Windows XP support will end this year – are you prepared?

April 2014 marks the point when Microsoft will finally end technical support for Windows XP. What should you do if you can't migrate by then?

April 2014 marks the point when Microsoft will finally end technical support for Windows XP.

However, depending on the figures you use, between 18% and 25% of all desktops are still using Windows XP. So why are organisations still wedded to XP, and what can they do after April this year?

The first question can best be answered in four ways.

  • Familiarity – An organisation may have built up a lot of its own skills in Windows XP and a change to Windows 7 may be seen to involve too much effort in retraining users and technical staff.
  • Existing applications – When Microsoft launched Windows Vista, around one in five applications that were running on Windows XP would not run on Windows Vista. This perception of incompatibility has continued through to Windows 7 and Windows 8, putting a hurdle in the path of those considering their next moves.
  • Cost – Windows Vista was a resource hog, and it was estimated that around one in three desktop machines would need replacing to have the basic power to run Vista. Alongside this, the costs of such a major replacement project and the impact on the business had to be reviewed in light of the recession – and many organisations decided to stay as they were.
  • Outsourced support – Probably the biggest area holding back migrations. If your Windows support has been outsourced, the support company can stretch out the usefulness (and earning capability) of employees, cascading XP-skilled staff down to those organisations that have not been pushing for a migration.

Which version of Windows is right for you?

Employees are far more likely to have moved on from XP at home by now, and will be more used to the modern interface of at least Vista, and more likely Windows 7 or perhaps Windows 8. Technical staff should have been ensuring that their skills have been updated, and should by now be up to speed with at least the basics of later versions of Windows.

Windows Vista was delivered to market at the beginning of 2007, nearly seven years ago. Assuming any applications that do not run directly under later versions of Windows had already been in place for some time, many of these will be well over 10 years old. In most cases, there is likely to be a more modern, more functional equivalent available. Even when this is not the case and the application is critical to the business and cannot be replaced, there are solutions that enable the running of a virtual image of XP within Windows 7 or 8, or using services from Citrix (through its acquisition of AppDNA) or Dell (through its acquisition of Quest/ChangeBase) that can enable most applications to run natively under Windows 7 or 8.

However, the cost of the project and the disruption to the business is something that has to be considered. Windows 7 and 8 are far less resource hungry than Vista was, and will run on most machines that run XP. Since the introduction of Vista seven years ago, it is becoming more unlikely that any large part of an organisation’s desktop estate will now be the original XP machines anyway – any PC under five years old will have been manufactured to support Vista.

On outsourcing, it is time to regain control of your business strategy. Windows XP is an old platform, based on work that was kicked off by Microsoft in the 1990s. It has a poor security architecture when compared to Windows 7 and 8, and it only supports Internet Explorer versions up to IE8. In fact, many organisations (particularly in the public sector) have not migrated from IE6 – figures from sites that attract large numbers of hits from a broad range of users show that 5% of desktops worldwide are still on IE6, or approximately one in four of all XP desktops. With IE10 now launched with Windows 8, users will increasingly find that websites are rendered incorrectly in old versions of the browser and that more modern functions are unavailable. Yes, other browsers could be implemented, such as Chrome or Firefox, but if you are going to go to the trouble of updating every desktop with a new browser, why not go the whole hog and update the operating system (OS) at the same time? Malware will increasingly be aimed at such a frail, unsupported environment, creating a higher business risk along with increased costs in attempting to manage security around IE8.

Available options

With the second question of what to do after support has been removed, there are a few options. Wherever possible, you should migrate to Windows 7. Windows 8 is still immature, and the changes to the desktop interface are not easy for all users to adapt to. If possible, take the opportunity to review whether a full desktop model is the right one for the organisation, or whether a server-based approach of either full or hybrid virtual desktop infrastructure (VDI) makes more sense. By centralising desktops and data, organisations will regain more control over information assets and can apply centralised security such as data leak prevention (DLP), and will be in a better position to support mobility and bring your own device (BYOD) by enabling access to data and applications from any device. Having data held centrally also helps with analytics, as well as availability through backup and mirroring. The existing PCs can still be used as access devices – and can be either locked down as Windows devices of any flavour, or even moved over to Linux if licencing costs are seen as an issue.

If this is too expensive, there are companies that can help lower the cost of migration and provide ongoing cost savings around licencing and maintenance, which can create a rapid return on investment. RES Software and Centrix Software can help ensure costs are minimised by running an upfront inventory of applications that are installed on devices – and their use. Organisations can then identify which applications are surplus to requirements, which can be re-used elsewhere, as well as identifying where they have large numbers of applications being run under different contracts. By aggregating these contracts, it may be possible to lower the overall cost per user by a significant amount.

Still not convinced?

For those who still don’t see the need to migrate, what will the impact be of Microsoft removing support? If you have outsourced to an external support company for the running of your desktops, then the impact will be minimal, as the outsourcing company will continue to provide support anyway. Even if you are supporting your desktops internally, you have to ask when the last time was that you had to contact Microsoft over a problem that was down to XP and nothing else. After over 12 years of being in the market, XP is known inside out by a large number of technical people out there. It is unlikely that any new issues with the underlying code will be found where a call to Microsoft will be required.

As a “just in case”, you could negotiate a custom support agreement with Microsoft. However, this is likely to cost more than migrating to a more modern OS, and seems a strange move to make. Microsoft will not be proactive in its support – you will have to identify any new vulnerabilities yourself and then go to Microsoft to ask for help. That help may not always be quick in solving the problem, and it will be down to you to retro-test any changes or patches to ensure they do not break your existing environment.

Techies understand XP well, but then those writing malicious code understand it well too. With an ageing security architecture and a lack of full support, Windows XP will be a major platform for hackers to attack. For security suppliers, this could be an opportunity for the provision of bolt-on security to try to stop the attacks. For organisations, it should be the wake-up call to move to a more modern operating system that will be less open to such attacks.

Clive Longbottom is an analyst at Quocirca.

Read more on Microsoft Windows software