Jay Butler, Senior Support Consultant

Question: Windows Vista has been available for some time now. Should we upgrade all of our existing workstations?

Answer: In my opinion, the answer is almost always “no” because the significant expense does not justify the relatively moderate gain. If you have not already, I do recommend you acquire at least one new Vista machine now, and install it on your network along with all of the core application software found on existing workstations. Thoroughly test it out like this to prepare for the inevitable. Soon, Vista will be the only Operating System you can get on new machines.

New machines avoid the expense of difficult, time consuming upgrades. Vista requires new drivers for existing machine components, and many vendors have been slow to provide reliable ones. An existing machine that is not powerful enough to run Vista effectively will require hardware upgrades to take advantage of its improved interface. Existing software may not work after upgrading a machine, so it would have to be reinstalled. I think it is better to spend the time performing a clean install on a new machine.

A main theme of Vista is protection from malware like viruses and spyware; however, you should already have very good defenses in place. Most networks we install and support have several defense layers that include the Reflex intrusion prevention appliance and the intrusion prevention components found on SonicWall firewalls. In addition, most (if not all) of the networks we support have at least two layers of effective virus protection:

  1. Antivirus software like GFI Mail Security or Symantec Mail Security that runs on the mail server to scan all incoming/outgoing email before it arrives on a workstation.
  2. Antivirus software that runs on every machine constantly scanning any files as they open. The newer versions of this software typically also protect from Spyware.

Because your network is most likely already well protected, the security improvements in Vista offer only minimal gain to your overall security posture. There are a few other security enhancements like the ability to encrypt the operating system in the Vista Ultimate edition. Again, any existing laptops should already have full disk encryption. If you look more closely at Vista, you may find a number of other security improvements. For differing reasons, I don’t believe they create enough benefit to justify the cost of upgrading at this time.

Another main factor with Vista involves the typical learning curve inherent with a redesigned desktop operating system. Users will need training in order to use Vista and to take advantage of its new features. Technicians and Administrators also need time to become experts with Vista even where training is provided to them. Implementing Vista slowly allows the cost of the learning curve to be spread out over time.

In short, upgrading all your machines to Vista at once would be a mostly unnecessary and very expensive endeavor. There are better places to spend the resources; take a look at Exchange 2007 and the upcoming Windows Sever 2008 instead.

Please send your question to askjay@safesystems.com.

Write a Comment