Horse Sense #132

Why Government (and Many Businesses) Should Pass on Windows 10 for Now



Making the Windows 10 Upgrade "Convenient" is Troublesome for Businesses and Governments

Once you become eligible for Windows 10, your pre-Windows 10 machine will often start downloading the code to install it. It will do this even on many business networks that theoretically should only initiate the upgrade when an administrator triggers it. Reports indicate that machines do not even have to specifically request an upgrade reservation. The massive Windows 10 upgrade will put stress on your network and your critical link out to the Internet. You will know if this has happened if you have a $Windows.~BT hidden directory on your machine which has 2-4GB of files in it. Machines cannot actually *use* any of this code, though. It is just there waiting someone to decide to upgrade the machine. If you have a machine that is short on disk space, these extra files can cause performance and reliability to suffer or even trigger a system failure. Backups, especially image based backups, will take longer and require more space because they will be backing up those gigabytes of cached files, increasing ongoing maintenance costs.

Once a machine downloads the Windows 10 upgrade code, it will also provide it to other machines on your network or on the Internet (the default behavior). We recommend you turn this insecure capability off by following *new* instructions we have posted in Horse Sense 130. Microsoft is not the only company putting installation files on users' machines for convenience. However, it is the only one I know of also using users' machines to also deliver such files to other machines. Microsoft has some detail on this feature here: http://windows.microsoft.com/en-us/windows-10/windows-update-delivery-optimization-faq

*If* you have completed an upgrade and are happy with it, you can feel safe removing hidden file folders labeled $Windows.~BT, $Windows.~WS, or Windows.Old. These folders contain installation files or copies of your old Windows installation. You will no longer be able to revert to your pre-upgrade state unless you took our advice and made an image backup you stored somewhere, but it will otherwise not harm you one bit to remove these files. In fact, you should regain gigabytes of "stolen" hard disk space as well as higher reliability and better performance. Depending on the manufacturer, your original factory installation files may also be on the machine in a directory most commonly named ESD. You can also remove those files.

Even if you do remove the Windows 10 installation files, but have not upgraded yet, $Windows.~BT may reappear because Microsoft thinks it would be helpful for you to have the files there for the upgrade. You have to stop the process that creates this upgrade directory.

Windows Update will show your pre-Windows 10 machine failed to upgrade to Windows 10 a failure to upgrade your machine to Windows 10 every day on many older machines, even though it is not supposed to even try unless you trigger it manually.


Why Government (and Many Businesses) Should Pass on Windows 10 for Now

My government clients are not unique in their business needs, so many of the comments that follow will apply to businesses of all sizes.

Governments want you to give them your information, but they do not want to be giving private companies information they are not entitled to get. They want to keep tight control over what goes over their Internet connections. Many networks do not even *have* direct connections to the Internet for security or other reasons.

Windows 10 has thinking that does not work for government and many businesses:

-Would you want machines on a secret network thinking they should be contacting the Microsoft mother ship for updates?

-Windows 10 *assumes* a connection to the Internet. What if you do not have or want such a connection?

-Would you want machines that are tools for people who deal with secret or proprietary information sending information about web requests or the questions they ask Cortana to Microsoft?

-Would you want hundreds of Windows 10 machines with their default applications all trying to download or upload information?

-Would you want your medical device, ship or car to install a software update the hardware manufacturer had not had time to test yet?

-Would you want your machine to store and transmit updates to others as Microsoft (not you) see fit?

-Would you want your laptop to connect to any old wireless network in sight?

If Windows 10 makes it into the government market, the government will have to be able to remove and/or reconfigure large chunks of the operating system. While Windows 10 can do a lot of things locally, but Microsoft thinks it should not only be connected to the Internet, but be sharing your stuff with them and using their "out there" resources all the time. Windows 10 as it currently exists will not meet the basic security requirements of many governments or companies, even without the very insecure Express Configuration choices I recommended against in earlier Horse Sense articles.


Will Government Cloud Adoption Hurt Windows 10?

Windows 10 sales may suffer because governments are just beginning a huge transition to the cloud. Smart terminals and PCs connect to software and services provided by Amazon, Google, Microsoft and other cloud providers. The "desktop" does not matter much to them. As long as you have a device with a browser or can run a few small applications they provide, you can do your work. In a way, we are going back to the "green screen" terminal days. The device you interact with is considered dumb and cannot do any real work without connecting to other machine(s) that do all the work. The pendulum is swinging back to the unseen processing resource in an unknown basement somewhere.

Cloud service providers are touting good performance, reliability, and security while offering higher flexibility, lower costs, fewer physical assets, and lower ongoing maintenance. This sounds great to governments and businesses that do not care where the work is done, just that it can be done. Governments will have an irresistible desire to punt all of their compliance and other computing headaches into the cloud. Cloud is sexy. It sounds good. It allows government agencies to force legislatures to pay for unfunded mandates like computer support and security they will not pay for now by moving them to the cloud and setting up new contracts. And, if there is a breach or an issue, you can always point at the contractor.

So is there a catch? Giving all the tools you have to use to do your work to someone else and then renting them back is not the smartest plan, but it likely *will* be the plan many governments and even some larger corporations adopt. After all, government will get *smaller* that way, right?


The Cloud Will Not Conquer All

Desktop computing and Windows 10 are not necessarily dead. Government loves its data. That is a problem if you have to move that data either to or from the cloud. Storage capacity is doubling every 13 months, but Internet connection speeds are doubling every 22 months or more. For government users who deal with very large amounts of data, it is cheaper, faster, and often more reliable to send physical media via the postal service or courier than to try to transfer them across the Internet or a dedicated government network.

We will still have a need to do disconnected and sporadically connected computing. The Internet/Cloud is not the be all/end all of existence no matter what the marketers say. The very short track record of many cloud offerings suggests you might want to tread carefully. There have been many major outages among cloud vendors. There have been enormous security breaches. Some cloud vendors have failed entirely, with little notice. When a cloud vendor fails and takes all your business information with it, that is a problem. Everyone likes the "magic pill" idea. The cloud will not solve everything. Building something really dependable in the wild west of the Internet is *possible*, but there may be less risky local processing alternatives. This is one reason why you see people now promoting hybrid and private clouds. Punting your security, management, and other issues to someone else is not OK. In the end, governments and organizations will be responsible for the choices they have made and outsourcing a key corporate competency can put you at a severe disadvantage.

My government clients complain how their IT contracts limit their ability to do what they think they need to do. A government agency has a mission. Contractors want to make money and hopefully lock in agencies so they have to spend more and more over time. Government and contractors need one another, but outsourcing all you can or keeping everything you can in house are both bad long term bets. There needs to be a balance. Governments are at a disadvantage, though, as their own staff generally cannot lobby while business can go directly to their representatives and ask for a greater private presence in government. The sexiness of cloud offerings will appeal to legislatures who will send their governments into privately owned cloud offerings. Once there, a government may have trouble finding its way back....

[By the way--Cloud to a networking person like me was where your network got out of your control and depended on someone else. It was the edge of your world where you sailed off and there might be monsters. The cloud has been around forever, but it has become a marketing buzzword of little meaning meant to generate excitement, like the word sale. Forget cloud and think of what you need to do. It will be less confusing and you will be happier.]


Windows 10 Sales Prospects Look Dim

Assume governments still think desktop computing is still a viable way to do things, even with a sexy cloud available. Microsoft is *still* vulnerable even in a distributed computing world. Since Windows 7, Microsoft has failed to deliver an operating system that business users like. Microsoft hopes businesses will like Windows 10 *and* that it will also be successful on phones and tablets. Unfortunately, Windows 10 in its current form is unlikely to gain wide corporate or governmental adoption, at least not if the security people have any say. The throw everything in (no roles) mentality will also make Windows 10 a hard to secure resource hog on resource strapped phones and tablets, so I do not see Windows 10 making great inroads there, either, at least as it is now architected.


Competitors Are Making Windows 10 Less of a Sure Thing

Apple and Google are unlikely to go after the PC market. They both do well producing software and hardware for phones and tablets that primarily consume information rather than produce it. They are not targeting the business user. Their code is small and works well on less powerful processors and with less storage. They require less bandwidth for their applications. Microsoft is unlikely to take much market share away from these companies. Apple and Google are making huge sales into educational markets with not only tablets, but also with smart terminals and laptops that are unsuited for standalone, local processing, or disconnected use. These devices are displacing large numbers of Windows devices.

Microsoft used to be the only game in town when it came to production devices like desktops, laptops, and servers. Unfortunately, Microsoft will have problems here as well. For security, manageability, cost, transparency, and other reasons, governments are moving away from Microsoft to LINUX on their equipment. Any government looking at moving to the cloud will likely have to accept the use of non-Microsoft software providing necessary functionality. Your "desktop" in the cloud might well be provided by LINUX.


Still Unsure of What All This Means for YOU?

There is no one size fits all. Call on us and we will help you work out what is best for you.


©2015 Tony Stirk, Iron Horse tstirk@ih-online.com