I can't agree with this more.
A client straight up failed a PCI compliance audit, replete with daily fines, for using 10 Enterprise. They decided to pursue legal measures against MS for false claims.
I really hope this gets elevated because reverting to win 7 is a solution with a short life span. The other solution is to rebuild infrastructure on top of a different platform but that's prohibitively expensive.
> The other solution is to rebuild infrastructure on top of a different platform but that's prohibitively expensive.
The more Microsoft degrades their viability for enterprise computing, the more market pressure will build (I think) for a different platform infrastructure.
If / when the market reaches that tipping point, the schadenfreude will be overwhelming.
To preface to avoid what might otherwise seem like a bias toward defending use of Windows: I'm a free software activist, a GNU maintainer, and do extensive volunteer work for GNU and the FSF.
It's not fair blame. Many companies simply go for what works and throw money at the problem. Windows historically has excellent support from a large number of third parties.
The other problem is third-party software. I work for an insurance company. The system that they use for managing everything---policies, accounting, brokers, etc---is tied to Windows. This is a specialized program---there are only a few of them that exist, and none as sophisticated as the one this company uses. This system has been responsible for not only tying the office to Windows, but holding us back from upgrading---for the longest time we couldn't even get off of IE6 because it didn't support anything higher.
I'm able to do 99% of my work within a GNU/Linux VM. But on rare occasion, I need to use that system, and it requires Windows. Everyone else in the office---the majority of the company---requires Windows. This is a system that the company has invested many millions of dollars into.
So while we can do our best to inform others, perhaps before they make these critical business decisions, it ultimately comes down to practicality for most businesses. Yes, they may pay for it. Yes, they're taken advantage of, have issues with vendor lockin, etc, but unless you travel upstream and liberate those systems or provide suitable replacements _that the business is confident will have support for years to come_, there's not much to do.
I'm not defending the situation; it's terrible. But sympathy _should_ be had, because there's much to lament, and much room to help.
> Many companies simply go for what works and throw money at the problem
So they went with the easiest option and now they are locked in due to lack of forward planning. Their own short term planning is to blame.
With the third party software you mentioned, how long have the relied on it and have they don't absolutely anything to mitigate this reliance? My guess is that they've done nothing or worse, written a bunch of integration points on top of the software that makes it even harder to replace.
One day the company providing that software will jack up the price and you'll be forced to pay it. Again I'll have no sympathy because the company has done nothing to unlock themselves.
Heaps of server side tools are truly cross platform, but I was talking about avoiding proprietary platforms in the first place, which means no windows, or at least no windows tech that doesn't conform to open standards.
Typically business will build there own software on top of MS (or oracle, or <insert cloud platform>) tech as well, locking them in further to several years of "investment".
Yes, Mozilla and FSF in particular. They don't try to gouge me with new versions or price discrimination either, unlike "oh you need the pro version for that" windows.
Wait, why was your client running a desktop OS in-scope?
Every PCI zone I've seen is just servers (Windows Server and Linux). Does the client store card data on desktop machines?
Generally, you'll have a locked-down portion of your infrastructure be PCI-compliant, and that's the only place card data is stored or entered. That reduces your scope and costs.
