This article can also be found in the Premium Editorial Download "Computer Weekly: Spies in the VPN."
Download it now to read this article plus other related content.
April 8 2014 - the day that Microsoft no longer supports Windows XP - is upon us, and for organisations that still have a significant XP user base, it's no surprise there is rising concern over what to do next.
Gartner has estimated that many businesses will not have managed to move all of their systems over by the time support ended, and predicts that a majority of firms will still have some machines running Windows XP within their organisations.
According to research by Netmarketshare.com, 27% of all desktops worldwide still run XP.
Paul Marsh, senior director of technology infrastructure at IT consultancy Avanade, points out that a number of systems will have business applications requiring XP that their IT department may not necessarily know about, and will therefore have been unable to suggest migration.
So why will these businesses suffer when support for XP comes to an end?
Support at an end
Microsoft claims that businesses have been given enough time to move away from the 12-year-old operating system. Despite this, research by Avanade found that 77% of organisations still have some machines running XP, with 52% holding no formal plans outlining how they will move on from XP.
At a recent Dell roundtable about application security, Terry Willis, head of information security for charity Age UK, pointed out that many businesses were deterred in the past from moving forward from Windows XP because its immediate successor, Vista, did not seem stable or usable enough to introduce into business. This damaged customer confidence of operating systems other than XP, which continued to work well with many established business systems.
Although moving on from such a secure and easy-to-use system will be difficult, Microsoft has stated it will be too risky for businesses to attempt to carry on running this legacy operating system.
Read more about the end of Windows XP support
- Computer Weekly Buyer’s Guide to Windows XP support
- Windows XP support will end this year – are you prepared?
- Failure to migrate from Windows XP could torpedo your business
- Barking and Dagenham Council swaps XP desktops for Chromebooks
- Government signs £5.5m Microsoft deal to extend Windows XP support
- Microsoft urges businesses on Windows XP to migrate
- Get rid of Windows XP quick, says Gartner
- ICO issues data protection warning to users of Windows XP
The security risks
Although the end of support does not mean that XP machines will stop working, it does mean that machines running the operating system will be at a greater risk to vulnerabilities.
After today, Microsoft will continue to provide antivirus updates for legacy XP systems for up to 15 months after the end of XP’s lifetime.
In a blog post, Microsoft said: “To help organisations complete their migrations, Microsoft will continue to provide updates to our anti-malware signatures and engine for Windows XP users through July 14, 2015.”
After this extension, businesses will have to fend for themselves, and Microsoft’s Trustworthy Computing group warned that running unsupported software could present great risks for enterprises because Windows XP is likely to be the focus of a lot of malware targeted towards unsupported machines.
Tim Rains, director of TwC at Microsoft, said: “Between July 2012 and July 2013, there were 30 vulnerabilities discovered in the later operating systems that were common to XP, so the risk is high,”
Businesses with security concerns due to the ending support of XP have slowly been moving away from the system in the run up to 8 April. For example, Cumberland Building Society recently moved its ATMs to Windows 7 to avoid security issues and to allow for increasing functionality in the future, such as contactless ATMs, as well as gesture and multi-touch controls.
What enterprises can do
Gartner estimates that up to 25% of enterprise systems will be running Windows XP and a third of large organisations will have more than 10% of their systems still on XP.
In light of this, Gartner has advised moving away from XP as soon as possible to avoid the impending security risks, something that many enterprises have done.
Gartner has previously advised organisations considering moving to a more recent Windows operating system to choose Windows 7 as opposed to migrating directly to Windows 8, to allow time for Windows 8 to mature.
However, some have taken the advice to upgrade as an opportunity to move away from Windows altogether. Barking and Dagenham Borough Council in London has switched to Google Chromebooks running ChromeOS, providing access to Windows-based line-of-business applications via Citrix.
Five tips for your Windows XP upgrade
- Software and hardware auditing should be used to determine the state of the desktop in terms of software and hardware configuration.
- Reducing the number of applications, by simplifying the desktop PC environment, should be a priority.
- Don't forget Internet Explorer 6. Some internal websites and web applications may have been hard-coded to run only in IE6.
- Automated application compatibility testing enables IT departments to test which desktop applications are good to go and which are incompatible with Windows 7.
- Some application testing tools can fix many common application compatibility problems automatically, leaving just a few applications that need to be manually re-engineered.
"We want to move as quick as possible to native [browser-based] applications," said Rupert Hay-Campbell, ICT and information governance officer at Dagenham and Barking Council.
“We want to future-proof our systems based on how our employees will be working five or 10 years from now. They’ll be more mobile, working from home or from various council offices, so they’ll rely on laptops. The applications they’ll use will be web-based, so a device built around a browser makes sense."
Similarly, Age UK uses Citrix to implement a more stable and mature platform that will prevent users from accessing data unnecessary to them, and still allow Windows use through containerisation and emulation on particular devices, depending on employee role.
Hope on the horizon
For businesses that have fallen short of the deadline, there are still things that can be done to move forward.
The UK government has signed a deal with Microsoft to provide security updates and support for the XP operating system for 12 months after the support deadline.
The £5.548m agreement was made between the software giant and the new Crown Commercial Service (CCS) to provide support to all of central and local government, schools and the NHS as part of a single deal encompassing relevant parts of the public-sector.
Legacy system emulator Browsium Ion may also be able to provide XP users a lifeline, as it provides legacy Internet Explorer (IE) emulation, and supports multiple Java releases and IE8.
The software emulates older Microsoft browsers which can be used to run browser-based XP applications, as well as simultaneously run several versions of Java and support applications dependent on older versions of IE within IE10 on a Windows7 operating system.
Despite these fixes, Microsoft still urges that businesses should replace these systems wherever possible. A Microsoft spokesman said: "We have made an agreement with the Crown Commercial Service to provide eligible UK public sector organisations with the ability to download security updates to Windows XP, Office 2003 and Exchange 2003 for one year until April 8 2015. Agreements such as these do not remove the need to move off Windows XP as soon as possible.”