider virtualization (Score:3, Interesting)
"Yes, it will," I answered, and purchased Office 2004 for her.
"But how about these other things I use all the time?"
I threw her a bonus: I configured a nice Kubuntu Linux system with all the apps that a student would need, including OpenOffice.org, Gimp, Evolution, Firefox, etc.
Then I threw her a second bonus: On the Kubuntu system, I installed VMWare, and installed Windows 2000 to run on it. Win2000 doesn't use as many resources as XP, but apps written for XP run fine on it. In addition, as the OP mentions, the license can transfer.
What about viruses? Well, I did not configure the virtual network interface for W2000. Anything she needs to run on Win2000 has to be downloaded first onto Kubuntu, and then through a shared drive, installed onto the Win2000 process. Viruses just have no vector to get into Win2000, except from trojans.
Now, this isn't the perfect situation, and there are some apps that just won't work for her (Internet Exploiter, her previously-favorite IM client, etc.). However, for those things that she just HAS to run on Windows for her schoolwork, she can run the programs at nearly full speed with just a little hassle. Over the last few months, she figured out how to streamline the process of getting files to/from Win2000, but she also figured out how to make do with the OS X applications, and to a lesser extent, the Kubuntu native applications as well. Since Firefox and a lot of the applications she runs on Kubuntu also run on the iBook, she has an easier time with Kubuntu coming back from the iBook.
Windows 2000 is now a distant third for her, and she is considering "retiring" that system after the next semester if she can get through the next semester without needing Win2000. (Probably won't happen, but back in September, that wasn't even being considered!)
She's happy, and if she just HAS to run something on Windows, she has the ability to do so.
She managed a 3.9 GPA this semester, so this setup didn't hurt her.
Re:Consider virtualization (Score:5, Funny)
That may be true. But, did she get laid this semester, or did she have to spend all of her free nights dicking with this ungodly complicated system?
Re: (Score:2)
Re: (Score:2)
well... (Score:2)
a. young MAN, not MEN
b. daughter has reached full size
c. young man is in good condition
d. young man intends to keep her
e. young man would make a good husband, father, and son-in-law
Re: (Score:1)
And now you see the true genius of his plan.
Re:Consider virtualization (Score:4, Informative)
Including running W2K under Virtual PC.
I see no need for what is effectively a triple-boot machine - OS X (with Classic, quadruple-boot), Linux
There's not really much good reason for running Linux on a Mac - there are fewer drivers & proprietary apps in PPC form than x86 and OS X provides pretty much all the Unix goodness one could want.
The virtualisation idea isn't bad, but run W2K with up-to-date A/V and antispyware and so on, behind a hardware firewall, and it's pretty safe even today. Remove & replace all the MS internet apps and it's not bad at all.
Re: (Score:2)
What we ended up doing is setting up a Linux system, and it runs the same things that she can run on the iBook (well, the better looking apps run on the Mac). Running Firefox on OS X and Linux makes it easy for her to download stuff on Kubuntu and then switch to Win2K to do whatever HAS to be done on Windows.
As I said, she managed quite nicely. There was a bit of a l
Re: (Score:2)
Wait, explain one more time why she couldn't run Virtual PC in OS X instead of Linux?
Re: (Score:2)
It's an iBook. Can you say SLOW?
Re: (Score:2)
Yes, I can -- I own an iBook too. However, I don't see how Linux really helps that situation much, since it's not as if it's that much more efficient than OS X.
Re: (Score:2)
Re: (Score:2)
Well since you asked, no it's not. The most important thing is that it serves objective requirements in a sustainable and self-managing way. That's what makes a person happy, not just complacent. Your setup is obviously irrationally complex just for the sake of complexity. I can hardly believe anyone would agree to implement it or to accept critical dependency upon this rube goldbergian machination, and upon having to have their own personal sysadmin
Re: (Score:2)
That's the problem - the OP doesn't give a fig a simple, and only gives functionality as passing nod. What he cares about is imposing *his* political and religious beliefs on others. (And has the unmitigated gall to call the forced behavior a 'bonus'.)
Ending up being modded +5 only shows
Re: (Score:2)
If you keep it... (Score:2)
Realistically, by the time patches stop coming out, everything will have moved on. 64bit computing is here, the only thing holding it back is software and drivers, which are whooshing their way towards us as we speek. So keep using it, keep getting what patches are available, move away from Microsoft tools to make yourself more secure, enjoy.
You may also just want to get a virtual machine running on your linux box, boot a win2k vm
I still use Windows 3.1 and W2K for some stuff (Score:1)
Re: (Score:1)
Someone will say this about XP in 10 years time. And it will be true - by comparison to the latest incarnation, XP will appear highly secure and efficient, helpfully lacking support for the latest DRM "features".
Re: (Score:1)
http://www.calmira.de/ [calmira.de]
Virtualization (Score:2)
HD 137 GB (Score:4, Informative)
Re:HD 137 GB (Score:5, Informative)
Windows XP requires service pack 1 and a registry hack [microsoft.com]. It's possible for OEMs to upgrade the copy of XP they ship to have this feature by default.
For people who just have to format the entire hard drive as one big partition, then this limitation in Windows 2000 can be annoying. Those of us who prefer to keep the OS drive on the small side, separating out data files onto a separate partition, are barely effected by it. I'm already going to install SP4 on any new Windows 2000 system anyway, so I just need to remember which registry key to tickle after that's done and this problem goes away.
Re: (Score:2)
Unless, of course, you forget about the limit and store all of your drivers and update files on the second partition... which is inaccessible after a reinstall. GAH!
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
WTF? Windows 2k SP3 and later *does* support drives bigger than 137GB [microsoft.com]. If you're not installing from an SP4 CD, make one with slipstreaming [microsoft.com].
I just mentioned that the 137GB patch exists the other day and got modded a Troll - this guy tells a blatant falsehood and gets Informative? What's with the Mods around here?
Re: (Score:1)
Unofficial SP5? (Score:2)
I've been meaning to try the SP5 for Windows 2000:
http://www.majorgeeks.com/download4817.html [majorgeeks.com]
Anyone had any luck w/ it?
William
don't worry, be happy ... pls consider (Score:2)
What will kill Win2k is most likely an inability to support higher performance real-time hardware and software. I have already seen systems that won't even boot Win98, OS9, etc.
Ghost (Score:2)
DST issues on 2K (Score:1)
Wasn't it just announced that Microsoft would not be releasing a patch to anything less than XP for the new TimeZone changes that happen this spring?
http://support.microsoft.com/kb/928388 [microsoft.com]
You'll have to remember to manually change the time each time it is supposed to change and then fix it when the broken version of 2K tries to change it for you.-Aaron
Just run it inside an emulator (Score:1)
Enjoy
Windows98SE (Score:1)
1. Zonealarm with antivirus.
2. http://www.msfn.org/board/index.php?showtopic=8080 0&st=0 [msfn.org]
3. Use firefox as your primary browser.
4. New games will not run, but games till 2004 may run.
5. Maximum Ram on Windows98SE is 512 MB
6. Post all your queries at MSFN.
Re: (Score:1)
Agree with the "VMWare is free" chorus. Install 98 in VMWare on a Linux h
Re: (Score:1)
Re: (Score:1)
A "hardware" firewall is essentially a standalone appliance like a router running a software or firmware firewall.
Some advantages include:
- often very easy to set up, just run the software, follow the prompts, and you'll be connected quickly
- the firewalling takes place on the router instead of using resources on your computer (especially good for older systems)
- more than one computer can be protected, regardles
Re: (Score:1)
Re: (Score:1)
Good on you. Glad you think your version is fine. You found perhaps the only version that won't crash. Of course, you did tweak the snot out of it.
Tell me, how you are certain Zoner Alarm is truly blocking malicious traffic? How do you check? Do you use any other form of IDS? A network tool? Do you rely on their "logging"? How many malware infested computers do you clean up on a weekly basis? How many other products do you test and try on a regular basis?
Why do I bother answering A.
Don't log in as local Administrator (Score:1)
Keep a local admin account, or two, using a strong password. Change the d
Beyond WIN2K (Score:1)