Windows XP: Chronicle of a death foretold
When Microsoft ends support for Windows XP today (8 April), a security sinkhole will likely open and gradually widen, threatening hundreds of millions of PCs worldwide in homes, companies, government agencies and schools.
Along with the Y2K bug, Windows XP’s support termination is one of the computer industry’s most publicised, and most ignored, deadlines, toward which many business and IT managers have taken a curiously casual attitude.
The implications could be dire for those organisations that continue to use Windows XP, a decrepit OS Microsoft launched in 2001, and whose bugs and security vulnerabilities it will no longer patch.
Microsoft has not minced words, painting doomsday scenarios of malicious hackers and cybercriminals having a field day with Windows XP PCs, unleashing a barrage of malware, carrying out ransomware attacks, and stealing sensitive personal and financial data stored in those machines.
“Once support ends and the OS is no longer patched, the PC is at risk,” said Tom Murphy, Microsoft’s director of communications for Windows.
Microsoft set the fateful date almost seven years ago, and since then has been telling consumers and commercial customers with increasing urgency to upgrade from Windows XP, warning them that missing this deadline would put their PCs in serious danger.
And yet, while estimates vary, it is widely acknowledged that Windows XP still runs a substantial percentage of desktop and laptop PCs, and of other specialty computing devices, such as bank ATMs.
NetApplications recently said that as of February, Windows XP was on almost 30% of PCs, second only to Windows 7 with about 47%, and towering above the shiny new Windows 8 and 8.1 versions, with a combined 10.6%.
Surprisingly, the problem is not exclusive to clueless home users.
“There’s a pretty sizable installed base of Windows XP in the commercial sector,” said Al Gillen, an IDC analyst.
IDC’s latest estimate is that 30% of PCs in businesses of all sizes are on Windows XP. By the end of 2014, the percentage will be down to 20%, still a very large number, according to Gillen.
And the problem isnot limited to small companies with little to no IT knowledge and resources. In businesses with more than 500 employees, Gartner estimates that between 20% and 25% of PCs are on Windows XP. One-third of these medium-size and large companies have 10% or more of their PCs running the aging OS.
“There’s a pretty large number of Windows XP machines in enterprises,” said Michael Silver, a Gartner analyst.
Some had assumed that given the massive Windows XP installed base, Microsoft would budge and extend its support another year or two, but the vendor has stood firm, saying that the OS is simply too old and vulnerable to today’s security threats, for which it was not designed.
“XP has been supported for a long time. We need customers to move off of it because of the security. XP gets less secure every year,” Murphy said.
“There’s a pretty large number of Windows XP machines in enterprises,” — Gartner
The Microsoft official also points out that, beyond the security dangers, businesses also sacrifice productivity. More and more, third-party software vendors will stop supporting the XP versions of their applications, while fewer and fewer hardware devices — PCs, printers, peripherals — will work with it. Windows XP also lacks the substantial technology improvements for end users and IT departments Microsoft has delivered with the OS editions that came after it. “XP was great in its day, but its time has passed,” Murphy said.
Options for mitigating the risk
There are a variety of reasons why Windows XP remains in businesses, including ignorance about the risk, unwillingness to spend to upgrade and the existence of important applications that haven’t been ported to newer versions of the OS.
David Johnson, a Forrester Research analyst, said he has been fielding many inquiries from companies that are struggling to move completely off of Windows XP because they need it to run custom applications built in-house for the OS or by software vendors no longer in business.
Gartner has also been hearing from many frazzled IT chiefs. “We have a lot of organisations calling us every day asking us what to do,” Silver said.
Whatever the reasons, businesses that will have PCs on Windows XP for the foreseeable future must take steps to reduce the risk of using an unpatched OS. “Organisations that haven’t done anything regarding their Windows XP PCs could be in serious trouble,” Silver said.