For those of you on one of the 25 percent of workplace computers still running Windows XP, understand you're working on a system that's increasingly vulnerable to attack. This shouldn't be a surprise, however -- Microsoft has been clear about ending support for this operating system (OS) for a long, long time.
There are so many issues surrounding this morning's announcement that it's almost impossible to count them. But Gartner has put together a list of 10 suggestions to mitigate the risks of continued use.
Vista, Microsoft's follow up to XP , never really set the world on fire. Many Windows users were content with XP, and held onto it in the hope something better would come along. Unfortunately, Windows 7 didn't really have anything to recommend it. By the time Windows 8 came around, many users had begun turning to smart phones and tablets for their computing needs.
With that brief overview behind us, we can now move to Microsoft's long standing warning that as of April 8 -- today -- it will no longer be supporting Windows XP.
There are some, no doubt, that will point to today's Windows 8.1 upgrade as evidence that Microsoft is looking to push Windows 8 on its users. If Microsoft really cared about its customers, it would extend support of XP just a bit longer.
That, however, is not an argument that can really be sustained. Microsoft stopped selling the boxed edition of XP in 2008 and has been warning people for a very long time that support was coming to an end.
Even still, some users even suggested that the newly appointed CEO, Satya Nadella might offer users a "Happy Appointment" present by extending the life of XP. But why bother? It had to go. The world of computing has changed a lot since 2001, and XP is no longer a good option.
XP Security Issues
The end of support does not mean the end of life, though. And if you are still using it today, you probably won’t notice much difference. The last security update was issued this morning, but from here on in, you’re on your own.
As early as last August Tim Rains of Microsoft pointed out that sticking it out with XP could have potentially disastrous results.
He said new vulnerabilities discovered in Windows XP after its “end of life” would not be addressed by future security updates from Microsoft. What this means is that hackers, who reverse engineer security updates for supported Windows systems, will try the same reverse engineering on XP with a reasonable chance of success.
In other words, if a flaw is found for Windows 7 or 8, there's a good chance a similar issue exists for XP as well. So when the fixes come out for Windows 7 or 8, hackers can go back to XP and look for an opening.
There are also performance issues. If you buy a new printer or scanner, it might not work on XP. Same goes for new software, which may require faster processors and more memory than was standard when XP was first released.
Paying For XP
The number of people that this will effect is potentially huge. According to a netmarketshare report from last month, 91 percent of the market uses Windows. Of that 91 percent, 27 percent is currently using XP.
Online news site Dutch News, for example, recently reported that the Dutch government has paid Microsoft millions of dollars to extend support for XP until next year. Between 34,000 and 40,000 Dutch national government civil servants continue to use the system.
Similarly, the UK government has paid nearly $9.5 million to do the same as thousands of public service workers are also still using XP.
Further, The Australian government warned its different departments that support for XP would be terminated in April 2014 but clearly believed that, even with an announcement, there would be problems. In response to this it pointed out that “Agencies unable to upgrade by 8 April 2014 may have the option of entering into a custom support contract with Microsoft,” but that the cost of this support would continue to rise.
There are a number of other businesses that will receive support beyond today. In a blog post last February, Microsoft listed five different sets of XP based embed products that will continue to receive support, including the software used in ATMs.
10 Things You Can Do
For those that are still using it, though, there are a number of things that can be done to mitigate potential risk. According to Neil MacDonald of Gartner, the issue now is not whether XP poses a risk, but whether that risk can be managed. In a blog post today he pointed out:
Any system, supported or not, carries risk. For the majority of use cases, XP can continue to be used with the risk managed to a tolerable level, without requiring the enterprise to pay Microsoft for expensive custom support while migrations are completed. While doing nothing is an option, we do not believe that most organizations (or their auditors) will find this level of risk acceptable. “
Where it is impossible to change systems immediately, he recommends 10 steps that enterprises can take:
1. Restrict Network Connectivity: The less your system interacts with other systems the less likely it is that there will be problems.
2. Application Control and Memory Protection: Lockdown XP to prevent arbitrary code use through a host based intrusion prevention system (IPS) or Microsoft's software restriction policies.
3. Administrative Rights: Restrict administrative rights for remaining users.
4. Identify common attack pathways: Block XP users from Web browsing and email use.
5. Update software stack: Other vendors running and using XP systems may continue support, which should lessen vulnerability.
6. Host-based IPS: Verify if IPS vendors will continue to research vulnerabilities and attacks on XP and implement filters and rules to block these attacks where possible.
7. Monitor Microsoft: Pay attention to vulnerabilities around other Windows systems as these may impact on XP, particularly vulnerabilities in Windows 2003.
8. Monitor Community Chat: Third-party communities focused on XP chat are likely to emerge to discuss ongoing and possible threats.
9. Predefined Processes: If a breach does occur have plans in place to limit and quarantine affected systems.
10. Cost/Benefit Analysis: Calculate whether it would be cheaper to upgrade your operating system.
Support for XP -- as well as Office 2003 and SharePoint server 2003 -- has come to an end, and a lot of enterprises have been caught napping. And while many enterprises and users will chastise Microsoft for ending support, in the end there is really no one to blame but themselves.
This has been in the cards for a long time and, in fairness to Microsoft, it hasn't exactly kept the decision a secret. It's well beyond time to put Windows XP to bed.