NT4 security support warning issued

If you can't afford $200,000 per year for Microsoft support, it could be time to look at some extra security measures, according to Gartner

Businesses still running Microsoft's Windows NT4 server have been warned they may need to increase intrusion detection and firewall security after support ends for the platform from 1 January 2005.

Microsoft's decision to extend support means that for $200,000 per year customers can buy "custom support" for NT 4 server until the end of 2006, which also includes security patches for the important and critical vulnerabilities.

But those not taking out custom support will only be able to receive patches for critical vulnerabilities for worms on the scale of Sasser and Blaster. Analyst Gartner has warned that as only the bigger customers are likely to stump up the flat $200,000 custom support fee, it will leave thousands of smaller firms on NT 4 server effectively without security support for the platform after January.

In a research note, the analyst said: "Evaluate the vulnerabilities encountered in 2004. Determine what security problems impacted the business, other than Sasser and Blaster, and expect similar vulnerabilities in 2005. Until migration from NT4 is complete, implement proactive security protection plans, for example, host-based intrusion prevention and firewalls."

Ben Booth, IT director at Mori and chairman of UK user group Elite, said for the few firms still running NT, migration is just an issue they have come to accept.

"Everyone realises you have to keep moving [versions] and that means hardware and software refreshes probably before it is necessary in business terms."

One option for customers is to look for custom support from a Microsoft support partner. Gartner said that, for example, a hardware manufacturer might be willing to discount aggressively if it can gain a large competitive win or keep a competitor out.