Software // Operating Systems
09:06 AM
Meta Data, Big Data & the Coming Tectonic Shift in Security
Jun 02, 2016
Register and attend this webinar to understand where the world of cyber security is going, the rol ...Read More>>

Windows XP Won't Go Quietly

With Microsoft's end-of-life deadline for Windows XP just three months away, three out of four IT pros still must support the OS.

7 Mistakes Microsoft Made In 2013
7 Mistakes Microsoft Made In 2013
(click image for larger view and slideshow)

Step right up, place your bets. How many computers will still be running Windows XP come April 8?

That's the fast-approaching day that Microsoft will stop supporting XP, its most popular operating system ever until Windows 7 came along. And that means no more updates, no more bug fixes, and -- perhaps most important of all -- no more security patches.

The new year kicked off the final countdown, but not everyone is in a huge rush to leave the aged OS behind. XP usage dropped from roughly 39.5% of PCs at the start of 2013 to just under 29% at year's end, according to Net Applications data. That's a steady decline, but hardly spells the actual end of XP. Even a much faster rate of falloff -- say, three percentage points per month between now and April -- would mean roughly one in five PCs worldwide will still be running XP after Microsoft shuts off support.

These aren't just laggard consumer desktops collecting dust in living rooms and home offices, either. Some 76% of IT professionals reported in a recent survey they still support at least some XP machines in their corporate environments. And while plenty of them are scrambling to upgrade to Windows 7 or higher, 36% reported that they plan to leave at least some of their existing XP systems in place after the April support cutoff. The poll conducted by Spiceworks included 1,300 IT pros, most of them working in the US.

[If a key to success is learning from your mistakes, Microsoft should be well positioned for 2014. See Microsoft In 2013: 7 Lessons Learned.]

So, what gives? Moreover, what's in store for XP diehards come April 8?

"If businesses have not yet migrated [from] Windows XP, it is not because they do not want to but because they have many internal barriers," Techaisle CEO Anurag Agrawal said in an email interview. Agrawal's examples of those barriers echo many of the reasons some businesses are essentially ignoring Microsoft's support cutoff: budget, hardware, and application compatibility; strapped IT resources; user availability and training; and so on.

Most folks paying attention agree there are potential risks in running an unsupported OS: Security, compliance, performance, driver support, and others. Yet ask enough those folks -- IT pros, security experts, analysts, business owners, and so on -- what they think will happen to XP users after April 8 and you'll get responses ranging from "scorched earth" to "no big deal." Then again, no one really knows exactly how it will play out.

We're about to find out, though, because XP's not going to disappear in the next three months. Brian Burch, VP of global consumer and small business marketing at Symantec, noted that current XP usage "means many people have yet to transition" even with the end-of-support date so close at hand. Burch said consumers, in particular, should upgrade as soon as possible. But he added that such upgrades can be less straightforward for businesses.

"Occasionally, there are circumstances that make it very difficult to upgrade systems," Burch said in an email to InformationWeek. "For example, Windows XP is often used for industrial control systems that have long lifecycles and low downtime or critical applications that need redeveloping."

For organizations planning to keep XP in use post-April 8, Burch advised taking steps to minimize the downside. For instance: "If you have a system that can't be upgraded, look at lockdown technology to only allow the functions that are needed by the system and prevent others," Burch said. "This can protect the system and reduce the need for patching."

System is a good word choice. While OS usage stats like those above typically focus on PCs, XP in fact powers much more than desktops and laptops. Thousands of ATMs are powered by XP, for example -- as many as 75% of ATMs in the US alone, according to one industry estimate last July.

Indeed, XP is "a platform used in all manner of embedded devices," Chester Wisniewski, senior security advisor at Sophos, said in an email to InformationWeek. He expects the end of XP support to be just one milestone in a much larger security trend driven by the Internet of Things and other factors. "We are all putting in place far more technology to support every aspect of our everyday lives," Wisniewski said.

As a result, OS fragmentation, support cutoffs, and related issues aren't simply a matter of PCs or even mobile devices. If you think XP desktop users are behind the times, consider some less visible technologies. "It has been said that the embedded devices in the [power and utilities] industry are 15 years behind the mainstream desktop environment, but now many of these embedded devices with similar security challenges are making their way into every aspect of our personal and professional lives," Wisniewski said. In other words, XP's so-called "end of life" may be just a beginning.

"Many have talked about the Internet of Things but have yet to consider the huge variation in operating systems, platforms, and subsequent security issues," Wisniewski added. "We will see far more of this over the next couple of years."

So, what will happen to XP machines -- not to mention the corporate networks they connect to -- on April 8? Security apocalypse? Business as usual? Somewhere in between?

Step right up, place your bets.

Kevin Casey is a writer based in North Carolina who writes about technology for small and midsized businesses.

Too many companies treat digital and mobile strategies as pet projects. Here are four ideas to shake up your company. Also in the Digital Disruption issue of InformationWeek: Six enduring truths about selecting enterprise software. (Free registration required.)

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
<<   <   Page 3 / 3
User Rank: Ninja
1/7/2014 | 2:10:32 PM
Re: windows xp
This is exactly the part that worries me!
User Rank: Ninja
1/7/2014 | 2:05:02 PM
Re: Not broke then don't fix it
@gfouts15,, Apparently you must work where money is overly abundant to the IT department.  How does one get your job?
User Rank: Apprentice
1/7/2014 | 1:58:20 PM
One Windows Application
I continue to run Windows XP in a virtual machine to support one application.  I don't see any pressing need to upgrade to a newer version of the Windows operating system.  Upgrading Windows isn't a cost effective option.
User Rank: Guru
1/7/2014 | 1:57:47 PM
Re: Not broke then don't fix it
If your job is to manage IT infrastructure and you failed to plan for this or any other technology changes, either you are incompetent, without vision, without power or a combination of these.  This isn't something that just came up.  This is the CIO/CTO's job to manage technology and the transition of such!  All this is really doing is exposing many CIO/CTO's poor decisions and lack of planning.  Seriously, if all you ever had to do was install software once and be done, anyone could do it.  Apparently too many in IT positions of power don't know what they are supposed to be doing there.
User Rank: Ninja
1/7/2014 | 1:37:17 PM
Not broke then don't fix it

XP does a lot of things very well.  The old adage "if its not broken don't fix it" comes to mind particularly in business.  If you have a hotel chain with say 1000+ XP machines available for customers to use the cost to replace them is significant with what advantage?  A Win7 machine won't do anything better that the XP machine did for customers, mostly browse the web and check email.  While a Win8 machine will just give the hotel's support personnel migraines.  Microsoft has already forced this hotel chain to install an alternate browser (Chrome or FireFox) since Microsoft only allows I.E. 8 on XP.  The chain will probable look at Chromebooks as the XP replacement.

User Rank: Strategist
1/7/2014 | 1:28:04 PM
Another scare, similar to the last
This reminds me of all the work around making sure Y2K wasn't going to bite. Most won't see any big difference when the support lapses. Actually, I might finally get my pc to quit trying to install the same 2 updates unsuccessfully for the past few months.

From my experience most malicious software gets installed because someone clicked something they shouldn't have, and that won't change no matter what version you're running.
User Rank: Apprentice
1/7/2014 | 12:12:20 PM
Re: XP Wont Die Easily
Lots of businesses still used punchcards, even into the new century. Inertia is a powerful thing. But even as a consumer, I'd run XP before I ever considered Win8, even if Microsoft gave me the OS *and* the PC it ran on for free. It really is a nightmare to use.
User Rank: Author
1/7/2014 | 11:41:10 AM
windows xp
Next time you are running errands, count how many times you see XP in a retail or hospitality setting -- store counter, hotel desk, etc. The results will surprise you. Companies have XP deployed in many customer-facing settings, still.
User Rank: Ninja
1/7/2014 | 10:29:15 AM
Re: XP Wont Die Easily
As gmtrmt pointed out, I think the redundant hardware is often the problem. Moving to Windows 7 or 8 is a reasonable upgrade even for office machines and there may even need to be a change from 32 bit to 64 bit processors, which could mean an upgrade for even somewhat recent machines if they were on the lower end of the performance scale when they were purchased. 
User Rank: Apprentice
1/7/2014 | 9:59:26 AM
XP Wont Die Easily
From experience the problem is not apathy. Instead many businesses have encumbant systems that rely on specific technology being in place. It is these systems not the basic desktop machine, that are most at risk and that require more than simply popping in a windows 8 CDROM, whats more as these systems can be around 10 years old, their specifications need upgrading too which means more expense and frustration as old systems get upgraded to new. My advice is take any old XP machines off the network or protect them from being web enabled, take out the CDROM, disk and USB ports to minimise the ability for people to access and embed viruses and other exploits.
<<   <   Page 3 / 3
Register for InformationWeek Newsletters
White Papers
Current Issue
Top IT Trends to Watch in Financial Services
IT pros at banks, investment houses, insurance companies, and other financial services organizations are focused on a range of issues, from peer-to-peer lending to cybersecurity to performance, agility, and compliance. It all matters.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of June 19, 2016. We'll be talking with the editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.