Sign in / up

back to article Whitehall and Microsoft negotiate NHS Windows XP hacker survival plan

Whitehall is negotiating a deal with Microsoft to prevent thousands of NHS computers from falling victim to hackers targeting Windows XP from April. The government and Microsoft are in talks to offer extended security support to NHS PCs running Windows XP that miss an 8 April deadline to ditch the OS. The Department of Health …

COMMENTS

House rules Send corrections
This topic is closed for new posts.

Page:

  1. MJI Silver badge

    How about

    Any Microsoft employees in the UK now have to pay £200 for every visit to the doctor, to hospital, to A&E.

    This would look really bad for MS if the TV news broadcasted it.

    If it is the full amount that means that every person in the UK is paying £10 to £15 EACH this year to MS JUST to support XP.

    17 13
    1. g e
      Reply Icon

      Re: How about

      Note to self: Add another 35 miles to expenses claim this month.

      2 0
    2. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Re: How about

      How about NHS IT management employees have to foot the support bill personally? This date has been known about for a number of years - and they have simply ignored it.

      28 4
      1. Anonymous Coward
        Reply Icon
        Anonymous Coward

        Re: How about

        Personally I think it's a fairly safe bet this is not an IT problem. It will have been on the table for a long time but unless someone commits funding there's nothing IT can do about it.

        16 0
    3. returnmyjedi
      Reply Icon

      Re: How about

      I am outraged that MS aren't supporting a thirteen year old operating system that hasn't been available for purchase for five years. I've only just got over the shock of my Star dot matrix printer not having any drivers released for Windows Me.

      14 10
      1. HollyHopDrive
        Reply Icon

        Re: How about

        This is a ****ing outrage that such a large amount of money will be essentially pissed into the wind because the uk gov were not rid of XP in time. In a time when we are supposed to be saving money, giving what will probably work out to be measurable in billions (by the time all the other periphery bollox has been added in). I wouldn't mind, but I'd put money on MS not paying tax on the profits from that lot!

        I'm not blaming microsoft here (though to be fair they've got their clients by the short and curlies) but our incompetent overlords. And they claim they aren't paid enough.

        Now, getting these chaps of XP is going to be nothing short of expensive (ignoring the XP support costs). Because, Microsoft of course are going to recommend Windows 8. Which means new hardware. Which means more cost. Then of course, none of the jeffin software will probably work on it, not to mention the ridiculous re-training to be able to use office 2013 and windows 8. To people who's full time job doesn't revolve around technology.

        The only acceptable answer to sorting out this mess is

        All software products that don't have to be physically connected to a PC should only be browser accessible. If you can't use it through a browser it shouldn't be allowed. This then separates your client products from your server products and maximises future choice

        All software should have to work 100% with ANY two browsers (Chrome / Firefox / IE / Safari) on any platform. If it doesn't it will fail the 'refresh test'. This stops vendor lock in to software (I'm looking at you microsoft)

        Office applications should be browser based - Office 365 / Google / whatever as long as it meets the browser test.

        Desktops should be refreshed based on need - Old XP machines recycled with Linux for kit that is passable (anything HP/Dell etc less than 4 years old should be fine) - remember - we are only going to be running a browser if done correctly!

        Windows 7 kit for everything else (minimal re-training)

        And last but least - Don't just give Microsoft the cash - they are charging premium money here - If they cock it up and there is any kind of mess / data breach they are responsible for ALL costs multiplied by 3. Loss of patients records should be deemed to be £10k per patient (times 3 - 50% payable directly to each patient concerned) - Risk vs reward. (rather than just reward which looks to be the chosen model)

        Christ....maybe we should just go back to paper - at least it never stopped being supported by biros.

        27 7
        1. Steve Todd
          Reply Icon

          Re: How about @HollyHopDrive

          There speaks either a web developer or someone very webcentric in their view of the world.

          The problem that the NHS has is that they have a shedload of Windows binary apps, you know, code that works from the desktop like a browser does. The article even talks about one trust cutting the number of apps from 1300 to 100.

          The mistake here is in trying to do two things at once, migrating to Win7 and upgrading their apps at the same time. They should have migrated as much of the old code as they could have got to work onto the new platform, and either binned or rewritten what was left. Once they are on a stable platform with everyone migrated then they can think about re engineering.

          8 0
          1. MJI Silver badge
            Reply Icon

            Re: How about @HollyHopDrive

            Well I do know about a couple of systems.

            One was last time I saw it a MS Dos application, the other a Win32 application.

            Both would work on XP but one on anything newer.

            Now since the second system was written by some of the staff (after they escaped) of the first I expect they will offer an escape route to their competitors customers. But moving data around systems is a huge task.

            But a lot of software is written by small companies and the owners are nearing retirement, the code has worked for years (20+) without huge modifications, Noone is supporting those industries so people keep hold of their small systems.

            Now they have OSes which cannot run them.

            It can take years to migrate systems.

            3 0
          2. HollyHopDrive
            Reply Icon

            Re: How about @HollyHopDrive

            @Steve Todd - no not at all - I'm not a developer (miss the days though!) migrated up the tree a bit. [better money, shittier work :-) ] but the stuff is obviously so out of date you need to sort the problem properly, not a half arsed fix.

            The "web" has matured enough to allow browser based applications to be good enough as fat client. I'm not naive enough to suggest this is a quick 6 month project and all will be well, but a 5-10 year plan to sort things out properly. And one of the things that has to go is legacy crap.[it may be functionally ok but if it isn't a strategic solution built for the future it needs to go] You wouldn't keep an 15 year old ambulance with 15 year old equipment in would you? But likewise, you can't just throw them away and expect nothing to fill the gap. So, you just have to say, we are going to refresh everything but anything that we buy or put in from this point forward must be new and conform to the following criteria. No exceptions.

            The NHS are a massive customer, if you tell the vendor it must be modern browser compatible or it will be replaced with one from your competitor. I'll tell you now, those companies will rally round and fix the problem. Open standards too so you can get your data out!!

            If the software isn't modern, its probably riddled with security nightmares anyway, so likewise it probably needs to go sooner rather than later.

            @afflicated_john

            I'm very aware of the NHS. In fact I've worked on many a government project. And they always strike me as very political, big divides and the wheels that turn so slowly you wonder if they do actually move at all.

            I'm just saying it needs somebody with some big balls to come in and shake this shit up. Not just throw some money at it and hope the problem goes away. It won't, but if you don't make some strategic plans to get out of this cyclic mess you will be doing the same thing again in 5 years time having blown a couple of billion we can little do with wasting a second time!

            I for one as a taxpayer in the "shouldering the burden" tax bracket don't like this current bunch of fuckwits wasting my hard earned pennies. No commercial business would last with the same attitude to blowing money on failed projects and half fixes without going bust, so why does the public sector think its ok? Is it because they can just tax us all a little harder rather than addressing the real issue of just trying to spend less in the long term?

            5 1
            1. tom dial Silver badge
              Reply Icon

              Re: How about @HollyHopDrive

              At a party in 1999 I was told by the deputy CIO of a regional (but growing) bank that their plans were to implement only browser based applications going forward and tp replace existing workstation based clients as quickly as possible. As he put it: "I don't want to be maintaining 3,000 desktops." I believe banks are not among the most adventuresome in deploying IT. Remote management software has been much improved since 1999 but the point remains valid. It sounds as if the UK NHS and its various components had no long-term plan for managing the application software that supports the medical staff and patients, and their plan, such as it is, is to continue to have no plan but to default to Microsoft.

              One wonders whether the Linux path taken by Munich and by the larger French Gendarmerie might have been both possible and advantageous if initiated at the time the XP EOL was announced.

              3 1
            2. Not That Andrew
              Reply Icon

              Re: How about @HollyHopDrive

              I suggest you readup on the clusterfuck that was the NHS National Programme For IT. Part of the reason they have all those legacy applications and XP desktops floating about was because that was going to replace them all (and bring about the Second Coming of Christ as a happy side effect).

              2 0
        2. Afflicted.John
          Reply Icon

          Re: How about

          Your comment is incredibly naive - you have no idea just how archaic the NHS really is.

          I am dealing with systems that throw a hissy fit if you are not using IE6, some systems with extensive locked in contracts that do not include support of more than one browser or OS without punitive charges being levied. Should it be this way? Of course not, but it is. And when system administrators are saying a system needs to be Win 7 certified, and the vendor say "no" what do you do? Stop treating patients?

          17 0
        3. John Sanders
          Reply Icon
          Stop

          Re: How about

          Office 365 is not browser based!

          4 0
        4. Anonymous Coward
          Reply Icon
          Anonymous Coward

          Re: How about

          "This is a ****ing outrage that such a large amount of money will be essentially pissed into the wind because the uk gov were not rid of XP in time. "

          I'm sorry, are you saying the government are in charge of the computers at your local hospital? I think you'll find your local hospital are in charge of the computers in your local hospital. If you're outraged, drive down there and ask for IT. When you meet the IT people, slap the incompetence out of them personally. This has nothing to do with the government, budget is always made available in public services for well thought out and planned projects. Unfortunately well thought out and planned rarely happen in the NHS IT world and so they all think they have no budget.

          3 4
          1. Anonymous Coward
            Reply Icon
            Anonymous Coward

            Re: How about

            @ AC, You're welcome to come and try to speak to my team but we will politely sit you down and explain that yes, we've been aware of this issue for years. We told the board four years ago and we've been begging our finance department for funding for the last three years. The IT representative at board level has been begging for us as well. Unfortunately we have a finance director who can't see past the end of her nose (usually because it's buried in the anus of the chief exec), is totally dis-interested in general IT issues aside from "When am I due a new laptop?" or "do you have a spare laptop? My son needs one for a school project" (Yes really)

            Most of our PC estate is only just able to run XP so upgrade to Win 7 or 8 will also incur a huge hardware cost as well (at last count £2.7 million in hardware alone nevermind the cost of licensing which will probably add the same sort of figure). We are a relatively small trust with around 4000 PCs covering a relatively small geographical area. Multiply this by all the NHS trusts and you start to see the problem .

            Please do tell where this mythical budget is available from as I've yet to see any of it. Speaking with collegues from other trusts it is a similar situation there. We are being told "There is no budget". We can't magic hardware or software out of thin air. What in your infinite wisdom do you suggest we do? Oh and I will laugh at you if you suggest open source. I'm not against open source but when you have as many standards, interdependancies etc that we have, open source just doesn't work, no matter how much I wish it would.

            I assure you, this issue is generally not the local IT department's fault but a fault of senior managment/board members.

            Additionally you're welcome to try to "slap the incompetence" out of me but I assure you it won't end well for you.

            AC for obvious reasons.

            18 0
            1. Anonymous Coward
              Reply Icon
              Anonymous Coward

              Re: How about

              2.7 million over the last three years would have stopped you having to spend 2.7 million PLUS the 4.8 million extra support fees. You still need to pay the 2.7 million for new hardware, that hasn't gone away. Had someone in your department produced a proper report including the business risks and costs of inaction compared directly to costs of action you wouldn't be in this mess. Plenty of NHS trusts have taken action so I assure you that the money has been available for those who didn't just whine at the FD asking for shiny new computers because "we need to upgrade innit". Your perception of the situation is based on your trust, mine is based on many trusts across two countries. Your perception is based on your submissions to finance which were turned down, mine were accepted every time.

              3 3
              1. NeilMc
                Reply Icon

                Re: How about

                To my esteemed peers and contributors HollyHopDrive, AC's Various, Akeane, JP19, MJI, Malagabay, Grease Monkey and others.

                Some simple failings of the public sector (including the NHS) which are possibly the most significant contributory factors in this monumental cockup.

                No one is accountable

                No one is responsible

                There are no consequence when things go wrong. (except for the taxpayer that is £120bn of waste per year was the figure reported this week = £4.5k per year per household).

                Public Sector are chronically poor at accurately scoping contracts and negotiating fair value.

                Once contracts are agreed they cannot help tinkering with the solution ultimately creating a frankenstien solution that cannot be economically or technically implemented.

                There is no F in Strategy - that is the NHS has no effing IT Strategy at all.

                Therefore NHS Trusts are able to unilterally invest in IT on a sporadic basis depending on the Trusts view of the value of IT and how its supports patient health or not.

                Often these decisions are made by crusty "consultant types" straight out of a 1950's movie who appear to weald power beyond their value to patient care.

                I personally experienced that on NCRS project which became Connecting for Health which after over selling on the Supplier side, chronically poor NHS sponsorship at the executive level resulting in divisive relationships between NHS trusts and suppliers. To wich the NHS Ivory Tower response was JFDI to both suppliers and trusts.

                However there are other factors which need taking into consideration:

                Microsoft sold a duff product and we should not pay for failure.

                NHS IT and Trust and Central levels should have acted faster inline with product retirement warning which were given in plenty of time.

                NHS central IT strategy should be looking over the horizon and defining standards for new systems that Trusts must comply with before budgets are invested.

                Bottom line private sector corporate accountability and governance is required in the NHS. NHS top brass want the private sector level remuneration but wringle out of the consequences that come with such high rewards.

                We should not standard for this attitude.

                2 1
                1. dogged
                  Reply Icon

                  wat

                  > Microsoft sold a duff product and we should not pay for failure.

                  13 years is a duff product? Since when? Is OSX from 13 years ago supported? (Was it even OSX 13 years ago? I honestly can't remember but I know damn well the answer is "no").

                  What about the open source side of the fence - is RHEL from 2001 supported now? No, and it hasn't been for at least six years.

                  If supporting an OS for 13 years is a failure to you, then MS are your only choice because everyone else has way, way shorter product lifespans.

                  4 1
                  1. jonathanb Silver badge
                    Reply Icon

                    Re: wat

                    The original version of OSX was released in March 2001, XP was released in August 2001.

                    2 0
            2. Anonymous Coward
              Reply Icon
              Anonymous Coward

              Re: How about

              Well said, we are in a similar position.

              People seem to think that local NHS IT teams don't know what they are doing around the migration away from XP. We do!! and wanted to start this 3 years ago but our boards don't and more importantly never released the required funds until very late in the day. ( if at all )

              also the AC who heading over to you can afterwards then head over to us, and attempt to "slap the incompetance" out of us.

              AC for obvious reasons.

              0 0
          2. Adrian Midgley 1
            Reply Icon

            Re: How about

            No actually. Centralised.

            0 0
        5. jonathanb Silver badge
          Reply Icon

          Re: How about

          I believe a lot of the software is browser based, but only works on ie6, which of course is not available on Windows 7.

          0 0
      2. Malagabay
        Reply Icon
        IT Angle

        Outrage...

        Many people would be outraged if VW didn't service [or supply spares] for the Golf Mk5 [2004–2008].

        If you are investing in "infrastructure" you are looking for a long term return on your investment.

        If you are investing in "durable goods" you are looking for a medium term return on your investment.

        If you are spending on "nondurable goods" then you are just consuming goods with a lifespan of less than three years.

        Vista - 2006, W7 - 2009, W8 - 2012.

        Microsoft Windows is [therefore] a "nondurable good".

        This makes Windows a "nondurable bad" in the context of IT infrastructure and as an IT durable.

        Therefore, there is only a negative "Return on Capital" when you "upgrade" from XP to W7/W8.

        It appears [within the context of Microsoft Windows] that the phase "IT Professional" is an oxymoron [and should be replaced with the handle of "IT Consumer"].

        Replacing one set of [unknown] XP vulnerabilities with another set of [unknown] W7/W8 vulnerabilities doesn't make you more secure... the chances are it will make you less secure in the short term... and it will definitely make you poorer in the short term.

        The maturing IT market seems to be moving towards free software with affordable support costs... the big money is being made via the volume licensing of patents...

        The real world is slowly changing... unless [of course] you are one of those "IT Professionals".

        20 3
        1. Slawek
          Reply Icon

          Re: Outrage...

          You seem to live in a strange place where a fix to (extremely unlikely of course :-) ) bug in FOS never introduces another one, and generally new releases never introduce new bugs. I am afraid it is not planet I live on.

          1 0
      3. JP19
        Reply Icon

        Re: How about

        "I've only just got over the shock of my Star dot matrix printer not having any drivers released for Windows Me."

        You don't quite seem to have grasped that there is a difference between adding new features to a product you bought and fixing defects.

        A vulnerability in XP which leaves it open to attack is a defect which should be fixed free of charge regardless of how long it took to discover. That the NHS is even considering paying Microsoft $1200 per machine to do this for 3 years is ridiculous.

        5 4
        1. akeane
          Reply Icon

          Re: How about

          Exactment mon generale, if MS had not sold a defective product in the first place it wouldn't need to keep updating it every 5 minutes, at least certain nefarious charcters give you the first hit for free...

          They should go back to MSDOS 6.22, at least Quake and Doom run properly :-)

          3 5
  2. Red Bren
    Windows

    As a UK taxpayer...

    As I'm helping to pay for this, I'd like a copy of the patches for my XP box.

    30 0
    1. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Re: As a UK taxpayer...

      as a uk taxpayer you should be more worried about the costs that HMRC might expose you to, given their xp kit hasn't got an arrangement like this.

      2 0
  3. Grease Monkey Silver badge

    Or maybe the NHS should have replaced a 12 year old OS by now?

    @MJI it's no good blaming MS. They told the NHS and everybody else years ago when support for XP would end, they've had plenty of time to plan for it. Instead in typical public sector style they stuck their heads up their collective arse and hoped the problem would go away. Now they are panicking. Do Apple still support OS X Cheetah? Nope. If you want continued support you have to pay to upgrade to a later version of OS X. Is anybody complaining that Cheetah isn't supported? No? Strange.

    7 7
    1. returnmyjedi
      Reply Icon

      One large NHS teaching trust near me is running XP via Bootcamp on OSX Tiger, with no signs of upgrades to either anytime soon.

      2 0
    2. MJI Silver badge
      Reply Icon

      This crap with OSes

      If they work they work, new ones stop supporting your software, to be honest it is just a money making machine.

      And I also blame MS for the following though.

      1) Pushing people to use web apps using IE6 exclusive features. Then not supporting it with newer OS.

      2) MS for dropping MSDOS application support from Vista and newer.

      Since XP could run

      1) Web apps written for IE6

      2) MSDOS apps

      3) Windows apps

      It has stuck around longer than it should.

      I cannot think of anything MS removed say from Win 95 to Win 98 OSR2, nor from NT4 to Win 2000 to Win XP.

      I work as a developer in IT and I am now counting the years to retirement and it cannot come quick enough!

      9 2
      1. Grease Monkey Silver badge
        Reply Icon

        Re: This crap with OSes

        "If they work they work, new ones stop supporting your software, to be honest it is just a money making machine."

        I hope you're being humourous. If they work, they work. Right up until somebody finds a security hole.

        The grim reality is that the bad guys are already at 100% trying to find new flaws in XP, but if they find any they are not going to exploit them until after the april deadline. They don't want to give MS chance to fix them before that massive installed user base loses it's security fixes.

        You're right XP won't suddenly stop working in april, but it will become increasingly vulnerable after that date which could be just as bad as it stopping working.

        0 0
        1. MJI Silver badge
          Reply Icon

          Re: This crap with OSes

          No it isn't.

          MS do remove features, this does stop legacy software from running.

          What are operating systems for?

          Enabling the user to run their programs. So if MS disable features it is their fault!

          1 0
          1. Not That Andrew
            Reply Icon
            Joke

            Re: This crap with OSes

            Yeah, damn those barstewards at MS for removing Rosetta and Carbon from OSX!

            1 0
  4. Crisp

    With all the managers at the NHS now

    There is really no excuse for them not maintaining their IT systems.

    4 0
    1. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Re: With all the managers at the NHS now

      Where I work we have approximately 80% of the IT department with manager in their job title.

      I'm not sure how most of them manage to get out of bed in the morning though, never mind somebody having the organisational skills to upgrade an operating system across 6000 PC's.

      I can't defend this, but the fact of the situation is that the XP upgrade is simply not a priority at the moment. IT within the NHS reacts to situations, and are rarely proactive in my experience. When security is breached, then it'll be all hands to the pumps .

      2 0
      1. Grease Monkey Silver badge
        Reply Icon

        Re: With all the managers at the NHS now

        "I can't defend this, but the fact of the situation is that the XP upgrade is simply not a priority at the moment. "

        At the moment? What about several years ago?

        The problem with the style of management prevalent in the NHS is that things are never priorities until after they become emergencies.

        0 0
  5. JonW

    "We spoke to an IT operations manager at one major NHS trust who struggled to recall being contacted by central government on the end of Windows XP."

    There's a man who earns his salary....

    6 0
    1. Steven Raith
      Reply Icon

      There's a man who wants instant dismissal on the grounds of incompetence, causing massive financial loss for the organisation.

      But that won't happen. He'll get an RPI busting pay rise and probably a fucking promotion.

      This is how national and local government works once you get beyond 'shop floor' management.

      Steven R

      1 0
      1. Grease Monkey Silver badge
        Reply Icon

        He's an IT Operations Manager and he doesn't think it's his job to know about the end of support for an operating system widely installed within his organization? That tells us an awful lot about the standard of IT "management" in the NHS.

        1 0
        1. Mark 65
          Reply Icon

          No shit. I want onto this gravy train. Sounds like you can make good money showing even the slightest hint of competence.

          0 0
  6. Anonymous Coward
    Anonymous Coward

    Crazy, but with those figures, adding in the US and other countries that still use XP and will pay for extended support, can Microsoft actually make more money on supporting XP than windows 8? Is there a way to compare in a year?

    6 0
    1. cambsukguy
      Reply Icon

      @taylor 1

      Obviously getting £200 per unit for a year of support when huge numbers of units will get the same support/fix is better than getting (say) $50 for a Win7/8 licence and then having to support that for free for ages.

      They already have infrastructure to deploy the general fixes, they will just vastly reduce the number of servers needed to accomplish it, probably allowing them to avoid adding servers to their system for ages.

      And, if they get the next year as well, easily possible, they get £400 per unit, which is a huge sum per machine.

      MS are almost certainly hoping that many don't upgrade since they won't upgrade to MS hardware like a Surface.

      0 1
    2. Ken Hagan Gold badge
      Reply Icon

      This is almost certainly true. Microsoft will develop all the patches anyway (because XP embedded and Server 2003 are both still in support) and merely have to make them available. Whatever they charge is pure profit.

      But like the other million guys said, this situation isn't exactly a surprise and someone in the NHS has either failed to make the cash available or failed to spend it on avoiding this problem. My guess is that the people responsible will stay in their do-nothing jobs for a few more years, pick up some gongs and then retire on a final salary pension.

      1 0
  7. Uffish

    Balmer for the win!

    Microsoft can make good some software but its real talent is in business. They are going to make a fortune, worldwide, out of closing down an old, obsolete product. Sheer genius.

    6 0
    1. NogginTheNog
      Reply Icon

      Re: Balmer for the win!

      To be fair, you can't say Microsoft hasn't been trying to get people to buy the subsequent THREE operating systems it's released since XP for a long time. The fact that two of them were pants might be a factor, but they have been trying really hard to get people on to them all the same!

      4 1
      1. MJI Silver badge
        Reply Icon

        Re: Balmer for the win!

        Now if these new operating systems were not losing features there would be a point, but the problem is that XP was an Apex in MS OSes.

        3 1
        1. dogged
          Reply Icon

          Re: Balmer for the win!

          What features? Exactly what features?

          Itemized list, or one might be justified in assuming that all your obections are similarly yanked out of your arse.

          2 7
          1. MJI Silver badge
            Reply Icon

            Re: Balmer for the win!

            Here goes, these two have caused us along with many other people issues.

            1) Full screen DOS mode in Vista also followed with 7, some DOS executables run in various VGA graphics mode to provide more lines per page. Fixed by using XP instead.

            Why MS are bumholes

            2) Removal of NETBIOS, this stops a lot of applications which rely on it for inter program communication.

            This is an example

            There you go two pretty serious issues, and we still have a couple of customers unwilling to update so they HAVE to stay on XP or earlier.

            3 1
            1. David Barrett
              Reply Icon

              Re: Balmer for the win!

              Not sure that including no dos support will help in an argument which is focused on the issues from being tied to.old software....

              1 1

Page:

This topic is closed for new posts.

Other stories you might like