IET calls on government to set example over Windows XP

The Institution of Engineering and Technology (IET) calls on the UK government to replace all copies of the obsolete Windows XP OS

On the eve of Microsoft ending support for its Windows XP operating system (OS), the Institution of Engineering and Technology (IET) has called on the UK government to set a good example.

Last week it emerged that government has signed a deal with Microsoft to provide Windows XP support and security updates for the UK public sector for 12 months after regular support ended on 8 April 2014.

The move has raised concerns that a lack of critical security updates will raise many UK organisations' vulnerability to attack, if they are still running Windows XP somewhere in their IT estate.

The IET said government should set an example by ensuring that all computers running Windows XP across the public sector are upgraded or replaced before the end of the extended support contract.

“The government has an open source software policy and this is a good opportunity to expand the use of open source operating systems in the public sector IT estate,” said Hugh Boyes, IET cyber security lead.

Windows XP data risk

Last week, the Information Commissioner's Office (ICO) warned businesses about the risks created by the end of Microsoft's support for Windows XP and Microsoft Office 2003.

Microsoft has extended security updates for the legacy operating system by 15 months – but many businesses, charities and other organisations will be on their own after that.

This means if a security flaw is discovered, Microsoft will not release an update to fix it, which is important for businesses to note, says the ICO.

A lack of security updates will put company systems and the personal data stored on them at risk, the ICO said, estimating that 30% of all PCs are still using Windows XP.

The ICO said this could become a serious problem and means many organisations should already be in the processes of migrating to a supported OS, or taking steps to mitigate the risks.

Gartner's Windows XP advice

This echoes Gartner's advice to find an alternative to Windows XP as soon as possible.

Any organisations still running XP expose themselves to risk and should have a plan to get rid of the operating system as soon as possible, said Gartner analyst Michael Silver.

Makeshift measures for reducing security risk until XP can be replaced include reducing user rights on the machines, restricting machines to running only “known good” applications, and minimising web browsing and email use, he said.

Silver also advised moving critical applications and users to server-based computing. “Where users or applications cannot be moved for regular use due to licensing cost, or capacity issues, have the applications installed for server access in case of emergency,” he said.

Read more on Hackers and cybercrime prevention