Earlier this week, my phone rang. I looked at the Caller ID. It was from a neighbor in the community. Since I was writing, I ignored it. Next came a text from the same guy: "Please call me." Like I said, I was working, so I ignored it. Then came a succession of text alerts on my phone. I turned off my phone, and finished my article.
When I finally looked at my phone, there were three scrolls of alerts, all from Fred. I don't know Fred all that well, but we often bump into each other around town and at events. He normally seems like a cheerful, calm sort of guy. Not today.
I listened to his voicemail message, where he sounded like he'd been crying. "We're done, Dave. Don't know what to do. [Expletive] computers."
It was a busy week, but it sounded like he was genuinely desperate. I reluctantly decided to get involved.
I called him back. "Hey, Fred. What's going on? You sound upset."
"Dave, can you come over? I think we might be done for. If there's a chance..."
Fixing computers is not my favorite thing. But I'd been inside all day and getting out would be nice. So I headed over to his office.
What I walked into seemed more like a war zone than an office. A cluster of workers were staring at a chunky old LCD monitor. They looked like they'd seen a ghost.
Here's what I discovered. Fred's service business has 20 PCs, all more than a decade old. He's still running Windows XP. He's been hit by malware before, but antivirus fixes have always bailed him out. This time, it was ransomware. This time, he wasn't going to recover quickly, or cheaply.
Fred was running XP for a few reasons. His hardware was running solidly, he didn't want to pay for a set of Windows upgrades (remember, the free Windows 10 upgrade didn't upgrade Windows XP), and he couldn't afford to buy new machines.
But this was a Rubicon. The ransomware he'd been hit with didn't have a decryption tool. He did have his original XP disks, and was prepared to do a fresh install, but given the rate at which malware was blasting through the now-unsupported OS, he'd be down again in no time.
Now, he was facing a no-win situation. He didn't have the credit, or the bank balance, to replace all of his machines. He could, theoretically, lay off a chunk of his staff, and use that money to upgrade fewer machines. But then he wouldn't have the staff to run his business. From his perspective, he was doomed.
There are a lot of small business owners in Fred's position. They are limping along on dangerously out of date hardware and software, because they just can't afford to rip and replace. It's not like the hardware isn't working. He has a bunch of old machines that were built like tanks. Windows XP is essentially unprotected. He, and many small business owners like him, are a target-rich environment for bad guys.
See also: Is that a PC on your desk? | Linux Mint 18: The best desktop -- period | US government is spending billions on old tech that barely works | In a world of free operating systems, can Windows 10 survive? | Build a $400 Windows 10 PC
Here's the thing: it's wildly dangerous for Fred to run XP anymore, especially since he's got employees actively going online. But that doesn't mean his hardware can't be used. That old hardware will run Linux quite nicely.
Linux is much more secure than Windows. As my colleague Steven J Vaughn-Nichols pointed out, Linux was "designed to work in environments where other users are on the same box." Therefore, Linux has some intrinsic security elements, simply as a matter of user-based security.
The installed base of end-user Linux distros is considerably smaller than Windows, so it's not as much of a target to hackers. Since there are so many variations out there, it's also hard to predict the version that's being used. That makes it harder for an attacker to dig in and find a vulnerability.
For end users, Steven recommends Mint. He says Mint 18 is the best desktop Linux version, full stop. My recommendation to Fred was to run dban on his drives to make sure they're completely clear of nastiness, then install Mint desktops.
Fred doesn't run anything unusual or custom on his machines. His employees go online to a few SaaS providers they use. He had some machines running Office XP, and a few running Office 2003, mostly for Word and Excel.
I recommended to Fred that he consider using cloud-based services like Office 365, or Google's G Suite. Alternatively, if he wants to avoid a monthly expense (and, with 20 seats, that can start to get expensive), he can simply install LibreOffice. That will give him all the functionality he needs, for exactly the price of free.
He doesn't care what browser he uses (although he's been living on IE), so I suggested he run Chrome on Mint. Chrome will import IE bookmarks.
Another choice, if he wants to run everything from the cloud, is to use a Chrome OS variant called CloudReady. This would get him an almost zero maintenance environment for his users, but he would be limited to keeping pretty much everything in the cloud. Steven also pointed out to me that there are some differences between CloudReady and the full Chrome OS, so that might be a snag.
Fundamentally, my recommendation for Fred -- or any other small business with a lot of old, solidly working machines that need modern-era safeguards -- would be this: dban them, install Mint, and then install Chrome and LibreOffice. It would be a substantial upgrade, it would be secure, and it wouldn't cost anything other than a little time.
You can follow my day-to-day project updates on social media. Be sure to follow me on Twitter at @DavidGewirtz, on Facebook at Facebook.com/DavidGewirtz, on Instagram at Instagram.com/DavidGewirtz, and on YouTube at YouTube.com/DavidGewirtzTV.