Microsoft© Windows XP has proven to be a highly popular operating system with over 600 million installations worldwide since its inception in 2001. But all good things must come to an end, and Microsoft will cease commercial support of this operating system (and stop providing security updates and customer support) on April 8, 2014.
Microsoft has been encouraging users of Windows XP to convert to Windows 8 or Windows 7 for more than 12 months, but with less than four months to end-of-life, many experts estimate that more that 40% of businesses still have Windows XP running somewhere in their organization. Gartner analysts estimate that between 10% and 15% of enterprise PCs will still be running XP when Microsoft pulls the plug. A recent report from Fiberlink identified that almost 50% of the laptops observed in their study are still running Windows XP.
Microsoft has even resorted to “scare” tactics using Tim Rains, director of Microsoft’s Trustworthy Computing group, to inform Windows XP users that the chance that malware will infect their PCs could jump by two thirds and to warn them of an expected increase in attacks when the aged operating system exits support after April 8, 2014.
Other Security experts agree as detailed in this Computerworld article: “XP’s retirement will be hacker heaven – Hackers will bank bugs until after Microsoft retires Windows XP in April 2014”.
According to Jason Fossen, an expert on Microsoft security said it’s simply economics at work: “The average price on the black market for a Windows XP exploit is $50,000 to $150,000, a relatively low price that reflects Microsoft’s response,” said Fossen. When a new vulnerability — dubbed a “zero-day” — is spotted in the wild, Microsoft investigates, pulls together a patch and releases it to XP users.
Because Microsoft will stop patching XP, hackers will hold zero-days they uncover between now and April, then sell them to criminals or release them themselves on unprotected PCs after the deadline.
In a recent CSO Security and Risk article, “Microsoft issues five month countdown for Windows XP support” concurs with the impending security threats and warns that short term fixes are not the answer.
Networks that include Windows XP computers used for normal office activities, such as e-mail, web browsing, word processing, etc., will become undefendable and will invite attackers inside. There are certainly steps one can take to lower the risks, such as switching to supported browser, e-mail, and office programs, and hardening Windows XP (by using Enhanced Mitigation Experience Tool, for example), but these are band-aids that can only prolong XP’s useful life by a few months.
CIO.com has an interesting perspective in this article “Windows XP Holdouts: 3 Reasons You Must Upgrade Now. Yes, Now.”
Although it may still appear to work fine, the mantra of “if it ain’t broke, don’t fix it” doesn’t really apply to Windows XP. It’s broken in many ways, and when Microsoft officially stops supporting it next April, it really will be broken. The reality is that Windows XP is going to be a security nightmare when support ends, and continuing to use it will be impractical–if not impossible.
Because XP was such a popular operating system for so long, many businesses find themselves in a situation where it’s extremely difficult to remove XP without breaking business systems now in place. This CSO Security and Risk article provides some very sound advice: “Start isolating critical XP systems now, experts warn”.
Wherever possible, XP and the apps that can’t live without it should be on a virtual machine that essentially isolates the software in its own sandbox. Vendors that provide such technology include VMware and Citrix Systems. The VM platforms can be configured to restrict access to the underlying systems’ hard drive and to certain files to prevent infections from spreading.
So what does this mean for me? “My EarthLink Business laptop is running Windows 7, so no worries at my office, but my home desktop and laptop are still running XP, and I do all my portfolio management and banking online. With 3 children approaching college bound age, I’d prefer that my money disappears in the hands of select institutions of higher learning than with anonymous hackers. I will bite the bullet and upgrade to Windows 7 or 8.”
If your business can’t run without XP, let EarthLink help you isolate those applications with a Cloud Hosting or Private Cloud Hosting solution on our Next Generation Cloud platform powered by VMware.
The clock is ticking — there isn’t much time remaining. Come April 2014, Exchange 2003 will no longer be supported by Microsoft®.
EarthLink Business can help you make the right choice for your business!
Still running the Windows XP Operating System? We can help you today
Still running your email on Exchange 2003? We can help you migrate now