most every hospital and doctors office i have ever seen uses Windows XP be afraid.

At least they're not using Windows 95 or 98 I guess. XP's more stable than those OSes.

95 i think has less vectors of attack...

Why is this automatically and always a problem? Do you know for sure that those computers are connected to the Internet? Do you know for sure that J. Random Hospital Person logs in as local administrator? Do you know for sure that s/he carries around USB drives and inserts them into the computers?

Risk only matters if there exist threats. In most cases, those machines are running software specifically coded for XP. The machines aren't connected to or have no route to the public Internet. They are often contained in a network separate from that used for hospital administration. Many ordinary functions are disabled by policy. External devices are blocked. Users log in with minimal privileges.

Think about how many Linux boxes are still running some form of 2.6 kernel. In fact, I bet the router in your home network falls into this category. Anything other than the latest 2.6 is riddled with holes. Why aren't you throwing away your router?

I think some people (ahem, lol) are a little too knee-jerky critical ... the universe of ER/operating/recovery/etc. software is not exceptionally vast. It's not like hospitals decide on XP first, everything else later. They choose the applications that work best for them, and then the OS and hardware decisions follow.

Really? Yikes. 95 was awful for crashing. I used to curse BSODs so often. I'm really surprised I didn't go Linux much sooner. I think there were some Red Hat distros back then. I have no idea how good they were. I did resist Windows for a long time. I used DR DOS and later Novelle DOS for a long time before finally going for Windows 3.1. When I went to install it over DR DOS, however, I got some kind of message about incompatibility. I ended up going for MS DOS to get Win 3.1 to run. I later learned that the incompatibility was BS. Microsoft deliberately programmed in a refusual to run Win 3.1 under DR DOS. Digital Research issued a patch that fixed that, but the damage was already done and this was pre-Internet, so I didn't find out until much too late. That was just one of the many things that I've made me hate Microsoft. If I had had more money back then, I probably would have gone for a Macintosh.

I know for certain that they're networked and that Linux is more secure for that. I also know that the software they're running was specifically designed for the VA. There's no reason on this earth that it could not have been written for Linux.

I didn't say there weren't networked. Read again what I wrote.

Please don't misunderstand... I am not attempting to defend any particular corporation or institution here. I'm simply encouraging everyone to think more carefully before repeating popular opinion. There are often many more factors that enter into these decisions than are apparent on the surface. Since none of us were actually part of the project team, we really can't know.

I didn't misunderstand you. I know you're aware of their network. My point about that was that a Linux-based OS could serve that network better, since Linux is extremely well designed for that. None of us here know for certain what went on behind closed doors when the VA was deciding on what type of networking system to use. What I strongly suspect is that neither Linux nor Macintosh was even considered. Microsoft operating systems appear to be the default choice. There's an attitude that Microsoft is IT and that it's never even worth considering something else. I wouldn't be surpised to learn that they hired an IT outfit that chose Windows for them simply because that's what they knew how to set up.

Like I said, we can't know for certain how things were chosen, but I would be willing to get you've run across the attitide I speak of, that of never considering anything other than MS products when, in fact, something else could be a great choice. I'd bet you'll concede they could have set up a teriffic network with Linux that serves our veterans well. And they could have done it cost effectively.

Theyre probably running XP still for the same reason that so many other places are still running XP: the cost of upgrading is enormous. If they upgraded to a modern Windows version, they would also have to upgrade their hardware because machines from the XP era usually cant handle todays heavy weight Windows versions. How many computers do you think are in the hospital? Thats a large chunk of change. Plus they would also have to pay IT to get it all done, maybe train employees to use the new software etc.

If they went to Linux, they would first have to port their software to Linux, which would take a lot of IT man hours. They might be able to get away with running a lightweight Linux distro on their old hardware so they could save some money there, but initially employee productivity would probably drop and they would have to spend a lot of money in training them to use the new software.

I would personally stop worrying about the software that other people are using. I see businesses running XP all the time. If they dont want to upgrade to something else, then they dont have to. Also, like Steve said, security has a lot more to do with user behavior than OS so who knows how safe their installs are without knowing the specifics of it and without knowing how the employees use the machines.

One more thing: You are right about the human equation being the most important security concern. My veteran friend was extremely upset when he learned that any clerk at the VA could pull up his medical records, that that access wasn't limited to doctors and nurses. He's currently raising hell over that. No operating system or security program can compensate for bad practices.

My company used win2k until about 2011. We were on a vpn with dialup access, certificates et al... Our mobile routers would only allow one appliance on it, and that appliance had to register with the router. Our software was specific to our jobs.

We upgraded to win7 and our software was ported over. And became trash for about a year. We couldn't connect, routers were kicking appliances, timekeeping and daily uploads crashed. Truck inventory was lost.

Can you imagine if that happened at the VA?

BTW, I work for a VERY large national home service company with millions of dollars spent on IT, the upgrades and upkeep.