Windows 98 Users Face Increased Security Risk, Says Study

By Peter Galli  |  Posted 2003-12-11

Windows 98 Users Face Increased Security Risk, Says Study

A new research paper to be released on Thursday is warning those companies still running Microsoft Windows 98 that they face an increased risk of a network security breach when Microsoft retires the product at the end of this year.

The study, released by Ottawa-based AssetMetrix Research Labs and titled, "Usage Analysis & Risks of Obsolete Operating Systems: Microsoft Windows 95 & Windows 98," points out that while Microsoft Corp. is preparing to retire a number of its flagship products, there are still a large number of PCs in the corporate environment running Windows 98 and Windows 95.

Inventory data of more than 372,000 PCs—from some 670 companies with between 10 and 49,000 employees—found that more than 80 percent of these companies were still using Windows 98 and/or Windows 95.

"On January 16th, 2004, Microsoft Windows 98 enters the non-support portion of its support lifecycle. Windows 98 is considered obsolete, and security-based hot fixes will not be generally available for users of Windows 98 or Windows 98-Second Edition," said Steve OHalloran, managing director of AssetMetrix Research Labs.

With the against Windows and associated applications and with Microsofts increased efforts to patch security exploits via monthly hot fixes, companies with Internet-facing PCs running Windows 95 or Windows 98 will now face an ever-increasing risk of a network security breach, he said.

"As we began to help some of our customers plan to migrate away from Windows 98, we noticed that the number of Windows 98-based PCs was higher than we would have anticipated. Our data also indicated that the major driver is a direct result of delaying PC refreshment purchases during the recent economic slowdown," he said.

The study also found that more than 27 percent of PCs were running Windows 95 or Windows 98, compared to only 7 percent for Windows XP, while Windows NT4, for which mainstream support ended in 2002, is still prevalent in the corporate environment at a rate of over 13 percent.

"Companies with a significant investment in Windows 98—and who did not purchase an extended hot fix support contract this summer—should immediately evaluate strategies to retire all installations of Internet-facing Windows," the study said.

Next page: Hot fixes for all.

Page Two

The study also suggests that companies ensure that all their PCs, regardless of operating system, have the latest Microsoft Security hot fixes and that they identify the magnitude of Windows 95 and Windows 98 via a PC inventory.

"Any Windows 95 or 98-based PC with access to the Internet (including mobiles that leave the company network) should be candidates for migrating to Windows XP or Windows 2000. Companies should also determine if installations of Windows 2000 or Windows XP are covered under a Microsoft Volume Licensing Agreement," it says.

To help its customers with this, AssetMetrix, the Labs parent company, will on Thursday announce a new asset management service known as Win98-Exodus, designed to help corporations identify PCs running Windows 98 and Windows 95 and help them develop a migration strategy toward Windows 2000 and Windows XP.

Steve OHalloran, the author of the report, also told eWeek that the report was "not sanctioned, sponsored or even suggested by any other third party. Other than buying Microsoft software and a few MSDN subscriptions, we have no formal relationship with Microsoft. We also have no corporate institutional investors. so it truly is an independant study.

"Companies need to be better informed about the potential security risks associated with using Windows 98 or Windows 95 within their corporate environment. With Win98-Exodus, AssetMetrix customers can view the details of any PC within their organization that is running either Windows 95, 98 or NT.

"They can then drill down to detailed reporting on the individual components of each PC, assign pricing values for each required hardware or software component upgrade, estimate labor time and cost, as well as viewing application compatibility reporting for each PC," said Jeff Campbell, the president of AssetMetrix.

Editors Note: This story was updated to include additional information and comments from the author.

Rocket Fuel