Despite the imminent arrival of Windows 10, thousands of businesses and organizations around the world continue to cling to Windows XP. In the business world, this position is increasingly dangerous to a company’s bottom line for a variety of reasons, but for the world’s most (arguably) powerful navy, it could be downright dangerous. The US Navy is actually paying Microsoft nearly $10M to continue to support and patch the expired OS, which was officially “put out to pasture” over a year ago. With over 100K Windows XP computers powering critical systems, the Navy still has a tremendous undertaking to phase the (un)dead OS out of daily operations.
What this means for you:
In a broader sense, it’s disheartening (and a little frightening) to think that our shores are being defended by warships powered by a 14-year old operating system, but the government, like our aircraft carriers, have never been capable of quick maneuvering, so this should come as little surprise to anyone. The fact that many businesses still heavily rely on XP despite repeated warnings from just about everyone in the industry is indicative of a larger problem, which is partly the industry’s fault, as well as a certain willful blindness we all share.
From an IT perspective, we’ve historically done a poor job preparing everyone for the security issues we now face, perhaps relying too heavily on tools and fixes, instead of emphasizing education and reforming business thinking. From an individual (and probably first-world) perspective, we’ve allowed ourselves to become increasingly reliant on technology to accomplish even the most basic tasks, and have built complex technological systems that support our daily lives that most of us can barely comprehend, let alone troubleshoot. A simple password hack can turn into a life-altering identity theft only because most of us fail to truly understand how everything is intertwined, and our personal veils of security are only as strong as the weakest password in your entire collection. The same can be said of your technology infrastructure: you are only as strong as the lowliest of forgotten XP machines on your network, and that isn’t very strong at all, regardless of how much you pay Microsoft.
In case you haven’t heard, about a third of the world’s computers are about lose official support from Microsoft on April 8. Any computer running Windows XP will no longer receive updates or fixes to any vulnerabilities discovered after the cutoff date. Microsoft will continue to provide limited support to its XP-compatible security products, like Security Essentials (their free anti-malware product), but that is set to end sometime in 2015. Most antivirus manufacturers have stated that they will continue to support XP-compatible versions of their apps into 2016, but without core patches to the XP operating system, their efforts will be merely fingers in a deteriorating dike.
What this means for you:
Though you may not know it, your company or the vendors that service you may be heavily reliant on XP. Case in point – one of my clients relies on XP workstations to monitor environmental-control equipment (think air-conditioning and heating) and building automation systems, and some of the computers running these applications haven’t been updated for years, and in some extreme cases, the hardware may be close to a decade old. Hardware failure aside, the lack of support for XP going forward will mean those computers will need to be replaced ASAP, and may be a cost you hadn’t considered in your 2014 or 2015 budget.
Windows XP powered computers are likely to show up in places where they are used regularly, but maybe not by a single individual and are thus overlooked during the part of the regular upgrade process: kiosks (lobby directories, ATMs, silent radios), point-of-sale systems, document scanning stations, etc. Make sure you comb through your organization’s infrastructure for these computers, as they will become vulnerability points for your entire operation and could lead to serious security breaches. Unfortunately, rectifying these obsoleted workstations won’t be cheap nor easy, especially if they power critical systems, but in some cases it may be possible to port XP-only applications to Windows 7 and run them in compatibility mode. Make sure you work closely with vendors who supply this older software to determine what, if any, plans they have to bring their platform to Windows 7, and if they have no plans, it may be time to consider a new vendor or service.
If you thought you were the only one still using Windows XP, you are still in good company despite Microsoft’s widely publicized plan to end official support for the operating system in April of this year. NetMarketShare.com’s January 2014 report on installed desktop operating systems shows that an estimated 30% of the world’s computers are still using Windows XP, an operating system that is now approaching 13 years of age. NetMarketShare bases its statistics from metadata gathered by 40K websites around the world, so its also likely that this percentage may actually be slightly higher, as many XP machines are likely being used in legacy systems that do not require internet access to function.
In case you were wondering what that 30% equates to in actual numbers, there is an estimated 1.5 billion computers in use today. Based upon that number, it’s possible that several hundred million computers may continue to run an OS that will no longer get security updates from Microsoft, a number that has security analysts everywhere hyperventilating. Even though most anti-malware vendors will continue to provide support for XP, it will become increasingly difficult for them to remain effective on an OS for which Microsoft itself is abandoning.
What this means for you:
If you were thinking, “Well, this doesn’t impact me, I’m on Windows 7/8,” think again. Many cyberattacks are driven by zombified PC’s that have been gathered together into “Botnets” that can focus an incredible amount of processing power on anything they are rented to do, including sending out millions of phishing emails, spam and other nefarious activities. In the current state of desktop security, it’s commonly held wisdom that being targeted by a cyberattack is not a question of “if”, but of “when”. Cybercriminals rely on compromised resources to much of their dirty work, and their arsenal could become radically reinforced by the millions of computers still running XP, especially now that it will no longer be patched by Microsoft after April. If you are still operating PC’s with Windows XP, you should seriously consider upgrading those systems to a more modern OS if possible, and if an upgrade isn’t possible, replace them ASAP, as they will become an increasing liability for your organization.