Security Market Segment LS
Saturday, 25 December 2010 09:38

Windows SteadyState isn't in a steady state'”Hurry up, it's withdrawn year end 2010


Microsoft giveth and Microsoft taketh away. After handing out the pre-Christmas 2010 gift of Microsoft Security Essentials 2.0 they're doing the exactly opposite with Windows SteadyState which will not be available for download after 31 December this year. This puts Windows XP and Windows Vista users of this handy management tool for shared computers into a bind '” but it doesn't affect Windows 7 users because they can't use it anyway!

Windows SteadyState is not a tool that I've never had a need to use. It's intended for an environment where computers are shared, such as schools, Internet and gaming cafés, libraries, and community centers.

It eases the computer management burden on owners, teachers, or other non-technical personnel tasked with managing shared/public computers on top of their many other job responsibilities.

As explained by Microsoft on the Windows SteadyState 2.5 download page:

Managing shared computers can be difficult, technically challenging, time-consuming, and expensive. And what's more, without system restrictions and protections, users can inadvertently change the desktop appearance, reconfigure system settings, and introduce unwanted software, viruses, and other harmful programs. Repairing damaged shared computers can require significant time and effort.

Windows SteadyState provides a more effective way to help defend shared computers from changes by untrusted users and unwanted software installations. It can also help safeguard system resources.

User privacy is also an issue for shared computer environments. Shared computers often use shared user accounts that make Internet history, saved documents, and cached Web pages available to subsequent users.

All very true, but there's some bad news for current users:

Windows SteadyState will continue to be available for download through December 31, 2010. Support for Windows SteadyState will continue to be available through the Microsoft Knowledge Base portal through June 30, 2011. This announcement does not affect your right to continue to use Windows SteadyState.

So hurry up, you've only got a week left to download SteadyState, if you haven't yet got it and want to use it on your 'genuine' copy of Windows XP or Windows Vista.

But what about users of Windows 7?


For reasons best known to themselves, Microsoft decided not to allocate resources and modify SteadyState to work under Windows 7.

According to Windows Secrets writer Yardena Arar, this Microsoft decision puts public libraries at risk since 'Millions of Americans depend on libraries, Internet cafés, and other public locations for their connection to the Internet, and keeping these points of access safe from hackers is especially difficult.'

She explains how SteadyState works and the benefits to people who have to control such publicly-accessible Windows systems, then goes on to say: 'Microsoft has made that challenge even more difficult for many public libraries. The company announced it would not upgrade the free application, SteadyState, to Windows 7 compatibility, angering many of the folks who manage public-access PCs. People who manage library PCs say they don't have money to pay for third-party products that protect public PCs from malware and malicious users.'

Microsoft, she says, has declined to an interview with her, and has not given any technical reasons why SteadyState is incompatible with (and so hasn't been enhanced to support) Windows 7:

The company provided, via its public relations firm, an e-mail response attributed simply to "a Microsoft spokesperson"

"Microsoft is always investigating customer requirements and continually explores opportunities to meet customer needs in product offerings. Part of that process is prioritizing features we put into our products and making tradeoffs on what to support.

"For many organizations, the use of Group Policy and System Restore functionality provides the ability to manage and reset their PCs as needed; as a result, Microsoft will not be updating Windows SteadyState to support Windows 7. Organizations that require the extended functionality beyond what is offered within Windows 7 should explore third-party products which provide comparable functionality to Windows SteadyState."

It looks like a rather lame excuse coming from a vendor with the vast development resources of Microsoft. Having to use Group Policy and other Windows systems management tools is quite a way beyond the experience and skill level of most librarians, schoolteachers and the like.

As I said earlier I don't have any experience in this area, so let me ask iTWire readers tasked with responsibility for shared/public PCs whether or not they've been using Windows SteadyState, and what they've done (or plan to do) when moving to Windows 7.

Do you use free or paid-for third party tools equivalent to SteadyState, or what?

Do you use any of the protective techniques mentioned in Yardena Arar's article or the associated Windows Secrets discussion forum?

Please share your knowledge and experiences in the iTWire comments area, to the benefit of other iTWire readers facing this shared computer challenge?

WEBINAR event: IT Alerting Best Practices 27 MAY 2PM AEST

LogicMonitor, the cloud-based IT infrastructure monitoring and intelligence platform, is hosting an online event at 2PM on May 27th aimed at educating IT administrators, managers and leaders about IT and network alerts.

This free webinar will share best practices for setting network alerts, negating alert fatigue, optimising an alerting strategy and proactive monitoring.

The event will start at 2pm AEST. Topics will include:

- Setting alert routing and thresholds

- Avoiding alert and email overload

- Learning from missed alerts

- Managing downtime effectively

The webinar will run for approximately one hour. Recordings will be made available to anyone who registers but cannot make the live event.



Security requirements such as confidentiality, integrity and authentication have become mandatory in most industries.

Data encryption methods previously used only by military and intelligence services have become common practice in all data transfer networks across all platforms, in all industries where information is sensitive and vital (financial and government institutions, critical infrastructure, data centres, and service providers).

Get the full details on Layer-1 encryption solutions straight from PacketLight’s optical networks experts.

This white paper titled, “When 1% of the Light Equals 100% of the Information” is a must read for anyone within the fiber optics, cybersecurity or related industry sectors.

To access click Download here.


Tony Austin

Worked at IBM from 1970, for a quarter century, then founded Asia/Pacific Computer Services to provide IT consulting and software development services (closed company at end of 2013). These says am still involved with IT as an observer and commentator, as well as attempting to understand cosmology, quantum mechanics and whatever else will keep my mind active and fend off deterioration of my grey matter.



Recent Comments