Thousands of NT4 machines within the Finnish government still

The annual review on ICT within the government of Finland has been published on Friday 25th Aug. There is a summary from the the Ministry of Finance available.

Some of the numbers published are really confusing:
The overall share of Windows NT Workstation is 8 %, i.e. 14 775 PC’s. (page #44)

When discussing about the government agencies numbers are the following:
* Ministry of Justice – 97.5 %
* Ministry of Trade and Industry – 9.0 %
* Ministry of Agriculture and Forestry – 2.9 %
* Ministry of Finance – 2.2 %
* Ministry of Education – 1.8 %
* Ministry of Transport and Communications – 1.4 %
(Source: page #45, “Taulukko 7.”)

There are more but the share listed is one percent or less.

The overall share of file and print servers is the following:
MS Windows NT Server:
18.5 % and 623 servers (See p. 45, “Taulukko 9.”)

Windows 2000 is the winner with 35,9 percents.

The OS of database and application servers was one of the questions asked too. The results are:
MS Windows NT Server:
7.8 % and 518 servers (See p. 45, “Taulukko 10.”)

The exact Windows NT version is not listed, but probably it’s NT4.0 (SP6a or less), released in 1996.

How is this possible in 2006??

What Microsoft says about the support state of Windows NT Server 4.0:

January 1, 2005
Beginning on this date, Pay-per-incident and Premier support are no longer available. This includes security hotfixes.

The same report lists the situation of data security plans in agencies. Some of the results:

* Ministry for Foreign Affairs –
organisations: 1 plans released: 1
* Ministry of Justice -
organisations: 2 plans released: 0
* Ministry of the Interior -
organisations: 20 plans released: 17
* Ministry of Trade and Industry -
organisations: 15 plans released: 11

It appears that differencies in agencies using NT4 are remarkable large. 11 of 15 organisations of Ministry of Trade and Industry have their plans, but Ministry of Justice has no data security plan at all.

I really hope that workstations in organisations mentioned are not used to Web surfing!

The PDF itself is Finnish language only, unfortunately. (link – 120p.)

If some of the readers are not familiar with this related picture they are now. Unfortunately there is no category Corporate Non-security available in this blog.

Share
  • Phil

    National government and local government bureaucracies do not put security first. They’ve no real concept of it.

    The same sort of figures can be found all over the world, Finland’s not unique, in my experience.

  • http://www.BeyondSecurity.com Aviram

    The upside of having NT4 machines is that you don’t have to scan them for vulnerabilities, you know exactly what patch level they’re on and most of the new exploits won’t run on them out of the box :-P

  • RichieB

    NT4 looks like it is getting a reprieve:-

    http://www.theregister.co.uk/2006/08/29/microsoft_support_csa-legacy/

    Another three years of support for critical updates.

  • boneyard

    yeah i doubt this is limited to finland, prolly all over the globe.

  • http://www.sys-manage.com/english Christian

    You can eNnhance the security for no longer supported legacy OS like Windows NT 4.0 and Windows 2000 which are still being targetted with BufferShield!