Windows XP’s end-of-life deadline is already behind us, and user figures for the Microsoft operating system actually went up slightly in January.
Most companies will be aware that Microsoft is ending support for the 12-year-old operating system as of April 8 this year. But XP use is so widespread it is estimated that up to 30 percent of desktops could still be running the platform.
This is because many firms don’t have the resources to move their entire IT estates in time, with others concerned about the new interface of Windows 8 – which has been widely shunned by SMBs.
Microsoft has been pushing hard to force firms to upgrade. So how risky is it really to continue to run XP? In the long run, it could be dangerous: without Microsoft’s regular patches, XP will become increasingly less secure. Experts are predicting a surge of zero day attacks – which take advantage of unpatched vulnerabilities – when the OS reaches its demise.
However, Microsoft recently offered SMBs some respite by confirming it would extend malware signatures until 2015. This gives firms protection against viruses, but other vulnerabilities won’t be patched.
How and when to upgrade
According to David Rodger, Windows Client Commercial Lead at Microsoft UK, a number of small and medium-sized businesses "are still tackling the jump from Windows XP".
And if you are upgrading to Windows 7 or 8, it is possible that hardware will need replacing, Rodger admits. He adds: "The good news is that hardware costs have decreased significantly since XP was launched so a new PC should cost much less than you might think – and you can get a perfectly good new device from about £350."
The first step is to try to understand what your legacy estate consists of. Then: understand your licensing model, Jamal Elmellas, Technical Director at data, ICT and security consultancy Auriga, advises. "A lot of SMBs don’t really understand their licensing model and are pinning their hopes on a solution that isn’t actually legal," he warns.
For instance, Elmellas says, when virtualising XP onto VMware: "You’ve got to be careful as Internet Explorer 6 licensing prevents this."
Microsoft is offering to support companies beyond April 8, but SMBs could have to pay up to $200 (about £120, AU$210) per PC each month for the service.
Meanwhile, most security vendors will continue to support XP for another year, but after that it will be very risky to run the OS. On top of Microsoft’s Security Essentials, other antivirus products are available by vendors including Kaspersky, McAfee and BitDefender.
After April, SMBs can upgrade to Windows 7 or 8, or look at an alternative such as Linux. Microsoft itself as well as hardware vendors such as HP and Dell are also offering ‘migration’ services to help firms with a Windows upgrade. Meanwhile Toshiba is offering a trade-in service to cut costs on new hardware.
Migration services offered by the bigger hardware vendors can work well, says Elmellas. But they aren’t suitable for moving over big legacy app estates: "When you have things which were designed to work with IE6 then it isn’t easy to just switch over," he says.
Meanwhile, SMBs that only have a few XP machines should isolate them from the network, experts advise. This means if they are compromised, the attackers won’t have access to company data.
So as XP’s deadline approached, the only solution was to get off the operating system as quickly as you can, something that should ideally have been planned well in advance.
"But don’t think it is Microsoft or nothing," Elmellas says. "My advice is to look at Google OS’ Chrome and free yourself of the Microsoft licensing model."