End of XP Support Action Plan

As we’ve mentioned previously, XP support ends April 8, 2014.  At the risk of sounding like we’re repeating ourselves, it’s crucial that we communicate the importance of paying attention to this milestone – or should we say more accurately, tombstone.

It is reported that of all the operational computers in the world, between a quarter and a third are still running XP.

XP was undoubtedly one of Microsoft’s most widely adopted operating systems (OS) and while there is no shortage of articles and blog posts on the imminent end of XP support, it seems that the threat to an extent has been dismissed or downplayed by some corporate decision makers.

Does this end date mean XP will stop working?

The end of support date won’t include the distribution of a Mission Impossible style self-destruct message to the late operating system’s users.  XP will continue to function after the 8 April.  What it does mean is that any vulnerabilities in the operating system that are discovered will no longer be patched.

“Having XP clients actively browsing the internet on outdated browsers is a recipe for disaster.” states Sophos’ James Lyne in a recent ZDNet article.

It is not unreasonable to assume that hackers will have exploits waiting in the wings. “From 8 April or 9 April you could see a number of attacks that people have been holding back.” says Gartner Research vice-president and research director Michael Silver.

We want to avoid sounding alarmist, however there are some very good reasons to address the issue of XP machines in your corporate environment:

  • Antivirus is not the answer.  The end of XP support will create opportunities for exploitation to occur in a way that allows threats to crawl under the covers before AV gets a chance to scan them.
  • Running operating systems that are no longer supported in your environment may have implications on compliance to quality systems or other industry regulations.
  • Windows XP in reality suffers very poor performance and costs a lot more to maintain, compared to newer operating systems.  Addressing this issue can have a positive upshot on your staffs’ productivity, by as much as 7.8 additional hours per year per worker, as well as reducing the cost of maintenance per machine.
  • Over the last few years, hackers have gotten very good at targeting exploits for monetary gain.  Rather than simply being nuisance attacks, vulnerabilities in XP will likely be targeted with profit as the end goal in sight.

Plan for action.

  • Take stock
  • Mitigate the risk
  • Understand your upgrade options

Wherever budget permits, upgrading to a newer OS or replacing aging machines is the best course of action.  However, this is not always a simple solution, particularly when legacy applications are involved.

With a month to go until this becomes a reality, it is important to work out the extent of the problem.  Where are your XP machines, what are they running?  Don’t forget about staff working from home and connecting to your corporate network via VPN.  If they are connecting from XP machines, they pose a risk to the environment.

Until such time that XP machines are removed from the network, consider taking precautions, such as:

  • Locking down XP use to approved applications only
  • Remove admin rights from XP machines
  • Restrict access to the Internet; do not browse the Internet or use email on XP machines

There are no certainties that your business will be impacted in a post XP support landscape.  There is also no way to guarantee it won’t, other than removing the threat.  The question is whether inaction is worth the risk?

If you’d like to discuss your situation and get some advice, contact us on 1300 766 554.

About the Author


Share this Post