Windows XP support shutdown: The race against time for the enterprise

On April 8 2014 – exactly 210 days’ time – Microsoft will be putting Windows XP on its ‘end of life’ cycle.

This is not news in itself, yet with pressure ramping up against the near third of users still on the near 13-year-old desktop OS, the clock is ticking for enterprises unwilling to change.

Microsoft has put its cards on the table in this respect. A blog post last month from director Tim Rains warned against the very real dangers of carrying on with XP after support has ceased.

“The very first month that Microsoft releases security updates for supported versions of Windows, attackers will reverse engineer those updates, find the vulnerabilities and test Windows XP to see if it shares those vulnerabilities,” Rains explained, adding: “If it does, attackers will attempt to develop exploit code that can take advantage of those vulnerabilities on Windows XP.”

Aside from the fact that Rains is telling hackers how to do their job, he makes a very interesting point: in the year ending July 2013, Windows XP made an appearance in 45 Microsoft security bulletins, with two thirds also relating to Windows 7 and 8.

He concluded: “Organisations need a level of certainty about the integrity of their systems. Minimising the number of systems running unsupported operating systems is helpful in achieving that.”

To put this in perspective, a recent survey from anti-virus software provider Avast showed the mountain many US schools would face in migrating from Windows XP. Over 96% of schools will be in the throes of a “major technology crisis” once support for XP is cut off.

Adding some meat on that bone, the researchers equate that to $200 per computer, as well as swapping other legacy hardware and software.

This all ties in with Avast’s ‘Free for Education’ program, with the security provider giving free anti-virus software to all US schools.

Yet as Rains notes: “There is anti-virus software that can help block attacks and clean up infections if they occur... [but] the challenge here is that you’ll never know, with any confidence, if the trusted computing base of the system can actually be trusted.”

Of course, the prevailing wind suggests that BYOD is becoming an ever bigger proposition in education. We’ve reached the stage where teachers should be handing out smartphones, not confiscating them.

Yet this is just an example. The enterprise organisation budget dwarfs that of your average school. Regardless, this is more of an image issue for Microsoft than a money issue for the big companies.

As Browsium noted last month, Windows XP usage went up in July from 37.17% to 37.19%, although current figures from NetMarketShare put XP’s share at 33.66%. Windows 7 currently rests at 45.63%, whilst Windows 8 sits at 7.41%.

Given the original Windows 8 launch was hardly a huge success, it may be a logical step to think that many companies are waiting for a stable 8.1, due for general release on October 18 but available to coders now after a Microsoft U-turn, before moving over.

The Windows 8 launch didn’t go down too well with analysts. Back in May Forrester Research published a report entitled ‘IT Will Skip Windows 8 as the Enterprise Standard’, which tells you all you need to know.

It’s of course too early to look at the death of the PC as another iron in the fire. IDC figures from back in May showed that by 2017 there will be 123.9m PC shipments worldwide – still a fairly hefty number.

Some aren’t quite as kind to the ageing OS. Nikhil Rastogi, writing for Tech Tree, said that albeit “with all due respect”, XP should “roll over and die”.

Yet it’s safe to say that, if businesses continue to have XP beyond April 2014, they’ll be in for a world of pain and IT costs. What's your view? Is your company still struggling on XP?

Related Stories

Leave a comment

Alternatively

This will only be used to quickly provide signup information and will not allow us to post to your account or appear on your timeline.

BernardMelson
11 Sep 2013, 10:29 a.m.

James makes some interesting comments and possibilities for getting round the problem.

It is a simple fact that, however, that many organisations have failed to wake-up to the idea that Microsoft will stop supporting XP and Office 2003 from April, 2014. The only surprise with this is that it has taken so long, which is, perhaps, testament to the quality and usability of these products that has not, in the opinion of some, been as evident in subsequent offerings.

It is generally accepted that operating systems and productivity packages are at their most vulnerable to external attack at two stages in their life: 1. On release, when the hackers will have a real go at finding and exploiting the loopholes that can cause real damage before the vendor rushes to plug them and, 2. When support ceases and the hackers have time to find and exploit new loopholes, safe in the knowledge that no one will be closing the doors behind them.

The real surprise, therefore, is that as many as 1 in 5 organisations running XP and Office 2003 are, by all accounts, planning to stay with them after the April cut-off date for support date.

Upgrading operating systems and productivity tools is generally a time consuming exercise for which there is little tangible benefit. But the real issue is what will it cost not to upgrade from XP and Office 2003?

Indeed, for those who have the responsibility for making such a decision or who simply skirt the issue on the basis it will go away the question is: Just how risk are you prepared to load onto yourself in the knowledge of the real damage could be done to your firm’s systems, its standing in the marketplace and the possible financial loss that might result if things do go pear-shaped?

This is a problem that won't go away and needs to be dealt with, however much we try to ignore it. The programme to upgrade XP and Office 2003 isn't simply a matter of sticking a CD in a drive and hoping for the best, but is one that needs careful planning to address:

- Discovery - what have got and where is it?
- Rationalisation and planning - what do we need and how should we put it together?
- Migration, rollout and, should it be needed, recovery.

For those who are thinking about the upgrade at this late stage in the day, it may be worth considering:

- Are multiple languages to support?
- The templates the business relies upon;
- How many users and groups are affected?
- How much customisation has taken place?
- How much training and support will be required?
- The target platform and deployment model?
- Connectivity and driver issues and how to manage them?
- The implementation approach?

This is a bigger programme than initially meets the eye, and without a firm plan then your firm is planning to fail.

Bernard Melson
Managing Director
Testing Solutions Group
www.testing-solutions.com

Reply