With Microsoft's end-of-life deadline for Windows XP just three months away, three out of four IT pros still must support the OS.
7 Mistakes Microsoft Made In 2013
(click image for larger view and slideshow)
Step right up, place your bets. How many computers will still be running Windows XP come April 8?
That's the fast-approaching day that Microsoft will stop supporting XP, its most popular operating system ever until Windows 7 came along. And that means no more updates, no more bug fixes, and -- perhaps most important of all -- no more security patches.
The new year kicked off the final countdown, but not everyone is in a huge rush to leave the aged OS behind. XP usage dropped from roughly 39.5% of PCs at the start of 2013 to just under 29% at year's end, according to Net Applications data. That's a steady decline, but hardly spells the actual end of XP. Even a much faster rate of falloff -- say, three percentage points per month between now and April -- would mean roughly one in five PCs worldwide will still be running XP after Microsoft shuts off support.
These aren't just laggard consumer desktops collecting dust in living rooms and home offices, either. Some 76% of IT professionals reported in a recent survey they still support at least some XP machines in their corporate environments. And while plenty of them are scrambling to upgrade to Windows 7 or higher, 36% reported that they plan to leave at least some of their existing XP systems in place after the April support cutoff. The poll conducted by Spiceworks included 1,300 IT pros, most of them working in the US.
So, what gives? Moreover, what's in store for XP diehards come April 8?
"If businesses have not yet migrated [from] Windows XP, it is not because they do not want to but because they have many internal barriers," Techaisle CEO Anurag Agrawal said in an email interview. Agrawal's examples of those barriers echo many of the reasons some businesses are essentially ignoring Microsoft's support cutoff: budget, hardware, and application compatibility; strapped IT resources; user availability and training; and so on.
Most folks paying attention agree there are potential risks in running an unsupported OS: Security, compliance, performance, driver support, and others. Yet ask enough those folks -- IT pros, security experts, analysts, business owners, and so on -- what they think will happen to XP users after April 8 and you'll get responses ranging from "scorched earth" to "no big deal." Then again, no one really knows exactly how it will play out.
We're about to find out, though, because XP's not going to disappear in the next three months. Brian Burch, VP of global consumer and small business marketing at Symantec, noted that current XP usage "means many people have yet to transition" even with the end-of-support date so close at hand. Burch said consumers, in particular, should upgrade as soon as possible. But he added that such upgrades can be less straightforward for businesses.
"Occasionally, there are circumstances that make it very difficult to upgrade systems," Burch said in an email to InformationWeek. "For example, Windows XP is often used for industrial control systems that have long lifecycles and low downtime or critical applications that need redeveloping."
For organizations planning to keep XP in use post-April 8, Burch advised taking steps to minimize the downside. For instance: "If you have a system that can't be upgraded, look at lockdown technology to only allow the functions that are needed by the system and prevent others," Burch said. "This can protect the system and reduce the need for patching."
System is a good word choice. While OS usage stats like those above typically focus on PCs, XP in fact powers much more than desktops and laptops. Thousands of ATMs are powered by XP, for example -- as many as 75% of ATMs in the US alone, according to one industry estimate last July.
Indeed, XP is "a platform used in all manner of embedded devices," Chester Wisniewski, senior security advisor at Sophos, said in an email to InformationWeek. He expects the end of XP support to be just one milestone in a much larger security trend driven by the Internet of Things and other factors. "We are all putting in place far more technology to support every aspect of our everyday lives," Wisniewski said.
As a result, OS fragmentation, support cutoffs, and related issues aren't simply a matter of PCs or even mobile devices. If you think XP desktop users are behind the times, consider some less visible technologies. "It has been said that the embedded devices in the [power and utilities] industry are 15 years behind the mainstream desktop environment, but now many of these embedded devices with similar security challenges are making their way into every aspect of our personal and professional lives," Wisniewski said. In other words, XP's so-called "end of life" may be just a beginning.
"Many have talked about the Internet of Things but have yet to consider the huge variation in operating systems, platforms, and subsequent security issues," Wisniewski added. "We will see far more of this over the next couple of years."
So, what will happen to XP machines -- not to mention the corporate networks they connect to -- on April 8? Security apocalypse? Business as usual? Somewhere in between?
Step right up, place your bets.
Kevin Casey is a writer based in North Carolina who writes about technology for small and midsized businesses.
Too many companies treat digital and mobile strategies as pet projects. Here are four ideas to shake up your company. Also in the Digital Disruption issue of InformationWeek: Six enduring truths about selecting enterprise software. (Free registration required.)